last executing test programs: 6.260180344s ago: executing program 2 (id=362): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffc, 0xa}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x0, 0x0, 0x0, {}, {}, 0x6}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) io_setup(0x3, &(0x7f0000000340)) 5.96501875s ago: executing program 2 (id=363): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000180)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@barrier_val={'barrier', 0x3d, 0xb24}}, {@init_itable}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@inlinecrypt}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) socket$tipc(0x1e, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) clock_gettime(0xffffffc3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10) creat(&(0x7f0000000000)='./bus\x00', 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r6, 0x400455c8, 0x0) bind$bt_hci(r5, &(0x7f0000000140), 0x6) ioctl$TIOCVHANGUP(r6, 0x5437, 0x0) 4.887090564s ago: executing program 2 (id=365): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'erspan0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="48000000100005040000005f596da400008809", @ANYRES32=r2], 0x48}}, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) r3 = getpid() bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x7, 0x0, 0x1, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB], 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = eventfd(0x0) r9 = eventfd(0x0) r10 = eventfd(0x0) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000100)={r10, 0x0, 0x2, r9}) ioctl$KVM_IRQFD(r7, 0x4020ae76, &(0x7f0000000040)={r10, 0x0, 0x2, r8}) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x5) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r11, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) ptrace$setregs(0x5996661490f1bbfc, r3, 0x40, &(0x7f0000000340)="9dc426d74fdd72ab966cd487d6dad74fc580a5df5fb4f9d62eb4f2753f25ba79d0c742f68343569b2635183a6f329cb47d6b9cdb0a11f2c145cdf27c49a0f7272c152b501e10e92141cea020906f01e6362e2c25f0e990d8bd5b81ef6e9ca9f7c18c4fc6b8b5c0631cdd6b9896c62f31e4186824ffcc90d21c4c45bd3f46e3d64f6b86d1db180e7a1b520322e26c6cc3d73c73ca1a445240661df5a7e36d6e27f220757ca11ee70eab5a88308a3e6503") 3.977980273s ago: executing program 4 (id=370): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000900)=0x6) (async, rerun: 64) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) (async, rerun: 64) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) r5 = accept$inet(0xffffffffffffffff, &(0x7f0000000940)={0x2, 0x0, @private}, &(0x7f0000000980)=0x10) setsockopt$inet_mreqsrc(r5, 0x0, 0x26, &(0x7f0000000a40)={@dev={0xac, 0x14, 0x14, 0x1b}, @private=0xa010100, @multicast2}, 0xc) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000008c0)={r0, &(0x7f0000000780)="fb1414531b990887ba9f68970907cee4fc1e1429c1e6b6f8f07341c2474b8a4a7f54cbcf74b68863dc696e10bdbedadf6369666df4662278292b47ef9739cc0826ac6da1ca5c6814933f1df33f84c816a04f5e63e48298a384e049901e2d27d0b9c625a2e36c50df03d00d0e9fa7aca71a85459dd7a7a2bad22ef2ea6aecf7fa9375e8674b514d4a6be8c84b4053c676b2d742607fe8f4fbcb2b13c0a838c41d1db182b7f8e202b7edb85250b3a6f94a51f6aed4a522a72a1741b7aa0730d84868a8c33e18b0cbd6689efc5d97960b57610b99f73465495b13660e56a664aa071ca250aecb9feaa80a88a205c943153228b7", &(0x7f0000000880)=@tcp6=r6, 0x1}, 0x20) (async, rerun: 64) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (rerun: 64) stat(&(0x7f0000000600)='./file2\x00', &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000000c0)='./file2\x00', 0x280880f, &(0x7f0000000700)={[], [{@fowner_gt={'fowner>', r7}}, {@fsuuid={'fsuuid', 0x3d, {[0x54, 0x39, 0x39, 0x32, 0x39, 0x61, 0x36, 0x62], 0x2d, [0x33, 0x0, 0x37, 0x39], 0x2d, [0x1, 0x38, 0x6a, 0x65], 0x2d, [0x62, 0x34, 0x37, 0x66], 0x2d, [0x62, 0x61, 0x65, 0x39, 0x66, 0x33, 0x31, 0x36]}}}]}, 0x2f, 0x4fd, &(0x7f0000000100)="$eJzs3dFrW18dAPDvvW1+v3XrTKc+zIFzuEk3dGm7uq34MB2IPg3U+T5rm5XStBltuq1luA7/AEFEBUH0RV8E/4CB7E8QYaDvoqKIbvrgw/RKkpu6ZUlbXdor7ecDp/ecw7n5npM0J/fce0kCOLLORcTNiMjSLLsUEeW8Ps1TbLVTs93LF4/mmimJLLv9l5FI8rpms2b+/XzfE/luxyLiK1+M+Hrydty1jc2l2VqtupqXJxrLyass27y8uDy7UF2orkxPT12buT5zdWZyIOMci4gbn//Dd7/10y/c+MWnHvz2zp8ufqM9wLbOOAYtiZG36oYjYnU/ghWkOZ5Snr+6W+Mn+98fAAD6ax7vfzAiPh4Rl6IcQ62jOQAAAOAwyT47Gq+SiAwAAAA4tNKIGI0kreT3+45GmlYq7Xt4PxzH01p9rfHJrLx9vmAsSundxVp1Mr93YCxKSbM8ld9j2ylf6SpPR8SpiPhOeaRVrszVa/OFnvkAAACAo+NE1/r/7+X2+h8AAAA4ZMaK7gAAAACw76z/AQAA4PCz/gcAAIBD7Uu3bjVT1vn96/n7G+tL9fuX56trS5Xl9bnKXH31XmWhXl9ofWff8m6PV6vX7306VtYfTjSqa42JtY3NO8v19ZXGncXWz4EDAAAABTj1sWe/SSJi6zMjaafuvXxbisiG8vzTn/zwdDE9BPZL+t80/v3+9QM4eENFdwAozHDRHQAKUyq6A0Dh3p4H3jwy6Hvzzi93f+zkVZb9j90CAAAGaPwj29f/Wyleu/6fPC60a8A+y6//J0nRHQEOnOv/cHS5/gdHV2mnIwCLAjj00j281d/l+n+bewAAAKBoo62UpJV8HTAaaVqpRJxs/SxAKbm7WKtORsQHIuLX5dL7zfJUa8/E6QEAAAAAAAAAAAAAAAAAAAAAAAAA2KMsSyIDAAAADrWI9I9J6zzAUIyXL4x2nx94L/lHubWNiAc/uP29h7ONxupUs/6v2/WN7+f1V4o4gwEAAAB066zTO+t4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABikly8ezXXSQcb9882IGOsVfziOtbbHohQRx/+WxPBr+yURMTSA+FtPIuJ0r/hJs1sxlveiO34aESMFxz8xgPhwlD1rzj+f6/X+S+Nca9v7/Tecp3fVf/5Lt+e/oT7z38k9xjjz/OcTfeM/iTgz3Hv+6cRP+sQ/v3PYUifzta9ubvZrlP04Yrzn50/yRqyJxvK9ibWNzcuLy7ML1YXqyvT01LWZ6zNXZyYn7i7WqvnfnjG+/dGn/9pp/Mf7xB/bZfwXdh7/tn8+f/jiQ13PSXTKP8qyi+d7v/6nW9ty1h2/89n3ifxzoFke7+S32vnXnf3Zr87uNP75PuPf7fW/uMfxX/ryN3+3x6YAwAFY29hcmq3VqqsyRyYzssfG2eP2/8i7Bx2JAxzgbPyfPM/503eQYx9gpshZCQAA2A//OegvuicAAAAAAAAAAAAAAAAAAABwdO32NWAxgK8T6465VcxQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB29O8AAAD//7fE3E8=") syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00001009040000022a3e740009058bff7f000010110905", @ANYBLOB="8d"], 0x0) (async) timer_create(0x0, 0x0, &(0x7f0000bbdffc)) clock_nanosleep(0x8, 0x0, &(0x7f0000000000)={0x0, 0x989680}, 0x0) r8 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000a80), 0x8000, 0x0) ioctl$MON_IOCQ_RING_SIZE(r8, 0x9205) 3.918849549s ago: executing program 2 (id=371): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffc, 0xa}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x0, 0x0, 0x0, {}, {}, 0x6}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) io_setup(0x3, &(0x7f0000000340)) 3.794589189s ago: executing program 4 (id=373): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r1}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0) 3.79342092s ago: executing program 3 (id=374): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) mkdir(0x0, 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0) 3.771791472s ago: executing program 4 (id=376): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x10e, &(0x7f0000000540)={[{@discard}, {@noinit_itable}, {@noauto_da_alloc}, {@errors_remount}, {@block_validity}, {@dioread_nolock}]}, 0x3, 0x45b, &(0x7f00000010c0)="$eJzs281rHOUfAPDvTJL217dfYq0vfVGjVQy+JE1atQcvioIHBcFLPcYkLbXbRpoIthStIvUoBcGjeBT8CzzpRdST4FXvUijSi9XTyuzOdF+6u0nTTabNfj4w2eeZeWbn+c4zz+4z82QDGFjj2Z8kYmdE/B4Ro/Vsa4Hx+sv1axfm/rl2YS6JavWtv5Jaub+vXZgrihb77cgzE2lE+mkS+zscd+nc+VOzlcrC2Tw/tXz6vamlc+efPXl69sTCiYUzM0ePHjk8/cLzM8/1Jc57srru+3DxwN7X3r78xtyxy+/8/G1SxN8WR5+M99r4RLXa58OVa1dTOhlexQ5D61gZVi1rhqy5Rmr9fzSGotF4o/HqJ6VWDlhX1VyXzRerwCaWRNk1AMpRfNFn97/FsnGjj/Jdfal+A5TFfT1f6luGI83LjLTd3/bTeEQcu/jvV9kS6/McAgCgxffZ+OeZTuO/NO5vKvf/2FqbGxrL51J2R8S9EbEnIu6LqJV9ICIe7HSQHhMC7ZMkN49/0itrj25l2fjvxXxuq3X8V4z+Ymwoz+2qxT+SHD9ZWThUOycREzGyNctP9zjGD6/89nm3bc3jv2zJjl+MBfN6XBne2rrP/Ozy7O3E3OzqxxH7hjvFn9yYCUgiYm9E7FvjMU4+9c2BbttWjr+H1cwzraD6dcST9fa/GG3xF5Le85NT/4vKwqGp4qq42S+/Xnqz2/FvK/4+yNp/e8fr/0b8Y0nzfO3Srbx7vXdf+uOzrvc0k2u6/hsrtuSvH8wuL5+djtiSvF6vdPP6mca+Rb4on8U/cbBz/98djTOxPyKyi/ihiHg4Ih7Jo3s0Ih6LiIM9zsJPLz/+bq8zVHb7z7e1/1hrkbb2byS2RPuazomhUz9+1/qOjeTqPv+O1FIT+Zra59+XveNaTb1u9WoGAACAu1UaETsjSSdvpNN0crL+P/x7YntaWVxafvr44vtn5uu/ERiLkbR40jXa9Dx0Or+tL/IzbfnD+XPjL4a21fKTc4uV+bKDhwG3o0v/z/zpNxqw+fVhHg24S+n/MLj0fxhc+j8Mrg79f1sZ9QA2Xqfv/49KqAew8dr6v2k/GCDu/2Fw6f8wuJr7f1JiPYANtbQtVv6R/GZIVKvV6h1Qjc2TiPSOqEZ/Esk694KdZQd464myP5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6478AAAD//+Jk61o=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) membarrier(0x0, 0x0) write$binfmt_script(r0, &(0x7f0000000080), 0xffffff85) mknod(&(0x7f0000000100)='./bus\x00', 0x20, 0x8) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000002c0)='rpm_return_int\x00', r3}, 0x10) syz_open_dev$usbfs(&(0x7f0000000040), 0x100020000000e, 0x10500) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x6611) write$cgroup_subtree(r0, &(0x7f0000000380)=ANY=[@ANYBLOB="2b696f202b637075202b6e65745f636c73202b6370756143637400006458777b9589f65bcc6a4b701460b7c3920fb42f6a1f83ddc41f1bf15e35647df748493084eb5c9b5320673b1e6d68c700a098e60aca0f57c12b8fcfef7c70b2647b3eeefcfc0fdc7c177adafc5064c319e821b4e2039bc504e88cf30aa20cd259f89d70016b88e478320eb429168475d7981d2c583ed4fc5479aa87fdcf3a8875ff7a3db224dc9f6129b1f1"], 0x2f) socket(0x10, 0x3, 0x0) r4 = socket(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) getsockopt(r5, 0x1, 0x6, &(0x7f0000000080)=""/104, &(0x7f0000000100)=0x68) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect$uac1(0x2, 0xa8, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x96, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc}, @input_terminal={0xc, 0x24, 0x2, 0x4}, @processing_unit={0xd, 0x24, 0x7, 0x3, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xb, 0x24, 0x2, 0x2, 0x0, 0x0, 0x2, "f6f8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c6c2500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000200)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x20000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r8}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x10, 0x803, 0x0) socket(0x10, 0x803, 0x0) 3.684387269s ago: executing program 2 (id=377): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, 0x0}, &(0x7f00000000c0)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90) io_setup(0x0, &(0x7f00000000c0)) io_setup(0x4, &(0x7f0000000000)) syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket(0x10, 0x803, 0x0) r9 = socket(0x10, 0x803, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]}) 3.67211833s ago: executing program 3 (id=378): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000240)=ANY=[], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000005c0)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="0000900000005f7a312d9563"], 0x0, 0x0, 0x0, 0x0}, 0x0) 1.817626462s ago: executing program 2 (id=383): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, 0x0}, &(0x7f00000000c0)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90) io_setup(0x0, &(0x7f00000000c0)) io_setup(0x4, &(0x7f0000000000)) syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket(0x10, 0x803, 0x0) r9 = socket(0x10, 0x803, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]}) 1.813834642s ago: executing program 0 (id=393): bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) (async) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_GET_SUPPORTED_CPUID(r2, 0xc008ae05, &(0x7f0000000100)=""/29) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000180)) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$int_out(r2, 0x2, &(0x7f0000000380)) (async) ioctl$int_out(r2, 0x2, &(0x7f0000000380)) ioctl$KVM_RUN(r3, 0xae80, 0x0) (async) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x20, 0xda, 0xfb, 0x20, 0x499, 0x1010, 0x5f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x6f, 0x2b, 0xae, 0x0, [], [{{0x9, 0x5, 0x85, 0xe50c5d80f30f71da, 0x20}}]}}]}}]}}, 0x0) 1.783854665s ago: executing program 1 (id=385): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1000401, &(0x7f0000000000)={[{@resgid}, {@noload}, {@noblock_validity}]}, 0x84, 0x497, &(0x7f0000001540)="$eJzs3MtvG8UfAPDvrvPoO/n1Vx59QAMFEVFImrRAD0gIBFIvSEhwgGNIQ1XqtqgJEq0q2iJUjoi/ADgi8RdwggsCTiCucEdIFeqlhQMyWns3cWLXuHYdh/rzkdaZ2dfM7OxkZ3e8DmBgTWQfScS2iPglIsZq0dUrTNT+3Lx+cf7P6xfnk6hUXv1jtLrejesX54tVi+225pHJNCL9MIm9TdJdPH/h1Fy5vHAuj08vnX5nevH8hSdPnp47sXBi4czs0aNHDs888/TsU3eknFm5bux5/+y+3cfe+OTl+Uq8+f2XWX635cvry1Ez3nWaEzERlUqlkq6aO1L9fLTrvW8s2yPiSh5OhvqcGdpWioisuoar7X8sSrFSeWPx0gd9zRzQU9n1abRhbin/O5RkyzfVrQvcTRLtGgZUccXP7n+Lab36HhvBteezz4Vq+W/mU23JUGT37cl47Y691KP0t0XE65f/+jSboulzCACAO+vrrP/zRLP+Xxr31q23Ix9DGY+IgxGxMyL+HxG7IuKeiOq690XE/beZfnX86cpKvLH/89PmjgvXhqz/92w+trW6/7c8ajNeymPbq+UfTt46WV44lB+TyRgezeIzLdL45sWfP77Vsom6/l82ZekXfcE8H78PrXlAd3xuaa6bMte7diViz1Cz8ifLIwFJROyOiD0d7D87Zicf/2JfFt6xtXH5v5e/lcsd5Gi1yucRj9Xq/3KsKX8hqQ2R3Gp8cnpTlBcOTRdnRaMffrz6Sn18uC7cXfm7l9X/lqbnf17+ohkU47WLbe54ZCV49deP8n02NuVOz/+R5LVVybw3t7R0biZiZCQa58+ubFvEi/Wz8k8eiLiaDwTXt/+dEX9/lm+3NyKyk/iBiHgwIvbneX8oIh6OiAMtDsV3LzzyduuD1d/6P96q/iPGk/rx+g4CpVPfflXsbLkq838u7dX/kWpoMp/Tzv+/djN4J44hAAAAbHRpdQw6SaeWw2k6NVX7Dv+u2JKWzy4uHZyId88cr41Vj8dwWjzpGqt7HjqTPxsu4rNr4ocj4n/Vbxptrsan5s+Wt/e78DDgtt6i/Wd+69WXXoCN47be10p6lw9g/XlfEwZX2+1/uLf5ANaf6z8MLu0fBlez9n8p4mYfsgKss9u6/j/Xu3wA669V+/fID+5u7v9hcGn/MJAaX4kvfqOhkzf9VwI7j3W1+QAFSj3ac9T/aEcPApH2/dB1Hkg3Qjb254HRiGh3q0s9rdO15w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3z8BAAD//yxO2No=") r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000340)=ANY=[]) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x3fd, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) r7 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000040)=0x61a4, 0x4) setsockopt$sock_int(r7, 0x1, 0x29, &(0x7f0000000080)=0x2, 0x4) sendmsg$can_raw(r7, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r6}, 0x10, 0x0}, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, 0xffffffffffffffff}, &(0x7f0000000180), 0x0}, 0x20) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x0, 0x0}, 0x8) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{0x1, 0xffffffffffffffff}, 0x0, &(0x7f0000000680)='%pS \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x1d, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000490000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005c0000008500000006000000185000000e000000000000000000000018110000", @ANYRES32=r9], &(0x7f0000000380)='GPL\x00', 0x0, 0x1f, &(0x7f00000003c0)=""/31, 0x41100, 0x2, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f0000000700)=[r11], &(0x7f0000000740)=[{0x3, 0x1, 0x8, 0x9}, {0x3, 0x2, 0x7, 0x6}, {0x3, 0x1, 0xa, 0x4}, {0x0, 0x5, 0xc, 0x2}, {0x0, 0x5, 0x3, 0x6}], 0x10, 0xdaa}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1c, 0x1a, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @ringbuf_query, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x1, 0x3, 0x9, 0x0, 0x6, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x8, 0x91, &(0x7f00000006c0)=""/145, 0x40f00, 0xc, '\x00', r6, 0x3, r0, 0x8, &(0x7f00000003c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f00000007c0)=[r1, r4, 0xffffffffffffffff, r1], &(0x7f0000000800)=[{0x3, 0x3, 0x1, 0x9}, {0x5, 0x4, 0xf, 0x1}, {0x5, 0x3, 0xa, 0xb}, {0x0, 0x4, 0x8f, 0xc}, {0x3, 0x5, 0x3, 0x1}]}, 0x90) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 1.621042919s ago: executing program 4 (id=386): bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0xffffff36}, 0x90) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000180)={0x0, 0x6}, 0xc) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x5c05}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) move_mount(0xffffffffffffffff, &(0x7f0000000340)='./file1\x00', 0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x50, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x1, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) ptrace$ARCH_MAP_VDSO_32(0x1e, r0, 0x1, 0x2002) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqn(r3, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000380)=ANY=[@ANYBLOB="f0000002ac140400000001000000000012ac54ee553a2dd6e1644c5d1dd320ae077f6884b2882cc14ed3b8804806efab08aac98d5e25c0056b890655b5efdeb74d520ebc27a89d6068cbcde49bfdf2ca6a1400cbecbefbd82a23d6a57bd7dd4b4d3575fb6a9736760325727978103f630d64ea1ce3b9c795816f73cad1622aa278b645abb969fccf4efcf2e4e9695714685e8549210ad0f23ae9a9"], 0x10) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x40000}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xa, 0x8, 0x7fe2, 0x1}, 0x48) close(0x3) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0x7}, 0x48) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r6}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="b52dc88df144a2ab21494d398cf49ba3e3cf893af6fd98491a7b5d803b55ebc2c4b8230c0ec384eab9e44a5a"], 0x0, 0x51, 0x20, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) 1.6103799s ago: executing program 1 (id=387): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) mkdir(0x0, 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0) 1.581140582s ago: executing program 0 (id=388): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xffc, 0xa}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtaction={0x84, 0x30, 0x1, 0x0, 0x0, {0x7a}, [{0x70, 0x1, [@m_police={0x6c, 0x1, 0x0, 0x0, {{0xb}, {0x40, 0x2, 0x0, 0x1, [[@TCA_POLICE_TBF={0x3c, 0x1, {0x0, 0x4, 0x0, 0x0, 0x0, {}, {}, 0x6}}]]}, {0x4}, {0xc, 0xb}, {0xc, 0xa}}}]}]}, 0x84}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00'}, 0x10) io_setup(0x3, &(0x7f0000000340)) 1.49699984s ago: executing program 4 (id=389): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x10, 0xe, &(0x7f0000001540)=ANY=[@ANYBLOB="b7020000f53f6314bfa300000000000024020000fffeff7f7a03f0fff0ffffff79a4f0ff00000000b7060000ffffffff2e64050000000000750afaff07cd02020404000000247d60b7030000070a00006a0a00fe0000000c850000005a000000b70000000000002995000000000000001da5ad3548ebb63d18c5071c7e821c9b767ac8308fbcd5c5e4a5ad1065b572c2c9ff215ac60c2ceaea4c0ec908abb6e7325ec1956bd8660bf3664148a2c96752fe2bb328dff1a15750ab9a780001000000000000d4bf20c2bd152d814f01f2cd519e078d4ffab418e4682b2aec5e4a35629e8ef040c50287c37a7f4182f32333b08c6e497687e10a4daea5cac0ceafdbb126eb02a1f5104d16ddb64963d84d91814cd5817e0b8f6f5e6ee7a39e180b5a18ed786b782ab1321ea5e82ae5ba2c42a5e23ea6253d5df768d0cb9f35e4f41a6211e52bb3598e9b5d4f22d8c19f958e8b34de35949a7a48ce18799ee53da177a81ea65e652c1d71b7ee86a75b0100000042127a8f84538a9a311c757f7169f006f3f5c95177fbd0b14b36259e2905ef911785c88a16aae46084d676d8ef8aa6ecc2d32e3f4ee367c5a769c0a606636c9f4a4413c098f4fcc96623b7c373b0ef04d55b846b094bf97e2ef5987b6e09a6a7cab79bffda141f65e7d9ebe3be70c436432b70a80cce69df30d3d67d84ccf3f9db9b690111de2ddc4b153c989ef100bbf76063d3f6ffffb73d70e9c3d7b90aecf48e7565efff2dbbb512218c98442406333c890923a797e00b75481739952fe87fde27ce81893f54ec0ea8e792414f639bc9ce1fea3f6ac0d7025759d4b45576c205c70631e8ad585951950e521f4e210b6494e3c52d927195737945cc03d5668483151710de246420a1b6c55b73876a6ed7fd0d9338923789a1edcd8043fe83919088383268324a25df14010c8ed6b8d43400eaa00ff9bc46e1cfecbdc0e451ac53b409d04544d3a7edd4d447d2fb431e226ae182b8dcc86fe09b404e0b7c723d3b19c3dc382fa91fb0fb8f9f3f13296bb1758b24aad0922091d49e2bc408a5a37deee7a60b903d2d9fe9d451cafcc8dc389671c2d08b6e264150a6b9445b00cee4585af04fa69e0380be0d66649dcf3bf8a906b029faca75ce34c41aec7aa86e596119109ea8b3f7c65c902499227c087301643baab1c95bb22cedd913b22dcaa197ccc34586dc50bd9f4628e3e77a0de32e356521df06f995cb57f97052fc4158250ccecfb67ea8faf509593fadc7eafb613327b052397af1ede94d87590ce90a0a7579766f0e5eb09d38ac46e99e7ec4fcd3cb0b1a8c531724d5ef6b334803cedaa9cedf16dc3af6e0b67f62a83a256474c97c925d9d447175b535c87dbdeb0dcca5303eed6689ea91e1665c691df736368dde47e6672e93a314c5f60e7b68c2242bd0f0d8c66449d8687dcf2d0f76668b2b9bf8b32b99b7daf34b2d825d192ade90a1162acfe9749d516d014cef5f99126324ea02baea5808c430985749901b09e4902a6f5addc0103756b894418e4591c624a9b206abbfb888d413d923b0d7c9d997d6d8e64787c4d397f57a15b6e0b4212b6cb55b9c207bbe08f483b1bea05f41b9a1d3af087047c568ae6ebfc0bb5ec10b6290dc757a4903a88fb2c035b2349b6d2f0c051b8b7718384eebd5fc19928cea713ff09e179c308fbe9bd64374d96ef2447a2a4af5ca0c39e7ca2e801e57560a55e9cfa095cf3f74398219ad1030a79517a88de7596429a20793e12616aa32b3e720c6521fbe93963e9536d16f3db211fca7dd99c0a0125ff8ef534b93dcb34e1da2c008a9f2a29e30823bf0ec3639cadaf9be9608358e1e5ab17eea477b1754f78f45468c9568471667f82f5e250b979b9f2bd0d1b6bc03d11811ac6eec9a3ecd9e3c3299ee5eb3c6cac8fbd06514b7ee743ece79c04566d02a08fd5fcabbab3d129c0cced3ce11dafa380700000000000000c114d0b423e64c6157fac5e4e2168f33541daeff9983d0e488a78bef538f870b84798272b2101e0abf1cd64500b79e01e11d727389653bd80a39d5bbe2e23d2f5ff10047423429981bd9b4ce680e174c266391e3e7689452654e5cd5ada6e025327a1942b5a068f15fa58eaa267d4e0881783dddbdd777f8be0824ffdf6d06c621880dbbe9534f15e8c2e364d3ec67deb6ab9f2a0f03212972dbd38500000008173553a67be48633103809eee0be51d67d7ce230b389607b4c3b18da1c48f3180f2e0d79e54565fdd9a099b5b5ba2761905b88b7cbfc39c35dd153609da3da263438f12769602c2195245ff83e249119d4f6cabfbdef84ada19ef4a67ed66d7043036515d0be5a231f99e71aba5d5ae04676eff3e85f0844c41bbcfde7a931d1ec55c01f703bfd1b97756bfe55a91f6b379f34a018906339771157c66dbd7471d1beec7f029ef552cf5e92a1a0db21b59355763967ce26a577bc514b6d22a09c385c5ba6caf524e1688fc0f29f8bb35ae7bc8eb5ba51aebdf7d972c3267cedbe77ed70d9c539bc455a6f88b39196c8a224b0acf4d796fea59a07baa34cc270fb096ef330fbebdf872d7d0bc4f9a963355c554abc5cdb91464faabcd09cd9a53f5d1b2ea7e96f428f7cd6735c19c61dc9942d30bf29ef85ed01c2fcd6060aa40eeff971477b4fde48507b7bad95a496540adff7e4a72fd1f94d7c703ab1525c946c54e0da3d7ebfcc8cea2e84c3b310aaea5a1627df898c00a9aaf2d88a36afa4c5b1816384310600001c33125ad7f7970beeb256aec06e39fc6c66544e1d1dc5fea4b68a82e3568ca30aea9a1d097f06f11dc362f4bae5ef57c67686a15855cd351bf26f40fb1348cfce79897682228e6d9643530c81bab27bf7b1c4a76a5be180bb830cf06827c3f38a9c9c580c732c30aaceda78b0297de35a922b1375b129655beb31899e26052cc216f832fdb0a0015f93c9cff77f59cda1ec5f3e358848756cebb074266a47e39ae26e80e8c65aaf73c24925458520a9ca98760d1005c9f81846459ae6d5baa4f02807939ddc29c3520f7c58ed9bc5a569c7a1bc33cf4f330a18276ffb4550b9166c3939e8041094bec034aa0ec6638b74fe34f0f1ec6903a1135808d5d8d26c9203c3f87e66c407b7c5c0888d4558dd657cc0213efad68e76fdd7b23e68064fd4b271ed79c50abacdd2871b0c1f8c971df59a5a1901ddf804bed43e391f882d2a45c51cdbba86b2a1b7c0c4923642a731ea4dcbad2b6ebbebe787a8e28e781d75beee924b3b1e390750f316648133922c021f98fd2d5d71a7a3679397ef6cf432837b7e264831ec01c4c3146ba0caac3b13d55945ec00e978a1c1712cd51187936200606c9cd6877b2f72125295c54721f8e15df2ae282a8becb99a726fd92acc92141e1f574b4b0b3c992a61af3372d0d9217776b1a42cd2cee816a70bf1ddd69b590d53e28ba356e74b38e23e50d898e95cdc7cc809e462c884b53f672aab1411ecfd4c91e7a9782fc6763f0efd4bcbaf1fc3a00000000000000000000000000000000500000000000000000000000048e510340087caf22439d5304bd704a6a78a512269a9b1cbd13bea78c807bbc73853ae187cbb768673e9d1bf74a3b0a6c234accd8506adf314f4c5e08174540b69d3c0da660052b43b86baf49e7ac64d9c21598b1e01dc1e1b5a53626b090496dbf7af441e397016c3c094d5c91ffe0a7ceacfd225ed9a6c905f79ad7052747dd6cceef4c310e0e935311118bc6bf0e5ca6c7cca7d5c03be570308da8a40578b4db14961fbccf6e2f2d56e9509c434126515b56d032e20c12e830d1bc64826fc9b318da5911e466878dbb81edeff69363fb75af5cd80536f14d2eaa7764db23acdbd394bbbbccfd8b129258bb0a93cee1d44f8665172c06933d20f184b78b435462c52a85149451ffd564c56a7cbf11a1127c77242915e43b2bc"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x3, 0x401, 0x100, 0x800, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x8}, 0x48) syz_mount_image$ext4(&(0x7f0000000ec0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x8004, &(0x7f0000000100)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1}}, {@acl}, {@norecovery}, {@resuid}, {@jqfmt_vfsold}, {@usrjquota}, {@acl}, {@oldalloc}, {@errors_remount}]}, 0xdf, 0x468, &(0x7f0000000780)="$eJzs289vFFUcAPDvzG4BQdmKiIIgVTRp/NHSgsrBxGg08aCJiR7wWNtCkIUaWhMhjVZj8GhIvBuPJv4FnjwZ9WTiFY8mhoQoMQG9uGZ2Z0q77JbWbtlN9/NJBt6befve+3bmzb6dtxtA3xrK/kki7o6IyxFRaWSXFxhq/Hfj2vzk39fmJ5Oo1d78I6mXu35tfrKWK163I69zOI1IP03yRmJgabWz5y+cnqhWp8/l+dG5M++Nzp6/8PSpMxMnp09Onx0/duzokbHnnh1/pkWvf7u01jiz+K7v+3Bm/95X3770+uTxS+/8+E3W3z0HGsezONZa5+0MZYH/2fjbNB97vNONddm/tZtxJuVu94bVKkVEOR+cl6MSpbh58irxyidd7RywobJ79tb2hxdqwCaWRLd7AHRH8Uafff4ttjs09egJV19sfADK4r6Rb40j5UjzMgMb2P5QRBxf+OfLbIum5xC1Fs8NAADW67ts/vNUq/lfGnuWlNuZrw0NRsS9EbErIu6LiN0RcX9EvewDEfHgGtsfasrfOv9Mr/yvwFYpm/89n69tLZ//FbO/GCzluXvq8Q8kJ05Vpw/nf5PhGNia5cdaVV5U8fIvn7drf+n8L9uy9ou5YF7JlXLjAd22Ys/UxNxEpyalVz+O2FduFX+yuBKQRMTeiNi3tqp3FolTT3y9v12h28e/gg6sM9W+KiqZX4im+AvJyuuTo9uiOn14tLgqbvXTzxffaNf+uuLvgOz8b19+/TeVqPyVLF2vnV088MJq27j462dtP1OWV3/9L8qu/y3JW/U13S35vg8m5ubOjUVsSV6r55ftH7/52iJflM/iHz7Uevzvyl+Txf9QRGQX8YGIeDgiDubn7pGIeDQiDq0Q/w8vPfZuu2O9cP6nWt7/Fq//weXnf+2J0unvv23X/uruf0frqeF8T/3+dxvtu1PcRpuuZgAAANjE0vp345N0ZDGdpiMjje/w747taXVmdu7JEzPvn51qfId+MAbS4klXZcnz0LFkIa+xkR/PnxUXx4/kz42/KN1Vz49MzlSnuhw79LsdbcZ/5vdSt3sHbDi/14L+1Tz+0y71A7jzvP9D/zL+oX8Z/9C/Wo3/j5ry1gJgM6pVut0DoHvM/6F/Gf/Qv4x/6Evr+V3/RiXKK/x6X6JXEpH2RDd6JnGwh0ZTuQOju8s3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA75LwAA///foPki") openat(0xffffffffffffff9c, &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x18e) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r3 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(r3, 0x29, 0x2, &(0x7f0000000440)=0x40, 0x4) setsockopt$inet6_int(r3, 0x29, 0x8, &(0x7f0000000000)=0xffffff80, 0x4) getsockopt$inet6_buf(r3, 0x29, 0x6, &(0x7f0000034780)=""/102391, &(0x7f0000000180)=0x18ff7) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket(0x840000000002, 0x3, 0x100) connect$inet(r5, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) sendmmsg$inet(r5, &(0x7f0000005240), 0x4000095, 0x0) setsockopt$inet_group_source_req(r5, 0x0, 0x2b, 0x0, 0x0) sendmsg$NL80211_CMD_NEW_KEY(r4, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES16, @ANYRES32], 0x34}}, 0x0) arch_prctl$ARCH_REQ_XCOMP_PERM(0x1023, 0x12) syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x275a, 0x0) 1.49584272s ago: executing program 1 (id=400): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1000401, &(0x7f0000000000)={[{@resgid}, {@noload}, {@noblock_validity}]}, 0x84, 0x497, &(0x7f0000001540)="$eJzs3MtvG8UfAPDvrvPoO/n1Vx59QAMFEVFImrRAD0gIBFIvSEhwgGNIQ1XqtqgJEq0q2iJUjoi/ADgi8RdwggsCTiCucEdIFeqlhQMyWns3cWLXuHYdh/rzkdaZ2dfM7OxkZ3e8DmBgTWQfScS2iPglIsZq0dUrTNT+3Lx+cf7P6xfnk6hUXv1jtLrejesX54tVi+225pHJNCL9MIm9TdJdPH/h1Fy5vHAuj08vnX5nevH8hSdPnp47sXBi4czs0aNHDs888/TsU3eknFm5bux5/+y+3cfe+OTl+Uq8+f2XWX635cvry1Ez3nWaEzERlUqlkq6aO1L9fLTrvW8s2yPiSh5OhvqcGdpWioisuoar7X8sSrFSeWPx0gd9zRzQU9n1abRhbin/O5RkyzfVrQvcTRLtGgZUccXP7n+Lab36HhvBteezz4Vq+W/mU23JUGT37cl47Y691KP0t0XE65f/+jSboulzCACAO+vrrP/zRLP+Xxr31q23Ix9DGY+IgxGxMyL+HxG7IuKeiOq690XE/beZfnX86cpKvLH/89PmjgvXhqz/92w+trW6/7c8ajNeymPbq+UfTt46WV44lB+TyRgezeIzLdL45sWfP77Vsom6/l82ZekXfcE8H78PrXlAd3xuaa6bMte7diViz1Cz8ifLIwFJROyOiD0d7D87Zicf/2JfFt6xtXH5v5e/lcsd5Gi1yucRj9Xq/3KsKX8hqQ2R3Gp8cnpTlBcOTRdnRaMffrz6Sn18uC7cXfm7l9X/lqbnf17+ohkU47WLbe54ZCV49deP8n02NuVOz/+R5LVVybw3t7R0biZiZCQa58+ubFvEi/Wz8k8eiLiaDwTXt/+dEX9/lm+3NyKyk/iBiHgwIvbneX8oIh6OiAMtDsV3LzzyduuD1d/6P96q/iPGk/rx+g4CpVPfflXsbLkq838u7dX/kWpoMp/Tzv+/djN4J44hAAAAbHRpdQw6SaeWw2k6NVX7Dv+u2JKWzy4uHZyId88cr41Vj8dwWjzpGqt7HjqTPxsu4rNr4ocj4n/Vbxptrsan5s+Wt/e78DDgtt6i/Wd+69WXXoCN47be10p6lw9g/XlfEwZX2+1/uLf5ANaf6z8MLu0fBlez9n8p4mYfsgKss9u6/j/Xu3wA669V+/fID+5u7v9hcGn/MJAaX4kvfqOhkzf9VwI7j3W1+QAFSj3ac9T/aEcPApH2/dB1Hkg3Qjb254HRiGh3q0s9rdO15w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3z8BAAD//yxO2No=") r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000340)=ANY=[]) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x3fd, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) r7 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000040)=0x61a4, 0x4) setsockopt$sock_int(r7, 0x1, 0x29, &(0x7f0000000080)=0x2, 0x4) sendmsg$can_raw(r7, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r6}, 0x10, 0x0}, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, 0xffffffffffffffff}, &(0x7f0000000180), 0x0}, 0x20) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x0, 0x0}, 0x8) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{0x1, 0xffffffffffffffff}, 0x0, &(0x7f0000000680)='%pS \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x1d, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000490000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005c0000008500000006000000185000000e000000000000000000000018110000", @ANYRES32=r9], &(0x7f0000000380)='GPL\x00', 0x0, 0x1f, &(0x7f00000003c0)=""/31, 0x41100, 0x2, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f0000000700)=[r11], &(0x7f0000000740)=[{0x3, 0x1, 0x8, 0x9}, {0x3, 0x2, 0x7, 0x6}, {0x3, 0x1, 0xa, 0x4}, {0x0, 0x5, 0xc, 0x2}, {0x0, 0x5, 0x3, 0x6}], 0x10, 0xdaa}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1c, 0x1a, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @ringbuf_query, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x1, 0x3, 0x9, 0x0, 0x6, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x8, 0x91, &(0x7f00000006c0)=""/145, 0x40f00, 0xc, '\x00', r6, 0x3, r0, 0x8, &(0x7f00000003c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f00000007c0)=[r1, r4, 0xffffffffffffffff, r1], &(0x7f0000000800)=[{0x3, 0x3, 0x1, 0x9}, {0x5, 0x4, 0xf, 0x1}, {0x5, 0x3, 0xa, 0xb}, {0x0, 0x4, 0x8f, 0xc}, {0x3, 0x5, 0x3, 0x1}]}, 0x90) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 1.14747246s ago: executing program 1 (id=390): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8c}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00'}, 0x10) getrlimit(0xe, &(0x7f0000000180)) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) 1.122922332s ago: executing program 0 (id=391): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000000000000000181100", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 942.653898ms ago: executing program 1 (id=392): clock_gettime(0x0, 0x0) 916.26041ms ago: executing program 0 (id=394): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x2, 0x10000, 0x5, 0x0, 0x1}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)={0x0, 0x0}) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x238804}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, 0x3e9, 0x10, 0x70bd28, 0x25dfdbfe, {0x43, 0x0, 0x0, r0, 0x6, 0x80000000, 0x9b38, 0x4, 0x0, 0x7, 0x5}, ["", "", "", "", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$loop_ctrl(0xffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000c80)=0x9) socket$netlink(0x10, 0x3, 0x4) getpgid(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000100)=ANY=[@ANYBLOB="85a2fa90e20700000000000086dd6000000000180000fe8000000000000000000000000000bbff020000000000000000000000000001860090"], 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000002c0)={0x0, @loopback, @local}, &(0x7f00000004c0)=0xc) setresgid(0x0, r6, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc) sendmmsg$unix(r4, &(0x7f0000002fc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b40)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, r6}}}], 0x20}}], 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x1ff) 838.317447ms ago: executing program 1 (id=395): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, 0x0}, &(0x7f00000000c0)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90) io_setup(0x0, &(0x7f00000000c0)) io_setup(0x4, &(0x7f0000000000)) syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket(0x10, 0x803, 0x0) r9 = socket(0x10, 0x803, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]}) 507.915826ms ago: executing program 3 (id=396): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15) r2 = dup(0xffffffffffffffff) write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18}, 0x18) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES8=r1], 0x20}}, 0x0) r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000640)={0x1b, 0x0, 0x0, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x5}, 0x48) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x10, 0x7ffc1ffb}]}) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000740)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES8=r0, @ANYBLOB="0000000000000000b702000014000882b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095", @ANYRES8=r1, @ANYRES16=r4], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r5}, 0x10) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{0x1}, &(0x7f0000000240), &(0x7f00000002c0)}, 0x20) r6 = socket$nl_route(0x10, 0x3, 0x0) mremap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000, 0x2, &(0x7f0000ffc000/0x2000)=nil) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRESHEX, @ANYBLOB="00000000000000001800128008000100736974000c00028008000100", @ANYBLOB="08000300", @ANYRES32, @ANYBLOB], 0x40}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x6, 0x15, &(0x7f00000007c0)=@raw=[@cb_func={0x18, 0x8, 0x4, 0x0, 0xfffffffffffffffb}, @btf_id={0x18, 0x1, 0x3, 0x0, 0x1}, @cb_func={0x18, 0xa, 0x4, 0x0, 0x5}, @generic={0x6, 0x7, 0x6, 0x4, 0xff}, @map_val={0x18, 0x2, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x5}, @map_val={0x18, 0x7, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x3}, @printk={@s, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xed}}, @map_val={0x18, 0xa, 0x2, 0x0, r2, 0x0, 0x0, 0x0, 0x200}], &(0x7f0000000380)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x5e, '\x00', r7}, 0x90) syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000140)='./file0\x00', 0x2100084c, &(0x7f0000000880)=ANY=[@ANYBLOB="00f66699597632735e3c76254a1282348e814eb8673b2cf6e07772de57f4f4df76c135aa22482f8addf4b47112e2b0f3435cfb82d33abc59897deb68aa51f86731446f82a9935c5a14aa576bdc602d7da8490756f37d9fcd6fcd90187a842ebe03266f40852ad452a37a0bb7fa88389b49c60c849454545814a38ba77634ed8f2f283fd49610227f4bd5272346a0c333be63ea5437ed19c655b7aef626a20e0643e6f966d36fb0ef10b95d95f73d37ad720d2282ba04f9f8d304c46a3a0500489516a1af9efe7924dc13deaea85c48194b13dc170c799e7ac9f71b75779d59b1f3e875982327801d40535069f50297c9d591763ddfed1e5aaadba7231e"], 0x7e, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==") r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.stat\x00', 0x275a, 0x0) write$cgroup_subtree(r8, &(0x7f0000000500)=ANY=[@ANYBLOB="006370756163637420006e65745f636c7320fffffffffffffbf7a879ead664fc3ddd0b2064376f473bf437498e250689e9edfd3f25fd6a39d4af8a622990f9b457de3a33b44b6e29ae6367968eee73fff51eaac2be00000000000000"], 0x22) mkdir(&(0x7f0000000200)='./control\x00', 0x0) inotify_init1(0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000280)={@local, @multicast1}, &(0x7f00000001c0)=0xc) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000, 0x0, r2}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000340)={0xffffffffffffffff, 0x1, 0xc7, 0x8, @vifc_lcl_ifindex=r7, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) 255.184148ms ago: executing program 4 (id=397): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000100)={[{@noinline_xattr}, {@io_bits={'io_bits', 0x3d, 0xcd}}, {@four_active_logs}, {@jqfmt_vfsv1}, {@inline_xattr}, {@user_xattr}, {@noflush_merge}, {@fsync_mode_posix}, {@noinline_dentry}, {@noextent_cache}]}, 0x21, 0x552d, &(0x7f000000abc0)="$eJzs3EtvG1UUAODjpOmbEiEW7DqoQkqk2qrTh2BXoBUP0aoqsGAFju1abmxPFDtOyIoFS8SCf4JAYsWS38CCNTvEAsQOCeS5E2gKlZDixKT5Pml85t65c+beURTpzFgO4NhazH77pRIX4kxEzEfE+Yhiv1JuhZspvBARFyNi7pGtUvb/1XEyIs5GxIVJ8pSzUh764vL40vWf3/712+9PnTj35Tc/zG7VwKy9FBH99bS/1U8x76T4sOxvjLtF7F8blzEd6K+V7TzFrfZqkWGrsTuuUcSrnTQ+X98cTuKDXqM5iZ3ug6J/fZAuOBx3dvMUJzxsbBTtVnu1iN1hXsTOTprX9k7637YzHKU8rTLfx0X6GI12Y+pvb7fTetbXitgcjMr+lDdvtbcncVzG8nLRzHutYh6r+7nT/2svvtMdbG5n4/bGsJsPsuu1+su1+o1qfSNvtUfta9VGv3XjWrbU6U2GVUftRv9mJ887vXatmfeXs6VOs1mt17OlW+3VbmOQ1eu1q7Ur1evL5d7l7I2772e9VrY0ia91B5ujbm+YPcg3snTGcrZSu/rKcnapnr1751527/7t23fuvffhrQ/uvnrnrdfLQf+YVra0cmVlpVq/Ul2pL+/vBhyp9X9aTnqK64d9qcx6AgBHj/ofmIWDq/837kccfP0f6v+pOFL173Gv/w9g/bAv6n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGPrx4Wv3ix2FlP7XNn/TNn1XNmuRMRcRPzxL+bj5J6c82WehSeMX3hsDt9VosgwucapcjsbETfL7fdnD/ouAAAAwNPr608ufp6q9fSxOOsJcZjSQ5u58x9NKV8lIhYWf5pStrnJx/NTSlb8fZ+I7SllKx5gnZ5SsvTI7cS0sv0n83vC6UdCJYW5x8+Y2moBAICZ2VsJHG4VAgAAwGH67IlH1g51HhyySuy+ytx9F1x88/7vl31nUturPwAAADi6KrOeAAAAAHDgivrf7/8BAADA0y39/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+ycy+5aQNxHID/NrjQl4qq7nuV7uAYPUKXXVYcoJfgCOQKuQBnILscIYIIj4NCRB7EY6xE3yfZgy3zmxkei5mRBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLV9VydvHv5/+2OZttO3l6AwAAAByzrpaz+sUkXX9u7n9tbn1vrouIKCPi2Nh9EB8OMgdNTvXI89WDNlxG1Am7OkbN8SkifqVjG9+6/hQAAADgXRruTqv5YppG6+k06btVtHbCd5gmbcovvzNVXURENbnOlFbu8n5kCqt/38P4mymtnsAaZwpLU27DXGkvUv/d97N243tFkYry6fdn6zsAAHBGg4PivKMQAAAAzulP3w2gCx+ffaKIu6XM/VLgKBXjgwiLfQAAAPB2FX03AAAAAOhcPf4/Zf+/6Gf/v7ix/x8AAAC8Wtr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC6tq+VsNV9M2+Zstu3k6Q0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9LCoRAEETBnPG/k77/YSVBzyBCBDQ8qqhFAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7Ny/b9xUHADwZ/t8/QGII6AbghBIDLDQ67W0dEMMoIiBPwEpSq8l9MqPNgOtKqQsbChzFwQjQkigsPUfYOqG1EpdytbhhiKxsByyz845TSUuRLEvyecjPb/vOY7f99lSlK+fEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDR6bxon2aYzieNi373Ht1ay/v4TfebOxoPFrGVxVGfSB8Mr1Q9Rt7lEAAAAODqSsr4PITxMN5eyPu7k9X9aHpPV/N8/N4nLev7Jur/sy9o/a7/9+uilrYE6k3Gyk15aHQ5O70yltX+znG/P/+cRrfzK589ekvyGxB+uvzhK8+sZfXv37vvtPDxWR7YAwP9xquyLoPx9KOv7TSYGwJHRqhTeZf2fdJrNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAOo/XwTBlHIYTF1jTO3H98a+Vp/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8GkJoavR3i+lf+XiGg0No5PrsV/DPeDze1Xcdbz7nPQVxcbPnJZ+DETT4QwkAgEMpLVpW1z9MN5eyfdFCCOMfttf/b1TiMGP9/+iT8/eqY1Xr/35tM5x/vbWrX/Su37j51urV5cuDy4PP3j7Tf6d/9sK5cxd6+bOSnicmAAAA7E27aNX6P17Yuf5/shKHGev/L7/rfz0d6Y98q/7fabro13QmAAAAR9sLr/39V/SU/VG7Hb5aXlu71p9stz6fmWwbSHXXjhWtWv8nC01nBQAAANRhtB5tW/+/WInDjOv/z/748s/VcyYhhBPF+v+plc+HF+ubzlyr48+Jm54jAAAAzTpRtOr6f5q//x9vvfIQhxDefH0SF/8GcKb6P/ngm5+qYyWV9//P1jfFuRR3J9cj77shtLrbvvx7Y4kBAABwKB0vWlbs/5luLn36y8mP2t7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjbvwEAAP//E41CoA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xf0}) fstat(r0, &(0x7f0000000340)) 145.317707ms ago: executing program 3 (id=398): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x1b, &(0x7f00000000c0)={@dev}, 0x20) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x1b, &(0x7f0000000580)={@dev={0xfe, 0x80, '\x00', 0x29}}, 0x20) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000003e00250304000000000000000a"], 0x14}}, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f00000005c0)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x24, r5, 0x10, 0x70bd29, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0xbbf}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x40004}, 0x4004896) syz_pidfd_open(r3, 0x0) 132.439859ms ago: executing program 3 (id=399): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000180)='./file0\x00', 0x8, &(0x7f00000000c0)={[{@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'iso8859-13'}}, {@fat=@fmask={'fmask', 0x3d, 0xe0}}, {@fat=@usefree}, {@numtail}, {@uni_xlate}, {@shortname_win95}, {@shortname_winnt}, {@uni_xlateno}, {@fat=@discard}]}, 0x1, 0x23c, &(0x7f0000000740)="$eJzs3b9rE28YAPAn37TfhkJJB6EIQk9cnEJbcU+RCmJAUTLoZLEtSlMLFgo6WDf/Cf0XdHQVHMTVf0AEqYKL3ToIkfba2B8XE6XnFf18lnu4931yz3t3uXAH9+bWqaXFueWVhY2N9ahUSjFQj3pslmI0/otypB5Hhu3GelYLAHDMbbbb8bWdKroWAODP6Pr7n3nTDwD8DXrd/5fSxdWstkq+pQEAOfH8HwD+Pddv3Lw83WjMXEuSSsTSk9XmajNdpu3TC3E3WjEfE1GNbxHtjjS+eKkxM5Fs+TQazaW1nfy11WZ5f/5kjOw8LziUP5mk9ucPxvBO/vvhmI+pqMaJ7O1PZeb/H2fP7Nl+Larx7nYsRyvmtovo5I/HZJJcuNI4kD+03Q8AAAAAAAAAAAAAAAAAAAAAAPJQSzoy5++p1bq1p/n9zw90cH6edqnYkQMAAAAAAAAAAAAAAAAAAMDxsfLg4eJsqzV//2fBvbfPX3fWDPablRnsvvT/m+lHGIyc/vi0W59yj/0zEDkW9mq8yN3SZ/Bm/c7Jcytj5wsrY+s0PLym66n1pRqRrtl7TH/pW9AteFHosdgddc/OY8/qsy8fffjc7yf3unKUj/hKBAAAAAAAAAAAAAAAAAAAHH4Xul9D+RQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX48f//+QVFjxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL4HAAD//xS6lRw=") mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) 43.423496ms ago: executing program 0 (id=401): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) mkdir(0x0, 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0) 7.82232ms ago: executing program 0 (id=402): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x1000401, &(0x7f0000000000)={[{@resgid}, {@noload}, {@noblock_validity}]}, 0x84, 0x497, &(0x7f0000001540)="$eJzs3MtvG8UfAPDvrvPoO/n1Vx59QAMFEVFImrRAD0gIBFIvSEhwgGNIQ1XqtqgJEq0q2iJUjoi/ADgi8RdwggsCTiCucEdIFeqlhQMyWns3cWLXuHYdh/rzkdaZ2dfM7OxkZ3e8DmBgTWQfScS2iPglIsZq0dUrTNT+3Lx+cf7P6xfnk6hUXv1jtLrejesX54tVi+225pHJNCL9MIm9TdJdPH/h1Fy5vHAuj08vnX5nevH8hSdPnp47sXBi4czs0aNHDs888/TsU3eknFm5bux5/+y+3cfe+OTl+Uq8+f2XWX635cvry1Ez3nWaEzERlUqlkq6aO1L9fLTrvW8s2yPiSh5OhvqcGdpWioisuoar7X8sSrFSeWPx0gd9zRzQU9n1abRhbin/O5RkyzfVrQvcTRLtGgZUccXP7n+Lab36HhvBteezz4Vq+W/mU23JUGT37cl47Y691KP0t0XE65f/+jSboulzCACAO+vrrP/zRLP+Xxr31q23Ix9DGY+IgxGxMyL+HxG7IuKeiOq690XE/beZfnX86cpKvLH/89PmjgvXhqz/92w+trW6/7c8ajNeymPbq+UfTt46WV44lB+TyRgezeIzLdL45sWfP77Vsom6/l82ZekXfcE8H78PrXlAd3xuaa6bMte7diViz1Cz8ifLIwFJROyOiD0d7D87Zicf/2JfFt6xtXH5v5e/lcsd5Gi1yucRj9Xq/3KsKX8hqQ2R3Gp8cnpTlBcOTRdnRaMffrz6Sn18uC7cXfm7l9X/lqbnf17+ohkU47WLbe54ZCV49deP8n02NuVOz/+R5LVVybw3t7R0biZiZCQa58+ubFvEi/Wz8k8eiLiaDwTXt/+dEX9/lm+3NyKyk/iBiHgwIvbneX8oIh6OiAMtDsV3LzzyduuD1d/6P96q/iPGk/rx+g4CpVPfflXsbLkq838u7dX/kWpoMp/Tzv+/djN4J44hAAAAbHRpdQw6SaeWw2k6NVX7Dv+u2JKWzy4uHZyId88cr41Vj8dwWjzpGqt7HjqTPxsu4rNr4ocj4n/Vbxptrsan5s+Wt/e78DDgtt6i/Wd+69WXXoCN47be10p6lw9g/XlfEwZX2+1/uLf5ANaf6z8MLu0fBlez9n8p4mYfsgKss9u6/j/Xu3wA669V+/fID+5u7v9hcGn/MJAaX4kvfqOhkzf9VwI7j3W1+QAFSj3ac9T/aEcPApH2/dB1Hkg3Qjb254HRiGh3q0s9rdO15w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/3z8BAAD//yxO2No=") r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f0000000340)=ANY=[]) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x3fd, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000", @ANYRES32=r4], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r2, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', 0x0}) r7 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x41, &(0x7f0000000040)=0x61a4, 0x4) setsockopt$sock_int(r7, 0x1, 0x29, &(0x7f0000000080)=0x2, 0x4) sendmsg$can_raw(r7, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r6}, 0x10, 0x0}, 0x0) r8 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{0x1, 0xffffffffffffffff}, &(0x7f0000000180), 0x0}, 0x20) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000600)={0x0, 0x0}, 0x8) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000006c0)={{0x1, 0xffffffffffffffff}, 0x0, &(0x7f0000000680)='%pS \x00'}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000008c0)={0x0, 0x1d, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000490000000000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000180100002020752500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300005c0000008500000006000000185000000e000000000000000000000018110000", @ANYRES32=r9], &(0x7f0000000380)='GPL\x00', 0x0, 0x1f, &(0x7f00000003c0)=""/31, 0x41100, 0x2, '\x00', 0x0, 0x33, 0xffffffffffffffff, 0x8, &(0x7f0000000580)={0x8, 0x4}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f0000000700)=[r11], &(0x7f0000000740)=[{0x3, 0x1, 0x8, 0x9}, {0x3, 0x2, 0x7, 0x6}, {0x3, 0x1, 0xa, 0x4}, {0x0, 0x5, 0xc, 0x2}, {0x0, 0x5, 0x3, 0x6}], 0x10, 0xdaa}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000940)={0x1c, 0x17, &(0x7f00000004c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x6}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x1, 0x3, 0x9, 0x0, 0x6, 0xfffffffffffffff0}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000280)='GPL\x00', 0x8, 0x91, &(0x7f00000006c0)=""/145, 0x40f00, 0xc, '\x00', r6, 0x3, r0, 0x8, &(0x7f00000003c0)={0x8, 0x5}, 0x8, 0x10, 0x0, 0x0, r10, 0xffffffffffffffff, 0x5, &(0x7f00000007c0)=[r1, r4, 0xffffffffffffffff, r1], &(0x7f0000000800)=[{0x3, 0x3, 0x1, 0x9}, {0x5, 0x4, 0xf, 0x1}, {0x5, 0x3, 0xa, 0xb}, {0x0, 0x4, 0x8f, 0xc}, {0x3, 0x5, 0x3, 0x1}]}, 0x90) sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0) 0s ago: executing program 3 (id=403): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00') syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='mountinfo\x00') r4 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000280)=0xf) ioctl$TCFLSH(r4, 0x400455c8, 0x40000000004) kernel console output (not intermixed with test programs): x2d0 [ 65.450538][ T1082] ? __ia32_sys_read+0x90/0x90 [ 65.455133][ T1082] ? debug_smp_processor_id+0x17/0x20 [ 65.460340][ T1082] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 65.466243][ T1082] __x64_sys_bpf+0x7c/0x90 [ 65.470492][ T1082] x64_sys_call+0x87f/0x9a0 [ 65.474834][ T1082] do_syscall_64+0x3b/0xb0 [ 65.479086][ T1082] ? clear_bhb_loop+0x55/0xb0 [ 65.483601][ T1082] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 65.486160][ T410] bio_check_eod: 78602 callbacks suppressed [ 65.486181][ T410] syz.3.18: attempt to access beyond end of device [ 65.486181][ T410] loop3: rw=524288, sector=89784, nr_sectors = 8 limit=40427 [ 65.489324][ T1082] RIP: 0033:0x7f610d97cef9 [ 65.495095][ T410] syz.3.18: attempt to access beyond end of device [ 65.495095][ T410] loop3: rw=524288, sector=89792, nr_sectors = 8 limit=40427 [ 65.508592][ T1082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.508610][ T1082] RSP: 002b:00007f610e77c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 65.508629][ T1082] RAX: ffffffffffffffda RBX: 00007f610db35f80 RCX: 00007f610d97cef9 [ 65.508642][ T1082] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000011 [ 65.514979][ T410] syz.3.18: attempt to access beyond end of device [ 65.514979][ T410] loop3: rw=524288, sector=89800, nr_sectors = 8 limit=40427 [ 65.526392][ T1082] RBP: 00007f610e77c090 R08: 0000000000000000 R09: 0000000000000000 [ 65.526406][ T1082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.526417][ T1082] R13: 0000000000000000 R14: 00007f610db35f80 R15: 00007ffe24b943d8 [ 65.526433][ T1082] [ 65.530819][ T1058] netlink: 4 bytes leftover after parsing attributes in process `syz.0.163'. [ 65.546795][ T410] syz.3.18: attempt to access beyond end of device [ 65.546795][ T410] loop3: rw=524288, sector=89808, nr_sectors = 8 limit=40427 [ 65.560628][ T1058] netlink: 48 bytes leftover after parsing attributes in process `syz.0.163'. [ 65.572778][ T410] syz.3.18: attempt to access beyond end of device [ 65.572778][ T410] loop3: rw=524288, sector=89816, nr_sectors = 8 limit=40427 [ 65.591504][ T1087] FAULT_INJECTION: forcing a failure. [ 65.591504][ T1087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 65.605327][ T410] syz.3.18: attempt to access beyond end of device [ 65.605327][ T410] loop3: rw=524288, sector=89824, nr_sectors = 8 limit=40427 [ 65.607677][ T1087] CPU: 1 PID: 1087 Comm: syz.4.171 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 65.612379][ T410] syz.3.18: attempt to access beyond end of device [ 65.612379][ T410] loop3: rw=524288, sector=89832, nr_sectors = 8 limit=40427 [ 65.618123][ T1087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 65.618136][ T1087] Call Trace: [ 65.618141][ T1087] [ 65.618147][ T1087] dump_stack_lvl+0x151/0x1b7 [ 65.618170][ T1087] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 65.728885][ T1087] ? _parse_integer+0x2a/0x40 [ 65.733394][ T1087] dump_stack+0x15/0x1c [ 65.737379][ T1087] should_fail_ex+0x3d0/0x520 [ 65.741890][ T1087] should_fail+0xb/0x10 [ 65.745880][ T1087] should_fail_usercopy+0x1a/0x20 [ 65.750742][ T1087] _copy_from_user+0x1e/0xc0 [ 65.755168][ T1087] iovec_from_user+0xc7/0x320 [ 65.759680][ T1087] ? kasan_set_track+0x4b/0x70 [ 65.764279][ T1087] ? kasan_save_free_info+0x2b/0x40 [ 65.769317][ T1087] __import_iovec+0x70/0x430 [ 65.773743][ T1087] import_iovec+0xe5/0x120 [ 65.777996][ T1087] copy_msghdr_from_user+0x527/0x670 [ 65.783127][ T1087] ? sendmsg_copy_msghdr+0x70/0x70 [ 65.788067][ T1087] __sys_sendmsg+0x236/0x390 [ 65.792491][ T1087] ? ____sys_sendmsg+0x9a0/0x9a0 [ 65.797265][ T1087] ? __kasan_check_write+0x14/0x20 [ 65.802212][ T1087] ? mutex_unlock+0xb2/0x260 [ 65.806648][ T1087] ? __kasan_check_write+0x14/0x20 [ 65.811586][ T1087] ? __ia32_sys_read+0x90/0x90 [ 65.816186][ T1087] ? debug_smp_processor_id+0x17/0x20 [ 65.821394][ T1087] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 65.827293][ T1087] __x64_sys_sendmsg+0x7f/0x90 [ 65.831907][ T1087] x64_sys_call+0x16a/0x9a0 [ 65.836291][ T1087] do_syscall_64+0x3b/0xb0 [ 65.840484][ T1087] ? clear_bhb_loop+0x55/0xb0 [ 65.844999][ T1087] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 65.850729][ T1087] RIP: 0033:0x7f305257cef9 [ 65.854994][ T1087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 65.874423][ T1087] RSP: 002b:00007f30532ca038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 65.882669][ T1087] RAX: ffffffffffffffda RBX: 00007f3052735f80 RCX: 00007f305257cef9 [ 65.890478][ T1087] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 65.898289][ T1087] RBP: 00007f30532ca090 R08: 0000000000000000 R09: 0000000000000000 [ 65.906099][ T1087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 65.913916][ T1087] R13: 0000000000000000 R14: 00007f3052735f80 R15: 00007fff811d06d8 [ 65.921727][ T1087] [ 65.927327][ T410] syz.3.18: attempt to access beyond end of device [ 65.927327][ T410] loop3: rw=524288, sector=89840, nr_sectors = 8 limit=40427 [ 65.941581][ T934] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 65.948250][ T410] syz.3.18: attempt to access beyond end of device [ 65.948250][ T410] loop3: rw=524288, sector=89848, nr_sectors = 8 limit=40427 [ 65.948379][ T410] syz.3.18: attempt to access beyond end of device [ 65.948379][ T410] loop3: rw=524288, sector=89856, nr_sectors = 8 limit=40427 [ 65.976917][ T934] usb 1-1: USB disconnect, device number 8 [ 65.986751][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 66.005482][ T1089] loop2: detected capacity change from 0 to 512 [ 66.042101][ T1089] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 66.444621][ T1106] loop1: detected capacity change from 0 to 1024 [ 66.453111][ T292] EXT4-fs (loop2): unmounting filesystem. [ 66.499753][ T1106] EXT4-fs: Ignoring removed orlov option [ 66.509899][ T1111] FAULT_INJECTION: forcing a failure. [ 66.509899][ T1111] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 66.522787][ T1111] CPU: 1 PID: 1111 Comm: syz.4.175 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 66.532199][ T1111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 66.542123][ T1111] Call Trace: [ 66.545215][ T1111] [ 66.548010][ T1111] dump_stack_lvl+0x151/0x1b7 [ 66.552509][ T1111] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 66.557813][ T1111] dump_stack+0x15/0x1c [ 66.561791][ T1111] should_fail_ex+0x3d0/0x520 [ 66.566308][ T1111] should_fail+0xb/0x10 [ 66.570297][ T1111] should_fail_usercopy+0x1a/0x20 [ 66.575189][ T1111] _copy_from_user+0x1e/0xc0 [ 66.579588][ T1111] __se_sys_memfd_create+0x131/0x3e0 [ 66.584718][ T1111] __x64_sys_memfd_create+0x5b/0x70 [ 66.589742][ T1111] x64_sys_call+0x871/0x9a0 [ 66.594079][ T1111] do_syscall_64+0x3b/0xb0 [ 66.598333][ T1111] ? clear_bhb_loop+0x55/0xb0 [ 66.602849][ T1111] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 66.608572][ T1111] RIP: 0033:0x7f305257cef9 [ 66.612831][ T1111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 66.632267][ T1111] RSP: 002b:00007f30523fee18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 66.640512][ T1111] RAX: ffffffffffffffda RBX: 00000000000002c7 RCX: 00007f305257cef9 [ 66.648323][ T1111] RDX: 00007f30523feef0 RSI: 0000000000000000 RDI: 00007f30525ef839 [ 66.656134][ T1111] RBP: 0000000020000a40 R08: 00007f30523febb7 R09: 00007f30523fee40 [ 66.663951][ T1111] R10: 000000000000000a R11: 0000000000000202 R12: 0000000020000280 [ 66.671768][ T1111] R13: 00007f30523feef0 R14: 00007f30523feeb0 R15: 0000000020000340 [ 66.679621][ T1111] [ 66.700301][ T1106] EXT4-fs (loop1): Test dummy encryption mode enabled [ 66.747336][ T1106] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 66.856112][ T24] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 67.316367][ T1127] loop4: detected capacity change from 0 to 1024 [ 67.322804][ T1127] EXT4-fs: Ignoring removed oldalloc option [ 67.329029][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 67.334097][ T1127] EXT4-fs: Mount option(s) incompatible with ext2 [ 67.471149][ T291] EXT4-fs (loop1): unmounting filesystem. [ 67.506102][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 67.516892][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 67.527043][ T24] usb 1-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 67.535931][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 67.567508][ T24] usb 1-1: config 0 descriptor?? [ 67.583490][ T28] audit: type=1400 audit(1725779826.969:225): avc: denied { write } for pid=1126 comm="syz.4.180" path="socket:[19964]" dev="sockfs" ino=19964 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 67.771974][ T28] audit: type=1400 audit(1725779826.969:226): avc: denied { nlmsg_write } for pid=1126 comm="syz.4.180" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 67.826077][ T39] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 67.827523][ T1121] loop2: detected capacity change from 0 to 40427 [ 67.862957][ T1121] F2FS-fs (loop2): invalid crc value [ 67.880217][ T1121] F2FS-fs (loop2): Found nat_bits in checkpoint [ 67.943859][ T1121] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 68.257055][ T28] audit: type=1400 audit(1725779827.629:227): avc: denied { write } for pid=1133 comm="syz.3.182" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 68.316227][ T39] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 68.336119][ T24] usbhid 1-1:0.0: can't add hid device: -71 [ 68.342574][ T24] usbhid: probe of 1-1:0.0 failed with error -71 [ 68.447075][ T24] usb 1-1: USB disconnect, device number 9 [ 68.646120][ T39] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 68.654981][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 68.676066][ T39] usb 2-1: Product: syz [ 68.680068][ T39] usb 2-1: Manufacturer: syz [ 68.684490][ T39] usb 2-1: SerialNumber: syz [ 68.686705][ T1140] loop4: detected capacity change from 0 to 40427 [ 68.699897][ T39] usb 2-1: config 0 descriptor?? [ 68.712681][ T1140] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 68.720381][ T1140] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 68.730567][ T1140] F2FS-fs (loop4): Found nat_bits in checkpoint [ 68.775765][ T1140] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 68.782718][ T1140] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 68.814941][ T28] audit: type=1400 audit(1725779828.199:228): avc: denied { create } for pid=1139 comm="syz.4.183" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 68.964219][ T1131] netlink: 4 bytes leftover after parsing attributes in process `syz.1.181'. [ 68.989353][ T1131] netlink: 48 bytes leftover after parsing attributes in process `syz.1.181'. [ 69.033395][ T39] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 69.104789][ T39] usb 2-1: USB disconnect, device number 6 [ 69.136459][ T28] audit: type=1400 audit(1725779828.459:229): avc: denied { setopt } for pid=1159 comm="syz.0.188" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 69.292164][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 69.705317][ T28] audit: type=1400 audit(1725779829.089:230): avc: denied { read } for pid=1139 comm="syz.4.183" name="file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 69.768487][ T28] audit: type=1400 audit(1725779829.089:231): avc: denied { rename } for pid=1139 comm="syz.4.183" name="file0" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 70.399014][ T1181] netlink: 40 bytes leftover after parsing attributes in process `syz.3.195'. [ 70.422886][ T1183] loop2: detected capacity change from 0 to 1024 [ 70.453720][ T1183] EXT4-fs: Ignoring removed orlov option [ 70.473305][ T1183] EXT4-fs (loop2): Test dummy encryption mode enabled [ 70.497290][ T410] bio_check_eod: 53306 callbacks suppressed [ 70.497304][ T410] syz.3.18: attempt to access beyond end of device [ 70.497304][ T410] loop3: rw=524288, sector=88632, nr_sectors = 8 limit=40427 [ 70.517104][ T410] syz.3.18: attempt to access beyond end of device [ 70.517104][ T410] loop3: rw=524288, sector=88640, nr_sectors = 8 limit=40427 [ 70.519588][ T1183] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 70.530968][ T410] syz.3.18: attempt to access beyond end of device [ 70.530968][ T410] loop3: rw=524288, sector=88648, nr_sectors = 8 limit=40427 [ 70.553406][ T410] syz.3.18: attempt to access beyond end of device [ 70.553406][ T410] loop3: rw=524288, sector=88656, nr_sectors = 8 limit=40427 [ 70.567880][ T410] syz.3.18: attempt to access beyond end of device [ 70.567880][ T410] loop3: rw=524288, sector=88664, nr_sectors = 8 limit=40427 [ 70.581500][ T410] syz.3.18: attempt to access beyond end of device [ 70.581500][ T410] loop3: rw=524288, sector=88672, nr_sectors = 8 limit=40427 [ 70.595033][ T410] syz.3.18: attempt to access beyond end of device [ 70.595033][ T410] loop3: rw=524288, sector=88680, nr_sectors = 8 limit=40427 [ 70.608567][ T410] syz.3.18: attempt to access beyond end of device [ 70.608567][ T410] loop3: rw=524288, sector=88688, nr_sectors = 8 limit=40427 [ 70.622500][ T410] syz.3.18: attempt to access beyond end of device [ 70.622500][ T410] loop3: rw=524288, sector=88696, nr_sectors = 8 limit=40427 [ 70.649616][ T410] syz.3.18: attempt to access beyond end of device [ 70.649616][ T410] loop3: rw=524288, sector=88704, nr_sectors = 8 limit=40427 [ 70.667806][ T1197] netlink: 24 bytes leftover after parsing attributes in process `syz.1.198'. [ 70.796324][ T294] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 70.854447][ T1200] loop0: detected capacity change from 0 to 1024 [ 70.930271][ T1200] EXT4-fs: quotafile must be on filesystem root [ 70.996069][ T24] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 71.003730][ T1203] FAULT_INJECTION: forcing a failure. [ 71.003730][ T1203] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 71.016945][ T1203] CPU: 1 PID: 1203 Comm: syz.3.200 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 71.026389][ T1203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 71.036284][ T1203] Call Trace: [ 71.039409][ T1203] [ 71.042274][ T1203] dump_stack_lvl+0x151/0x1b7 [ 71.046785][ T1203] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 71.052077][ T1203] ? queue_work_on+0x135/0x170 [ 71.056694][ T1203] dump_stack+0x15/0x1c [ 71.060670][ T1203] should_fail_ex+0x3d0/0x520 [ 71.065207][ T1203] should_fail+0xb/0x10 [ 71.069181][ T1203] should_fail_usercopy+0x1a/0x20 [ 71.074035][ T1203] _copy_to_user+0x1e/0x90 [ 71.078291][ T1203] simple_read_from_buffer+0xc7/0x150 [ 71.083500][ T1203] proc_fail_nth_read+0x1a3/0x210 [ 71.088360][ T1203] ? proc_fault_inject_write+0x390/0x390 [ 71.093822][ T1203] ? fsnotify_perm+0x470/0x5d0 [ 71.098426][ T1203] ? security_file_permission+0x86/0xb0 [ 71.103803][ T1203] ? proc_fault_inject_write+0x390/0x390 [ 71.109277][ T1203] vfs_read+0x26c/0xad0 [ 71.113280][ T1203] ? kernel_read+0x1f0/0x1f0 [ 71.117700][ T1203] ? mutex_lock+0xb1/0x1e0 [ 71.121948][ T1203] ? bit_wait_io_timeout+0x120/0x120 [ 71.127069][ T1203] ? __fdget_pos+0x2e2/0x390 [ 71.131491][ T1203] ? ksys_read+0x77/0x2c0 [ 71.135669][ T1203] ksys_read+0x199/0x2c0 [ 71.139740][ T1203] ? __ia32_sys_recv+0xb0/0xb0 [ 71.144338][ T1203] ? vfs_write+0xeb0/0xeb0 [ 71.148593][ T1203] ? debug_smp_processor_id+0x17/0x20 [ 71.153799][ T1203] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 71.159709][ T1203] __x64_sys_read+0x7b/0x90 [ 71.164037][ T1203] x64_sys_call+0x28/0x9a0 [ 71.168289][ T1203] do_syscall_64+0x3b/0xb0 [ 71.172551][ T1203] ? clear_bhb_loop+0x55/0xb0 [ 71.177056][ T1203] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 71.182786][ T1203] RIP: 0033:0x7f2172b7b93c [ 71.187049][ T1203] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 71.206477][ T1203] RSP: 002b:00007f21738f7030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 71.214739][ T1203] RAX: ffffffffffffffda RBX: 00007f2172d35f80 RCX: 00007f2172b7b93c [ 71.222537][ T1203] RDX: 000000000000000f RSI: 00007f21738f70a0 RDI: 0000000000000008 [ 71.230347][ T1203] RBP: 00007f21738f7090 R08: 0000000000000000 R09: 0000000000000000 [ 71.238159][ T1203] R10: 00000000200001c0 R11: 0000000000000246 R12: 0000000000000001 [ 71.245966][ T1203] R13: 0000000000000000 R14: 00007f2172d35f80 R15: 00007ffedda832d8 [ 71.253986][ T1203] [ 71.360627][ T294] usb 5-1: Using ep0 maxpacket: 8 [ 71.367400][ T292] EXT4-fs (loop2): unmounting filesystem. [ 71.407611][ T28] audit: type=1400 audit(1725779830.799:232): avc: denied { unlink } for pid=1199 comm="syz.0.199" name="#9" dev="tmpfs" ino=275 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 71.447033][ T28] audit: type=1400 audit(1725779830.829:233): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 71.516108][ T294] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 71.536059][ T294] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 71.546274][ T24] usb 2-1: device descriptor read/64, error -71 [ 71.558373][ T294] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 71.577444][ T294] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 71.595926][ T294] usb 5-1: config 0 descriptor?? [ 71.666069][ T352] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 71.673399][ T6] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 71.721452][ T1209] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.728411][ T1209] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.735558][ T1209] device bridge_slave_0 entered promiscuous mode [ 71.744257][ T1209] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.751317][ T1209] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.758594][ T1209] device bridge_slave_1 entered promiscuous mode [ 71.821744][ T1209] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.828620][ T1209] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.835679][ T1209] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.842502][ T1209] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.872742][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 71.880794][ T934] bridge0: port 1(bridge_slave_0) entered disabled state [ 71.888115][ T934] bridge0: port 2(bridge_slave_1) entered disabled state [ 71.909675][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 71.918268][ T934] bridge0: port 1(bridge_slave_0) entered blocking state [ 71.925207][ T934] bridge0: port 1(bridge_slave_0) entered forwarding state [ 71.933260][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 71.941108][ T24] usb 2-1: device descriptor read/64, error -71 [ 71.947727][ T934] bridge0: port 2(bridge_slave_1) entered blocking state [ 71.954555][ T934] bridge0: port 2(bridge_slave_1) entered forwarding state [ 71.961805][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 71.969657][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 71.991691][ T1209] device veth0_vlan entered promiscuous mode [ 71.998251][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 72.016848][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 72.025131][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 72.032613][ T315] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 72.036142][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 72.050390][ T352] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 72.069140][ T1209] device veth1_macvtap entered promiscuous mode [ 72.081954][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 72.098242][ T6] usb 3-1: New USB device found, idVendor=056a, idProduct=033c, bcdDevice= 0.00 [ 72.115470][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 72.124754][ T586] device bridge_slave_1 left promiscuous mode [ 72.131451][ T586] bridge0: port 2(bridge_slave_1) entered disabled state [ 72.139147][ T586] device bridge_slave_0 left promiscuous mode [ 72.145064][ T586] bridge0: port 1(bridge_slave_0) entered disabled state [ 72.153222][ T586] device veth1_macvtap left promiscuous mode [ 72.159431][ T586] device veth0_vlan left promiscuous mode [ 72.166644][ T6] usb 3-1: config 0 descriptor?? [ 72.226101][ T294] usbhid 5-1:0.0: can't add hid device: -71 [ 72.231929][ T294] usbhid: probe of 5-1:0.0 failed with error -71 [ 72.236130][ T352] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 72.256183][ T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 72.355007][ T294] usb 5-1: USB disconnect, device number 5 [ 72.531451][ T352] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 72.539418][ T352] usb 4-1: Product: syz [ 72.543379][ T352] usb 4-1: Manufacturer: syz [ 72.547850][ T352] usb 4-1: SerialNumber: syz [ 72.554484][ T352] usb 4-1: config 0 descriptor?? [ 72.586124][ T24] usb 2-1: device descriptor read/64, error -71 [ 72.609395][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 72.618360][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 72.626683][ T296] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 72.904989][ T1205] netlink: 4 bytes leftover after parsing attributes in process `syz.3.201'. [ 72.929537][ T1205] netlink: 48 bytes leftover after parsing attributes in process `syz.3.201'. [ 73.066162][ T6] usbhid 3-1:0.0: can't add hid device: -71 [ 73.077716][ T6] usbhid: probe of 3-1:0.0 failed with error -71 [ 73.098006][ T352] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 73.109786][ T6] usb 3-1: USB disconnect, device number 4 [ 73.121519][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 73.137545][ T352] usb 4-1: USB disconnect, device number 5 [ 73.147268][ T24] usb 2-1: device descriptor read/64, error -71 [ 73.266126][ T24] usb usb2-port1: attempt power cycle [ 73.560131][ T295] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 73.689848][ T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 73.702308][ T1245] FAULT_INJECTION: forcing a failure. [ 73.702308][ T1245] name failslab, interval 1, probability 0, space 0, times 0 [ 73.810555][ T1245] CPU: 1 PID: 1245 Comm: syz.1.214 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 73.820201][ T1245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 73.830092][ T1245] Call Trace: [ 73.833210][ T1245] [ 73.835985][ T1245] dump_stack_lvl+0x151/0x1b7 [ 73.840499][ T1245] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 73.845791][ T1245] ? __wake_up_klogd+0xd5/0x110 [ 73.850477][ T1245] dump_stack+0x15/0x1c [ 73.854468][ T1245] should_fail_ex+0x3d0/0x520 [ 73.858984][ T1245] ? cgroup_show_path+0xa8/0x350 [ 73.863755][ T1245] __should_failslab+0xaf/0xf0 [ 73.868356][ T1245] should_failslab+0x9/0x20 [ 73.872698][ T1245] __kmem_cache_alloc_node+0x3d/0x250 [ 73.877917][ T1245] ? cgroup_show_path+0xa8/0x350 [ 73.882680][ T1245] kmalloc_trace+0x2a/0xa0 [ 73.886932][ T1245] cgroup_show_path+0xa8/0x350 [ 73.891528][ T1245] ? cgroup_finalize_control+0xa80/0xa80 [ 73.896998][ T1245] kernfs_sop_show_path+0x10d/0x140 [ 73.902030][ T1245] ? kernfs_sop_show_options+0x120/0x120 [ 73.907498][ T1245] show_mountinfo+0x23d/0x7d0 [ 73.912019][ T1245] ? show_mnt_opts+0x3b0/0x3b0 [ 73.916612][ T1245] ? vm_mmap+0xb0/0xb0 [ 73.920518][ T1245] m_show+0x66/0x70 [ 73.924161][ T1245] seq_read_iter+0x916/0xd00 [ 73.928592][ T1245] vfs_read+0x771/0xad0 [ 73.932583][ T1245] ? kernel_read+0x1f0/0x1f0 [ 73.937007][ T1245] ? mutex_lock+0xb1/0x1e0 [ 73.941274][ T1245] ? bit_wait_io_timeout+0x120/0x120 [ 73.946381][ T1245] ? __fdget_pos+0x2e2/0x390 [ 73.950815][ T1245] ? ksys_read+0x77/0x2c0 [ 73.954970][ T1245] ksys_read+0x199/0x2c0 [ 73.959050][ T1245] ? save_fpregs_to_fpstate+0x220/0x220 [ 73.964432][ T1245] ? vfs_write+0xeb0/0xeb0 [ 73.968684][ T1245] ? debug_smp_processor_id+0x17/0x20 [ 73.973889][ T1245] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 73.979811][ T1245] __x64_sys_read+0x7b/0x90 [ 73.984134][ T1245] x64_sys_call+0x28/0x9a0 [ 73.988385][ T1245] do_syscall_64+0x3b/0xb0 [ 73.992638][ T1245] ? clear_bhb_loop+0x55/0xb0 [ 73.997155][ T1245] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 74.002881][ T1245] RIP: 0033:0x7f62e7f7cef9 [ 74.007136][ T1245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.026585][ T1245] RSP: 002b:00007f62e8dc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 74.034828][ T1245] RAX: ffffffffffffffda RBX: 00007f62e8135f80 RCX: 00007f62e7f7cef9 [ 74.042632][ T1245] RDX: 0000000000002025 RSI: 0000000020002d80 RDI: 0000000000000003 [ 74.050441][ T1245] RBP: 00007f62e8dc0090 R08: 0000000000000000 R09: 0000000000000000 [ 74.058251][ T1245] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 74.066065][ T1245] R13: 0000000000000000 R14: 00007f62e8135f80 R15: 00007ffff4377698 [ 74.073883][ T1245] [ 74.077061][ T295] usb 1-1: Using ep0 maxpacket: 8 [ 74.206124][ T295] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.220231][ T295] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.237385][ T295] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 74.248905][ T295] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.259515][ T295] usb 1-1: config 0 descriptor?? [ 74.280335][ T1252] loop1: detected capacity change from 0 to 1024 [ 74.302818][ T1252] EXT4-fs: Ignoring removed orlov option [ 74.309570][ T1252] EXT4-fs (loop1): Test dummy encryption mode enabled [ 74.316314][ T24] usb 2-1: device not accepting address 9, error -71 [ 74.334974][ T1252] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 75.158313][ T295] kone 0003:1E7D:2CED.0008: collection stack underflow [ 75.160741][ T291] EXT4-fs (loop1): unmounting filesystem. [ 75.165128][ T295] kone 0003:1E7D:2CED.0008: item 0 1 0 12 parsing failed [ 75.178871][ T295] kone 0003:1E7D:2CED.0008: parse failed [ 75.185131][ T295] kone: probe of 0003:1E7D:2CED.0008 failed with error -22 [ 75.194901][ T1264] loop2: detected capacity change from 0 to 512 [ 75.224453][ T1266] loop1: detected capacity change from 0 to 1024 [ 75.243224][ T1266] EXT4-fs: quotafile must be on filesystem root [ 75.250463][ T1264] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 75.422276][ T292] EXT4-fs (loop2): unmounting filesystem. [ 75.506894][ T410] bio_check_eod: 105912 callbacks suppressed [ 75.506913][ T410] syz.3.18: attempt to access beyond end of device [ 75.506913][ T410] loop3: rw=524288, sector=88568, nr_sectors = 8 limit=40427 [ 75.535106][ T410] syz.3.18: attempt to access beyond end of device [ 75.535106][ T410] loop3: rw=524288, sector=88576, nr_sectors = 8 limit=40427 [ 75.549131][ T410] syz.3.18: attempt to access beyond end of device [ 75.549131][ T410] loop3: rw=524288, sector=88584, nr_sectors = 8 limit=40427 [ 75.562975][ T410] syz.3.18: attempt to access beyond end of device [ 75.562975][ T410] loop3: rw=524288, sector=88592, nr_sectors = 8 limit=40427 [ 75.577301][ T410] syz.3.18: attempt to access beyond end of device [ 75.577301][ T410] loop3: rw=524288, sector=88600, nr_sectors = 8 limit=40427 [ 75.592768][ T410] syz.3.18: attempt to access beyond end of device [ 75.592768][ T410] loop3: rw=524288, sector=88608, nr_sectors = 8 limit=40427 [ 75.596462][ T28] audit: type=1400 audit(1725779834.989:234): avc: denied { write } for pid=1279 comm="syz.3.221" name="raw6" dev="proc" ino=4026533155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 75.606519][ T410] syz.3.18: attempt to access beyond end of device [ 75.606519][ T410] loop3: rw=524288, sector=88616, nr_sectors = 8 limit=40427 [ 75.629425][ T28] audit: type=1400 audit(1725779835.019:235): avc: denied { mounton } for pid=1279 comm="syz.3.221" path="/12/file0" dev="tmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1 [ 75.664665][ T410] syz.3.18: attempt to access beyond end of device [ 75.664665][ T410] loop3: rw=524288, sector=88624, nr_sectors = 8 limit=40427 [ 75.679494][ T410] syz.3.18: attempt to access beyond end of device [ 75.679494][ T410] loop3: rw=524288, sector=88632, nr_sectors = 8 limit=40427 [ 75.693405][ T410] syz.3.18: attempt to access beyond end of device [ 75.693405][ T410] loop3: rw=524288, sector=88640, nr_sectors = 8 limit=40427 [ 75.806069][ T294] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 75.865649][ T1286] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.873197][ T1286] bridge0: port 1(bridge_slave_0) entered disabled state [ 75.880675][ T1286] device bridge_slave_0 entered promiscuous mode [ 75.891286][ T1286] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.898328][ T1286] bridge0: port 2(bridge_slave_1) entered disabled state [ 75.905487][ T1286] device bridge_slave_1 entered promiscuous mode [ 75.973609][ T1286] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.980479][ T1286] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.987588][ T1286] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.994347][ T1286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.018681][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.025922][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.041077][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 76.049250][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.056568][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 76.064725][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.072963][ T523] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.079864][ T523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.095522][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 76.104176][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.112234][ T523] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.119089][ T523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.126317][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 76.134177][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.157749][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 76.165620][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.173926][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 76.182208][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.191208][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 76.199148][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.207845][ T1286] device veth0_vlan entered promiscuous mode [ 76.218032][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.225240][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 76.237124][ T1286] device veth1_macvtap entered promiscuous mode [ 76.249000][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 76.257222][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 76.265383][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 76.273355][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 76.281456][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 76.336191][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 76.344231][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 76.371325][ T1294] loop1: detected capacity change from 0 to 16 [ 76.382772][ T1294] erofs: (device loop1): mounted with root inode @ nid 36. [ 76.397377][ T531] device bridge_slave_1 left promiscuous mode [ 76.404609][ T531] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.412273][ T531] device bridge_slave_0 left promiscuous mode [ 76.424783][ T531] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.434434][ T352] usb 1-1: USB disconnect, device number 10 [ 76.449619][ T531] device veth1_macvtap left promiscuous mode [ 76.455515][ T531] device veth0_vlan left promiscuous mode [ 76.596130][ T6] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 76.633979][ T1295] input: syz0 as /devices/virtual/input/input7 [ 76.966079][ T6] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.046590][ T24] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 77.136122][ T6] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 77.145054][ T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.153048][ T6] usb 3-1: Product: syz [ 77.157165][ T6] usb 3-1: Manufacturer: syz [ 77.161572][ T6] usb 3-1: SerialNumber: syz [ 77.176255][ T6] usb 3-1: config 0 descriptor?? [ 77.262084][ T1301] loop1: detected capacity change from 0 to 1024 [ 77.271372][ T1301] EXT4-fs: Ignoring removed orlov option [ 77.277678][ T1301] EXT4-fs (loop1): Test dummy encryption mode enabled [ 77.287513][ T1301] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 77.417217][ T1292] netlink: 4 bytes leftover after parsing attributes in process `syz.2.224'. [ 77.446343][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 77.676502][ T24] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 77.687568][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.699459][ T24] usb 1-1: Product: syz [ 77.699467][ T6] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 77.700226][ T6] usb 3-1: USB disconnect, device number 5 [ 77.710463][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 77.731622][ T24] usb 1-1: Manufacturer: syz [ 77.736504][ T24] usb 1-1: SerialNumber: syz [ 77.744959][ T24] usb 1-1: config 0 descriptor?? [ 77.998357][ T1298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.225'. [ 78.007891][ T1298] netlink: 48 bytes leftover after parsing attributes in process `syz.0.225'. [ 78.037785][ T24] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 78.047790][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 78.063654][ T24] usb 1-1: USB disconnect, device number 11 [ 78.127335][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 78.141601][ T28] audit: type=1400 audit(1725779837.529:236): avc: denied { getopt } for pid=1308 comm="syz.1.228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 78.545852][ T1317] loop0: detected capacity change from 0 to 128 [ 78.581854][ T1317] EXT4-fs: Ignoring removed i_version option [ 78.605207][ T1317] EXT4-fs: Ignoring removed orlov option [ 78.626181][ T1317] ext2: Unknown parameter 'func' [ 78.683012][ T28] audit: type=1400 audit(1725779838.069:237): avc: denied { mount } for pid=1316 comm="syz.0.230" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 78.709877][ T1317] loop0: detected capacity change from 0 to 1 [ 78.719614][ T28] audit: type=1400 audit(1725779838.099:238): avc: denied { remount } for pid=1316 comm="syz.0.230" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 78.760084][ T28] audit: type=1400 audit(1725779838.139:239): avc: denied { unmount } for pid=1209 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 78.783764][ T1320] loop0: detected capacity change from 0 to 512 [ 78.830669][ T1320] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 79.078406][ T1209] EXT4-fs (loop0): unmounting filesystem. [ 79.660259][ T1344] netlink: 40 bytes leftover after parsing attributes in process `syz.2.235'. [ 80.516097][ T410] bio_check_eod: 161308 callbacks suppressed [ 80.516116][ T410] syz.3.18: attempt to access beyond end of device [ 80.516116][ T410] loop3: rw=524288, sector=88152, nr_sectors = 8 limit=40427 [ 80.535551][ T410] syz.3.18: attempt to access beyond end of device [ 80.535551][ T410] loop3: rw=524288, sector=88160, nr_sectors = 8 limit=40427 [ 80.549041][ T410] syz.3.18: attempt to access beyond end of device [ 80.549041][ T410] loop3: rw=524288, sector=88168, nr_sectors = 8 limit=40427 [ 80.562593][ T410] syz.3.18: attempt to access beyond end of device [ 80.562593][ T410] loop3: rw=524288, sector=88176, nr_sectors = 8 limit=40427 [ 80.576330][ T410] syz.3.18: attempt to access beyond end of device [ 80.576330][ T410] loop3: rw=524288, sector=88184, nr_sectors = 8 limit=40427 [ 80.576468][ T294] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 80.589986][ T352] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 80.597401][ T410] syz.3.18: attempt to access beyond end of device [ 80.597401][ T410] loop3: rw=524288, sector=88192, nr_sectors = 8 limit=40427 [ 80.618364][ T410] syz.3.18: attempt to access beyond end of device [ 80.618364][ T410] loop3: rw=524288, sector=88200, nr_sectors = 8 limit=40427 [ 80.632134][ T410] syz.3.18: attempt to access beyond end of device [ 80.632134][ T410] loop3: rw=524288, sector=88208, nr_sectors = 8 limit=40427 [ 80.645929][ T410] syz.3.18: attempt to access beyond end of device [ 80.645929][ T410] loop3: rw=524288, sector=88216, nr_sectors = 8 limit=40427 [ 80.660971][ T410] syz.3.18: attempt to access beyond end of device [ 80.660971][ T410] loop3: rw=524288, sector=88224, nr_sectors = 8 limit=40427 [ 80.700295][ T1358] loop2: detected capacity change from 0 to 1024 [ 80.706868][ T1358] EXT4-fs: Ignoring removed orlov option [ 80.712971][ T1358] EXT4-fs (loop2): Test dummy encryption mode enabled [ 80.722233][ T1358] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 81.186084][ T294] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.226076][ T352] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 81.366688][ T294] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 81.375747][ T294] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.383745][ T294] usb 1-1: Product: syz [ 81.387913][ T294] usb 1-1: Manufacturer: syz [ 81.392317][ T294] usb 1-1: SerialNumber: syz [ 81.396097][ T352] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 81.401585][ T294] usb 1-1: config 0 descriptor?? [ 81.409761][ T352] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 81.418274][ T352] usb 2-1: Product: syz [ 81.422210][ T352] usb 2-1: Manufacturer: syz [ 81.426803][ T352] usb 2-1: SerialNumber: syz [ 81.438570][ T352] usb 2-1: config 0 descriptor?? [ 81.575159][ T292] EXT4-fs (loop2): unmounting filesystem. [ 81.658659][ T1353] netlink: 4 bytes leftover after parsing attributes in process `syz.0.237'. [ 81.676323][ T1353] netlink: 48 bytes leftover after parsing attributes in process `syz.0.237'. [ 81.696103][ T1356] netlink: 4 bytes leftover after parsing attributes in process `syz.1.239'. [ 81.715720][ T1356] netlink: 48 bytes leftover after parsing attributes in process `syz.1.239'. [ 81.729382][ T294] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 81.743821][ T318] udevd[318]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 81.760787][ T352] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 81.760997][ T294] usb 1-1: USB disconnect, device number 12 [ 81.778096][ T352] usb 2-1: USB disconnect, device number 11 [ 81.797640][ T318] udevd[318]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 81.875577][ T1365] loop2: detected capacity change from 0 to 40427 [ 81.900202][ T1365] F2FS-fs (loop2): invalid crc value [ 81.906555][ T1365] F2FS-fs (loop2): Found nat_bits in checkpoint [ 81.950174][ T1365] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 82.269591][ T1372] loop1: detected capacity change from 0 to 512 [ 82.286087][ T352] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 82.299649][ T1372] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 82.366878][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 82.566072][ T294] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 82.716095][ T352] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 82.736039][ T352] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 82.745589][ T352] usb 3-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 82.766050][ T352] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 82.782886][ T1390] loop1: detected capacity change from 0 to 512 [ 82.803782][ T1390] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz.1.246: casefold flag without casefold feature [ 82.806469][ T352] usb 3-1: config 0 descriptor?? [ 82.820998][ T1390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.246: missing EA_INODE flag [ 82.832951][ T1390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.246: error while reading EA inode 12 err=-117 [ 82.845058][ T1390] EXT4-fs (loop1): 1 orphan inode deleted [ 82.850622][ T1390] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 83.016111][ T294] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 83.206355][ T294] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 83.226310][ T294] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 83.234175][ T294] usb 1-1: Product: syz [ 83.248391][ T294] usb 1-1: Manufacturer: syz [ 83.252800][ T294] usb 1-1: SerialNumber: syz [ 83.258025][ T294] usb 1-1: config 0 descriptor?? [ 83.318742][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 83.497783][ T1375] netlink: 4 bytes leftover after parsing attributes in process `syz.0.244'. [ 83.506672][ T1375] netlink: 48 bytes leftover after parsing attributes in process `syz.0.244'. [ 83.547543][ T294] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 83.562434][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 83.566107][ T352] hid-led: probe of 0003:27B8:01ED.0009 failed with error -71 [ 83.578303][ T294] usb 1-1: USB disconnect, device number 13 [ 83.594829][ T352] usb 3-1: USB disconnect, device number 6 [ 83.874818][ T1400] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.883064][ T1400] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.890664][ T1400] device bridge_slave_0 entered promiscuous mode [ 83.898449][ T1400] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.905361][ T1400] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.912768][ T1400] device bridge_slave_1 entered promiscuous mode [ 83.984091][ T1400] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.990969][ T1400] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.998055][ T1400] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.004827][ T1400] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.038506][ T1406] syz.0.250[1406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.038608][ T1406] syz.0.250[1406] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 84.058866][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.095208][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.106563][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.140551][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.156457][ T352] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.163313][ T352] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.213356][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.222055][ T352] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.228945][ T352] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.237499][ T28] audit: type=1400 audit(1725779843.629:240): avc: denied { nlmsg_read } for pid=1409 comm="syz.1.252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 84.258630][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.278716][ T1410] netlink: 4 bytes leftover after parsing attributes in process `syz.1.252'. [ 84.289291][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.304028][ T1400] device veth0_vlan entered promiscuous mode [ 84.326890][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.337346][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.344632][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.359528][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.375388][ T1400] device veth1_macvtap entered promiscuous mode [ 84.384402][ T1418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.254'. [ 84.395902][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.413053][ T1418] FAULT_INJECTION: forcing a failure. [ 84.413053][ T1418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 84.426355][ T1418] CPU: 0 PID: 1418 Comm: syz.1.254 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 84.435798][ T1418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 84.445689][ T1418] Call Trace: [ 84.448813][ T1418] [ 84.451593][ T1418] dump_stack_lvl+0x151/0x1b7 [ 84.456105][ T1418] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 84.461407][ T1418] ? _parse_integer+0x2a/0x40 [ 84.465913][ T1418] dump_stack+0x15/0x1c [ 84.469904][ T1418] should_fail_ex+0x3d0/0x520 [ 84.474422][ T1418] should_fail+0xb/0x10 [ 84.478411][ T1418] should_fail_usercopy+0x1a/0x20 [ 84.483273][ T1418] _copy_from_user+0x1e/0xc0 [ 84.487699][ T1418] iovec_from_user+0xc7/0x320 [ 84.492213][ T1418] ? kasan_set_track+0x4b/0x70 [ 84.496917][ T1418] ? kasan_save_free_info+0x2b/0x40 [ 84.501955][ T1418] __import_iovec+0x70/0x430 [ 84.506381][ T1418] import_iovec+0xe5/0x120 [ 84.510634][ T1418] copy_msghdr_from_user+0x527/0x670 [ 84.515753][ T1418] ? sendmsg_copy_msghdr+0x70/0x70 [ 84.520704][ T1418] __sys_sendmsg+0x236/0x390 [ 84.525125][ T1418] ? ____sys_sendmsg+0x9a0/0x9a0 [ 84.529902][ T1418] ? __kasan_check_write+0x14/0x20 [ 84.534845][ T1418] ? mutex_unlock+0xb2/0x260 [ 84.539275][ T1418] ? __kasan_check_write+0x14/0x20 [ 84.544223][ T1418] ? __ia32_sys_read+0x90/0x90 [ 84.548821][ T1418] ? debug_smp_processor_id+0x17/0x20 [ 84.554026][ T1418] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 84.559929][ T1418] __x64_sys_sendmsg+0x7f/0x90 [ 84.564530][ T1418] x64_sys_call+0x16a/0x9a0 [ 84.568870][ T1418] do_syscall_64+0x3b/0xb0 [ 84.573123][ T1418] ? clear_bhb_loop+0x55/0xb0 [ 84.577638][ T1418] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 84.583364][ T1418] RIP: 0033:0x7fc420d7cef9 [ 84.587617][ T1418] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 84.607059][ T1418] RSP: 002b:00007fc420bff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 84.615305][ T1418] RAX: ffffffffffffffda RBX: 00007fc420f35f80 RCX: 00007fc420d7cef9 [ 84.623115][ T1418] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 84.630927][ T1418] RBP: 00007fc420bff090 R08: 0000000000000000 R09: 0000000000000000 [ 84.638734][ T1418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 84.646550][ T1418] R13: 0000000000000000 R14: 00007fc420f35f80 R15: 00007fffe17b94d8 [ 84.654360][ T1418] [ 84.702892][ T1422] netlink: 40 bytes leftover after parsing attributes in process `syz.2.256'. [ 84.738859][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.755802][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.770138][ T1429] netlink: 40 bytes leftover after parsing attributes in process `syz.0.258'. [ 84.892463][ T1439] FAULT_INJECTION: forcing a failure. [ 84.892463][ T1439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 84.914735][ T1425] loop4: detected capacity change from 0 to 40427 [ 84.922225][ T1425] F2FS-fs (loop4): invalid crc value [ 84.926901][ T1439] CPU: 1 PID: 1439 Comm: syz.2.259 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 84.936788][ T1439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 84.946683][ T1439] Call Trace: [ 84.949807][ T1439] [ 84.952584][ T1439] dump_stack_lvl+0x151/0x1b7 [ 84.957103][ T1439] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 84.962391][ T1439] ? fsnotify_perm+0x6a/0x5d0 [ 84.966907][ T1439] dump_stack+0x15/0x1c [ 84.970895][ T1439] should_fail_ex+0x3d0/0x520 [ 84.975413][ T1439] should_fail+0xb/0x10 [ 84.979400][ T1439] should_fail_usercopy+0x1a/0x20 [ 84.984265][ T1439] _copy_from_user+0x1e/0xc0 [ 84.988689][ T1439] get_itimerspec64+0x267/0x450 [ 84.993379][ T1439] ? __kasan_check_write+0x14/0x20 [ 84.998324][ T1439] ? put_old_timespec32+0x230/0x230 [ 85.003358][ T1439] __x64_sys_timerfd_settime+0x129/0x220 [ 85.008826][ T1439] ? __ia32_sys_timerfd_create+0x70/0x70 [ 85.014296][ T1439] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 85.020199][ T1439] ? exit_to_user_mode_prepare+0x39/0xa0 [ 85.025671][ T1439] x64_sys_call+0x78a/0x9a0 [ 85.030000][ T1439] do_syscall_64+0x3b/0xb0 [ 85.034254][ T1439] ? clear_bhb_loop+0x55/0xb0 [ 85.038767][ T1439] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 85.044496][ T1439] RIP: 0033:0x7f610d97cef9 [ 85.048753][ T1439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.068190][ T1439] RSP: 002b:00007f610e75a038 EFLAGS: 00000246 ORIG_RAX: 000000000000011e [ 85.076438][ T1439] RAX: ffffffffffffffda RBX: 00007f610db36058 RCX: 00007f610d97cef9 [ 85.084247][ T1439] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 85.092056][ T1439] RBP: 00007f610e75a090 R08: 0000000000000000 R09: 0000000000000000 [ 85.099869][ T1439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 85.107680][ T1439] R13: 0000000000000001 R14: 00007f610db36058 R15: 00007ffe24b943d8 [ 85.115497][ T1439] [ 85.120860][ T1425] F2FS-fs (loop4): Found nat_bits in checkpoint [ 85.127386][ T586] device bridge_slave_1 left promiscuous mode [ 85.136352][ T586] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.153546][ T586] device bridge_slave_0 left promiscuous mode [ 85.159506][ T295] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 85.172565][ T586] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.189583][ T586] device dummy0 left promiscuous mode [ 85.200135][ T586] device veth1_macvtap left promiscuous mode [ 85.206447][ T586] device veth0_vlan left promiscuous mode [ 85.212229][ T1425] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 85.237019][ T28] audit: type=1326 audit(1725779844.629:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000 [ 85.271105][ T28] audit: type=1326 audit(1725779844.659:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000 [ 85.294362][ T28] audit: type=1326 audit(1725779844.659:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000 [ 85.319946][ T28] audit: type=1326 audit(1725779844.659:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000 [ 85.374989][ T28] audit: type=1326 audit(1725779844.659:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000 [ 85.420515][ T28] audit: type=1326 audit(1725779844.659:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcf8ff7b890 code=0x7ffc0000 [ 85.447025][ T28] audit: type=1326 audit(1725779844.659:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000 [ 85.448850][ T1443] loop4: detected capacity change from 0 to 1024 [ 85.470431][ T28] audit: type=1326 audit(1725779844.659:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000 [ 85.499471][ T28] audit: type=1326 audit(1725779844.659:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1424 comm="syz.4.249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8ff7cef9 code=0x7ffc0000 [ 85.516463][ T1443] EXT4-fs: Ignoring removed orlov option [ 85.526047][ T410] bio_check_eod: 177608 callbacks suppressed [ 85.526061][ T410] syz.3.18: attempt to access beyond end of device [ 85.526061][ T410] loop3: rw=0, sector=87456, nr_sectors = 8 limit=40427 [ 85.535996][ T1443] EXT4-fs (loop4): Test dummy encryption mode enabled [ 85.547096][ T410] syz.3.18: attempt to access beyond end of device [ 85.547096][ T410] loop3: rw=0, sector=87464, nr_sectors = 8 limit=40427 [ 85.555797][ T1443] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 85.566930][ T410] syz.3.18: attempt to access beyond end of device [ 85.566930][ T410] loop3: rw=0, sector=87472, nr_sectors = 8 limit=40427 [ 85.588562][ T295] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 85.589906][ T410] syz.3.18: attempt to access beyond end of device [ 85.589906][ T410] loop3: rw=0, sector=87480, nr_sectors = 8 limit=40427 [ 85.612030][ T410] syz.3.18: attempt to access beyond end of device [ 85.612030][ T410] loop3: rw=0, sector=87488, nr_sectors = 8 limit=40427 [ 85.628138][ T410] syz.3.18: attempt to access beyond end of device [ 85.628138][ T410] loop3: rw=0, sector=87496, nr_sectors = 8 limit=40427 [ 85.641758][ T410] syz.3.18: attempt to access beyond end of device [ 85.641758][ T410] loop3: rw=0, sector=87504, nr_sectors = 8 limit=40427 [ 85.655361][ T410] syz.3.18: attempt to access beyond end of device [ 85.655361][ T410] loop3: rw=0, sector=87512, nr_sectors = 8 limit=40427 [ 85.669021][ T410] syz.3.18: attempt to access beyond end of device [ 85.669021][ T410] loop3: rw=0, sector=87520, nr_sectors = 8 limit=40427 [ 85.682389][ T410] syz.3.18: attempt to access beyond end of device [ 85.682389][ T410] loop3: rw=0, sector=87528, nr_sectors = 8 limit=40427 [ 86.030450][ T295] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 86.042730][ T295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.050631][ T295] usb 2-1: Product: syz [ 86.054559][ T295] usb 2-1: Manufacturer: syz [ 86.059333][ T295] usb 2-1: SerialNumber: syz [ 86.087727][ T295] usb 2-1: config 0 descriptor?? [ 86.137188][ T1454] loop0: detected capacity change from 0 to 2048 [ 86.169863][ T1454] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 86.180379][ T1454] ext4 filesystem being mounted at /12/bus supports timestamps until 2038 (0x7fffffff) [ 86.204529][ T1454] fs-verity: sha512 using implementation "sha512-avx2" [ 86.232944][ T1454] syz.0.264 (1454) used greatest stack depth: 20176 bytes left [ 86.244107][ T1209] EXT4-fs (loop0): unmounting filesystem. [ 86.290842][ T1400] EXT4-fs (loop4): unmounting filesystem. [ 86.337091][ T1438] netlink: 4 bytes leftover after parsing attributes in process `syz.1.260'. [ 86.349401][ T1438] netlink: 48 bytes leftover after parsing attributes in process `syz.1.260'. [ 86.377018][ T1457] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.383859][ T1457] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.393316][ T1457] device bridge_slave_0 entered promiscuous mode [ 86.407006][ T1457] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.416952][ T1457] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.424189][ T1457] device bridge_slave_1 entered promiscuous mode [ 86.428031][ T295] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 86.443311][ T295] usb 2-1: USB disconnect, device number 12 [ 86.448597][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 86.479799][ T1472] netlink: 40 bytes leftover after parsing attributes in process `syz.0.269'. [ 86.568217][ T1457] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.575088][ T1457] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.582222][ T1457] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.589063][ T1457] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.606088][ T352] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 86.630496][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 86.638227][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.645326][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.663779][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 86.671910][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.678773][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 86.694252][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 86.702339][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.709207][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 86.716150][ T1477] loop0: detected capacity change from 0 to 2048 [ 86.716951][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 86.740447][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 86.748910][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 86.763120][ T1457] device veth0_vlan entered promiscuous mode [ 86.770821][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 86.786708][ T1477] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 86.795014][ T1477] ext4 filesystem being mounted at /18/bus supports timestamps until 2038 (0x7fffffff) [ 86.808941][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 86.816264][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 86.843182][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 86.854649][ T1457] device veth1_macvtap entered promiscuous mode [ 86.856159][ T352] usb 5-1: Using ep0 maxpacket: 16 [ 86.874615][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.884784][ T1209] EXT4-fs (loop0): unmounting filesystem. [ 86.897537][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 86.970630][ T1486] loop1: detected capacity change from 0 to 1024 [ 86.979595][ T1486] EXT4-fs: Ignoring removed orlov option [ 86.985699][ T1486] EXT4-fs (loop1): Test dummy encryption mode enabled [ 86.992606][ T352] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.002499][ T586] device bridge_slave_1 left promiscuous mode [ 87.006113][ T352] usb 5-1: config 0 interface 0 has no altsetting 0 [ 87.015095][ T352] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 87.016396][ T586] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.031608][ T586] device bridge_slave_0 left promiscuous mode [ 87.033018][ T1486] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 87.037777][ T586] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.049586][ T352] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.063840][ T586] device veth1_macvtap left promiscuous mode [ 87.069983][ T586] device veth0_vlan left promiscuous mode [ 87.078822][ T352] usb 5-1: config 0 descriptor?? [ 87.132735][ T934] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 88.419980][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 88.496606][ T1501] FAULT_INJECTION: forcing a failure. [ 88.496606][ T1501] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 88.530889][ T1501] CPU: 0 PID: 1501 Comm: syz.3.278 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 88.540348][ T1501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 88.550240][ T1501] Call Trace: [ 88.553367][ T1501] [ 88.556143][ T1501] dump_stack_lvl+0x151/0x1b7 [ 88.560655][ T1501] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 88.565948][ T1501] ? from_kuid+0x18d/0x6f0 [ 88.570204][ T1501] dump_stack+0x15/0x1c [ 88.574195][ T1501] should_fail_ex+0x3d0/0x520 [ 88.578720][ T1501] should_fail+0xb/0x10 [ 88.582699][ T1501] should_fail_usercopy+0x1a/0x20 [ 88.587562][ T1501] _copy_to_user+0x1e/0x90 [ 88.591814][ T1501] bpf_prog_test_run_raw_tp+0x52e/0x6d0 [ 88.597195][ T1501] ? bpf_prog_test_run_tracing+0x760/0x760 [ 88.602838][ T1501] ? __kasan_check_write+0x14/0x20 [ 88.607782][ T1501] ? fput+0x15b/0x1b0 [ 88.611603][ T1501] ? bpf_prog_test_run_tracing+0x760/0x760 [ 88.617354][ T1501] bpf_prog_test_run+0x3b0/0x630 [ 88.622149][ T1501] ? bpf_prog_query+0x260/0x260 [ 88.626809][ T1501] ? selinux_bpf+0xd2/0x100 [ 88.631150][ T1501] ? security_bpf+0x82/0xb0 [ 88.635491][ T1501] __sys_bpf+0x59f/0x7f0 [ 88.639569][ T1501] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 88.644782][ T1501] ? __ia32_sys_read+0x90/0x90 [ 88.649378][ T1501] ? debug_smp_processor_id+0x17/0x20 [ 88.654584][ T1501] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 88.660485][ T1501] __x64_sys_bpf+0x7c/0x90 [ 88.664736][ T1501] x64_sys_call+0x87f/0x9a0 [ 88.669077][ T1501] do_syscall_64+0x3b/0xb0 [ 88.673334][ T1501] ? clear_bhb_loop+0x55/0xb0 [ 88.677846][ T1501] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 88.683569][ T1501] RIP: 0033:0x7f32aa97cef9 [ 88.686171][ T934] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 88.687821][ T1501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 88.717162][ T1501] RSP: 002b:00007f32ab85c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 88.725405][ T1501] RAX: ffffffffffffffda RBX: 00007f32aab35f80 RCX: 00007f32aa97cef9 [ 88.733216][ T1501] RDX: 000000000000000c RSI: 00000000200002c0 RDI: 000000000000000a [ 88.741026][ T1501] RBP: 00007f32ab85c090 R08: 0000000000000000 R09: 0000000000000000 [ 88.748836][ T1501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 88.756646][ T1501] R13: 0000000000000000 R14: 00007f32aab35f80 R15: 00007ffd5face9e8 [ 88.764549][ T1501] [ 88.812755][ T1505] netlink: 40 bytes leftover after parsing attributes in process `syz.0.280'. [ 88.856480][ T1508] loop1: detected capacity change from 0 to 16 [ 88.863745][ T1508] erofs: Unknown parameter '/sys/kernel/profiling' [ 88.916237][ T934] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 89.001651][ T934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.017430][ T352] kye 0003:0458:0138.000A: unknown main item tag 0x0 [ 89.023936][ T352] kye 0003:0458:0138.000A: unknown main item tag 0x0 [ 89.030486][ T352] kye 0003:0458:0138.000A: unexpected long global item [ 89.037564][ T352] kye 0003:0458:0138.000A: parse failed [ 89.042958][ T352] kye: probe of 0003:0458:0138.000A failed with error -22 [ 89.042967][ T934] usb 3-1: Product: syz [ 89.042983][ T934] usb 3-1: Manufacturer: syz [ 89.066475][ T934] usb 3-1: SerialNumber: syz [ 89.142244][ T934] usb 3-1: config 0 descriptor?? [ 89.147284][ T1495] usb 5-1: USB disconnect, device number 6 [ 89.325740][ T1525] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 89.351969][ T1529] FAULT_INJECTION: forcing a failure. [ 89.351969][ T1529] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 89.365219][ T1529] CPU: 1 PID: 1529 Comm: syz.1.286 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 89.374658][ T1529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 89.384552][ T1529] Call Trace: [ 89.387675][ T1529] [ 89.390454][ T1529] dump_stack_lvl+0x151/0x1b7 [ 89.394970][ T1529] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 89.400263][ T1529] ? avc_has_perm_noaudit+0x430/0x430 [ 89.405469][ T1529] dump_stack+0x15/0x1c [ 89.409460][ T1529] should_fail_ex+0x3d0/0x520 [ 89.413977][ T1529] should_fail+0xb/0x10 [ 89.417967][ T1529] should_fail_usercopy+0x1a/0x20 [ 89.422827][ T1529] _copy_to_user+0x1e/0x90 [ 89.427080][ T1529] simple_read_from_buffer+0xc7/0x150 [ 89.432292][ T1529] proc_fail_nth_read+0x1a3/0x210 [ 89.437150][ T1529] ? proc_fault_inject_write+0x390/0x390 [ 89.442615][ T1529] ? fsnotify_perm+0x470/0x5d0 [ 89.447219][ T1529] ? security_file_permission+0x86/0xb0 [ 89.452597][ T1529] ? proc_fault_inject_write+0x390/0x390 [ 89.458064][ T1529] vfs_read+0x26c/0xad0 [ 89.462059][ T1529] ? kernel_read+0x1f0/0x1f0 [ 89.466488][ T1529] ? mutex_lock+0xb1/0x1e0 [ 89.470737][ T1529] ? bit_wait_io_timeout+0x120/0x120 [ 89.475860][ T1529] ? __fdget_pos+0x2e2/0x390 [ 89.480283][ T1529] ? ksys_read+0x77/0x2c0 [ 89.484449][ T1529] ksys_read+0x199/0x2c0 [ 89.488529][ T1529] ? vfs_write+0xeb0/0xeb0 [ 89.492782][ T1529] ? debug_smp_processor_id+0x17/0x20 [ 89.497986][ T1529] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 89.503890][ T1529] __x64_sys_read+0x7b/0x90 [ 89.508234][ T1529] x64_sys_call+0x28/0x9a0 [ 89.512496][ T1529] do_syscall_64+0x3b/0xb0 [ 89.516735][ T1529] ? clear_bhb_loop+0x55/0xb0 [ 89.521296][ T1529] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 89.526976][ T1529] RIP: 0033:0x7fc420d7b93c [ 89.531229][ T1529] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 89.550673][ T1529] RSP: 002b:00007fc420bff030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 89.558915][ T1529] RAX: ffffffffffffffda RBX: 00007fc420f35f80 RCX: 00007fc420d7b93c [ 89.566730][ T1529] RDX: 000000000000000f RSI: 00007fc420bff0a0 RDI: 0000000000000004 [ 89.574536][ T1529] RBP: 00007fc420bff090 R08: 0000000000000000 R09: 0000000000000000 [ 89.582351][ T1529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.590160][ T1529] R13: 0000000000000000 R14: 00007fc420f35f80 R15: 00007fffe17b94d8 [ 89.597978][ T1529] [ 89.606357][ T1481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.272'. [ 89.618784][ T1481] netlink: 48 bytes leftover after parsing attributes in process `syz.2.272'. [ 89.644691][ T1531] loop1: detected capacity change from 0 to 1024 [ 89.659412][ T934] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 89.667106][ T1531] EXT4-fs: Ignoring removed orlov option [ 89.673230][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 89.676382][ T934] usb 3-1: USB disconnect, device number 7 [ 89.689746][ T1531] EXT4-fs (loop1): Test dummy encryption mode enabled [ 89.708978][ T1531] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 89.783475][ T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 90.167339][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.182741][ T1540] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 90.196139][ T934] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 90.240442][ T1544] netlink: 40 bytes leftover after parsing attributes in process `syz.3.291'. [ 90.366080][ T24] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 90.377027][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.391020][ T24] usb 1-1: Product: syz [ 90.398131][ T24] usb 1-1: Manufacturer: syz [ 90.404636][ T24] usb 1-1: SerialNumber: syz [ 90.411812][ T24] usb 1-1: config 0 descriptor?? [ 90.509823][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 90.536321][ T410] bio_check_eod: 87872 callbacks suppressed [ 90.536346][ T410] syz.3.18: attempt to access beyond end of device [ 90.536346][ T410] loop3: rw=524288, sector=89592, nr_sectors = 8 limit=40427 [ 90.556153][ T410] syz.3.18: attempt to access beyond end of device [ 90.556153][ T410] loop3: rw=524288, sector=89600, nr_sectors = 8 limit=40427 [ 90.569975][ T410] syz.3.18: attempt to access beyond end of device [ 90.569975][ T410] loop3: rw=524288, sector=89608, nr_sectors = 8 limit=40427 [ 90.584004][ T410] syz.3.18: attempt to access beyond end of device [ 90.584004][ T410] loop3: rw=524288, sector=89616, nr_sectors = 8 limit=40427 [ 90.597836][ T410] syz.3.18: attempt to access beyond end of device [ 90.597836][ T410] loop3: rw=524288, sector=89624, nr_sectors = 8 limit=40427 [ 90.619488][ T410] syz.3.18: attempt to access beyond end of device [ 90.619488][ T410] loop3: rw=524288, sector=89632, nr_sectors = 8 limit=40427 [ 90.626112][ T934] usb 5-1: config index 0 descriptor too short (expected 61732, got 36) [ 90.649927][ T934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.655372][ T410] syz.3.18: attempt to access beyond end of device [ 90.655372][ T410] loop3: rw=524288, sector=89640, nr_sectors = 8 limit=40427 [ 90.670992][ T934] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.684763][ T934] usb 5-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 90.693803][ T934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.702205][ T1527] netlink: 4 bytes leftover after parsing attributes in process `syz.0.285'. [ 90.713768][ T410] syz.3.18: attempt to access beyond end of device [ 90.713768][ T410] loop3: rw=524288, sector=89648, nr_sectors = 8 limit=40427 [ 90.716477][ T934] usb 5-1: config 0 descriptor?? [ 90.734740][ T1527] netlink: 48 bytes leftover after parsing attributes in process `syz.0.285'. [ 90.747315][ T410] syz.3.18: attempt to access beyond end of device [ 90.747315][ T410] loop3: rw=524288, sector=89656, nr_sectors = 8 limit=40427 [ 90.762773][ T24] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 90.770087][ T410] syz.3.18: attempt to access beyond end of device [ 90.770087][ T410] loop3: rw=524288, sector=89664, nr_sectors = 8 limit=40427 [ 90.792630][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 90.809485][ T24] usb 1-1: USB disconnect, device number 14 [ 91.077157][ T28] kauditd_printk_skb: 33 callbacks suppressed [ 91.077173][ T28] audit: type=1400 audit(1725779850.469:283): avc: denied { bind } for pid=1559 comm="syz.1.296" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 91.110860][ T1560] FAULT_INJECTION: forcing a failure. [ 91.110860][ T1560] name failslab, interval 1, probability 0, space 0, times 0 [ 91.124003][ T1560] CPU: 0 PID: 1560 Comm: syz.1.296 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 91.133442][ T1560] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 91.143338][ T1560] Call Trace: [ 91.146460][ T1560] [ 91.149249][ T1560] dump_stack_lvl+0x151/0x1b7 [ 91.153750][ T1560] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 91.159044][ T1560] ? __find_rr_leaf+0x862/0xb70 [ 91.163733][ T1560] dump_stack+0x15/0x1c [ 91.167725][ T1560] should_fail_ex+0x3d0/0x520 [ 91.172240][ T1560] ? xfrm_state_alloc+0x26/0x2d0 [ 91.177010][ T1560] __should_failslab+0xaf/0xf0 [ 91.181612][ T1560] should_failslab+0x9/0x20 [ 91.185951][ T1560] kmem_cache_alloc+0x3b/0x2c0 [ 91.190553][ T1560] xfrm_state_alloc+0x26/0x2d0 [ 91.195150][ T1560] xfrm_state_find+0x2009/0x2fd0 [ 91.199923][ T1560] ? __rt6_find_exception_rcu+0x25b/0x340 [ 91.205479][ T1560] ? fib6_select_path+0x13c/0x5b0 [ 91.210337][ T1560] ? security_inode_alloc+0x29/0x120 [ 91.215461][ T1560] ? xfrm_sad_getinfo+0x170/0x170 [ 91.220320][ T1560] ? ip6_pol_route+0x100e/0x14a0 [ 91.225091][ T1560] ? ip6_pol_route+0x583/0x14a0 [ 91.227161][ T934] microsoft 0003:045E:009D.000B: unbalanced delimiter at end of report description [ 91.229781][ T1560] ? fib6_table_lookup+0xa80/0xa80 [ 91.243841][ T1560] ? avc_has_perm_noaudit+0x2dd/0x430 [ 91.246214][ T934] microsoft 0003:045E:009D.000B: parse failed [ 91.249134][ T1560] xfrm_resolve_and_create_bundle+0x606/0x2c40 [ 91.261033][ T1560] ? ipv6_dev_get_saddr+0x431/0x580 [ 91.266060][ T1560] ? xfrm_sk_policy_lookup+0x5b0/0x5b0 [ 91.271355][ T1560] ? ipv6_dev_get_saddr+0x444/0x580 [ 91.276387][ T1560] ? xfrm_sk_policy_lookup+0x567/0x5b0 [ 91.281683][ T1560] xfrm_lookup_with_ifid+0x98b/0x22b0 [ 91.286888][ T1560] ? __xfrm_sk_clone_policy+0x970/0x970 [ 91.292267][ T1560] ? avc_has_perm_noaudit+0x2dd/0x430 [ 91.297478][ T1560] ? avc_denied+0x1b0/0x1b0 [ 91.301815][ T1560] xfrm_lookup_route+0x3b/0x160 [ 91.306506][ T1560] ip6_dst_lookup_flow+0x13a/0x170 [ 91.311448][ T1560] ? ip6_dst_lookup_tail+0x12e0/0x12e0 [ 91.316751][ T1560] ? avc_has_perm+0x16f/0x260 [ 91.321256][ T1560] ? ip6_datagram_dst_update+0x2db/0xbc0 [ 91.326723][ T1560] ? fl6_update_dst+0xbb/0x160 [ 91.331323][ T1560] ip6_datagram_dst_update+0x618/0xbc0 [ 91.336621][ T1560] ? dst_discard+0x50/0x50 [ 91.340872][ T1560] ? selinux_socket_connect_helper+0x44d/0x9d0 [ 91.346860][ T1560] ? __ip6_datagram_connect+0xb93/0x1230 [ 91.352327][ T1560] ? memcpy+0x56/0x70 [ 91.356148][ T1560] __ip6_datagram_connect+0xbf0/0x1230 [ 91.361450][ T1560] ? _raw_spin_unlock_bh+0x50/0x60 [ 91.366389][ T1560] ? ip6_datagram_release_cb+0x2a0/0x2a0 [ 91.371854][ T1560] ? vfs_write+0xbb3/0xeb0 [ 91.376110][ T1560] ip6_datagram_connect_v6_only+0x65/0xa0 [ 91.381665][ T1560] inet_dgram_connect+0x1e7/0x410 [ 91.386525][ T1560] ? security_socket_connect+0x82/0xb0 [ 91.391821][ T1560] ? sk_dst_reset+0xa0/0xa0 [ 91.396158][ T1560] __sys_connect+0x2c9/0x300 [ 91.400586][ T1560] ? __sys_connect_file+0x170/0x170 [ 91.405622][ T1560] ? debug_smp_processor_id+0x17/0x20 [ 91.410825][ T1560] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 91.416729][ T1560] __x64_sys_connect+0x7a/0x90 [ 91.421326][ T1560] x64_sys_call+0x14e/0x9a0 [ 91.425666][ T1560] do_syscall_64+0x3b/0xb0 [ 91.429922][ T1560] ? clear_bhb_loop+0x55/0xb0 [ 91.434431][ T1560] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.440162][ T1560] RIP: 0033:0x7fc420d7cef9 [ 91.444413][ T1560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.463854][ T1560] RSP: 002b:00007fc420bff038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 91.472115][ T1560] RAX: ffffffffffffffda RBX: 00007fc420f35f80 RCX: 00007fc420d7cef9 [ 91.479919][ T1560] RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000004 [ 91.487723][ T1560] RBP: 00007fc420bff090 R08: 0000000000000000 R09: 0000000000000000 [ 91.495536][ T1560] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.503346][ T1560] R13: 0000000000000000 R14: 00007fc420f35f80 R15: 00007fffe17b94d8 [ 91.511159][ T1560] [ 91.514845][ T934] microsoft: probe of 0003:045E:009D.000B failed with error -22 [ 91.526196][ T1563] FAULT_INJECTION: forcing a failure. [ 91.526196][ T1563] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 91.539699][ T1563] CPU: 1 PID: 1563 Comm: syz.0.297 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 91.549143][ T1563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 91.559032][ T1563] Call Trace: [ 91.562155][ T1563] [ 91.564934][ T1563] dump_stack_lvl+0x151/0x1b7 [ 91.569448][ T1563] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 91.574737][ T1563] ? mutex_unlock+0xb2/0x260 [ 91.579167][ T1563] dump_stack+0x15/0x1c [ 91.583158][ T1563] should_fail_ex+0x3d0/0x520 [ 91.587673][ T1563] should_fail+0xb/0x10 [ 91.591664][ T1563] should_fail_usercopy+0x1a/0x20 [ 91.596522][ T1563] _copy_to_user+0x1e/0x90 [ 91.600778][ T1563] simple_read_from_buffer+0xc7/0x150 [ 91.605984][ T1563] proc_fail_nth_read+0x1a3/0x210 [ 91.610845][ T1563] ? proc_fault_inject_write+0x390/0x390 [ 91.616324][ T1563] ? fsnotify_perm+0x470/0x5d0 [ 91.620921][ T1563] ? security_file_permission+0x86/0xb0 [ 91.626294][ T1563] ? proc_fault_inject_write+0x390/0x390 [ 91.631764][ T1563] vfs_read+0x26c/0xad0 [ 91.635756][ T1563] ? kernel_read+0x1f0/0x1f0 [ 91.640179][ T1563] ? mutex_lock+0xb1/0x1e0 [ 91.644432][ T1563] ? bit_wait_io_timeout+0x120/0x120 [ 91.649557][ T1563] ? __fdget_pos+0x2e2/0x390 [ 91.654079][ T1563] ? ksys_read+0x77/0x2c0 [ 91.658248][ T1563] ksys_read+0x199/0x2c0 [ 91.662326][ T1563] ? vfs_write+0xeb0/0xeb0 [ 91.666581][ T1563] ? debug_smp_processor_id+0x17/0x20 [ 91.671792][ T1563] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 91.677691][ T1563] __x64_sys_read+0x7b/0x90 [ 91.682028][ T1563] x64_sys_call+0x28/0x9a0 [ 91.686280][ T1563] do_syscall_64+0x3b/0xb0 [ 91.690535][ T1563] ? clear_bhb_loop+0x55/0xb0 [ 91.695047][ T1563] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 91.700776][ T1563] RIP: 0033:0x7fb31b97b93c [ 91.705028][ T1563] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 91.724524][ T1563] RSP: 002b:00007fb31c828030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 91.732715][ T1563] RAX: ffffffffffffffda RBX: 00007fb31bb35f80 RCX: 00007fb31b97b93c [ 91.740527][ T1563] RDX: 000000000000000f RSI: 00007fb31c8280a0 RDI: 000000000000000a [ 91.748339][ T1563] RBP: 00007fb31c828090 R08: 0000000000000000 R09: 0000000000000000 [ 91.756149][ T1563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 91.763959][ T1563] R13: 0000000000000000 R14: 00007fb31bb35f80 R15: 00007ffdb4d3ea48 [ 91.771777][ T1563] [ 91.845308][ T1567] loop2: detected capacity change from 0 to 512 [ 91.857415][ T1567] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz.2.299: corrupted in-inode xattr [ 91.869302][ T1567] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.299: couldn't read orphan inode 15 (err -117) [ 91.870971][ T1565] loop0: detected capacity change from 0 to 8192 [ 91.887407][ T1567] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 91.907523][ T1565] FAT-fs (loop0): Unrecognized mount option "џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџcqЄ(^&w1u‡Еw§ІСfЄ;{WƒЄ€”Ц{8Х!П5yдс" or missing value [ 92.071561][ T1576] xt_hashlimit: size too large, truncated to 1048576 [ 92.213919][ T1573] loop1: detected capacity change from 0 to 40427 [ 92.225339][ T1573] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 92.239175][ T1573] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 92.254472][ T1573] F2FS-fs (loop1): invalid crc value [ 92.272458][ T1573] F2FS-fs (loop1): Found nat_bits in checkpoint [ 92.343465][ T1573] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 92.350449][ T1573] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 92.490891][ T1587] loop1: detected capacity change from 0 to 512 [ 92.517352][ T1587] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 92.681180][ T292] EXT4-fs (loop2): unmounting filesystem. [ 92.778223][ T1600] netlink: 40 bytes leftover after parsing attributes in process `syz.0.304'. [ 92.818083][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 92.932244][ T28] audit: type=1400 audit(1725779852.319:284): avc: denied { create } for pid=1604 comm="syz.2.306" name="file5" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 92.962427][ T28] audit: type=1400 audit(1725779852.339:285): avc: denied { read append } for pid=1604 comm="syz.2.306" name="file5" dev="tmpfs" ino=409 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 92.985518][ T28] audit: type=1400 audit(1725779852.339:286): avc: denied { open } for pid=1604 comm="syz.2.306" path="/72/file5" dev="tmpfs" ino=409 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 93.008433][ T28] audit: type=1400 audit(1725779852.339:287): avc: denied { ioctl } for pid=1604 comm="syz.2.306" path="/72/file5" dev="tmpfs" ino=409 ioctlcmd=0x70ca scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 93.009271][ T1605] kvm: emulating exchange as write [ 93.124407][ T28] audit: type=1400 audit(1725779852.509:288): avc: denied { unlink } for pid=292 comm="syz-executor" name="file5" dev="tmpfs" ino=409 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 93.196051][ T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 93.566105][ T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 93.793058][ T24] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 93.812631][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 93.820690][ T24] usb 2-1: Product: syz [ 93.826081][ T24] usb 2-1: Manufacturer: syz [ 93.830511][ T24] usb 2-1: SerialNumber: syz [ 93.845691][ T24] usb 2-1: config 0 descriptor?? [ 94.160044][ T1610] netlink: 4 bytes leftover after parsing attributes in process `syz.1.307'. [ 94.168845][ T445] Bluetooth: hci0: command 0x1003 tx timeout [ 94.174847][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 94.216139][ T934] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 94.261907][ T1628] netlink: 48 bytes leftover after parsing attributes in process `syz.1.307'. [ 94.470191][ T24] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 94.496111][ T934] usb 1-1: Using ep0 maxpacket: 16 [ 94.503638][ T24] usb 2-1: USB disconnect, device number 13 [ 94.515647][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 95.266403][ T934] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 95.309910][ T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.423614][ T934] usb 1-1: Product: syz [ 95.428894][ T1642] netlink: 40 bytes leftover after parsing attributes in process `syz.1.315'. [ 95.437682][ T934] usb 1-1: Manufacturer: syz [ 95.442194][ T934] usb 1-1: SerialNumber: syz [ 95.450555][ T934] r8152-cfgselector 1-1: config 0 descriptor?? [ 95.460250][ T24] usb 5-1: USB disconnect, device number 7 [ 95.552952][ T410] bio_check_eod: 73442 callbacks suppressed [ 95.552969][ T410] syz.3.18: attempt to access beyond end of device [ 95.552969][ T410] loop3: rw=0, sector=87168, nr_sectors = 8 limit=40427 [ 95.556487][ T1645] loop2: detected capacity change from 0 to 512 [ 95.559198][ T410] syz.3.18: attempt to access beyond end of device [ 95.559198][ T410] loop3: rw=0, sector=87176, nr_sectors = 8 limit=40427 [ 95.573113][ T1647] netlink: 40 bytes leftover after parsing attributes in process `syz.1.317'. [ 95.578173][ T410] syz.3.18: attempt to access beyond end of device [ 95.578173][ T410] loop3: rw=0, sector=87184, nr_sectors = 8 limit=40427 [ 95.613573][ T410] syz.3.18: attempt to access beyond end of device [ 95.613573][ T410] loop3: rw=0, sector=87192, nr_sectors = 8 limit=40427 [ 95.626886][ T410] syz.3.18: attempt to access beyond end of device [ 95.626886][ T410] loop3: rw=0, sector=87200, nr_sectors = 8 limit=40427 [ 95.627627][ T1645] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 95.642453][ T410] syz.3.18: attempt to access beyond end of device [ 95.642453][ T410] loop3: rw=0, sector=87208, nr_sectors = 8 limit=40427 [ 95.661827][ T410] syz.3.18: attempt to access beyond end of device [ 95.661827][ T410] loop3: rw=0, sector=87216, nr_sectors = 8 limit=40427 [ 95.675563][ T410] syz.3.18: attempt to access beyond end of device [ 95.675563][ T410] loop3: rw=0, sector=87224, nr_sectors = 8 limit=40427 [ 95.689037][ T410] syz.3.18: attempt to access beyond end of device [ 95.689037][ T410] loop3: rw=0, sector=87232, nr_sectors = 8 limit=40427 [ 95.702791][ T410] syz.3.18: attempt to access beyond end of device [ 95.702791][ T410] loop3: rw=0, sector=87240, nr_sectors = 8 limit=40427 [ 95.736125][ T934] r8152-cfgselector 1-1: Unknown version 0x0000 [ 95.753288][ T292] EXT4-fs (loop2): unmounting filesystem. [ 95.798731][ T1661] loop1: detected capacity change from 0 to 1024 [ 95.811803][ T1661] EXT4-fs: Ignoring removed orlov option [ 95.819499][ T1661] EXT4-fs (loop1): Test dummy encryption mode enabled [ 95.828685][ T1661] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 95.928912][ T28] audit: type=1400 audit(1725779855.319:289): avc: denied { ioctl } for pid=1667 comm="syz.2.320" path="socket:[22787]" dev="sockfs" ino=22787 ioctlcmd=0x6609 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 96.257296][ T1495] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 96.671398][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 96.686321][ T1495] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.705230][ T1495] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.716125][ T1495] usb 3-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 96.716139][ T1673] netlink: 40 bytes leftover after parsing attributes in process `syz.1.321'. [ 96.734128][ T1495] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.742995][ T1495] usb 3-1: config 0 descriptor?? [ 97.023308][ T934] r8152-cfgselector 1-1: Unknown version 0x0000 [ 97.038803][ T934] r8152-cfgselector 1-1: USB disconnect, device number 15 [ 97.206670][ T555] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 97.267580][ T1495] hid-led 0003:1D34:000A.000C: unknown main item tag 0x0 [ 97.506154][ T1668] loop2: detected capacity change from 0 to 512 [ 97.621115][ T1668] EXT4-fs: Ignoring removed nobh option [ 97.701785][ T1668] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13 [ 97.719439][ T1668] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #13: comm syz.2.320: attempt to clear invalid blocks 2 len 1 [ 97.784005][ T1668] EXT4-fs (loop2): Remounting filesystem read-only [ 97.808970][ T1668] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 97.864858][ T1668] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.320: invalid indirect mapped block 1819239214 (level 0) [ 97.916250][ T1668] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.320: invalid indirect mapped block 1819239214 (level 1) [ 97.950458][ T1668] EXT4-fs (loop2): 1 truncate cleaned up [ 97.964014][ T1668] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 97.976063][ T24] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 98.006816][ T1495] hid-led 0003:1D34:000A.000C: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.2-1/input0 [ 98.024705][ T1495] hid-led 0003:1D34:000A.000C: Dream Cheeky Webmail Notifier initialized [ 98.211653][ T6] usb 3-1: USB disconnect, device number 8 [ 98.386247][ T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 98.617088][ T24] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 98.626148][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.633977][ T24] usb 2-1: Product: syz [ 98.638398][ T24] usb 2-1: Manufacturer: syz [ 98.642876][ T24] usb 2-1: SerialNumber: syz [ 98.651543][ T24] usb 2-1: config 0 descriptor?? [ 98.750203][ T292] EXT4-fs (loop2): unmounting filesystem. [ 98.784767][ T1698] FAULT_INJECTION: forcing a failure. [ 98.784767][ T1698] name failslab, interval 1, probability 0, space 0, times 0 [ 98.797341][ T1698] CPU: 1 PID: 1698 Comm: syz.2.327 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 98.806723][ T1698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 98.816616][ T1698] Call Trace: [ 98.819829][ T1698] [ 98.822608][ T1698] dump_stack_lvl+0x151/0x1b7 [ 98.827120][ T1698] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 98.832414][ T1698] ? _parse_integer+0x2a/0x40 [ 98.836927][ T1698] ? kstrtoull+0x1cd/0x2e0 [ 98.841275][ T1698] dump_stack+0x15/0x1c [ 98.845272][ T1698] should_fail_ex+0x3d0/0x520 [ 98.849773][ T1698] ? bpf_test_init+0xf1/0x190 [ 98.854286][ T1698] __should_failslab+0xaf/0xf0 [ 98.858886][ T1698] should_failslab+0x9/0x20 [ 98.863226][ T1698] __kmem_cache_alloc_node+0x3d/0x250 [ 98.868434][ T1698] ? kasan_save_free_info+0x2b/0x40 [ 98.873470][ T1698] ? bpf_test_init+0xf1/0x190 [ 98.878153][ T1698] __kmalloc+0xa3/0x1e0 [ 98.882158][ T1698] bpf_test_init+0xf1/0x190 [ 98.886571][ T1698] bpf_prog_test_run_xdp+0x414/0x1130 [ 98.891788][ T1698] ? avc_denied+0x1b0/0x1b0 [ 98.896123][ T1698] ? dev_put+0x80/0x80 [ 98.900033][ T1698] ? __kasan_check_write+0x14/0x20 [ 98.904971][ T1698] ? fput+0x15b/0x1b0 [ 98.908789][ T1698] ? dev_put+0x80/0x80 [ 98.912697][ T1698] bpf_prog_test_run+0x3b0/0x630 [ 98.917470][ T1698] ? bpf_prog_query+0x260/0x260 [ 98.922156][ T1698] ? selinux_bpf+0xd2/0x100 [ 98.926500][ T1698] ? security_bpf+0x82/0xb0 [ 98.930842][ T1698] __sys_bpf+0x59f/0x7f0 [ 98.934919][ T1698] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 98.940127][ T1698] ? __ia32_sys_read+0x90/0x90 [ 98.944721][ T1698] ? debug_smp_processor_id+0x17/0x20 [ 98.949930][ T1698] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 98.955834][ T1698] __x64_sys_bpf+0x7c/0x90 [ 98.960086][ T1698] x64_sys_call+0x87f/0x9a0 [ 98.964422][ T1698] do_syscall_64+0x3b/0xb0 [ 98.968675][ T1698] ? clear_bhb_loop+0x55/0xb0 [ 98.973207][ T1698] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 98.979442][ T1698] RIP: 0033:0x7f610d97cef9 [ 98.983693][ T1698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.003134][ T1698] RSP: 002b:00007f610e77c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 99.011376][ T1698] RAX: ffffffffffffffda RBX: 00007f610db35f80 RCX: 00007f610d97cef9 [ 99.019189][ T1698] RDX: 0000000000000069 RSI: 00000000200002c0 RDI: 000000000000000a [ 99.027000][ T1698] RBP: 00007f610e77c090 R08: 0000000000000000 R09: 0000000000000000 [ 99.034821][ T1698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.042624][ T1698] R13: 0000000000000000 R14: 00007f610db35f80 R15: 00007ffe24b943d8 [ 99.050439][ T1698] [ 99.055171][ T1689] netlink: 4 bytes leftover after parsing attributes in process `syz.1.325'. [ 99.086707][ T1689] netlink: 48 bytes leftover after parsing attributes in process `syz.1.325'. [ 99.137347][ T24] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 99.151491][ T1702] loop2: detected capacity change from 0 to 512 [ 99.158764][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 99.175353][ T24] usb 2-1: USB disconnect, device number 14 [ 99.190021][ T1702] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 99.292071][ T292] EXT4-fs (loop2): unmounting filesystem. [ 99.366140][ T555] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 99.366168][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 99.645586][ T1727] loop1: detected capacity change from 0 to 512 [ 99.656575][ T1727] EXT4-fs: Ignoring removed oldalloc option [ 99.664328][ T1727] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #12: comm syz.1.334: inline data xattr refers to an external xattr inode [ 99.679147][ T1727] EXT4-fs (loop1): Remounting filesystem read-only [ 99.685529][ T1727] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz.1.334: couldn't read orphan inode 12 (err -117) [ 99.697401][ T1727] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 99.808594][ T28] audit: type=1400 audit(1725779859.199:290): avc: denied { write } for pid=1726 comm="syz.1.334" laddr=172.20.20.10 lport=256 faddr=172.20.20.187 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 99.876081][ T443] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 99.916320][ T24] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 100.176254][ T443] usb 3-1: device descriptor read/64, error -71 [ 100.406388][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 102.611963][ T410] bio_check_eod: 111221 callbacks suppressed [ 102.611988][ T410] syz.3.18: attempt to access beyond end of device [ 102.611988][ T410] loop3: rw=524288, sector=86016, nr_sectors = 8 limit=40427 [ 102.634109][ T28] audit: type=1400 audit(1725779862.019:291): avc: denied { unlink } for pid=83 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 102.642474][ T410] syz.3.18: attempt to access beyond end of device [ 102.642474][ T410] loop3: rw=524288, sector=86024, nr_sectors = 8 limit=40427 [ 102.686168][ T24] usb 1-1: string descriptor 0 read error: -71 [ 102.695395][ T410] syz.3.18: attempt to access beyond end of device [ 102.695395][ T410] loop3: rw=524288, sector=86032, nr_sectors = 8 limit=40427 [ 102.702811][ T24] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 102.717206][ T410] syz.3.18: attempt to access beyond end of device [ 102.717206][ T410] loop3: rw=524288, sector=86040, nr_sectors = 8 limit=40427 [ 102.766228][ T410] syz.3.18: attempt to access beyond end of device [ 102.766228][ T410] loop3: rw=524288, sector=86048, nr_sectors = 8 limit=40427 [ 102.788732][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.803299][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 102.809136][ T410] syz.3.18: attempt to access beyond end of device [ 102.809136][ T410] loop3: rw=524288, sector=86056, nr_sectors = 8 limit=40427 [ 102.839901][ T410] syz.3.18: attempt to access beyond end of device [ 102.839901][ T410] loop3: rw=524288, sector=86064, nr_sectors = 8 limit=40427 [ 102.857138][ T24] usb 1-1: config 0 descriptor?? [ 102.861725][ T410] syz.3.18: attempt to access beyond end of device [ 102.861725][ T410] loop3: rw=524288, sector=86072, nr_sectors = 8 limit=40427 [ 102.876102][ T24] usb 1-1: can't set config #0, error -71 [ 102.885043][ T1751] loop1: detected capacity change from 0 to 256 [ 102.891659][ T1751] FAT-fs (loop1): Unrecognized mount option "subj_type=cp437" or missing value [ 102.893074][ T1745] loop2: detected capacity change from 0 to 8192 [ 102.900862][ T410] syz.3.18: attempt to access beyond end of device [ 102.900862][ T410] loop3: rw=524288, sector=86080, nr_sectors = 8 limit=40427 [ 102.906689][ T24] usb 1-1: USB disconnect, device number 16 [ 102.922434][ T28] audit: type=1400 audit(1725779862.319:292): avc: denied { connect } for pid=1750 comm="syz.1.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 102.934809][ T1745] FAT-fs (loop2): Unrecognized mount option "џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџcqЄ(^&w1u‡Еw§ІСfЄ;{WƒЄ€”Ц{8Х!П5yдс" or missing value [ 102.957937][ T410] syz.3.18: attempt to access beyond end of device [ 102.957937][ T410] loop3: rw=524288, sector=86088, nr_sectors = 8 limit=40427 [ 103.022041][ T1759] loop1: detected capacity change from 0 to 512 [ 103.055525][ T1759] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 103.068827][ T1738] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.072653][ T1762] xt_hashlimit: size too large, truncated to 1048576 [ 103.089968][ T1738] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.098039][ T1738] device bridge_slave_0 entered promiscuous mode [ 103.118480][ T1738] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.135477][ T1738] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.143489][ T1738] device bridge_slave_1 entered promiscuous mode [ 103.265450][ T1775] netlink: 40 bytes leftover after parsing attributes in process `syz.3.344'. [ 103.290631][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 103.296351][ T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 103.346631][ T1738] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.353499][ T1738] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.360589][ T1738] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.367385][ T1738] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.405864][ T934] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 103.414809][ T934] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.433967][ T934] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.446285][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 103.454270][ T294] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.461120][ T294] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.468940][ T294] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 103.476932][ T294] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.483771][ T294] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.491758][ T1491] device bridge_slave_1 left promiscuous mode [ 103.498063][ T1491] bridge0: port 2(bridge_slave_1) entered disabled state [ 103.505494][ T1491] device bridge_slave_0 left promiscuous mode [ 103.515381][ T1491] bridge0: port 1(bridge_slave_0) entered disabled state [ 103.539506][ T1491] device veth1_macvtap left promiscuous mode [ 103.545376][ T1491] device veth0_vlan left promiscuous mode [ 103.662418][ T1784] loop2: detected capacity change from 0 to 1024 [ 103.710039][ T1784] EXT4-fs: Ignoring removed orlov option [ 103.720140][ T1784] EXT4-fs (loop2): Test dummy encryption mode enabled [ 103.783410][ T24] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 103.850951][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.912505][ T6] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 103.930197][ T1784] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 103.947309][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.037143][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 104.077583][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 104.085362][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 104.100876][ T1738] device veth0_vlan entered promiscuous mode [ 104.108221][ T1495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 104.121439][ T1495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 104.131241][ T1495] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 104.141369][ T1495] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 104.156483][ T24] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 104.298088][ T24] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 104.308088][ T24] usb 1-1: Manufacturer: syz [ 104.345976][ T1738] device veth1_macvtap entered promiscuous mode [ 104.365184][ T24] usb 1-1: config 0 descriptor?? [ 104.376684][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 104.387100][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 104.394537][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 104.403404][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 104.412406][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 104.416101][ T6] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 104.420094][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 104.437795][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 104.445937][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 104.454317][ T443] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 104.596081][ T6] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 104.605111][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.613076][ T6] usb 2-1: Product: syz [ 104.617171][ T6] usb 2-1: Manufacturer: syz [ 104.621573][ T6] usb 2-1: SerialNumber: syz [ 104.639973][ T6] usb 2-1: config 0 descriptor?? [ 104.837001][ T24] appleir 0003:05AC:8243.000D: unknown main item tag 0x0 [ 104.845456][ T24] appleir 0003:05AC:8243.000D: No inputs registered, leaving [ 104.861397][ T24] appleir 0003:05AC:8243.000D: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 104.935962][ T1779] netlink: 4 bytes leftover after parsing attributes in process `syz.1.345'. [ 105.095365][ T1779] netlink: 48 bytes leftover after parsing attributes in process `syz.1.345'. [ 105.118972][ T6] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 105.126604][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 105.142579][ T6] usb 2-1: USB disconnect, device number 15 [ 105.187423][ T1743] loop0: detected capacity change from 0 to 16384 [ 105.297118][ T352] usb 1-1: USB disconnect, device number 17 [ 105.829973][ T1807] loop1: detected capacity change from 0 to 512 [ 105.846113][ T555] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 105.885256][ T352] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 105.910752][ T1807] EXT4-fs (loop1): fragment/cluster size (2048) != block size (1024) [ 105.930558][ T1812] loop0: detected capacity change from 0 to 512 [ 105.938264][ T1812] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 105.966846][ T1807] loop1: detected capacity change from 0 to 128 [ 105.995233][ T1824] netlink: 40 bytes leftover after parsing attributes in process `syz.1.356'. [ 106.069148][ T1209] EXT4-fs (loop0): unmounting filesystem. [ 106.150026][ T1831] loop1: detected capacity change from 0 to 8192 [ 106.159632][ T1831] FAT-fs (loop1): Unrecognized mount option "џџџџџџџџџџџџџџџџџџџџџџџџџџџџџџcqЄ(^&w1u‡Еw§ІСfЄ;{WƒЄ€”Ц{8Х!П5yдс" or missing value [ 106.186069][ T352] usb 5-1: device descriptor read/64, error -71 [ 106.296070][ T934] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 106.315173][ T1834] xt_hashlimit: size too large, truncated to 1048576 [ 106.326312][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 106.364059][ T292] EXT4-fs (loop2): unmounting filesystem. [ 106.581651][ T352] usb 5-1: device descriptor read/64, error -71 [ 106.676069][ T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 106.715028][ T1846] loop2: detected capacity change from 0 to 1024 [ 106.721732][ T1846] EXT4-fs: Ignoring removed orlov option [ 106.727769][ T1846] EXT4-fs (loop2): Test dummy encryption mode enabled [ 106.737786][ T934] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.747838][ T1846] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 106.856046][ T352] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 106.966348][ T934] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 107.091297][ T934] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.126352][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 107.147727][ T934] usb 4-1: Product: syz [ 107.165398][ T934] usb 4-1: Manufacturer: syz [ 107.170219][ T934] usb 4-1: SerialNumber: syz [ 107.178415][ T934] usb 4-1: config 0 descriptor?? [ 107.326051][ T352] usb 5-1: device descriptor read/64, error -71 [ 107.346496][ T24] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 107.364604][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.735397][ T1827] netlink: 4 bytes leftover after parsing attributes in process `syz.3.357'. [ 107.745258][ T410] bio_check_eod: 131798 callbacks suppressed [ 107.745274][ T410] syz.3.18: attempt to access beyond end of device [ 107.745274][ T410] loop3: rw=524288, sector=87120, nr_sectors = 8 limit=40427 [ 107.761321][ T24] usb 1-1: Product: syz [ 107.769092][ T410] syz.3.18: attempt to access beyond end of device [ 107.769092][ T410] loop3: rw=524288, sector=87128, nr_sectors = 8 limit=40427 [ 107.769969][ T292] EXT4-fs (loop2): unmounting filesystem. [ 107.783516][ T24] usb 1-1: Manufacturer: syz [ 107.790707][ T410] syz.3.18: attempt to access beyond end of device [ 107.790707][ T410] loop3: rw=524288, sector=87136, nr_sectors = 8 limit=40427 [ 107.793845][ T24] usb 1-1: SerialNumber: syz [ 107.811033][ T410] syz.3.18: attempt to access beyond end of device [ 107.811033][ T410] loop3: rw=524288, sector=87144, nr_sectors = 8 limit=40427 [ 107.815930][ T1856] netlink: 48 bytes leftover after parsing attributes in process `syz.3.357'. [ 107.824915][ T410] syz.3.18: attempt to access beyond end of device [ 107.824915][ T410] loop3: rw=524288, sector=87152, nr_sectors = 8 limit=40427 [ 107.833845][ T24] usb 1-1: config 0 descriptor?? [ 107.847148][ T410] syz.3.18: attempt to access beyond end of device [ 107.847148][ T410] loop3: rw=524288, sector=87160, nr_sectors = 8 limit=40427 [ 107.865447][ T410] syz.3.18: attempt to access beyond end of device [ 107.865447][ T410] loop3: rw=524288, sector=87168, nr_sectors = 8 limit=40427 [ 107.872301][ T1858] netlink: 40 bytes leftover after parsing attributes in process `syz.2.365'. [ 107.879202][ T410] syz.3.18: attempt to access beyond end of device [ 107.879202][ T410] loop3: rw=524288, sector=87176, nr_sectors = 8 limit=40427 [ 107.901514][ T410] syz.3.18: attempt to access beyond end of device [ 107.901514][ T410] loop3: rw=524288, sector=87184, nr_sectors = 8 limit=40427 [ 107.913305][ T934] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 107.915162][ T410] syz.3.18: attempt to access beyond end of device [ 107.915162][ T410] loop3: rw=524288, sector=87192, nr_sectors = 8 limit=40427 [ 107.923491][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 107.953939][ T934] usb 4-1: USB disconnect, device number 7 [ 108.048506][ T352] usb 5-1: device descriptor read/64, error -71 [ 108.108982][ T1838] netlink: 4 bytes leftover after parsing attributes in process `syz.0.361'. [ 108.122830][ T1838] netlink: 48 bytes leftover after parsing attributes in process `syz.0.361'. [ 108.137505][ T24] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 108.149003][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 108.165937][ T24] usb 1-1: USB disconnect, device number 18 [ 108.166366][ T352] usb usb5-port1: attempt power cycle [ 108.415664][ T1864] FAULT_INJECTION: forcing a failure. [ 108.415664][ T1864] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 108.428678][ T1864] CPU: 0 PID: 1864 Comm: syz.3.367 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 108.438118][ T1864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 108.448012][ T1864] Call Trace: [ 108.451135][ T1864] [ 108.453934][ T1864] dump_stack_lvl+0x151/0x1b7 [ 108.458432][ T1864] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 108.463720][ T1864] ? kstrtouint+0xf6/0x180 [ 108.467984][ T1864] ? _kstrtol+0x150/0x150 [ 108.472154][ T1864] dump_stack+0x15/0x1c [ 108.476134][ T1864] should_fail_ex+0x3d0/0x520 [ 108.480654][ T1864] should_fail+0xb/0x10 [ 108.484640][ T1864] should_fail_usercopy+0x1a/0x20 [ 108.489520][ T1864] _copy_from_user+0x1e/0xc0 [ 108.493939][ T1864] copy_msghdr_from_user+0xaa/0x670 [ 108.498963][ T1864] ? sendmsg_copy_msghdr+0x70/0x70 [ 108.503921][ T1864] __sys_sendmsg+0x236/0x390 [ 108.508335][ T1864] ? ____sys_sendmsg+0x9a0/0x9a0 [ 108.513111][ T1864] ? __kasan_check_write+0x14/0x20 [ 108.518055][ T1864] ? mutex_unlock+0xb2/0x260 [ 108.522486][ T1864] ? __kasan_check_write+0x14/0x20 [ 108.527449][ T1864] ? __ia32_sys_read+0x90/0x90 [ 108.532026][ T1864] ? debug_smp_processor_id+0x17/0x20 [ 108.537233][ T1864] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 108.543139][ T1864] __x64_sys_sendmsg+0x7f/0x90 [ 108.547735][ T1864] x64_sys_call+0x16a/0x9a0 [ 108.552077][ T1864] do_syscall_64+0x3b/0xb0 [ 108.556326][ T1864] ? clear_bhb_loop+0x55/0xb0 [ 108.560861][ T1864] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.566578][ T1864] RIP: 0033:0x7f32aa97cef9 [ 108.570824][ T1864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 108.590266][ T1864] RSP: 002b:00007f32ab85c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 108.598512][ T1864] RAX: ffffffffffffffda RBX: 00007f32aab35f80 RCX: 00007f32aa97cef9 [ 108.606321][ T1864] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 108.614130][ T1864] RBP: 00007f32ab85c090 R08: 0000000000000000 R09: 0000000000000000 [ 108.621943][ T1864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 108.629755][ T1864] R13: 0000000000000000 R14: 00007f32aab35f80 R15: 00007ffd5face9e8 [ 108.637573][ T1864] [ 108.706048][ T352] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 108.918245][ T1895] loop4: detected capacity change from 0 to 512 [ 108.927853][ T1892] device syzkaller0 entered promiscuous mode [ 108.975199][ T1895] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 109.016881][ T1895] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 109.060312][ T1895] EXT4-fs (loop4): 1 orphan inode deleted [ 109.065863][ T1895] EXT4-fs (loop4): 1 truncate cleaned up [ 109.076026][ T1895] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 109.097646][ T1895] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 109.127618][ T1895] EXT4-fs (loop4): Remounting filesystem read-only [ 109.206049][ T352] usb 5-1: device not accepting address 10, error -71 [ 109.256094][ T934] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 109.276165][ T24] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 109.307466][ T1906] loop0: detected capacity change from 0 to 512 [ 109.320185][ T1906] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 109.331465][ T1906] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 109.343381][ T1906] EXT4-fs (loop0): 1 orphan inode deleted [ 109.349160][ T1906] EXT4-fs (loop0): 1 truncate cleaned up [ 109.354661][ T1906] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 109.372282][ T1906] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 109.387944][ T1906] EXT4-fs (loop0): Remounting filesystem read-only [ 109.399861][ T1209] EXT4-fs (loop0): unmounting filesystem. [ 109.500104][ T1911] loop0: detected capacity change from 0 to 512 [ 109.520097][ T1911] EXT4-fs: Ignoring removed nomblk_io_submit option [ 109.526664][ T1911] EXT4-fs: Ignoring removed i_version option [ 109.532843][ T1911] EXT4-fs (loop0): Test dummy encryption mode enabled [ 109.539586][ T1911] EXT4-fs (loop0): can't mount with commit=129, fs mounted w/o journal [ 109.576058][ T352] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 109.576079][ T24] usb 4-1: device descriptor read/64, error -71 [ 109.696296][ T934] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 109.766055][ T45] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 109.791651][ T1914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.381'. [ 109.802818][ T352] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 109.811654][ T352] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 109.824325][ T352] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 109.897079][ T1914] netlink: 12 bytes leftover after parsing attributes in process `syz.0.381'. [ 109.927955][ T934] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 109.937136][ T934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.944967][ T934] usb 3-1: Product: syz [ 109.950526][ T934] usb 3-1: Manufacturer: syz [ 109.954973][ T934] usb 3-1: SerialNumber: syz [ 109.966836][ T934] usb 3-1: config 0 descriptor?? [ 110.022752][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 110.046210][ T24] usb 4-1: device descriptor read/64, error -71 [ 110.187765][ T352] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 110.196676][ T352] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.204447][ T352] usb 5-1: Product: syz [ 110.208464][ T352] usb 5-1: Manufacturer: syz [ 110.212878][ T352] usb 5-1: SerialNumber: syz [ 110.287916][ T1899] netlink: 4 bytes leftover after parsing attributes in process `syz.2.377'. [ 110.312214][ T1899] netlink: 48 bytes leftover after parsing attributes in process `syz.2.377'. [ 110.321002][ T24] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 110.349014][ T934] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 110.371562][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 110.387461][ T934] usb 3-1: USB disconnect, device number 10 [ 110.526184][ T352] usb 5-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 110.534485][ T352] usb 5-1: found format II with max.bitrate = 0, frame size=0 [ 110.541980][ T352] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 110.569130][ T352] usb 5-1: USB disconnect, device number 11 [ 110.606094][ T24] usb 4-1: device descriptor read/64, error -71 [ 110.905352][ T1929] loop1: detected capacity change from 0 to 512 [ 110.936616][ T1929] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 111.005862][ T1738] EXT4-fs (loop4): unmounting filesystem. [ 111.011543][ T24] usb 4-1: device descriptor read/64, error -71 [ 111.061254][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 111.137836][ T352] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 111.153485][ T1947] loop4: detected capacity change from 0 to 512 [ 111.160045][ T24] usb usb4-port1: attempt power cycle [ 111.179567][ T1947] EXT4-fs: Ignoring removed oldalloc option [ 111.198347][ T1951] loop1: detected capacity change from 0 to 512 [ 111.226680][ T1947] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz.4.389: inline data xattr refers to an external xattr inode [ 111.246102][ T1951] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 111.261865][ T1947] EXT4-fs (loop4): Remounting filesystem read-only [ 111.268491][ T1947] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.389: couldn't read orphan inode 12 (err -117) [ 111.280528][ T1947] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 111.507596][ T352] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 111.536746][ T1286] EXT4-fs (loop1): unmounting filesystem. [ 111.566082][ T24] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 111.777488][ T352] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 111.787435][ T352] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.795731][ T352] usb 3-1: Product: syz [ 111.806089][ T352] usb 3-1: Manufacturer: syz [ 111.811504][ T352] usb 3-1: SerialNumber: syz [ 111.826636][ T24] usb 4-1: device descriptor read/8, error -71 [ 111.838019][ T352] usb 3-1: config 0 descriptor?? [ 112.088524][ T1926] netlink: 4 bytes leftover after parsing attributes in process `syz.2.383'. [ 112.179732][ T28] audit: type=1326 audit(1725779871.569:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.186201][ T1926] netlink: 48 bytes leftover after parsing attributes in process `syz.2.383'. [ 112.266086][ T24] usb 4-1: device descriptor read/8, error -71 [ 112.316087][ T1495] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 112.356327][ T1981] netlink: 32 bytes leftover after parsing attributes in process `syz.3.396'. [ 112.365188][ T28] audit: type=1326 audit(1725779871.599:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.390163][ T28] audit: type=1326 audit(1725779871.599:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.416688][ T1738] EXT4-fs (loop4): unmounting filesystem. [ 112.416931][ T352] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 112.436990][ T352] usb 3-1: USB disconnect, device number 11 [ 112.440923][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 112.444677][ T28] audit: type=1326 audit(1725779871.599:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.484430][ T28] audit: type=1326 audit(1725779871.599:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.515427][ T28] audit: type=1326 audit(1725779871.599:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.539199][ T28] audit: type=1326 audit(1725779871.599:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.564001][ T28] audit: type=1326 audit(1725779871.599:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=94 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.587811][ T28] audit: type=1326 audit(1725779871.599:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.629653][ T28] audit: type=1326 audit(1725779871.599:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1980 comm="syz.3.396" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f32aa97cef9 code=0x7ffc0000 [ 112.675803][ T1994] loop0: detected capacity change from 0 to 512 [ 112.700437][ T1994] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 112.761028][ T410] bio_check_eod: 136419 callbacks suppressed [ 112.761045][ T410] syz.3.18: attempt to access beyond end of device [ 112.761045][ T410] loop3: rw=0, sector=89552, nr_sectors = 8 limit=40427 [ 112.783056][ T410] syz.3.18: attempt to access beyond end of device [ 112.783056][ T410] loop3: rw=0, sector=89560, nr_sectors = 8 limit=40427 [ 112.783996][ T1986] loop4: detected capacity change from 0 to 40427 [ 112.796825][ T1495] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 112.803332][ T410] syz.3.18: attempt to access beyond end of device [ 112.803332][ T410] loop3: rw=0, sector=89568, nr_sectors = 8 limit=40427 [ 112.825698][ T1986] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504) [ 112.832568][ T1986] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 112.840898][ T410] syz.3.18: attempt to access beyond end of device [ 112.840898][ T410] loop3: rw=0, sector=89576, nr_sectors = 8 limit=40427 [ 112.846149][ T1986] ================================================================================ [ 112.854219][ T410] syz.3.18: attempt to access beyond end of device [ 112.854219][ T410] loop3: rw=0, sector=89584, nr_sectors = 8 limit=40427 [ 112.876192][ T1986] UBSAN: shift-out-of-bounds in fs/f2fs/super.c:911:5 [ 112.876458][ T410] syz.3.18: attempt to access beyond end of device [ 112.876458][ T410] loop3: rw=0, sector=89592, nr_sectors = 8 limit=40427 [ 112.910719][ T410] syz.3.18: attempt to access beyond end of device [ 112.910719][ T410] loop3: rw=0, sector=89600, nr_sectors = 8 limit=40427 [ 112.913530][ T1986] shift exponent 133 is too large for 64-bit type 'unsigned long' [ 112.933081][ T1986] CPU: 1 PID: 1986 Comm: syz.4.397 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 112.938605][ T410] syz.3.18: attempt to access beyond end of device [ 112.938605][ T410] loop3: rw=0, sector=89608, nr_sectors = 8 limit=40427 [ 112.942611][ T1986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 112.942626][ T1986] Call Trace: [ 112.942632][ T1986] [ 112.942640][ T1986] dump_stack_lvl+0x151/0x1b7 [ 112.955897][ T410] syz.3.18: attempt to access beyond end of device [ 112.955897][ T410] loop3: rw=0, sector=89616, nr_sectors = 8 limit=40427 [ 112.965614][ T1986] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 112.965641][ T1986] dump_stack+0x15/0x1c [ 112.969006][ T410] syz.3.18: attempt to access beyond end of device [ 112.969006][ T410] loop3: rw=0, sector=89624, nr_sectors = 8 limit=40427 [ 112.971515][ T1986] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440 [ 113.017783][ T1986] parse_options+0x4b90/0x4ba0 [ 113.022379][ T1986] ? mount_bdev+0x282/0x3b0 [ 113.026717][ T1986] ? f2fs_mount+0x34/0x40 [ 113.030892][ T1986] ? default_options+0xc80/0xc80 [ 113.035688][ T1986] ? kstrdup+0x54/0x70 [ 113.039564][ T1986] ? memcpy+0x56/0x70 [ 113.043380][ T1986] f2fs_fill_super+0x23bc/0x6dc0 [ 113.048167][ T1986] ? kill_f2fs_super+0x3c0/0x3c0 [ 113.052930][ T1986] ? set_blocksize+0x1cb/0x360 [ 113.057544][ T1986] ? sb_set_blocksize+0xa8/0xf0 [ 113.062215][ T1986] mount_bdev+0x282/0x3b0 [ 113.066389][ T1986] ? kill_f2fs_super+0x3c0/0x3c0 [ 113.071154][ T1986] f2fs_mount+0x34/0x40 [ 113.075148][ T1986] legacy_get_tree+0xf1/0x190 [ 113.079658][ T1986] ? trace_raw_output_f2fs__rw_end+0x110/0x110 [ 113.085664][ T1986] vfs_get_tree+0x88/0x290 [ 113.089903][ T1986] do_new_mount+0x2ba/0xb30 [ 113.094242][ T1986] ? do_move_mount_old+0x160/0x160 [ 113.099188][ T1986] ? security_capable+0x87/0xb0 [ 113.103886][ T1986] ? ns_capable+0x89/0xe0 [ 113.108040][ T1986] path_mount+0x671/0x1070 [ 113.112293][ T1986] ? user_path_at_empty+0x14e/0x1a0 [ 113.117331][ T1986] __se_sys_mount+0x2c4/0x3b0 [ 113.121844][ T1986] ? __x64_sys_mount+0xd0/0xd0 [ 113.126440][ T1986] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 113.132345][ T1986] __x64_sys_mount+0xbf/0xd0 [ 113.136779][ T1986] x64_sys_call+0x49d/0x9a0 [ 113.141107][ T1986] do_syscall_64+0x3b/0xb0 [ 113.145361][ T1986] ? clear_bhb_loop+0x55/0xb0 [ 113.149875][ T1986] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 113.155610][ T1986] RIP: 0033:0x7faff117e69a [ 113.159855][ T1986] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.179298][ T1986] RSP: 002b:00007faff203fe68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 113.187539][ T1986] RAX: ffffffffffffffda RBX: 00007faff203fef0 RCX: 00007faff117e69a [ 113.195353][ T1986] RDX: 0000000020000040 RSI: 00000000200000c0 RDI: 00007faff203feb0 [ 113.203168][ T1986] RBP: 0000000020000040 R08: 00007faff203fef0 R09: 0000000000000000 [ 113.210975][ T1986] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200000c0 [ 113.218786][ T1986] R13: 00007faff203feb0 R14: 000000000000552d R15: 0000000020000100 [ 113.226604][ T1986] [ 113.287798][ T1986] ================================================================================ [ 113.297285][ T1986] F2FS-fs (loop4): Not support 32, larger than 256 [ 113.297717][ T1209] EXT4-fs (loop0): unmounting filesystem. [ 113.316123][ T1495] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 113.358893][ T1495] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.382984][ T1495] usb 2-1: Product: syz [ 113.394691][ T1495] usb 2-1: Manufacturer: syz [ 113.407787][ T1495] usb 2-1: SerialNumber: syz [ 113.426853][ T1495] usb 2-1: config 0 descriptor?? [ 113.697429][ T1977] netlink: 4 bytes leftover after parsing attributes in process `syz.1.395'. [ 113.720694][ T1977] netlink: 48 bytes leftover after parsing attributes in process `syz.1.395'. [ 113.762855][ T1495] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 113.772481][ T1495] usb 2-1: USB disconnect, device number 16 [ 113.788698][ T338] udevd[338]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 114.966072][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 117.766125][ T410] bio_check_eod: 225008 callbacks suppressed [ 117.766143][ T410] syz.3.18: attempt to access beyond end of device [ 117.766143][ T410] loop3: rw=524288, sector=87896, nr_sectors = 8 limit=40427 [ 117.785559][ T410] syz.3.18: attempt to access beyond end of device [ 117.785559][ T410] loop3: rw=524288, sector=87904, nr_sectors = 8 limit=40427 [ 117.799233][ T410] syz.3.18: attempt to access beyond end of device [ 117.799233][ T410] loop3: rw=524288, sector=87912, nr_sectors = 8 limit=40427 [ 117.812766][ T410] syz.3.18: attempt to access beyond end of device [ 117.812766][ T410] loop3: rw=524288, sector=87920, nr_sectors = 8 limit=40427 [ 117.826314][ T410] syz.3.18: attempt to access beyond end of device [ 117.826314][ T410] loop3: rw=524288, sector=87928, nr_sectors = 8 limit=40427 [ 117.839842][ T410] syz.3.18: attempt to access beyond end of device [ 117.839842][ T410] loop3: rw=524288, sector=87936, nr_sectors = 8 limit=40427 [ 117.853445][ T410] syz.3.18: attempt to access beyond end of device [ 117.853445][ T410] loop3: rw=524288, sector=87944, nr_sectors = 8 limit=40427 [ 117.867091][ T410] syz.3.18: attempt to access beyond end of device [ 117.867091][ T410] loop3: rw=524288, sector=87952, nr_sectors = 8 limit=40427 [ 117.880683][ T410] syz.3.18: attempt to access beyond end of device [ 117.880683][ T410] loop3: rw=524288, sector=87960, nr_sectors = 8 limit=40427 [ 117.894727][ T410] syz.3.18: attempt to access beyond end of device [ 117.894727][ T410] loop3: rw=524288, sector=87968, nr_sectors = 8 limit=40427 [ 122.776017][ T410] bio_check_eod: 314984 callbacks suppressed [ 122.776036][ T410] syz.3.18: attempt to access beyond end of device [ 122.776036][ T410] loop3: rw=524288, sector=89288, nr_sectors = 8 limit=40427 [ 122.795731][ T410] syz.3.18: attempt to access beyond end of device [ 122.795731][ T410] loop3: rw=524288, sector=89296, nr_sectors = 8 limit=40427 [ 122.809246][ T410] syz.3.18: attempt to access beyond end of device [ 122.809246][ T410] loop3: rw=524288, sector=89304, nr_sectors = 8 limit=40427 [ 122.822836][ T410] syz.3.18: attempt to access beyond end of device [ 122.822836][ T410] loop3: rw=524288, sector=89312, nr_sectors = 8 limit=40427 [ 122.836430][ T410] syz.3.18: attempt to access beyond end of device [ 122.836430][ T410] loop3: rw=524288, sector=89320, nr_sectors = 8 limit=40427 [ 122.849978][ T410] syz.3.18: attempt to access beyond end of device [ 122.849978][ T410] loop3: rw=524288, sector=89328, nr_sectors = 8 limit=40427 [ 122.863606][ T410] syz.3.18: attempt to access beyond end of device