last executing test programs: 10.671253499s ago: executing program 4 (id=4381): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f00000000c0)={{0x0, 0x989680}, {0x77359400}}, 0x0) clock_settime(0x0, &(0x7f0000000100)={0x77359400}) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) timerfd_settime(r0, 0x3, &(0x7f0000000000)={{0x77359400}, {r1, r2+10000000}}, 0x0) 10.670836299s ago: executing program 4 (id=4382): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000086"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) close(r2) 10.622535091s ago: executing program 4 (id=4383): r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000002c7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='erofs_lookup\x00', r2}, 0x10) fstat(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x1000801, &(0x7f0000000280)=ANY=[@ANYRES32=r4, @ANYBLOB="091e21b81dfc6fb0feb157135f914b110011504efbf790845429946409a9244bffb818fbbc5ead98aeff6a5549e74cef0600", @ANYRESOCT, @ANYRES16=r3, @ANYRESHEX=r0, @ANYRES16=r2, @ANYRESOCT=r3, @ANYRES64], 0x2, 0x1d8, &(0x7f0000000840)="$eJzsmb/L00AYx793SdNaRHFxcHGwYEWbJqlKlw4VHAWhFXUsNpZq2koboS0IFhcXRwfB1X/AwaGTg5ubqw4qCA52dI7kck3Oxhb7/oDC+3zgvXzv7rnnnruXfjMEBEEcWb5/+/31xbVq8xKA4yggK8d/akkMV+K/vHp88WXt+uu3n9986J94Ml/NxwAEwf/vbwB4X9eApydFPwj+Xl2QzyZ4rG+B44LUt8FgLmsNktUuGO7K4QeKHhyTwnPNewOvfb/ruVbY2GHjhE1F3V8HsJgxtAHk5BZMmR9Npg9bHjCMhOcuRSZY7pOa2lZsuj9RX52jplxB+P+68/zZLOybctxS7s8Ghy11BQwNqavIwjTN5EqU85/Rk/xa6vwHcMjDEKdKO1EGid0SbHUk/EHHI6cX84/pVT92pfg9CGFcAFJTn/Ked2MfmQ1pAv+MSfyJ6cB5xZ906LF/lP3eo/JoMi11e62O23H7jlO5al22rCtOWRhR1G7wv5zwp7ySP7Mm1mAGxi3fH9pjwB/acd+JWsVxG+8Gv8QaLvyPo3guysHkOyt+Ua7A5B8Xz1AVtbXFEwRBEARBEARBEARBEARBbMVZsOhDWPShKliDc1NE/wkAAP//X9JszA==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001440)='blkio.bfq.sectors_recursive\x00', 0x275a, 0x0) 10.549528394s ago: executing program 4 (id=4384): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, 0x0, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r2, &(0x7f0000003000)=[{{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000180)="fc", 0x1}], 0x1}}], 0x1, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt(r3, 0xff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x3}, 0x48) write$binfmt_misc(r1, 0x0, 0x3a7) sendmmsg$inet(r2, &(0x7f00000035c0)=[{{&(0x7f0000000040), 0x10, 0x0}}], 0x1, 0x20000001) sendto$inet(r2, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6}]}) inotify_init1(0x0) ptrace(0x10, 0x1) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000100)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1, @random="000600000002"}, 0x0, {0x2, 0x0, @dev}, 'syz_tun\x00'}) 8.155467376s ago: executing program 1 (id=4397): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r4, &(0x7f0000000200), 0xfdef) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) ioctl$int_out(r2, 0x2, &(0x7f0000000380)) ioctl$KVM_RUN(r5, 0xae80, 0x0) 7.735970992s ago: executing program 1 (id=4399): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x2, 0xc}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="1801000000bae3000000000000000000850000007b00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x16, 0x0, 0x8400, 0x1}, 0x48) bpf$MAP_DELETE_ELEM(0x15, &(0x7f0000000400)={r4, 0x0, 0x20000000}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000980)='sys_exit\x00', r5}, 0x10) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000440)=@framed={{}, [@printk={@llx}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) write$cgroup_subtree(r8, 0x0, 0xe) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x6, 0x8, 0x1}, 0x48) close(r9) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xd, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002a00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r10}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r9}, &(0x7f00000000c0), &(0x7f0000000140)=r10}, 0x20) r11 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r6}, 0x8) write$cgroup_int(r11, &(0x7f00000001c0), 0xfffffdef) socketpair$unix(0x1, 0x0, 0x0, 0x0) 7.412687215s ago: executing program 1 (id=4401): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x891c, &(0x7f0000000000)={0x0, {0x2, 0x0, @private}, {}, {0x2, 0x0, @private}}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x40, &(0x7f0000000000), 0x0) 7.355733257s ago: executing program 1 (id=4402): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0}, &(0x7f0000000040)=0x18, &(0x7f0000000140)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f0000000380)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 7.355348947s ago: executing program 1 (id=4403): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18080000000000000000000000000002850000000f000000850000002a00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route(r1, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x9}, 0xc, &(0x7f0000000340)={&(0x7f0000000180)=@bridge_getlink={0x34, 0x12, 0x1, 0x0, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'wg0\x00'}]}, 0x34}}, 0x0) 7.302175719s ago: executing program 1 (id=4404): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x40000000004) r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x6}]}, 0x10) bind$bt_hci(r2, &(0x7f0000000140)={0x1f, 0xffff, 0x2}, 0x6) 1.781466831s ago: executing program 0 (id=4443): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000480), 0x208e24b) ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'syz_tun\x00'}) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000003c0)={'ip_vti0\x00', 0x0}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.629632767s ago: executing program 0 (id=4444): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000000000070100000007040000f0ffffffb7020000080000001823000000000000000000000000009d7cdb2b654a9fa06af78e1a6dc94d361c7714ad175e53ca88a13002aa2aa94d837889f72ba842f06ad9b4e0eff9c3f9816c737ab51df7bd6962c5cb2569a2691abf7e74b8c767d4f10ccab6cf7ccb762f1fd69ea1a973055d5a2330b641f83f85fd6f6dcc669a055b51817fa5d4a0f766f79645391d52013c123e541473948aefbd2215b0e9eda0519c70e118e4832b358d22afdd97dc7e8614ec22fd374353eac783073984fe6648a3fad141f5cde3b6326ef2575ea32bf63c6af928cfab9810c2fa36629db8d95869780be0e54fd7ece99ed5e8c4b41a81c126eada9c96f23616ceb4261efec1c7d3892b021be689", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000690000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000080)) readv(r2, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/233, 0xe9}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000900)='svcrdma_send_err\x00', r1}, 0x10) r3 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB='~'], 0x1) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000140)=0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, r4}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000025e40)={0x70, 0x0, 0x1, 0x404, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SYNPROXY={0x4, 0xe}, @CTA_MARK={0x8}]}, 0x70}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'erspan0\x00'}) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25050000000800020004000000080002000400000038000680f5e605004e200000060005004e230000060005004e2200001400040000000000000000000000ffffe0000002060001000a00000008000400300e0000"], 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x5) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) sendto$packet(0xffffffffffffffff, &(0x7f0000000840)="08733677f34fa9f60a0216a3337673189de88acdf60e13491e1469b4520dc147a3fac520e54c55e6aebfc4c68aa348da022f04850ea8a0d674b98acf8c9a10acba6e18024487c59f6b15a740a130f4ea637b3d31e810d20367dfe9285d2817a85f0ec59034c4f6df6588c4aa981149a43c63d06d0dbd", 0x76, 0x800, &(0x7f00000008c0)={0x11, 0x17, r4, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, 0x14) r7 = socket(0xa, 0x1, 0x0) ioctl(r7, 0x8916, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='ext4_insert_range\x00', r1}, 0x10) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$igmp(0x2, 0x3, 0x2) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001080)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a000000000000000000000006001c0000000000080019"], 0x2c}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000480)=@security={'security\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x0, 0x1f0, 0x140, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, &(0x7f0000000300), {[{{@ip={@loopback, @empty, 0x6339420cda9ae7e9, 0xffffffff, 'nr0\x00', 'ipvlan0\x00', {}, {}, 0x89, 0x0, 0x2}, 0x0, 0xe0, 0x140, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x1, 0x2, 0x4, 0x4, 0x0, 0x6], 0x1, 0x9}}}, @common=@ah={{0x30}, {[0x1, 0x32]}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x4, 0x5, 0x6, 0x4, 0x5], 0x4, 0x6}, {0x3, [0x0, 0x1, 0x6, 0x1, 0x3], 0x1, 0x4}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xaa, {0x6}}}}, {{@ip={@multicast1, @empty, 0xffffff00, 0xffffff00, 'pim6reg0\x00', 'macsec0\x00', {0xff}, {0xff}, 0xc9, 0x2, 0x44}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x2, 0x1, 0x1, 0x4, 0x8], 0x5, 0x4}, {0x2, [0x6, 0x3, 0x3, 0x3, 0x4, 0x1], 0x0, 0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000200)={@private1, 0x0, r4}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) 1.580265429s ago: executing program 0 (id=4445): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000e280)={0x2020, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r0, &(0x7f000000c280)="897c6500ff3035465c7acb4e06980b05687c1480c7aafe631c0543db2bf0d6f539506e8782da06c1ca018774d72e9e5a3418ab66ee78dad68457b17ec9d47bf7d8272d607c1c0a4bd906f0cee7f8451828d2458596bdd6a459ba18ebaf61b38f5d66c27fa8a024ad7832a85e58689a4c254c94cbcf7208fce6e61d9566459789d15a6f91dd7db7c54cc3a94da956fb290a8a15f849270bc459d9d9f47801be86dd5c9d18382081a993b7bfde5c28adca4c71329afd6be743b076033b5859891703eb65fa256d6f47450b6edacbd05a9bd8b372e90cfc30f32826566dac6c48e6ef001881cbc30482f9ec469e476a101da496b8c0785eaf875d3608b0c49e9d39baaa1041f903a805f0f24aa63722fa2d87b98595fa5cfaf8b79c458de43ee39904e7cac7540a934b4108957785d58807abff186949f1b94cd21b724aff34ac45c7066dcdbd68ea7b766af9d045cd7fafeafc5c5a0c3400ef4e0c71a6fdd5b8d68a6f317644cda9d2fd2c839a82b97b3d909b54c672227bef573c9de1991d65a63017f724d1f7f1575e69db53318a7fd7065b303e751518c8eef04f642dbd4dfa349040a7b5401050ffc2b4ef62803a7c8eaba99e011dfac24d81b2b61e0b0581e53bf520f623eca17f0545c5e59ff15b527475f970f589894ae589145fa4283f7225088ccfeba1d72e9128f8c223ae1840f2edae3dbcdf7e560d5cdf4f71c9ada1931c0f8312c000101b264aaddb9fab166ba8d8903d6098eca20935ca607ea79e936798b3dfb22a7e159abb234cf21f3733dbf263a8ff116092f251659108892b2e21e1b428fd225096a5040270b2d70347013eaa1fd8e452942200283aab092c4ffc5b8b427b5d691a5a773e09da20539ff0f8214331c5d84107ae8a59aeb58efe22d7a079e446f1dfb07510377799bfdc7ee59cabcd76af0fe8a427ac8258ff33bbad5a8061f1cfdfbf375d73d676cc7916d6658ce46a0b17ad6350150f98e3512b513e25ca73f5f5df0a1fb9582ace7906c493fe1fd2889d9aac0b7c29c2b6c205537627bad64df433336a5ace32ca871e51b4dab0fbb00886a1fa81a98b74de0a26cebf65723515ebb807fc3c161ed42d1a7b6b55717613577ea437f3a2967c66ce45ff85a6a35b7cd40625fc575b107d7394e3d2db51d58347276c33e21f50b5a6b5672bf9fda63139bb75aead1fe4ee9a4064af5a5958466aa39faa6d821489fa415224c8d69d3b5922236832c2b1e4f6b8863b32f9aea83fb522a2de081d674502b48f73ce6db98d84136059b4a6676bc85ac6b7626329afa9bc7d3f9f2caa3c4d872744e0a8e02d72a75c6c545b8ec8e15b6fb0fe4185bd0d154960e6fef05ba40e5fe2968eb1301dcc52a03337179e74ba1522af93d77827845f8941c69ed8bb84567e3c63f1cc378a542f1de7007b688ff0a9c69d5861f0b85402c30a2fd391c52bafbe65f8e82135fd38361d7c0b43c982b2f3e7cb09c40c7e215114f4243d670cd576bcd93c1e959345170c75d6c3cf89cf8c2c70dc792e646e7c649d4c5f36bb016c7acd466ad58473d40dfef36394e581065a8581ab852250403cf372ac0065bf757fa3f445424ac0d82aec1938a2ea116bdfd306baa1cb06c62a4a97d66ab1b9489469cb8ba842da12e310caed02c5ef05c0be1e1e8c9c8b87d6871c94c57d164d08672b205c948086a06a545b266b7ad902a908681eb188bc51b6190b5cb9d8ca59b8c4c6e7369c00d6f6119fd5d437239e3d3c89cb81e09e560fb817590106015f08e7b09f1e1e65bfab3b8489fa058e24081978b9e25463d9945bfbca81c08885d4b6d4c62e217bd9e19460762f36c66bc948fe31cde089626fbb310e3c78a8d3f2eac21d374d9b58d887235d3a95721168e4b9475849071d60ecfe7ea5d6c4bf60da3747612ef59bb651270f326c0af31bc8c71361f851de34ccb3c8071b96f1128d7ee79b41246e566edd0272dbd3ccfe472b38e5e03d3ef83218bd498e6de8b4d92cb6f82716449ede7ba845028eccdb9137be8a622ac88ac53118fbc39637fa7a93cd3abc6f7671c7804420d66e94720acbcac916950f9baca77fef4217155ccc2cd0507339a0486f9f468eb28772986ee768c63eba671bf8c52e48a2a5dc2cc24fe925368706c2d712dd1064692b0fb2a32ddfbd4a0ffcf9c2abcedaae6e527bc1d42637aff2a275b76a7a7f010e42e1cc1d27141f6c3585a2bf58c6c5789ce61551d10118a000e3764631ec0b7f4b1a6f22a678133a30940b79dc76f863dd9f6e0d7776300898c97cef286c731c2050928c492439256e481652bff0d202db3cfdc54c9816ceea7895357bfa0362fad79afd09ed55189294d6ead7e898ac091cddbe7efcedb314bc02a18dd5bbddc42e089124758bb491fd1536aab27c5c124567bc325e7028bced5a179a011d1cb9a5ffb61d7af863e91ec8e60495561188b74d158ba1418228d44e92915a22eb1c166ef7d6179e84381ed950ffd747f13e24172942d922ca3109fb8b1e4e6264fa4a4eec75ad0d0e22579d90f45d6cd157300e38ae665eb56457202e25a8dd5877ba99725de288660badd2704345d9bad208c903ba27ea167dd45a77f77b6502b525b2973270582858183c784c324c1366fbba8d410c38bf75b41e067f6a9a017c56595161db4fc5639393fdafb1f148d3f416c1adc5fe1ab9cebe4689855c9b4bda6dcba5d5fa858a1b87d2ad23cdf54dbdf4d14aa4462da0b6f1107f4afa0091c2643508861a4d9f133ba77751941bb8fb756abf1a104205b80d47a3b4a59724d959c8b5833da4f56fb6613231f230a9378c9af741e94fd2c7213ac1d7625559b3f032f6c8df3ab441929720fe43d7c548cc661eed5b3c62b3c61f538ea3228376e2a18c6da2ad906322f64fb4865cde8e1889a8e5237fd6a39bbd6662f1dedc22fbd74e4376fa610cd710703dbd3924a38beae69783d1d5abf36122cbb87129ba719042748f060f4303a3199c5891c5040fd8cdb9761b006bf64cdcb65e5cc50a29994b8c1c34b83760ece12ed9ed7c3d2a7f8911cdf23a1afe0d7db1bf342aa0123dd5cd31339f5c8e160c4efef882602b3eccbe76fb690162b8bfb8a31910bcdf9a4a5dde76c2ac2fcd8678add7a000cfdcab398eb2171c026313eb6eb56b4b87bf8ef93f7f8a1c0bcc3775b681d4229ea561cb52281d8ba4315c3694ed08433596884d5a7ce3a8b1f82359846b7136726e2fe37bf4f7b7e2206cdcdb0705ced9f0dcaaa2ed3a78ea70d2cfeab668eb321400fc955e9aeb7bbcf86cd03f02dd443503a1480d9d9f899f53bd747a95293786798fc59fceb09e686a9328da4f929b6201841bbbefaffcf3386abdf69540e3b46a643ec10f0acf21f27c0053dc13f18485dbc898729dfbeaaa4887b58cd442d7ffa941808cd9658595be8650a815b088621278d89f0d8a4252566b923df3a3cd65c0e4af08fad385927251b31d35f75eaf25e6cf13a579aeeb0bcc0a14ca4a20a6831d532be0b2af3821792a2df95131b7fafef245aa19b214053342aa820c35858d13f84e496294529411015c41ed447b5b51dc44a45d52552a2be1abfc157f3ace7bfa32d5b931421d5a152dd66b7bf549311b08325e5a7201f793037b38990bedeca8a647c08d2478670f8fc2b4e8983ea18bcd514daeeeeb9d7a778f783c76edf01bd4beda4b77b612cd2e865c2e4f58ca7ae06147bf66ae6aee221cf9b9505dc07e6fb6cf4f82dc8c406c78e270210c11cf2531011ed678d9dfe1f49c9a69a95a9f3b0e5b624d9c2664d787ab911b75a4a38d63e9d6c353f8aaf433ff961fe5e34d84936ead0d0bc7954caf84e541f5c6f3f20c9eed21eb0316b82c0dc5182540e63a0af25565496792153d6395adc2b8d68b8bcd93dd110ff5685879db4384ec390d44b89663d43a5de3bdc0e103b7c1b355dc5f6fe3518c93628780ba03f156badea65d1d0af8433c9e8a975fdd19453da662a33fa9f0f5fa15fdb216b483fb48370a967246e0b763df8b3bc7924a6c76c4b114f803dbfa3b312e6815b4eb67be167283a9e482d9a5beac250089d069d4c386b7fda5fc228404a0f58b12ca4dc131c381b49b42b570bcfc0dd663f24afaf65a26a21f6d92f52c9f8de36cb76bacbaa0eef98ba6b7dbbc2629a03bb2b6f83fc5adaf20c217bc8d0f0d2421e01472532bcb546aeb2d483c8f95011a3ba1d2fd8086a717cb015dd53064ef4a80b6d6fdc12d9069223fdf2aa9b192a0e0bdb38436f49d9eedfef3665815633fee4344aff11162526362b70b18e1dbedbb5d8c4698860beccf667851878a25a1e766caae2861f2e23404aac859e62fdfeac06a6057554828d7035806e8ab3ee2fa6d711e5811db61231a22f4672f6a11b27641f350bcab78792362e6ebc1c054a643bbbf2746678c14dc567d1f73e37005c8ab6374c4d8d3106384a2d32c5fcf05cb9ba97cb7fa1aff11505a701bead543e555f3901ef3b693d5b9ebf49518c3509af042b7e84b1b867c22b7e08725220e4338fd074edce428212e6a3563a08e2ccd8ab71910256532904542e93d5c7deb5bf5d49beb3202d4da4f643649e55edbb91188cdcf0883a40c6ed6b8a086fb5c50dc08fee00308420121d4c7431b3cfb80f9c1e099423ac451d67b12e930d9e391d0a799c7d4b54a0d56ea0aae00c1d009e21fb5459416b464b227d66ccc1a68da59d64c1583dee54bbcd7d61ffe541fd0fb7452adba91906918966a7d58019ad1f8fdebeceeed7018837b6e4272eefeec8385abe7207fb2d7061fa6cdc478165a98971f9729b818a73edefed976d5c7c0a651c091cfd1174c020e39330a79144271fe4cbc61ea0ffa274d0d87d06dd08c1d5f8a0364d46ef7b54426bc286330c75fa257afeb2715c2ae511ff53b1189cc59ab80b1325fbdcedfdb8f36ed71f70091116e16b52188b794e637755027caac8db8554f8674b844964c710cacd7a9d6b06baf6fef76159a380e639b0d3e66080a7cf7f86baac01dbe47fe687fcef2f3bfbf6f8fba045181dee688360a11ee56e5fc73ed31c0e2924ae57f0cc93c63a30662a65c5d5f17123ae28cc5b74dd13ed81b03dc7fa61dc575668868c0df12d3553269f04ba79084d070abcdbd4745de80e90e4e3e524f27249b5c4a2f2d4c8b331b0cb6d4efe62a298daacc6eacdfe008c1f912795dbdc37098c42db860953120fda709baa6d46f52eaba781505e68561ca0f281e850532ef8e7c779883e312806e1c357bdef8d0dda005e710cfa6eb8686e8bf3bff036b3fcdc4036541d93530ce6f598442c24170b307ef05f23c93aa0ec96831b532d8120402214a940d1fa01ed649061a4a71308be189cffd729a196754fb8a75f23851189589be1b819f0612cad3dc94ccee88f4ab9ef6ac9c7daad8cf94f5ed9496c4c824e5b4f66ce32a80e7a6ef069a32f6812e656aa5f5742bd432afdf026c86e8f28212c1139dad47d7fc07e5c1a83e993daaa4a4bb5f0c9435ccab2a10f867ffe259dba7a1d9168619b1e3048860a5122e4a5d0b00372eaae861a0cc88549852fffa76e6d78739b654d67df15ea97a9a46b7c382d83191a673aa619b4a10ec05bc681379b0d6df824cb6fe158e9d89ae5dd1ef66976f67972b553db52eb6feef836dca6026293f83a61e117754a7424a3da63bd82d017f87f0603e2a9b8fc550aae611681935ae91f7ca2b5341b05a25208bd28f1a202a7f2a213b1d7411ffb557470aec00c4d13c70163f22a038a189710dd19a47e8db4a87c3fd329a63abca172a9810edad2d8e19ef85b57ea4287cfb3d740d7ea3fa9c80d06e1aa84b317f678ddb3c147ba5e0db432125f59ca4944c8e9050281ca82a3ecf67b2a5df678697a52a7297af1ecb03c586af7b91d74e881964ed95f7be12fa07e2a4e71aab8b913a13996fa33e915144bf00e49b8e7adec5b2c4b8165f54ba3155230e241ee023af77a295ab87c40f63f6092ccee05cb08a265abe8f57c9919bf45064b6c2240ba8011db223a283a4e2292d9b59df8c9a4fdc763f0631007db9976f351717db0e6b5f9c6e5f227c2efa1ae5fe0be1af0b22fc164f9f9678a01fe8b059749fe8a2972455732da1989c609d191544ef9fbb3e58da93ec4a582430523f260b776e4d747312747d18a9bae14740f5dcd35fd1072f8a4d81573b5882203be856b62d7e1d87081a9e431872c9d68864197bbc61f15dd8aeae950d34d6ce97182deebd2ad64cabd1c723baf512acfc7e94675b31369bd60e155af79b97bb734312569f736dcd5b5a78223ffaa0f7e93e1a112cb9f6a5b88fe3cf12c30024c16c6b8380fdf086c662665d3751c11617cc4dbd5b8bc7543301a23fbc90ba8d060193cdc2b68c31c734d516707b759f7db009c8f06e69b40154e1cd8ae444afb28134acdf871136b4fd78bd86d7faaaf618afb25e92d1ee37cdff0595278f9565f5eb109e181e9cacec2f22e32e9f34774ee223fdb992febcc5dbc5cceeda16cbcf1434730d859e7e03d36ff17636a7a7e66956b515894da114f3040909f90ce3cfbb2d7d46e37049c0fb124e0683d662eb427cd7b851ada229451e6e3aaee64b9964ced3036bde5d9d80eb062474f96ecfb9b65fcafc719494ac12ab7df245475f2a5e7f85ca4789833ca373e6214d39176c8f51dde87a4cfe5414a20f68bb9f34709979b99533ba3435c4aa56e525195e10ffd00f8e41aee30a909c07b973bbf733d45500b539ebe2206d438216690998d9e256db1b7ac6bef3e810785e1986985c945a2b820323a592721fcfa444934d0faf8aa439d5efca5dcd77b72d1eb91b3790d50d0a7483e354c415f81d99c133d648c1293e795b3c43f9b47e23ef982e10072ea5baafb0df675e69af1807b225afa0cec3eafbde8535d3ecaa0ea6ddbffe4465207425bb003670320324df0aeeb16b38a043f9c0e85673b36def332fd68b2b1e6edda621d0cadebbced8c7fc8f890489115b457249e8d8103676b3207a472804d33e0fe511ac56cd8dc5333b2333892f87b455940ada78fcf5075c358fce990e6f65f095eb416d876ce6f120b8b02cfa6b176ee269c942f881247c3e464cce2aa65c39137607c585aeb4b5f24f5f8e058c9c8b48003c1809da3e8aad1bee7955c3a976d43fe132e2b16f4758a0a9884e51d13b930675a4361ff366b0fed190ad7b2a00385528951e39cd44ea06d8921b9d613d7626221154cf86249a550198fe4e5b05ad3052b474291da0a0a2f701759859bc0392adf243ad5eca89e6d18e28dff99ef95743bcabe75504be8c715cd6360facf3bb06cb97c29989d4f6ff5083573cefe6ef0b39a252a2678112fa88e5b06c9a6bfc9597cc96e5a49710c4fc120fb0da4945b9d94e46de1e9989d0fc3d8d20df23d815b660c799a903f651b0d013f7fe158f1d297f7fcb6a48780ca5525f1d081ada0aafa83552318b848783306549750b6254cf676c7b934cf7fdab992717f0cdc089b34278f3fb151cadde14d0d3250e85a4b0ff2a2778a219aa40563d3ef575285484424b6d0e7cc8392342e4848c6fc8cb20fa1b450cc4c1fea19f3bbdd9e342e6c49cd7ac893b1eda2e93d1d74d20969465946b398fbc733757741ac822c4a118632cd242a439fc37512cf79b7c629504ccc1e7f2f11798955c3262b5e9695625ba74d8050e20f51d4769e1ab938f487f1bc4b55b5abcaa3ec079c2d0972b2ae9bfb7c5423b959119292ea05f1d79d35afe47e49d97c946b193bffc0a8f607f18a6845cecbbdd98cd351db2b2dce05a4848ba84a6a497b4618950130cb7e76c03d0976eb2fb41d3a42a1430063ed8e5b8c67e80fd4fc1148911958babbcbff33a6505de209b0d9320017fd736fd027a16564008ab2e1f48a6dd66c9256730e9fda0a606875d0871b2b9b0bc2ed4e1b696dbf0283c8dc72cf4338e595266f5390bc3a21f988353118f2948fc75d050ea076b73508d9ed89bade0ba305c1f4e5daf9d40d2f5e7ababed8d1b1d919c61a6d3fb149c1a9b44e38585a2fe322f83d73a3aecb44da3f0e82942d75d62ed3f91eb44f3411df014f88839e4cb1e21b9b259d4eb4adaf6b0be433d0ed4c87ec77dde5ee9d566e3dd8d928fc1875c63af26c59daba5ae267d9bd5da72b99a03e6a33cc48ed961ab484ff4a46c2d5fa597e626e00b530d7b9a9705e4e08d03f3a7f2a5a5233ad6340e3b5c89db81ca713b6d7d855c6324955f85109b204566f50178cd88abe3fcba25de905e8ea0b75ad51831761ed9b1af2470f976f05ec73bf74d137c207270cfd614170518cdc449aeeb663e114359c8124eaf2499d8cf5dc84a0872301db2e57b50bd285060ec4390d99d4ae3674ca3bb8679c1b08e566ba4f30daec8684a980055eb43cb5a1306c4b52a154682aa96637e06c869278aa2f74ef7345632c11265ef8ac97e953745302556881ba0cb590fef271c0abb193fb84d18ee3f24d9976ae816b857d6f68d1fdfe10b312c799fe014debf875d04bff8b4f387859e97c6bf13f7083c28a2045a0b5eb09c94e781a165965e8617c0efed1701ea9667aeca26d9577ea7b1242e1d91b25d6a66756cc627648a293b9f4345966bc469fafaeddc1118d0972bd5c7751a1f51e5989fd952f314ae10417c97b41e60ebfbc47e496486fa4a89fd16aea7fa1eabebd26eb2a37a3e2b351e0c9d2f67b2e5be0f921adc9b6045b045948e5103af0e5050b9c0799b513c00865deebda730de538f956ceb6164e08bd6f58655a294b4b44fc65309b30f9c00f92ef5bd5b911a3d830f72c258b19521bb8e80db02129954efb61423f518d2c5f36587303890cad9a93fa4f4bcd0e24c67db679c67ea59c1350b8442577632d5e8735833f3daf5a74bc7bd82659a81beba8c889632efe03cd24187aee856cf659e16e195464f52f2b984fc7a299e7b2aa53979a147ebed35705d5e89691666536f2febacfcef9b32d14952f958b72512869e4f6a0a34176918217888b1eb8b89322ebb6bb1dead2b4744e728479880db70e6147edaff6c3f083f18e0696bdbd78cf0bda14d9f42e5c1077ced00041aadff90470aacec0e48e2a5f2a0ed37818a173b96061e8c5bf24c0bde9e09f9e0ddb8e13306ef1d4eb8043ebadde5d7553e5212ecd4691eb426251f9d6720b8276ac543dde02399a35d974b22c1727d4b6df01957cae47443b706d43165e01d6932b136f561ce837431254cfb2a6e7d8070a2d3805aaa15b3c10ccd0cda2e9b418ce9ef380e5d08217752e12b3b892d03a9495c83d78d674612fde5a67738b2d4649ce44606ecce6bf3bd1293eca246a83643e4f1c7ba362b110e07c8479f216e3d4afc4fcb8d0820c8ab702a66d8183e83174597035e92b9b500dee08c80b927b42c3689c7c9617b4112c9e54cbfa51e989b5fd42b80c595d3edd265f138e8128cfbbb0e4f53aa0aa95a2ecda4518b2e564c42d5de7671560843d08103b9bdceac5fdeb0b1266f72f491265dd2b2b80a225a50955167da1812364ea340d82f61535401bae6f3140a8795d7c318a64cee4676627244930957b2f0b227be21b72d90027e6a5a7af3c59470c74dcdb71d1ef090a0f49c91acd604c792385c8f4e085765292822ee5eca03885fd6bfeaca9b3bbbdeac939f7846a487c5a483ed1e4fbf37c93886ea27bb35c812089b900b77c7c924147e97b6a71533610750bc84921012aa8158b213f7601d934a20bdd1f757b0a33042a683af6b9069f3900059d7f80f9fdcc9f33ece8cf7888dc9e24f1fc6ca0ecccf161c5334c60f440feb3acfc3d115011c176dfa05314c5bcf089e3c82bbe7680a3eefdcdbf3ac27265b779db4f49bade0128eda6e29bc5933ef454601db1b49628fd39ab938794fa46a33937a086ece7050d31a21524e2f0cacb307ed4412a2078636f9cc8e11c5c31cc0f9edd7be6d1e31a1513a58e25215f5a24245cb988589e6d5e5119f4f6557c697fad7d1c3a7e3bae064db4382701e33e48c5b6a52fe9141a385ef2325c6f7781134607e98bfd02c43d6deefaa861700388b40d98e941cfb2ddec209f977e8b9f93d29fdbf85e3010ce7cd622e8c75ce3df535e392052b6d65d5042d2a6e78bbfe5ee146e8b18d4bc7fb024dbba57cbe0402205593766a313950cb719d00c67bb6b3bcaa1015b89e820f11475afce655947113a7c3dcbb52427f090df994fbf076db867e0ab3f6125fb8884c1d13ff3e99fab5fa8b9f0b72cb44db4d0a48d9ec17f9733764e213c40a15ad821ec60e4a88cb2fd9dd9a4f35e6a708f4b74067f4be3f03a95261f6b191df53fa5bb5164e4a164630ad9ce39087aa950ad9e60cd2c44fa2237c49abf858c97737fd21180fd0b9542767150fbed3f39a29e6c3484d9437e15d2439f2a54b2a1ac7e63e6c436658abc3f1dd52d984f6c6901768a8cf2ec98ebf44e90e0fc0c24f8957c62e05d8eacecaf25b178fd710af609a8a1bc4d7955b5f0cb4f48a37685e6304ea5843573a1abff37b5106916c83c8f23f939a0dc43aea8d196191ed6e18dd793990d1f37d7de0bf8fac6f469843724eaab86be8a483be281b8ecf4aa29d9c571951cde8cd8c2aaf4d597ac2cb48f23fad145916920a55d655924940573b64dbd42a280cddc4810434f930183fdbbdc72db1491a4c9d44daf9b1bc2fecd855508648063040faeb125da0e68e6cd2002181118eecff0be1dd8eae726af5d451630cd65119c52abd6dded97f931202f186a18c4ba34bc2c3f6d765e2d8f445e959f26ffb55827cf3ff2cc0289f17b82c8caa5a2d3d54306a300f0ef42bbe4ea9e32c5d4b1173942745cdcfe4f5d1619eefaf8dc600afbc9171d516f7f4b35331d0b9be005132ffad5e9df59710278b842afb626a78b8b8b37fc3a894dc705b2d4e0940cb264e9dc87eaa148e6faf78125462f28a0f1d7b3c65a291b85713fa71ffc478f6601e8716c35489f4a54ed0c70bcfd5502cc91374dc3c982075c5180398bc6b195b36e79dcc4087cb990cc9d964a150e0dcc887d496bdd27c3f298736b9ad8345ba2df46021964cf43c38f9d2e94b77bee2b7bf059e0870ff9f17b9ef1320c0aa88a2fa9781e9017ab64643de9a3df9ed4b8cfd8fa080a2e494409520b795eb1517d224a05e450c4c8ae0e9fd29c0e72d3a592cce55f6dd5107f21214e1a3f9a5448384de06149f959ec0c92790f0ff229ab4971171f1c528ae6d095ec007bf5e7f55d623a68194e9ea8edc3af418075338328f24e7504341c22bef72c2963fc9c3237ba990d29c2c8aa3007395f6d96e95b40ee1b18dbad550bf39d0d98268cb74dde76d987c3169c9067495fb1b88508bbb7e94cbb7dfc15c03b1d5b163132c8a468906f02d422a8cf98d0b432b5779dd962074b72dd27439b2e94312f573435e5aa84664432c1914839cd6e172186ce93eeb1d7cb0659696d9d550eb3b185f8c6ee16e53f78233cbe709f99d2879d63d93f7d0ed133241d2f1ab1eb2c56605ca0f0e01c39ab0ba2370fe5c4e68de0561b517ff9a10023c386236398372c7176e35443e2cf5dd6cbed9f23395f231e6a54f65626cb5860a8b72122c34664119e7c47204ef4a70583a", 0x2000, &(0x7f0000001940)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x90, 0xffffffffffffffda}, 0x0, 0x0, 0x0, 0x0}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) pivot_root(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0/file0\x00') write$FUSE_INIT(r0, &(0x7f0000000380)={0x50, 0x0, r1}, 0x50) 1.467918233s ago: executing program 0 (id=4446): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) syz_emit_ethernet(0x120, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @multicast1}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@response={0x2, 0x0, 0x0, "82d18160f7d8dda36479a6b179161b4bbff2d0508977b3928ebd2dee05607d17", "0194bd7b1b0303c5ba7f602606a285b3", {"30da2d58da817f8a5f77a23de36a2164", "3b33cfa231a427159c7b9f0eceb155f0"}}}}}}}, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000100000000000000000850000007d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000480)='kmem_cache_free\x00', r1}, 0x10) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.199135734s ago: executing program 3 (id=4453): r0 = socket(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000280), &(0x7f00000002c0)}, 0x20) connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) sendmsg$nl_route_sched(r0, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001500)=@newtaction={0x18, 0x31, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0) 1.148787245s ago: executing program 3 (id=4455): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) fsopen(0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x4020940d, 0x0) getsockname(r0, 0x0, &(0x7f00000001c0)) 1.148441105s ago: executing program 3 (id=4456): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000000000070100000007040000f0ffffffb7020000080000001823000000000000000000000000009d7cdb2b654a9fa06af78e1a6dc94d361c7714ad175e53ca88a13002aa2aa94d837889f72ba842f06ad9b4e0eff9c3f9816c737ab51df7bd6962c5cb2569a2691abf7e74b8c767d4f10ccab6cf7ccb762f1fd69ea1a973055d5a2330b641f83f85fd6f6dcc669a055b51817fa5d4a0f766f79645391d52013c123e541473948aefbd2215b0e9eda0519c70e118e4832b358d22afdd97dc7e8614ec22fd374353eac783073984fe6648a3fad141f5cde3b6326ef2575ea32bf63c6af928cfab9810c2fa36629db8d95869780be0e54fd7ece99ed5e8c4b41a81c126eada9c96f23616ceb4261efec1c7d3892b021be689", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000690000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000080)) readv(r2, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/233, 0xe9}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000900)='svcrdma_send_err\x00', r1}, 0x10) r3 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB='~'], 0x1) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000140)=0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, r4}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000025e40)={0x70, 0x0, 0x1, 0x404, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SYNPROXY={0x4, 0xe}, @CTA_MARK={0x8}]}, 0x70}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'erspan0\x00'}) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25050000000800020004000000080002000400000038000680f5e605004e200000060005004e230000060005004e2200001400040000000000000000000000ffffe0000002060001000a00000008000400300e0000"], 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x5) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) sendto$packet(0xffffffffffffffff, &(0x7f0000000840)="08733677f34fa9f60a0216a3337673189de88acdf60e13491e1469b4520dc147a3fac520e54c55e6aebfc4c68aa348da022f04850ea8a0d674b98acf8c9a10acba6e18024487c59f6b15a740a130f4ea637b3d31e810d20367dfe9285d2817a85f0ec59034c4f6df6588c4aa981149a43c63d06d0dbd", 0x76, 0x800, &(0x7f00000008c0)={0x11, 0x17, r4, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, 0x14) r7 = socket(0xa, 0x1, 0x0) ioctl(r7, 0x8916, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='ext4_insert_range\x00', r1}, 0x10) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$igmp(0x2, 0x3, 0x2) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001080)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a000000000000000000000006001c0000000000080019"], 0x2c}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000480)=@security={'security\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x0, 0x1f0, 0x140, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, &(0x7f0000000300), {[{{@ip={@loopback, @empty, 0x6339420cda9ae7e9, 0xffffffff, 'nr0\x00', 'ipvlan0\x00', {}, {}, 0x89, 0x0, 0x2}, 0x0, 0xe0, 0x140, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x1, 0x2, 0x4, 0x4, 0x0, 0x6], 0x1, 0x9}}}, @common=@ah={{0x30}, {[0x1, 0x32]}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x4, 0x5, 0x6, 0x4, 0x5], 0x4, 0x6}, {0x3, [0x0, 0x1, 0x6, 0x1, 0x3], 0x1, 0x4}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xaa, {0x6}}}}, {{@ip={@multicast1, @empty, 0xffffff00, 0xffffff00, 'pim6reg0\x00', 'macsec0\x00', {0xff}, {0xff}, 0xc9, 0x2, 0x44}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x2, 0x1, 0x1, 0x4, 0x8], 0x5, 0x4}, {0x2, [0x6, 0x3, 0x3, 0x3, 0x4, 0x1], 0x0, 0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000200)={@private1, 0x0, r4}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) 1.148165886s ago: executing program 2 (id=4457): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000b80)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) flistxattr(r1, 0x0, 0x0) 1.139393396s ago: executing program 3 (id=4458): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x1, &(0x7f00000003c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) r5 = syz_open_dev$usbfs(0x0, 0x76, 0x101301) ioctl$USBDEVFS_DISCONNECT_CLAIM(r5, 0x5522, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000004ec0)=ANY=[@ANYBLOB="1800000000000000000000000000000895"], &(0x7f00000000c0)='syzkaller\x00'}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='contention_begin\x00', r6}, 0x10) ioctl$USBDEVFS_DISCSIGNAL(r5, 0x8010550e, &(0x7f0000000540)={0x80, &(0x7f0000000440)="63038050de6f5cf77e5ff9321eb3f355fe00ee0f06ba6efe220ad521b95bbdfc23c9fa94bcf993c9a64ec92bebde4ac30a4b503abc627a2d282d274734bbc4c68046b3cc5edb8b76edfbd645668104e70852d87d2d9c82191f62946db7724f19f01b7b095b30a746d566764b581f5b84b739608b176cb049968b0a77337115cb5e534ae803e71246f423229019cd0a4c30767456f86dba221625a099049e4b3b794f467613cbf14916367d1769f7308b573ebb93d67ab2fbf196aea78464cb1578dbd1c3629eaf09736f6bc1cc12a1f26db97783"}) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f0000002600)={0x0, 0x0, "5a77bd318786aeb879ca62cdab2a02fa560186d85b25a5665a3247e500f61681905db88235f8a5447dd2a2ed6e91626f068881e50f68530c2b21a100efb76cba37ff3111d6847e0c7f719e169a596e5fc008daefba68f6222103472bc55704cdb72b4b996ed82ccb1eaae27969d008ba7d34171113d806726615380fe65a6a0a72e19c2b60bd6276fd8bb6363d10f70da60fd53ded22c87eb2be010e4a62fb73c33424b437bb192c9d06ea6ed04983fe5c5ca033dfce0a82575ef14eee686be0fc58e384f93a13e4e8bbf599394baea3a9ca1864f0a35d6cc38fca32ad6b39905a9727d2001457df7be7e1aefe3635b2ee97c143f28def4b73905ca14d90d1f6"}) ioctl$USBDEVFS_ALLOW_SUSPEND(r4, 0x5522) ioctl$USBDEVFS_SETINTERFACE(r4, 0x80045510, &(0x7f0000000000)) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x0, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1}, 0x90) socket$inet(0x2, 0x1, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) poll(&(0x7f0000000380)=[{r0, 0x62a8}, {r0, 0x3401}, {r3, 0x42a2}, {r5, 0x1200}, {r3, 0x20}], 0x5, 0xca) socket$nl_xfrm(0x10, 0x3, 0x6) 1.084883128s ago: executing program 2 (id=4459): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='devpts\x00', 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000180)={'team_slave_0\x00', {0x2, 0x0, @broadcast}}) 1.084343838s ago: executing program 2 (id=4460): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$igmp6(0xa, 0x3, 0x2) r3 = socket$igmp6(0xa, 0x3, 0x2) sendmmsg$inet6(r3, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) sendmmsg$inet6(r3, &(0x7f0000005180)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @mcast1}, 0x1c, 0x0}}], 0x1, 0x0) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') dup3(r4, r2, 0x0) 1.077837248s ago: executing program 2 (id=4461): openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') r2 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}}) 1.066060119s ago: executing program 2 (id=4462): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo\x00') fchdir(r0) prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) 623.304346ms ago: executing program 0 (id=4463): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) syz_emit_ethernet(0x36, &(0x7f0000000180)={@link_local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @private}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socket$inet_udp(0x2, 0x2, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kmem_cache_free\x00', r3}, 0x10) write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[], 0x240) 545.477669ms ago: executing program 0 (id=4464): r0 = syz_usb_connect$cdc_ncm(0x0, 0x9e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d00000905820200020000"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 253.62033ms ago: executing program 3 (id=4466): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 218.332741ms ago: executing program 2 (id=4467): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x54f6, &(0x7f0000005800)="$eJzs3M1rI2UcB/Bf2u2+uxbx4G0HFqGFTdh0X9Bb1V18wS7Fl4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJlnKltfQGm2sdvPB6bfmSeT3/yeUFqeSUgAp9Zi9stPlbgSFyJiPiIuRxT7lXIrrKZ4LiKuRsTcI1ulHP9j4GxEXIyIK5PiqWalfOiz6+Nrt3984+evvz135tLnX303u1kDs/Z8RPS30v5uP2XeSfmgHG+Mu0X2b43LTA/0H5bHecrd9kZRYbdxcF6jyJuddH6+tTOc5Gav0Zxkp7tZjG8N0gWH485BneIJDxrbxXGrvVFkd5gX2dlPfe3tp79t+8NRqtMq631YlI/R6CDTeHuvneaz9bDI5mBUjqe6eau9N8lxmeXlopn3WkUfG0d5pf/f3uwOdvaycXt72M0H2e1a/YVa/U61vp232qP2rWqj37pzK1vq9CanVUftRn+1k+edXrvWzPvL2VKn2azW69nS3fZGtzHI6vXazdqN6u3lcu969ur9d7NeK1ua5Mvdwc6o2xtmm/l2lp6xnK3Ubr64nF2rZ2+vrWfrb927t7b+zvt337v/0trrr5Qn/aWtbGnlxspKtX6julJfPrnzn/yv/0/z/7hseorzhyOpzLoBgJPH+h+YhZO+/g/r/6mw/j/d84cjsf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi1vl/44rViZzEdXyrHnyqHnimPKxExFxG//Y35OHuo5nxZZ+Efzl/4Uw/fVKKoMLnGuXK7GBGr5fbr04/7VQAAAIAn15cfXf00rdbTj8VZN8RxSjdt5i5/MKV6lYhYWPxhClWivNkUzx69q2Ty+30m9qZUrbiBdX5KxdIttzPTqvavzB+K849EJcXcsbYDAAAci8MrgeNdhQAAAHCcPpl1A8xG8U5r+Vn88gP851KUbwheOHQEAAAAnECVWTcAAAAAPHbF+t/3/wEAAMCTLX3/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NxPTupQFAfg00Lf4/0xEuPcrTiDZbgEhw4NC3ATLAG34AZYA85cggFDW6I1mJj0to3k+5L2chvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpediNX+8v3pom7PdtZPmbgAAAIBjNsVqXr6YVvN/9fWz+tJFPc8iIo+IY737KH41Mkd1TvHF+4tPNTxFlAn7z/hdH38j4ro+Xs+7/hYAAADgdK0Xy1nVrVen6dAF0adq0Sb/f5MoL4uIYvqSKC3fny4ThZW/73HcJUorF7AmicKqJbdxqrRvGTWGyYchq4a813IAAIBeNDuBfrsQAAAA+nQ7dAEMI4vDVuZhL7j85/37huCfxgwAAAD4gbKhCwAAAAA6V/b/nv8HAAAAp616/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2hSr+XqxnLXN2e7aSXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAn+3zlRYQR0A3BCGQGGCh12tp6coAihj4E5Ci9FoCV360GWhVIWVhQ5m7IBgRQgKFrf9D51bqUrYONxSJiQFkn528HpE4iGJfks9Hen5fW5bf9zlRlK+f7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa5J3dOCs2vWmcVsfuPb61VvT3Z/rCna0Hy0Ur4qTJpA+Hl+OdpN9eIgAAABwfWV3fhxAe5tsrRZ/2yvo/r88pav7vnp3GdT0/W/fXfV37F+3XXx69uDNQbzpOcdHL6+PRmX+m0jm4WS625/71jE5558tnL1n5A0nf33xhkpf3M/nm7t13u2V4oolsAYD/43TdV0H9/1DRD9tMDIBjoxMV3nX9n/XazQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCd3N8HQdJyGE5c5uXLj/+NZa2c/s39l6sFy3C7dvb8XXLC6RhxAur49HZ5qayCFw/cbNT1bH49G15oNXQgjtjV4FH85xTghtZijYb5BWv+uLks/hCFr+wwQAwJGTV62o6x/m2yvFsWQphL++f7L+fz2KQ1z/z/Rx/f/oowv34rHi+n/Y2AwX32Dj6ueD6zduvrl+dfXK6Mro07fODt8enrt4/vzFQfmsZOCJCQAAAPvTrVpc/6dLIUxm1v9PRXGYs/7/4tvhV/FYmfp/T7uLfm1nAgAAcLw9/+ofvyd7HE+63fDl6sbGteF0u7N/drptIdX/7ETV4vo/W2o7KwAAAKAJk83kifX/S1Ec5lz/f+aHl36Kr5mFEE5W6/+n1z4bX2puOi35c66zmvg48YFPFQAAgIV2smrx+n9evv+f7rzykIYQ3nhtGldfAzhX/Z+99/WP8Vjx+//nmpviQkr70/tR9v0QOv22MwIAAOAoe6pqRbH/W7698vHPpz7oev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGl/BwAA//+S5D5T") mkdirat(0xffffffffffffff9c, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getrlimit(0xf, &(0x7f0000000340)) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000001c0)=ANY=[@ANYBLOB="7379735f696d6d757461626c652c757466383d312c696f636861727365743d61736369692c73686f72746e616d653d77696e39352c73686f77657865632c6e66732c636865636b3d7374726963742c756e695f786c6174653d302c757466383d312c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c726f6469722c726f6469722c64656275672c757466383d302c726f6469722c71756965742c6572726f72733d72656d6f756e742d726f2c009c8a8fc4f74784ad79ec08fb556262ebc972ef94821f3565ef5f75f11e30ef1f72a065c510b17cae352940538b7b2c5d72f4627c25306b2479725add28f511a68f5f6f47f9facdd0cc574286d00ab52d6b9374b6a58eac694336ebe971f41860d01084c1a0fa6b51d80fa9f9d2c5a2e7a5284f93296217ef8f28e0a36e573296a0bfb38b94191f4b82873563f3759b5e193ecfab6ed7892542364757e47d656ad6a0fbb6e8bf138bddae620a3602991821d4844f628e6bdd8b62cca73744332f0185a54b"], 0x6, 0x2c1, &(0x7f00000005c0)="$eJzs3T+LI2UcB/DfZLOTUYuksBLhBrzC6nCvE5sscgfiVh4p1EIX7w5kE4Q7WPAPxqtsbSwsfAWC4Au5xncg2Ap2rrAwMpOZzWSNMZHNyu1+Ps0++8zznfk9k4fsbJEnH748Obqfx8MnX/wSWZZEZxjDOEliEJ1ofBULht8EAPAsOymK+L2Y2SSXRES2vbIAgC1a7+9/d9786VLKAgC26N677729f3Bw550ssrg7+fp4VP5nX/6cHd9/GB/HOB7Ea9GP04jqQWE3qqeFsnm3KIppNy8N4uZkejwqk5MPntbn3/8tosrvRT8GVdfZ00aVf+vgzl4+08pPyzqer68/LPO3ox8vnoUX8reX5GOUxquvtOq/Ff34+aP4JMZxvypinv9yL8/fLL794/P3y/LKfDI9HvWqcXPFziW/NAAAAAAAAAAAAAAAAAAAAAAAXGG36r1zepHfiJuTsqvef2fnNNLy17wxWNyfZ5ZPmhO19wcqimJaxPetLQXzoh44z3fjpW57Y0EAAAAAAAAAAAAAAAAAAAC4vh5/+tnR4Xj84NGFNJrdALoR8ee9iP96nmGr50asHtyrr3k4Hnfq5sKYp2m7J3aaMUnEyjLKSVzQbfm3xnPna24aP/xYTnCTE2atnteXT3B3+/NqVtfRYbL8Wr1oerJ6kXyXRszHpLHmtdJ/OlTEJssvXXqov/Hc0xeqxnTFmEhWFfbGr7M7V/ck52eRVnd1aXy3brTi59bGWq97ZLP4398rkmq3jt723owAAAAAAAAAAAAAAAAAAOCam3/6d8nBJyujncJHgQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4Iubf/79BY1qH1xicxqPH//MUAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuAb+CgAA//8HIVi7") creat(&(0x7f0000000040)='./bus\x00', 0x0) r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x78c00}], 0x1, 0x7a00, 0xfffffffb, 0x3) 59.857767ms ago: executing program 4 (id=4465): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000060000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='attr/keycreate\x00') write$UHID_DESTROY(r1, &(0x7f0000000140), 0x4) 696.66µs ago: executing program 4 (id=4468): syz_open_procfs(0x0, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'syz_tun\x00'}) socket$packet(0x11, 0x3, 0x300) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, &(0x7f0000000040)='\x00') madvise(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000a9f850000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='netlink_extack\x00', r3}, 0xb3) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@getnexthop={0x18, 0x76, 0xb0d, 0x0, 0x0, {0x3, 0x0, 0x0, 0x2}}, 0x18}}, 0x0) r5 = eventfd(0x0) r6 = eventfd(0x0) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000240)={r5, 0x0, 0x2, r6}) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x81, 0x0}, 0x8) r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x3aac1373788c1231, 0x16, &(0x7f00000003c0)=ANY=[@ANYBLOB="1818000006000020000000000002000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000008520000002000000fe12ff0f080000008f600400f0ffffff4306f0fff0ffffff18180000", @ANYRES32, @ANYBLOB="00000000000000008500000051000000bf91000000000000b7020000020000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x8, 0x21, &(0x7f0000000200)=""/33, 0x41100, 0x11, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000280)={0x5, 0x0, 0x8, 0x4}, 0x10, r7, 0xffffffffffffffff, 0x2, 0x0, &(0x7f00000002c0)=[{0x1, 0x1, 0xb, 0x7}, {0x2, 0x4, 0x2, 0x2}], 0x10, 0x1}, 0x90) r9 = socket$inet_udp(0x2, 0x2, 0x0) sendmmsg(r9, &(0x7f0000009700)=[{{&(0x7f0000000380)=@un=@file={0x0, './file0\x00'}, 0x80, 0x0, 0x0, &(0x7f0000000a00)=[{0x10, 0x1}], 0x10}}], 0x1, 0x0) r10 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000600)=ANY=[@ANYBLOB="9feb01001800000000000000c4000000c4000000030000000e00000000000009000000000b00000009000004010100000300000005000000010000800c00000001000000020000000500000000000000000000000200000002000000090002000d00000004000000000000000800000002000000000000000600000005000000008000000300000000000000030000000600000004000000ff0f000002000000000000010000000015002501010000000000000203000000000000000000000300000000020000000400000001000000000000000000000200000000009300"], &(0x7f0000000700)=""/4096, 0xdf, 0x1000, 0x0, 0xa73}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0x20000000000000a9, &(0x7f0000000340)=ANY=[@ANYRES64=0x0], 0x0, 0xfffffffe, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x4, r10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, r8, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f00000001c0)={r5, 0x100000, 0x2, r6}) 0s ago: executing program 3 (id=4469): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa1000000000000070100000007040000f0ffffffb7020000080000001823000000000000000000000000009d7cdb2b654a9fa06af78e1a6dc94d361c7714ad175e53ca88a13002aa2aa94d837889f72ba842f06ad9b4e0eff9c3f9816c737ab51df7bd6962c5cb2569a2691abf7e74b8c767d4f10ccab6cf7ccb762f1fd69ea1a973055d5a2330b641f83f85fd6f6dcc669a055b51817fa5d4a0f766f79645391d52013c123e541473948aefbd2215b0e9eda0519c70e118e4832b358d22afdd97dc7e8614ec22fd374353eac783073984fe6648a3fad141f5cde3b6326ef2575ea32bf63c6af928cfab9810c2fa36629db8d95869780be0e54fd7ece99ed5e8c4b41a81c126eada9c96f23616ceb4261efec1c7d3892b021be689", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000690000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000080)) readv(r2, &(0x7f0000000400)=[{&(0x7f00000004c0)=""/233, 0xe9}], 0x1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000980)={&(0x7f0000000900)='svcrdma_send_err\x00', r1}, 0x10) r3 = socket$inet(0x2, 0x3, 0x8d) setsockopt$inet_msfilter(r3, 0x0, 0x8, &(0x7f0000000440)=ANY=[@ANYBLOB='~'], 0x1) getsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000140)=0xc) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@ipv4={'\x00', '\xff\xff', @loopback}, 0x0, r4}) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000025e40)={0x70, 0x0, 0x1, 0x404, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @loopback}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_SYNPROXY={0x4, 0xe}, @CTA_MARK={0x8}]}, 0x70}}, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000002c0)={'erspan0\x00'}) sendmsg$MPTCP_PM_CMD_SET_LIMITS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fddbdf25050000000800020004000000080002000400000038000680f5e605004e200000060005004e230000060005004e2200001400040000000000000000000000ffffe0000002060001000a00000008000400300e0000"], 0x64}, 0x1, 0x0, 0x0, 0x4}, 0x5) r6 = socket$netlink(0x10, 0x3, 0x0) writev(r6, &(0x7f00000000c0)=[{&(0x7f0000000240)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1) bind$unix(0xffffffffffffffff, &(0x7f00000001c0)=@abs={0xa, 0x2}, 0x6e) sendto$packet(0xffffffffffffffff, &(0x7f0000000840)="08733677f34fa9f60a0216a3337673189de88acdf60e13491e1469b4520dc147a3fac520e54c55e6aebfc4c68aa348da022f04850ea8a0d674b98acf8c9a10acba6e18024487c59f6b15a740a130f4ea637b3d31e810d20367dfe9285d2817a85f0ec59034c4f6df6588c4aa981149a43c63d06d0dbd", 0x76, 0x800, &(0x7f00000008c0)={0x11, 0x17, r4, 0x1, 0x3, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x17}}, 0x14) r7 = socket(0xa, 0x1, 0x0) ioctl(r7, 0x8916, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='ext4_insert_range\x00', r1}, 0x10) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = socket$igmp(0x2, 0x3, 0x2) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000002fc0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001080)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a000000000000000000000006001c0000000000080019"], 0x2c}}, 0x0) setsockopt$IPT_SO_SET_REPLACE(r9, 0x0, 0x40, &(0x7f0000000480)=@security={'security\x00', 0xe, 0x4, 0x358, 0xffffffff, 0x0, 0x1f0, 0x140, 0xffffffff, 0xffffffff, 0x2c0, 0x2c0, 0x2c0, 0xffffffff, 0x4, &(0x7f0000000300), {[{{@ip={@loopback, @empty, 0x6339420cda9ae7e9, 0xffffffff, 'nr0\x00', 'ipvlan0\x00', {}, {}, 0x89, 0x0, 0x2}, 0x0, 0xe0, 0x140, 0x0, {}, [@common=@set={{0x40}, {{0x2, [0x1, 0x2, 0x4, 0x4, 0x0, 0x6], 0x1, 0x9}}}, @common=@ah={{0x30}, {[0x1, 0x32]}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x0, 0x4, 0x5, 0x6, 0x4, 0x5], 0x4, 0x6}, {0x3, [0x0, 0x1, 0x6, 0x1, 0x3], 0x1, 0x4}}}}, {{@uncond, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xaa, {0x6}}}}, {{@ip={@multicast1, @empty, 0xffffff00, 0xffffff00, 'pim6reg0\x00', 'macsec0\x00', {0xff}, {0xff}, 0xc9, 0x2, 0x44}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x4, 0x2, 0x1, 0x1, 0x4, 0x8], 0x5, 0x4}, {0x2, [0x6, 0x3, 0x3, 0x3, 0x4, 0x1], 0x0, 0x7}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3b8) ioctl$sock_inet6_SIOCSIFADDR(r8, 0x8916, &(0x7f0000000200)={@private1, 0x0, r4}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff) kernel console output (not intermixed with test programs): 4-1: USB disconnect, device number 46 [ 304.325850][ T8237] usb 1-1: 0:2 : does not exist [ 304.335344][ T8237] usb 1-1: USB disconnect, device number 44 [ 304.385198][ T1914] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 304.446356][T10124] bridge: RTM_NEWNEIGH with unconfigured vlan 2 on bridge_slave_0 [ 304.625195][ T1914] usb 3-1: Using ep0 maxpacket: 32 [ 304.660384][T10131] tipc: Started in network mode [ 304.665055][T10131] tipc: Node identity 00000000000000000000000000000001, cluster identity 6 [ 304.673833][T10131] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb [ 304.682073][T10131] tipc: Enabled bearer , priority 10 [ 304.725524][ T2779] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 304.745246][ T1914] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.756360][ T1914] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 304.821953][ T30] audit: type=1400 audit(2000000787.513:1362): avc: denied { create } for pid=10144 comm="syz.0.3600" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1 [ 304.881480][T10145] device bridge_slave_0 left promiscuous mode [ 304.885270][ T1914] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 304.887563][T10145] ÿÿÿÿÿÿ: port 1(bridge_slave_0) entered disabled state [ 304.896317][ T1914] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 304.911226][ T1914] usb 3-1: Product: syz [ 304.911857][T10145] device bridge_slave_1 left promiscuous mode [ 304.915166][ T1914] usb 3-1: Manufacturer: syz [ 304.925589][T10145] ÿÿÿÿÿÿ: port 2(bridge_slave_1) entered disabled state [ 304.955886][ T1914] hub 3-1:4.0: USB hub found [ 304.995203][ T8237] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 305.115235][ T2779] usb 2-1: config 0 has an invalid descriptor of length 99, skipping remainder of the config [ 305.125386][ T2779] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 305.175272][ T1914] hub 3-1:4.0: 2 ports detected [ 305.215204][ T548] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 305.215360][ T2779] usb 2-1: New USB device found, idVendor=056a, idProduct=0333, bcdDevice= 0.00 [ 305.231492][ T2779] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=19 [ 305.235250][ T8237] usb 4-1: Using ep0 maxpacket: 32 [ 305.239529][ T2779] usb 2-1: SerialNumber: syz [ 305.249509][ T2779] usb 2-1: config 0 descriptor?? [ 305.295833][ T2779] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 305.355311][ T8237] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.366036][ T8237] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.375589][ T8237] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 305.384396][ T8237] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.392854][ T8237] usb 4-1: config 0 descriptor?? [ 305.435700][ T8237] hub 4-1:0.0: USB hub found [ 305.455208][ T548] usb 1-1: Using ep0 maxpacket: 16 [ 305.571532][ T20] usb 2-1: USB disconnect, device number 41 [ 305.577721][ T548] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.589468][ T548] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.599122][ T548] usb 1-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 305.607983][ T548] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.616453][ T548] usb 1-1: config 0 descriptor?? [ 305.631156][T10152] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3602'. [ 305.641557][T10152] device vlan0 entered promiscuous mode [ 305.645267][ T8237] hub 4-1:0.0: 1 port detected [ 305.795199][ T523] tipc: Node number set to 1 [ 305.965202][ T2779] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 306.106530][ T548] cp2112 0003:10C4:EA90.0059: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.0-1/input0 [ 306.205362][ T2779] usb 5-1: Using ep0 maxpacket: 16 [ 306.285239][ T20] hub 4-1:0.0: activate --> -90 [ 306.315247][ T548] cp2112 0003:10C4:EA90.0059: Part Number: 0xE5 Device Version: 0x26 [ 306.325242][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.335982][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.345469][ T2779] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 306.358099][ T2779] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 306.366909][ T2779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.375664][ T2779] usb 5-1: config 0 descriptor?? [ 306.445265][ T8237] hub 3-1:4.0: activate --> -90 [ 306.449984][ T1914] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 306.745260][ T548] cp2112 0003:10C4:EA90.0059: error setting SMBus config [ 306.752572][ T548] cp2112: probe of 0003:10C4:EA90.0059 failed with error -71 [ 306.761441][ T548] usb 1-1: USB disconnect, device number 45 [ 306.825226][ T1914] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 306.835184][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.845819][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.855674][ T1914] usb 2-1: New USB device found, idVendor=056e, idProduct=00fb, bcdDevice= 0.00 [ 306.858484][ T2779] ryos 0003:1E7D:31CE.005A: unknown main item tag 0x0 [ 306.864509][ T1914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.865389][ T1914] usb 2-1: config 0 descriptor?? [ 306.874452][ T2779] ryos 0003:1E7D:31CE.005A: item fetching failed at offset 8/11 [ 306.891290][ T2779] ryos 0003:1E7D:31CE.005A: parse failed [ 306.896852][ T2779] ryos: probe of 0003:1E7D:31CE.005A failed with error -22 [ 306.907595][ T2779] usb 4-1: USB disconnect, device number 47 [ 306.915238][ T20] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 306.924749][ T20] usb 4-1-port1: connect-debounce failed [ 307.061512][ T548] usb 5-1: USB disconnect, device number 52 [ 307.120670][ T20] usb 2-1: USB disconnect, device number 42 [ 307.332577][ T20] usb 3-1: USB disconnect, device number 40 [ 307.345317][ T8237] usb 3-1-port2: cannot warm reset (err = -71) [ 308.023077][T10176] loop3: detected capacity change from 0 to 40427 [ 308.290076][T10176] F2FS-fs (loop3): Unrecognized mount option "disable_roll_ground_gc=on" or missing value [ 308.596955][T10194] loop3: detected capacity change from 0 to 1024 [ 308.632494][ T20] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 308.661391][T10194] EXT4-fs (loop3): Test dummy encryption mode enabled [ 308.668338][T10194] EXT4-fs (loop3): Ignoring removed orlov option [ 308.720031][T10194] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 308.840259][T10203] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3620'. [ 308.850275][T10203] device vlan0 entered promiscuous mode [ 309.045261][ T20] usb 1-1: unable to get BOS descriptor or descriptor too short [ 309.165220][ T20] usb 1-1: config 0 has no interfaces? [ 309.185206][ T8237] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 309.195183][ T523] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 309.305250][ T20] usb 1-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48 [ 309.314224][ T20] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 309.322070][ T20] usb 1-1: Product: syz [ 309.326140][ T20] usb 1-1: SerialNumber: syz [ 309.335126][ T30] audit: type=1326 audit(2000000792.023:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10208 comm="syz.2.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369d65af19 code=0x7ffc0000 [ 309.336075][ T20] usb 1-1: config 0 descriptor?? [ 309.365244][ T30] audit: type=1326 audit(2000000792.053:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10208 comm="syz.2.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7f369d65af19 code=0x7ffc0000 [ 309.390042][ T30] audit: type=1326 audit(2000000792.053:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10208 comm="syz.2.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f369d65af19 code=0x7ffc0000 [ 309.437213][ T523] usb 4-1: Using ep0 maxpacket: 16 [ 309.445263][ T8237] usb 5-1: Using ep0 maxpacket: 32 [ 309.641977][T10217] loop1: detected capacity change from 0 to 2048 [ 309.671926][ T30] audit: type=1326 audit(2000000792.363:1366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 309.695387][ T8237] usb 5-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 309.704236][ T8237] usb 5-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 309.712274][ T20] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 309.715284][ T523] usb 4-1: New USB device found, idVendor=046d, idProduct=0821, bcdDevice=57.47 [ 309.720070][ T30] audit: type=1326 audit(2000000792.363:1367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 309.752622][T10217] Alternate GPT is invalid, using primary GPT. [ 309.759174][T10217] loop1: p1 p2 p3 [ 309.761903][ T523] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.777737][ T523] usb 4-1: Product: syz [ 309.781836][ T523] usb 4-1: Manufacturer: syz [ 309.784945][ T8237] usb 5-1: Product: syz [ 309.790879][ T8237] usb 5-1: config 0 descriptor?? [ 309.795213][ T523] usb 4-1: SerialNumber: syz [ 309.795928][ T30] audit: type=1326 audit(2000000792.403:1368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 309.823875][ T523] usb 4-1: config 0 descriptor?? [ 309.826409][ T100] Alternate GPT is invalid, using primary GPT. [ 309.834706][ T100] loop1: p1 p2 p3 [ 309.838774][ T8237] usb 5-1: Found UVC 0.00 device syz (046d:08f6) [ 309.846028][ T8237] usb 5-1: No valid video chain found. [ 309.860518][ T30] audit: type=1326 audit(2000000792.403:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 309.884961][ T30] audit: type=1326 audit(2000000792.403:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 309.921076][ T30] audit: type=1326 audit(2000000792.443:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 310.025474][T10222] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10222 comm=syz.1.3628 [ 310.041245][ T20] usb 3-1: Using ep0 maxpacket: 32 [ 310.082543][ T458] udevd[458]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 310.104949][ T311] udevd[311]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 310.134557][T10222] device wireguard0 entered promiscuous mode [ 310.181777][ T992] udevd[992]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 310.215477][ T20] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 310.220742][ T30] audit: type=1326 audit(2000000792.443:1372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 310.232959][ T20] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 310.277146][ T523] usb 4-1: Found UVC 0.00 device syz (046d:0821) [ 310.283479][ T523] usb 4-1: No valid video chain found. [ 310.286930][ T30] audit: type=1326 audit(2000000792.453:1373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 310.295710][ T523] usb 4-1: USB disconnect, device number 48 [ 310.325561][ T30] audit: type=1326 audit(2000000792.483:1374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 310.349659][ T30] audit: type=1326 audit(2000000792.483:1375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 310.373528][ T30] audit: type=1326 audit(2000000792.483:1376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x7ffc0000 [ 310.397281][ T30] audit: type=1326 audit(2000000792.503:1377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f648d5b0d37 code=0x7ffc0000 [ 310.420722][ T30] audit: type=1326 audit(2000000792.503:1378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10184 comm="syz.0.3614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f648d5b0cac code=0x7ffc0000 [ 310.455409][ T20] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 310.468017][ T20] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 310.476593][ T20] usb 3-1: Product: syz [ 310.480560][ T20] usb 3-1: Manufacturer: syz [ 310.489563][ T8237] usb 5-1: USB disconnect, device number 53 [ 310.513283][ T548] usb 1-1: USB disconnect, device number 46 [ 310.535733][ T20] hub 3-1:4.0: USB hub found [ 310.775238][ T20] hub 3-1:4.0: 2 ports detected [ 311.246052][T10233] loop4: detected capacity change from 0 to 40427 [ 311.305816][T10233] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 311.313421][T10233] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 311.324025][T10233] F2FS-fs (loop4): Found nat_bits in checkpoint [ 311.350040][T10233] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 311.361420][T10233] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 311.368344][T10233] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 311.479140][T10247] loop4: detected capacity change from 0 to 512 [ 311.515002][T10247] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.3635: corrupted xattr block 255 [ 311.530985][T10247] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 311.539301][T10247] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback. [ 311.572340][T10247] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.3635: corrupted xattr block 255 [ 311.584812][T10247] SELinux: (dev loop4, type ext4) getxattr errno 117 [ 311.667374][T10258] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3639'. [ 311.677299][T10258] device vlan2 entered promiscuous mode [ 311.697657][T10260] loop3: detected capacity change from 0 to 256 [ 312.175245][ T20] hub 3-1:4.0: activate --> -90 [ 312.195209][ T548] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 312.510382][T10280] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10280 comm=syz.1.3647 [ 312.920684][ T548] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 312.930782][ T548] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 313.015272][ T548] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 313.024277][ T548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 313.032124][ T548] usb 4-1: SerialNumber: syz [ 313.148917][T10292] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3651'. [ 313.158934][T10292] device vlan2 entered promiscuous mode [ 313.164305][T10292] device bridge_slave_0 entered promiscuous mode [ 313.171037][T10292] device bridge_slave_0 left promiscuous mode [ 313.240788][ T8237] usb 3-1: USB disconnect, device number 41 [ 313.246701][ T20] usb 3-1-port2: cannot warm reset (err = -71) [ 313.296055][ T548] usb 4-1: 0:2 : does not exist [ 313.366592][T10301] loop1: detected capacity change from 0 to 2048 [ 313.403961][T10301] loop1: p1 < > p3 p4 < > [ 313.439467][T10304] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10304 comm=syz.0.3654 [ 313.646322][T10301] loop1: p3 start 4259840 is beyond EOD, truncated [ 313.665874][T10304] device wireguard0 entered promiscuous mode [ 313.696466][ T100] loop1: p1 < > p3 p4 < > [ 313.701190][ T100] loop1: p3 start 4259840 is beyond EOD, truncated [ 313.784045][ T8237] usb 4-1: USB disconnect, device number 49 [ 314.071329][T10321] netem: change failed [ 314.246883][T10330] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=10330 comm=syz.0.3665 [ 314.317657][T10316] loop4: detected capacity change from 0 to 131072 [ 314.344905][T10316] F2FS-fs (loop4): Invalid log sectorsize (67108873) [ 314.356081][T10316] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 314.374696][T10316] F2FS-fs (loop4): invalid crc value [ 314.381518][T10316] F2FS-fs (loop4): Found nat_bits in checkpoint [ 314.529851][T10345] loop1: detected capacity change from 0 to 512 [ 314.542651][T10316] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 314.588371][T10316] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 314.684578][T10345] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.3670: casefold flag without casefold feature [ 314.688452][T10316] F2FS-fs (loop4): inode (7) has corrupted xattr [ 314.697599][T10345] EXT4-fs (loop1): 1 truncate cleaned up [ 314.703222][T10316] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=7 [ 314.709235][T10345] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 314.717518][T10316] F2FS-fs (loop4): inode (7) has corrupted xattr [ 314.734556][T10316] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=7 [ 314.743288][T10316] F2FS-fs (loop4): inode (7) has corrupted xattr [ 314.923441][T10354] netem: change failed [ 315.164244][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 315.164259][ T30] audit: type=1326 audit(2000000797.853:1433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10366 comm="syz.0.3677" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f648d5aef19 code=0x0 [ 315.215284][ T6] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 315.238392][T10371] loop3: detected capacity change from 0 to 2048 [ 315.265573][T10371] loop3: p1 < > p3 p4 < > [ 315.271387][T10371] loop3: p3 start 4259840 is beyond EOD, truncated [ 315.292352][ T100] loop3: p1 < > p3 p4 < > [ 315.297432][ T100] loop3: p3 start 4259840 is beyond EOD, truncated [ 315.575291][ T6] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 315.597100][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 315.608000][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 128, changing to 11 [ 315.621385][ T6] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 315.634398][ T6] usb 3-1: New USB device found, idVendor=056a, idProduct=00b2, bcdDevice= 0.00 [ 315.654674][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.667977][ T6] usb 3-1: config 0 descriptor?? [ 315.861249][T10387] netem: change failed [ 315.985192][ T548] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 316.108278][T10402] loop4: detected capacity change from 0 to 512 [ 316.210851][ T6] wacom 0003:056A:00B2.005B: unbalanced delimiter at end of report description [ 316.220371][ T6] wacom 0003:056A:00B2.005B: parse failed [ 316.226309][ T6] wacom: probe of 0003:056A:00B2.005B failed with error -22 [ 316.235203][T10402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.3685: inode #1: comm syz.4.3685: iget: illegal inode # [ 316.248291][T10402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.3685: error while reading EA inode 1 err=-117 [ 316.261295][T10402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.3685: inode #1: comm syz.4.3685: iget: illegal inode # [ 316.274253][T10402] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.3685: error while reading EA inode 1 err=-117 [ 316.286494][T10402] EXT4-fs (loop4): 1 orphan inode deleted [ 316.292011][T10402] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,minixdf,resgid=0x0000000000000000,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 316.446027][ T2779] usb 3-1: USB disconnect, device number 42 [ 316.585183][ T548] usb 2-1: Using ep0 maxpacket: 32 [ 316.705240][ T548] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.716005][ T548] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 316.725511][ T548] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 316.734607][ T548] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.743126][ T548] usb 2-1: config 0 descriptor?? [ 316.785768][ T548] hub 2-1:0.0: USB hub found [ 316.901470][T10417] loop4: detected capacity change from 0 to 512 [ 316.916038][T10417] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.3694: corrupted xattr block 255 [ 316.927770][T10417] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 316.935979][T10417] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,noblock_validity,dioread_lock,init_itable,auto_da_alloc,grpjquota=.noload,barrier=0x0000000000000007,jqfmt=vfsv1,grpid,,,errors=continue. Quota mode: writeback. [ 316.958703][T10417] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #2: comm syz.4.3694: corrupted xattr block 255 [ 316.970525][T10417] SELinux: (dev loop4, type ext4) getxattr errno 117 [ 317.005272][ T548] hub 2-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 317.160771][T10424] loop2: detected capacity change from 0 to 2048 [ 317.175458][ T523] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 317.188546][T10428] loop4: detected capacity change from 0 to 256 [ 317.205242][T10424] loop2: p1 < > p3 p4 < > [ 317.211384][T10424] loop2: p3 start 4259840 is beyond EOD, truncated [ 317.305200][ T2779] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 317.313637][ T30] audit: type=1326 audit(2000000800.003:1434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10427 comm="syz.4.3698" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56be177f19 code=0x0 [ 317.325235][ T548] usbhid 2-1:0.0: can't add hid device: -71 [ 317.342754][ T548] usbhid: probe of 2-1:0.0 failed with error -71 [ 317.377655][ T548] usb 2-1: USB disconnect, device number 43 [ 317.605267][ T523] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.616098][ T523] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.625727][ T523] usb 1-1: New USB device found, idVendor=0419, idProduct=0001, bcdDevice= 0.00 [ 317.634655][ T523] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.647543][ T523] usb 1-1: config 0 descriptor?? [ 317.755236][ T2779] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 317.965318][ T2779] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 317.974523][ T2779] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.982698][ T2779] usb 4-1: Product: syz [ 317.986888][ T2779] usb 4-1: Manufacturer: syz [ 317.991307][ T2779] usb 4-1: SerialNumber: syz [ 318.126069][ T523] samsung 0003:0419:0001.005C: unknown main item tag 0x0 [ 318.134882][ T523] samsung 0003:0419:0001.005C: unknown main item tag 0x0 [ 318.141815][ T523] samsung 0003:0419:0001.005C: item fetching failed at offset 4/7 [ 318.149704][ T523] samsung 0003:0419:0001.005C: parse failed [ 318.155462][ T523] samsung: probe of 0003:0419:0001.005C failed with error -22 [ 318.275183][ T39] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 318.290553][ T30] audit: type=1400 audit(2000000800.983:1435): avc: denied { create } for pid=10421 comm="syz.3.3696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 318.292937][T10458] loop4: detected capacity change from 0 to 40427 [ 318.334448][ T6] usb 1-1: USB disconnect, device number 47 [ 318.358308][ T523] usb 4-1: USB disconnect, device number 50 [ 318.366921][T10458] F2FS-fs (loop4): invalid crc value [ 318.373368][T10458] F2FS-fs (loop4): Found nat_bits in checkpoint [ 318.400682][T10458] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 318.407565][T10458] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 318.432800][T10458] attempt to access beyond end of device [ 318.432800][T10458] loop4: rw=34817, want=79896, limit=40427 [ 318.452851][ T5782] attempt to access beyond end of device [ 318.452851][ T5782] loop4: rw=2049, want=45104, limit=40427 [ 318.545179][ T39] usb 3-1: Using ep0 maxpacket: 32 [ 318.765468][ T39] usb 3-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 318.774487][ T39] usb 3-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 318.782739][ T39] usb 3-1: Product: syz [ 318.789631][ T39] usb 3-1: config 0 descriptor?? [ 318.825708][ T39] usb 3-1: Found UVC 0.00 device syz (046d:08f6) [ 318.835220][ T2779] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 318.842692][ T39] usb 3-1: No valid video chain found. [ 318.871278][T10470] loop1: detected capacity change from 0 to 2048 [ 318.915549][T10470] loop1: p1 < > p3 p4 < > [ 318.920729][T10470] loop1: p3 start 4259840 is beyond EOD, truncated [ 318.955229][ T100] loop1: p1 < > p3 p4 < > [ 318.963584][ T100] loop1: p3 start 4259840 is beyond EOD, truncated [ 319.171508][T10488] loop3: detected capacity change from 0 to 256 [ 319.245180][ T2779] usb 5-1: Using ep0 maxpacket: 32 [ 319.365334][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 319.382375][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 319.402446][ T2779] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 319.411683][ T6] usb 3-1: USB disconnect, device number 43 [ 319.423826][ T2779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.445231][ T2779] usb 5-1: config 0 descriptor?? [ 319.485702][ T2779] hub 5-1:0.0: USB hub found [ 319.545712][T10496] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=10496 comm=syz.0.3724 [ 319.825273][ T2779] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 320.112790][T10527] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3737'. [ 320.125213][ T2779] usbhid 5-1:0.0: can't add hid device: -71 [ 320.132914][ T2779] usbhid: probe of 5-1:0.0 failed with error -71 [ 320.135349][ T20] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 320.175792][ T2779] usb 5-1: USB disconnect, device number 54 [ 320.289125][T10534] loop2: detected capacity change from 0 to 256 [ 320.536059][ T20] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 320.715289][ T20] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 320.724258][ T20] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.732103][ T20] usb 4-1: Product: syz [ 320.736080][ T20] usb 4-1: Manufacturer: syz [ 320.740478][ T20] usb 4-1: SerialNumber: syz [ 320.935175][ T548] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 320.955182][ T290] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 321.362782][T10565] loop2: detected capacity change from 0 to 256 [ 321.404853][ T8237] usb 4-1: USB disconnect, device number 51 [ 321.432049][ T30] audit: type=1326 audit(2000000804.123:1436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10564 comm="syz.2.3752" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f369d65af19 code=0x0 [ 321.454798][ T290] usb 1-1: Using ep0 maxpacket: 32 [ 321.485203][ T548] usb 5-1: Using ep0 maxpacket: 32 [ 321.605423][ T548] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 321.620310][ T548] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 321.629917][ T548] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 321.638710][ T548] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.647492][ T548] usb 5-1: config 0 descriptor?? [ 321.685653][ T548] hub 5-1:0.0: USB hub found [ 321.695389][ T290] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 321.704326][ T290] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 321.712231][ T290] usb 1-1: Product: syz [ 321.717081][ T290] usb 1-1: config 0 descriptor?? [ 321.775835][ T290] usb 1-1: Found UVC 0.00 device syz (046d:08f6) [ 321.782133][ T290] usb 1-1: No valid video chain found. [ 321.905227][ T548] hub 5-1:0.0: 1 port detected [ 322.197293][ T290] usb 1-1: USB disconnect, device number 48 [ 322.385143][ T8237] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 322.484265][T10585] loop2: detected capacity change from 0 to 40427 [ 322.566616][T10585] F2FS-fs (loop2): invalid crc value [ 322.574249][T10585] F2FS-fs (loop2): Found nat_bits in checkpoint [ 322.603989][T10585] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 322.610692][T10585] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 322.625226][ T8237] usb 2-1: Using ep0 maxpacket: 32 [ 322.635199][ T548] hub 5-1:0.0: activate --> -90 [ 322.652323][T10585] attempt to access beyond end of device [ 322.652323][T10585] loop2: rw=34817, want=79880, limit=40427 [ 322.681372][ T8904] attempt to access beyond end of device [ 322.681372][ T8904] loop2: rw=2049, want=45104, limit=40427 [ 322.745234][ T8237] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 322.755955][ T8237] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 322.864838][T10600] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3760'. [ 322.885231][ T8237] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 322.894093][ T8237] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 322.902492][ T8237] usb 2-1: Product: syz [ 323.182567][ T8237] usb 2-1: Manufacturer: syz [ 323.235743][ T8237] hub 2-1:4.0: USB hub found [ 323.278386][ T6] usb 5-1: USB disconnect, device number 55 [ 323.295294][ T548] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 323.455243][ T8237] hub 2-1:4.0: 2 ports detected [ 323.809206][ T30] audit: type=1400 audit(2000000806.503:1437): avc: denied { getopt } for pid=10621 comm="syz.4.3771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 323.813128][T10622] loop4: detected capacity change from 0 to 512 [ 323.919162][T10622] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 323.930090][T10622] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (20904!=33349) [ 323.940520][T10622] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 323.948777][T10622] EXT4-fs (loop4): orphan cleanup on readonly fs [ 323.954942][T10622] EXT4-fs error (device loop4): ext4_map_blocks:602: inode #2: block 4: comm syz.4.3771: lblock 0 mapped to illegal pblock 4 (length 1) [ 323.969069][T10622] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 323.977218][T10622] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,errors=continue,noload,data_err=ignore,usrjquota="init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000003,,errors=continue. Quota mode: writeback. [ 324.005227][ T6] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 324.012829][ T20] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 324.505296][ T6] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 324.525376][ T20] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 324.535292][ T20] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 324.615276][ T20] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 324.624156][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 324.631969][ T20] usb 3-1: SerialNumber: syz [ 324.675279][ T6] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 324.684139][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.692377][ T6] usb 4-1: Product: syz [ 324.696378][ T6] usb 4-1: Manufacturer: syz [ 324.700760][ T6] usb 4-1: SerialNumber: syz [ 324.735191][ T8237] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 324.805251][ T1914] hub 2-1:4.0: activate --> -90 [ 324.905762][ T20] usb 3-1: 0:2 : does not exist [ 324.911852][ T20] usb 3-1: USB disconnect, device number 44 [ 324.995182][ T8237] usb 1-1: Using ep0 maxpacket: 32 [ 325.023192][ T548] usb 4-1: USB disconnect, device number 52 [ 325.041756][T10636] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3775'. [ 325.195251][ T8237] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 325.204307][ T8237] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 325.212070][ T8237] usb 1-1: Product: syz [ 325.219845][ T8237] usb 1-1: config 0 descriptor?? [ 325.256054][ T8237] usb 1-1: Found UVC 0.00 device syz (046d:08f6) [ 325.262263][ T8237] usb 1-1: No valid video chain found. [ 325.471364][T10642] loop2: detected capacity change from 0 to 1024 [ 325.480660][T10642] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 325.491802][T10642] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 325.501930][T10642] JBD2: no valid journal superblock found [ 325.507583][T10642] EXT4-fs (loop2): error loading journal [ 325.526966][ T8237] usb 1-1: USB disconnect, device number 49 [ 325.551710][T10644] loop3: detected capacity change from 0 to 16 [ 325.626076][T10644] erofs: (device loop3): mounted with root inode @ nid 36. [ 325.691234][ T39] usb 2-1: USB disconnect, device number 44 [ 325.753260][ T1914] usb 2-1-port2: cannot warm reset (err = -71) [ 325.805445][T10660] loop3: detected capacity change from 0 to 512 [ 326.055318][ T2779] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 326.325459][T10675] loop1: detected capacity change from 0 to 16 [ 326.345303][ T2779] usb 3-1: Using ep0 maxpacket: 32 [ 326.358894][ T30] audit: type=1400 audit(2000000809.053:1438): avc: denied { connect } for pid=10676 comm="syz.0.3791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1 [ 326.378258][ T8237] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 326.386072][T10675] erofs: (device loop1): mounted with root inode @ nid 36. [ 326.495195][ T2779] usb 3-1: config 0 has an invalid interface number: 250 but max is 1 [ 326.503510][ T2779] usb 3-1: config 0 has no interface number 1 [ 326.509616][ T2779] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 326.523747][T10689] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3796'. [ 326.895459][ T2779] usb 3-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f [ 326.911353][ T2779] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.939597][ T2779] usb 3-1: Product: syz [ 326.989061][ T2779] usb 3-1: Manufacturer: syz [ 327.010836][ T2779] usb 3-1: SerialNumber: syz [ 327.061419][ T2779] usb 3-1: config 0 descriptor?? [ 327.155221][ T8237] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 327.165170][ T8237] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 327.245216][ T8237] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 327.254109][ T8237] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 327.261899][ T8237] usb 5-1: SerialNumber: syz [ 327.335332][ T2779] usb 3-1: Found UVC 0.00 device syz (0408:3090) [ 327.345672][ T2779] usb 3-1: No valid video chain found. [ 327.540414][ T2779] usb 3-1: USB disconnect, device number 45 [ 327.565804][ T8237] usb 5-1: 0:2 : does not exist [ 327.573986][ T8237] usb 5-1: USB disconnect, device number 56 [ 327.655557][T10716] loop1: detected capacity change from 0 to 40427 [ 327.666478][ T377] udevd[377]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 328.193971][T10716] F2FS-fs (loop1): invalid crc value [ 328.352197][T10716] F2FS-fs (loop1): Found nat_bits in checkpoint [ 328.456722][T10716] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 328.463429][T10716] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 328.853996][T10739] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3811'. [ 328.856864][T10716] attempt to access beyond end of device [ 328.856864][T10716] loop1: rw=34817, want=79880, limit=40427 [ 328.955747][ T7312] attempt to access beyond end of device [ 328.955747][ T7312] loop1: rw=2049, want=45104, limit=40427 [ 329.255166][T10778] SELinux: security_context_str_to_sid(ÿÿÿÿ) failed for (dev ?, type ?) errno=-22 [ 329.264396][T10778] SELinux: security_context_str_to_sid(ÿÿÿÿ) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 329.355202][ T2779] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 329.375237][ T290] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 329.595182][ T2779] usb 3-1: Using ep0 maxpacket: 16 [ 329.615174][ T290] usb 4-1: Using ep0 maxpacket: 32 [ 329.634219][T10796] loop4: detected capacity change from 0 to 40427 [ 329.691292][T10796] F2FS-fs (loop4): invalid crc value [ 329.725248][ T2779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 329.735954][ T2779] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 329.742312][T10796] F2FS-fs (loop4): Found nat_bits in checkpoint [ 329.755202][ T290] usb 4-1: config 0 has an invalid interface number: 250 but max is 1 [ 329.763192][ T290] usb 4-1: config 0 has no interface number 1 [ 329.769105][ T2779] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 329.785155][ T290] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 329.788793][T10796] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 329.797569][ T2779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 329.802521][T10796] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 329.833227][ T2779] usb 3-1: config 0 descriptor?? [ 329.933725][T10796] attempt to access beyond end of device [ 329.933725][T10796] loop4: rw=34817, want=79880, limit=40427 [ 329.967488][ T5782] attempt to access beyond end of device [ 329.967488][ T5782] loop4: rw=2049, want=45104, limit=40427 [ 329.985314][ T290] usb 4-1: New USB device found, idVendor=0408, idProduct=3090, bcdDevice=a6.3f [ 329.994215][ T290] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.002206][ T290] usb 4-1: Product: syz [ 330.006344][ T290] usb 4-1: Manufacturer: syz [ 330.010822][ T290] usb 4-1: SerialNumber: syz [ 330.019254][ T290] usb 4-1: config 0 descriptor?? [ 330.416531][ T290] usb 4-1: Found UVC 0.00 device syz (0408:3090) [ 330.422708][ T290] usb 4-1: No valid video chain found. [ 330.429116][ T2779] microsoft 0003:045E:07DA.005D: No inputs registered, leaving [ 330.437501][ T2779] microsoft 0003:045E:07DA.005D: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 330.450356][ T2779] microsoft 0003:045E:07DA.005D: no inputs found [ 330.456540][ T2779] microsoft 0003:045E:07DA.005D: could not initialize ff, continuing anyway [ 330.644372][ T290] usb 4-1: USB disconnect, device number 53 [ 330.815181][ T2779] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 331.055339][ T39] usb 3-1: USB disconnect, device number 46 [ 331.066228][ T2779] usb 1-1: Using ep0 maxpacket: 32 [ 331.215210][ T2779] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 331.226031][ T2779] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 331.235692][ T2779] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 331.244507][ T2779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 331.252954][ T2779] usb 1-1: config 0 descriptor?? [ 331.305694][ T2779] hub 1-1:0.0: USB hub found [ 331.317284][T10831] loop4: detected capacity change from 0 to 16 [ 331.365643][T10831] erofs: (device loop4): mounted with root inode @ nid 36. [ 331.416212][T10842] loop4: detected capacity change from 0 to 512 [ 331.495221][ T290] Bluetooth: hci0: command 0x1003 tx timeout [ 331.504143][ T4463] Bluetooth: hci0: sending frame failed (-49) [ 331.535254][ T2779] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 331.805402][ T39] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 331.855224][ T2779] usbhid 1-1:0.0: can't add hid device: -71 [ 331.860993][ T2779] usbhid: probe of 1-1:0.0 failed with error -71 [ 331.895452][ T2779] usb 1-1: USB disconnect, device number 50 [ 332.105886][T10853] loop2: detected capacity change from 0 to 128 [ 332.154514][T10853] FAT-fs (loop2): Unrecognized mount option "" or missing value [ 332.301576][T10856] device pim6reg1 entered promiscuous mode [ 332.375224][ T39] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 332.385500][ T39] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 332.445422][T10858] loop4: detected capacity change from 0 to 40427 [ 332.485264][ T39] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 332.494186][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 332.502160][ T39] usb 4-1: SerialNumber: syz [ 332.780836][T10858] F2FS-fs (loop4): Found nat_bits in checkpoint [ 332.828611][T10858] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 332.844287][T10871] SELinux: security_context_str_to_sid(ÿÿÿÿ) failed for (dev ?, type ?) errno=-22 [ 332.854093][ T39] usb 4-1: 0:2 : does not exist [ 332.855463][T10871] SELinux: security_context_str_to_sid(ÿÿÿÿ) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 332.870508][ T5782] attempt to access beyond end of device [ 332.870508][ T5782] loop4: rw=2049, want=45104, limit=40427 [ 333.016091][T10888] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3869'. [ 333.451621][ T523] usb 4-1: USB disconnect, device number 54 [ 333.613594][ T2779] Bluetooth: hci0: command 0x1001 tx timeout [ 333.634745][ T4463] Bluetooth: hci0: sending frame failed (-49) [ 334.038528][T10922] device pim6reg1 entered promiscuous mode [ 334.698650][T10957] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10957 comm=syz.3.3894 [ 334.739463][T10957] device wireguard0 entered promiscuous mode [ 334.847231][T10945] loop4: detected capacity change from 0 to 40427 [ 334.958765][T10945] F2FS-fs (loop4): invalid crc value [ 334.965190][T10945] F2FS-fs (loop4): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root [ 334.978009][T10945] F2FS-fs (loop4): Found nat_bits in checkpoint [ 335.012701][T10945] F2FS-fs (loop4): recover fsync data on readonly fs [ 335.019448][T10945] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0 [ 335.026191][T10945] F2FS-fs (loop4): Cannot turn on quotas: -2 on 1 [ 335.032731][T10945] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 335.226673][ T523] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 336.109603][ T290] Bluetooth: hci0: command 0x1009 tx timeout [ 337.076208][T11011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3915'. [ 337.105241][ T523] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 337.115673][ T523] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 337.133515][T11019] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11019 comm=syz.4.3920 [ 337.188962][T11027] loop4: detected capacity change from 0 to 256 [ 337.245217][ T523] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 337.254207][ T523] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 337.262035][ T523] usb 3-1: SerialNumber: syz [ 337.934000][T11033] loop3: detected capacity change from 0 to 256 [ 337.974373][T11027] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 338.042223][ T30] audit: type=1400 audit(2000000820.733:1439): avc: denied { unlink } for pid=5782 comm="syz-executor" name="file0" dev="loop4" ino=1048948 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 338.065002][ T30] audit: type=1400 audit(2000000820.753:1440): avc: denied { rmdir } for pid=5782 comm="syz-executor" name="file0" dev="loop4" ino=1048943 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 338.147678][ T523] usb 3-1: 0:2 : does not exist [ 338.167252][T11049] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11049 comm=syz.0.3934 [ 338.195755][ T523] usb 3-1: USB disconnect, device number 47 [ 338.224805][ T377] udevd[377]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 338.538866][T11053] loop4: detected capacity change from 0 to 40427 [ 338.565205][ T26] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 338.626604][T11053] F2FS-fs (loop4): invalid crc value [ 338.633585][T11053] F2FS-fs (loop4): Found nat_bits in checkpoint [ 338.663035][T11053] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 338.687151][ T5782] attempt to access beyond end of device [ 338.687151][ T5782] loop4: rw=2049, want=45104, limit=40427 [ 338.715169][ T8237] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 338.799963][T11067] loop4: detected capacity change from 0 to 256 [ 338.806079][ T26] usb 1-1: Using ep0 maxpacket: 32 [ 338.877685][T11067] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 339.025235][ T26] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 339.034490][ T26] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 339.042765][ T26] usb 1-1: Product: syz [ 339.050869][ T26] usb 1-1: config 0 descriptor?? [ 339.062805][T11076] loop4: detected capacity change from 0 to 40427 [ 339.085318][ T8237] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 339.095267][ T8237] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 339.096807][ T26] usb 1-1: Found UVC 0.00 device syz (046d:08f6) [ 339.110213][ T26] usb 1-1: No valid video chain found. [ 339.115092][T11076] F2FS-fs (loop4): Found nat_bits in checkpoint [ 339.143429][T11076] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 339.175217][ T8237] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 339.184176][ T8237] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 339.192135][ T8237] usb 4-1: SerialNumber: syz [ 339.356636][T11085] attempt to access beyond end of device [ 339.356636][T11085] loop4: rw=2049, want=54224, limit=40427 [ 339.505922][ T8237] usb 4-1: 0:2 : does not exist [ 339.639689][ T20] usb 1-1: USB disconnect, device number 51 [ 339.817681][T11087] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.824585][T11087] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.831871][T11087] device bridge_slave_0 entered promiscuous mode [ 339.838754][T11087] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.846221][T11087] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.846395][ T5782] attempt to access beyond end of device [ 339.846395][ T5782] loop4: rw=2049, want=45112, limit=40427 [ 339.853547][T11087] device bridge_slave_1 entered promiscuous mode [ 339.925361][T11087] bridge0: port 2(bridge_slave_1) entered blocking state [ 339.932295][T11087] bridge0: port 2(bridge_slave_1) entered forwarding state [ 339.939419][T11087] bridge0: port 1(bridge_slave_0) entered blocking state [ 339.946199][T11087] bridge0: port 1(bridge_slave_0) entered forwarding state [ 339.953468][ T20] usb 4-1: USB disconnect, device number 55 [ 339.988162][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 339.996942][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 340.004076][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 340.026717][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 340.034671][ T523] bridge0: port 1(bridge_slave_0) entered blocking state [ 340.041561][ T523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 340.048903][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 340.057293][ T523] bridge0: port 2(bridge_slave_1) entered blocking state [ 340.064116][ T523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 340.067233][T11092] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11092 comm=syz.4.3945 [ 340.071353][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 340.106775][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 340.122501][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 340.132951][T11087] device veth0_vlan entered promiscuous mode [ 340.139222][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 340.147380][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 340.154593][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 340.169577][T11087] device veth1_macvtap entered promiscuous mode [ 340.177210][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 340.191345][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 340.201829][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 340.296435][T11097] loop4: detected capacity change from 0 to 40427 [ 340.301340][T11106] loop1: detected capacity change from 0 to 256 [ 340.372458][T11097] F2FS-fs (loop4): invalid crc value [ 340.377901][T11106] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 340.379570][T11097] F2FS-fs (loop4): Found nat_bits in checkpoint [ 340.396464][ T7660] device bridge_slave_1 left promiscuous mode [ 340.404486][ T7660] ÿÿÿÿÿÿ: port 2(bridge_slave_1) entered disabled state [ 340.427917][ T7660] device bridge_slave_0 left promiscuous mode [ 340.460861][ T7660] ÿÿÿÿÿÿ: port 1(bridge_slave_0) entered disabled state [ 340.510774][ T7660] device veth1_macvtap left promiscuous mode [ 340.568220][ T7660] device veth0_vlan left promiscuous mode [ 340.649732][T11097] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 340.692258][T11117] overlayfs: statfs failed on './file0' [ 340.707623][ T5782] attempt to access beyond end of device [ 340.707623][ T5782] loop4: rw=2049, want=45104, limit=40427 [ 340.799843][T11124] loop3: detected capacity change from 0 to 512 [ 340.880302][T11130] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11130 comm=syz.4.3955 [ 340.990958][T11147] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3966'. [ 340.999994][T11147] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3966'. [ 341.387503][T11158] loop1: detected capacity change from 0 to 1024 [ 341.417567][T11158] EXT4-fs (loop1): Can't support bigalloc feature without extents feature [ 341.417567][T11158] [ 341.431078][T11158] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 341.505958][T11164] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11164 comm=syz.4.3973 [ 341.625171][ T548] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 341.778914][T11191] loop1: detected capacity change from 0 to 1024 [ 341.825491][T11191] EXT4-fs (loop1): Can't support bigalloc feature without extents feature [ 341.825491][T11191] [ 341.837519][T11191] EXT4-fs (loop1): couldn't mount as ext3 due to feature incompatibilities [ 342.066601][ T548] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 342.297708][ T548] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 342.307456][ T548] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 342.323652][ T548] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 342.340801][ T548] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.99 [ 342.354632][ T548] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.391541][T11208] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11208 comm=syz.2.3990 [ 342.426630][ T548] usb 1-1: invalid MIDI out EP 0 [ 342.431709][ T548] snd-usb-audio: probe of 1-1:27.0 failed with error -22 [ 342.469429][T11218] overlayfs: statfs failed on './file0' [ 342.606407][T11235] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=11235 comm=syz.2.4004 [ 342.628953][ T548] usb 1-1: USB disconnect, device number 52 [ 342.686598][T11241] netem: change failed [ 342.706960][T11245] serio: Serial port ptm0 [ 342.905181][T11255] loop3: detected capacity change from 0 to 256 [ 343.300230][T11264] loop1: detected capacity change from 0 to 40427 [ 343.397159][T11264] F2FS-fs (loop1): Found nat_bits in checkpoint [ 343.474761][T11264] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 344.080318][T11291] attempt to access beyond end of device [ 344.080318][T11291] loop1: rw=2049, want=54224, limit=40427 [ 344.577089][T11087] attempt to access beyond end of device [ 344.577089][T11087] loop1: rw=2049, want=45112, limit=40427 [ 344.598104][T11307] loop3: detected capacity change from 0 to 512 [ 344.635783][T11313] serio: Serial port ptm0 [ 344.818535][T11315] loop4: detected capacity change from 0 to 128 [ 344.876628][T11315] FAT-fs (loop4): Unrecognized mount option "" or missing value [ 345.149601][T11317] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4029'. [ 345.409090][ T548] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 345.645544][T11335] loop2: detected capacity change from 0 to 40427 [ 345.723917][T11335] F2FS-fs (loop2): Found nat_bits in checkpoint [ 345.752077][T11335] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 345.821261][ T20] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 346.041812][T11344] attempt to access beyond end of device [ 346.041812][T11344] loop2: rw=2049, want=54224, limit=40427 [ 346.087160][ T548] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 346.098226][ T548] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 346.108026][ T548] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 346.122970][ T548] usb 1-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 346.131997][ T548] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.140861][ T548] usb 1-1: config 0 descriptor?? [ 346.225209][ T20] usb 2-1: Using ep0 maxpacket: 16 [ 346.449570][ T8904] attempt to access beyond end of device [ 346.449570][ T8904] loop2: rw=2049, want=45112, limit=40427 [ 346.535303][ T20] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 346.554444][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 346.562631][ T20] usb 2-1: Product: syz [ 346.575168][ T20] usb 2-1: Manufacturer: syz [ 346.580490][ T20] usb 2-1: SerialNumber: syz [ 346.588362][ T20] r8152-cfgselector 2-1: config 0 descriptor?? [ 346.624894][ T548] acrux 0003:1A34:0802.005E: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.0-1/input0 [ 346.645907][ T548] acrux 0003:1A34:0802.005E: no inputs found [ 346.654074][ T548] acrux 0003:1A34:0802.005E: Failed to enable force feedback support, error: -19 [ 346.801587][T11358] loop2: detected capacity change from 0 to 40427 [ 346.818673][ T548] usb 1-1: USB disconnect, device number 53 [ 346.826152][T11358] F2FS-fs (loop2): invalid crc value [ 346.841618][T11358] F2FS-fs (loop2): Found nat_bits in checkpoint [ 346.883950][T11358] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 346.909567][ T8904] attempt to access beyond end of device [ 346.909567][ T8904] loop2: rw=2049, want=45104, limit=40427 [ 347.085266][ T20] r8152-cfgselector 2-1: Unknown version 0x0000 [ 347.091485][ T20] r8152-cfgselector 2-1: bad CDC descriptors [ 347.125209][ T20] r8152-cfgselector 2-1: Unknown version 0x0000 [ 347.135749][ T20] r8152-cfgselector 2-1: USB disconnect, device number 45 [ 347.260857][T11373] loop2: detected capacity change from 0 to 256 [ 347.283550][T11373] FAT-fs (loop2): Directory bread(block 64) failed [ 347.290116][T11373] FAT-fs (loop2): Directory bread(block 65) failed [ 347.296702][T11373] FAT-fs (loop2): Directory bread(block 66) failed [ 347.303070][T11373] FAT-fs (loop2): Directory bread(block 67) failed [ 347.309442][T11373] FAT-fs (loop2): Directory bread(block 68) failed [ 347.315826][T11373] FAT-fs (loop2): Directory bread(block 69) failed [ 347.322165][T11373] FAT-fs (loop2): Directory bread(block 70) failed [ 347.328584][T11373] FAT-fs (loop2): Directory bread(block 71) failed [ 347.335017][T11373] FAT-fs (loop2): Directory bread(block 72) failed [ 347.341415][T11373] FAT-fs (loop2): Directory bread(block 73) failed [ 347.920791][T11397] loop3: detected capacity change from 0 to 128 [ 348.315782][T11397] FAT-fs (loop3): Unrecognized mount option "" or missing value [ 348.549919][T11414] xt_SECMARK: invalid mode: 0 [ 348.977869][T11418] loop3: detected capacity change from 0 to 256 [ 348.995166][ T1914] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 349.040627][T11418] FAT-fs (loop3): Directory bread(block 64) failed [ 349.053351][T11418] FAT-fs (loop3): Directory bread(block 65) failed [ 349.066624][T11418] FAT-fs (loop3): Directory bread(block 66) failed [ 349.073208][T11418] FAT-fs (loop3): Directory bread(block 67) failed [ 349.081094][T11418] FAT-fs (loop3): Directory bread(block 68) failed [ 349.088281][T11418] FAT-fs (loop3): Directory bread(block 69) failed [ 349.094917][T11418] FAT-fs (loop3): Directory bread(block 70) failed [ 349.101472][T11418] FAT-fs (loop3): Directory bread(block 71) failed [ 349.108057][T11418] FAT-fs (loop3): Directory bread(block 72) failed [ 349.114510][T11418] FAT-fs (loop3): Directory bread(block 73) failed [ 349.406885][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.420414][T11430] loop2: detected capacity change from 0 to 40427 [ 349.421877][ T1914] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 349.436343][ T1914] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 349.448984][ T1914] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 349.457844][ T1914] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.851362][T11430] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 349.871749][T11430] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 349.887891][T11430] F2FS-fs (loop2): invalid crc value [ 349.905711][T11430] F2FS-fs (loop2): Found nat_bits in checkpoint [ 349.908779][ T1914] usb 2-1: config 0 descriptor?? [ 349.950710][T11430] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 349.957597][T11430] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 349.986324][ T9250] attempt to access beyond end of device [ 349.986324][ T9250] loop2: rw=1, want=45104, limit=40427 [ 350.142108][T11455] loop2: detected capacity change from 0 to 512 [ 350.191381][T11455] EXT4-fs (loop2): corrupt root inode, run e2fsck [ 350.198022][T11455] EXT4-fs (loop2): mount failed [ 350.364136][T11472] loop2: detected capacity change from 0 to 256 [ 350.397500][ T1914] acrux 0003:1A34:0802.005F: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.1-1/input0 [ 350.416315][ T1914] acrux 0003:1A34:0802.005F: no inputs found [ 350.423975][ T1914] acrux 0003:1A34:0802.005F: Failed to enable force feedback support, error: -19 [ 350.882597][ T1914] usb 2-1: USB disconnect, device number 46 [ 351.001697][T11508] loop4: detected capacity change from 0 to 1024 [ 351.122849][T11508] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,noblock_validity,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none. [ 351.146287][ T30] audit: type=1400 audit(2000000833.843:1441): avc: denied { write } for pid=11505 comm="syz.4.4101" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 351.168600][ T30] audit: type=1400 audit(2000000833.843:1442): avc: denied { open } for pid=11505 comm="syz.4.4101" path="/414/file1/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 351.191672][ T30] audit: type=1400 audit(2000000833.863:1443): avc: denied { read } for pid=11505 comm="syz.4.4101" name="bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 351.385177][ T26] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 351.408517][T11547] loop4: detected capacity change from 0 to 256 [ 351.526945][T11543] loop3: detected capacity change from 0 to 40427 [ 351.567530][T11543] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 351.575596][T11543] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 351.592812][T11547] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 351.603991][T11543] F2FS-fs (loop3): Found nat_bits in checkpoint [ 351.733202][ T5782] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000953a) [ 351.744550][ T5782] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000953a) [ 351.786184][T11543] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 351.797543][T11543] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 351.816036][ T26] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 351.862451][ T26] usb 3-1: config 0 interface 0 has no altsetting 0 [ 351.952004][T11559] bridge0: port 1(bridge_slave_0) entered blocking state [ 351.959080][T11559] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.966327][T11559] device bridge_slave_0 entered promiscuous mode [ 351.972998][T11559] bridge0: port 2(bridge_slave_1) entered blocking state [ 351.980046][T11559] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.987280][T11559] device bridge_slave_1 entered promiscuous mode [ 352.025408][ T26] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 352.034484][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.043393][ T26] usb 3-1: Product: syz [ 352.050541][ T26] usb 3-1: Manufacturer: syz [ 352.054978][ T26] usb 3-1: SerialNumber: syz [ 352.110337][ T26] usb 3-1: config 0 descriptor?? [ 352.159929][ T26] usb 3-1: selecting invalid altsetting 0 [ 352.165917][ T26] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 352.272913][T11559] bridge0: port 2(bridge_slave_1) entered blocking state [ 352.279801][T11559] bridge0: port 2(bridge_slave_1) entered forwarding state [ 352.286992][T11559] bridge0: port 1(bridge_slave_0) entered blocking state [ 352.291214][ T9405] f2fs_fill_dentries: 4 callbacks suppressed [ 352.291228][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 352.293765][T11559] bridge0: port 1(bridge_slave_0) entered forwarding state [ 352.300280][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 352.314178][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 352.321810][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 352.329830][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 352.337311][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 352.344726][ T9405] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 352.376989][T11559] device veth0_vlan entered promiscuous mode [ 352.396117][ T523] usb 3-1: USB disconnect, device number 48 [ 352.397546][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 352.411500][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 352.419723][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 352.430012][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 352.438177][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 352.448206][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 352.456437][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 352.464317][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 352.471716][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 352.479128][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 352.487500][T11559] device veth1_macvtap entered promiscuous mode [ 352.497815][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 352.511976][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 352.551488][T11575] loop4: detected capacity change from 0 to 1024 [ 352.600059][T11575] EXT4-fs (loop4): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,noblock_validity,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none. [ 352.606398][T11583] syz.3.4126[11583] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 352.625105][T11583] syz.3.4126[11583] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 352.639314][T11583] syz.3.4126[11583] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 352.655420][T11583] syz.3.4126[11583] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 352.734833][T11591] loop4: detected capacity change from 0 to 256 [ 352.770306][T11591] FAT-fs (loop4): Directory bread(block 64) failed [ 352.777606][T11591] FAT-fs (loop4): Directory bread(block 65) failed [ 352.783950][T11591] FAT-fs (loop4): Directory bread(block 66) failed [ 352.790487][T11591] FAT-fs (loop4): Directory bread(block 67) failed [ 352.796865][T11591] FAT-fs (loop4): Directory bread(block 68) failed [ 352.803200][T11591] FAT-fs (loop4): Directory bread(block 69) failed [ 352.809808][T11591] FAT-fs (loop4): Directory bread(block 70) failed [ 352.816896][T11591] FAT-fs (loop4): Directory bread(block 71) failed [ 352.823239][T11591] FAT-fs (loop4): Directory bread(block 72) failed [ 352.829808][T11591] FAT-fs (loop4): Directory bread(block 73) failed [ 352.831081][T11587] loop3: detected capacity change from 0 to 40427 [ 352.865800][T11587] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 352.873471][T11587] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 352.882648][T11587] F2FS-fs (loop3): invalid crc value [ 352.893820][T11587] F2FS-fs (loop3): Found nat_bits in checkpoint [ 352.925626][ T30] audit: type=1400 audit(2000000835.623:1444): avc: denied { mount } for pid=11603 comm="syz.4.4139" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 352.948082][ T30] audit: type=1400 audit(2000000835.623:1445): avc: denied { mounton } for pid=11603 comm="syz.4.4139" path="/4/file0/bus" dev="devtmpfs" ino=137 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 352.978417][T11587] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 352.986318][ T30] audit: type=1400 audit(2000000835.623:1446): avc: denied { unlink } for pid=11603 comm="syz.4.4139" name="#aa" dev="devtmpfs" ino=1729 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=chr_file permissive=1 [ 353.008643][T11587] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 353.066534][ T7660] attempt to access beyond end of device [ 353.066534][ T7660] loop3: rw=1, want=45104, limit=40427 [ 353.180683][T11618] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.188068][T11618] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.201048][T11618] device bridge_slave_0 entered promiscuous mode [ 353.216801][T11618] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.223695][T11618] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.232485][T11618] device bridge_slave_1 entered promiscuous mode [ 353.252391][T11628] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4145'. [ 353.655375][ T26] Bluetooth: hci0: command 0x1003 tx timeout [ 353.661633][ T4463] Bluetooth: hci0: sending frame failed (-49) [ 353.750009][T11618] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.757027][T11618] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.764108][T11618] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.770913][T11618] bridge0: port 1(bridge_slave_0) entered forwarding state [ 353.786605][ T9250] device bridge_slave_1 left promiscuous mode [ 353.814095][ T9250] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.828372][ T9250] device bridge_slave_0 left promiscuous mode [ 353.834714][ T9250] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.846041][ T9250] device veth1_macvtap left promiscuous mode [ 353.852028][ T9250] device veth0_vlan left promiscuous mode [ 354.000456][ T8237] bridge0: port 1(bridge_slave_0) entered disabled state [ 354.007670][ T8237] bridge0: port 2(bridge_slave_1) entered disabled state [ 354.044001][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 354.052783][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 354.112517][ T26] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 354.148231][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 354.165789][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 354.200106][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 354.207125][ T290] bridge0: port 1(bridge_slave_0) entered forwarding state [ 354.280967][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 354.289314][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 354.297613][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 354.304453][ T290] bridge0: port 2(bridge_slave_1) entered forwarding state [ 354.319255][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 354.328386][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 354.336439][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 354.344386][ T290] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 354.368549][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 354.379807][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 354.389730][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 354.398271][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 354.408956][T11618] device veth0_vlan entered promiscuous mode [ 354.421359][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 354.429164][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 354.443011][T11618] device veth1_macvtap entered promiscuous mode [ 354.450391][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 354.460034][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 354.468244][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 354.484952][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 354.493327][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 354.502049][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 354.510541][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 354.518601][ T26] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 354.533436][ T26] usb 3-1: config 0 interface 0 has no altsetting 0 [ 354.735568][ T26] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 354.744777][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.753978][ T26] usb 3-1: Product: syz [ 354.759063][ T26] usb 3-1: Manufacturer: syz [ 354.763506][ T26] usb 3-1: SerialNumber: syz [ 354.773027][ T26] usb 3-1: config 0 descriptor?? [ 354.879656][ T26] usb 3-1: selecting invalid altsetting 0 [ 354.927027][ T26] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 354.993951][T11665] loop3: detected capacity change from 0 to 1024 [ 355.036923][T11665] EXT4-fs (loop3): mounted filesystem without journal. Opts: data_err=abort,stripe=0x0000000000000002,noblock_validity,errors=remount-ro,noblock_validity,bsddf,sysvgroups,nojournal_checksum,nodelalloc,. Quota mode: none. [ 355.079385][ T2779] usb 3-1: USB disconnect, device number 49 [ 355.688560][T11711] xt_bpf: check failed: parse error [ 355.701279][T11713] netlink: 'syz.0.4182': attribute type 4 has an invalid length. [ 355.711112][T11713] netlink: 'syz.0.4182': attribute type 4 has an invalid length. [ 355.736121][ T26] Bluetooth: hci0: command 0x1001 tx timeout [ 355.742107][ T4463] Bluetooth: hci0: sending frame failed (-49) [ 355.755177][ T20] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 355.850044][ T30] audit: type=1400 audit(2000000838.543:1447): avc: denied { create } for pid=11726 comm="syz.0.4188" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 355.873747][ T30] audit: type=1400 audit(2000000838.563:1448): avc: denied { write } for pid=11726 comm="syz.0.4188" name="bus" dev="tmpfs" ino=2178 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 355.900578][ T30] audit: type=1400 audit(2000000838.563:1449): avc: denied { open } for pid=11726 comm="syz.0.4188" path="/394/bus" dev="tmpfs" ino=2178 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 355.923243][ T30] audit: type=1400 audit(2000000838.563:1450): avc: denied { read } for pid=11726 comm="syz.0.4188" name="bus" dev="tmpfs" ino=2178 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 356.056812][T11739] xt_bpf: check failed: parse error [ 356.086771][T11746] overlayfs: failed to verify upper (/file1, ino=1736, err=-116) [ 356.094336][T11746] overlayfs: failed to verify index dir 'upper' xattr [ 356.101410][T11746] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 356.155319][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 356.166253][ T20] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 356.176178][ T20] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 356.189515][ T20] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 356.198422][ T20] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 356.254189][T11753] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4194'. [ 356.335217][ T30] audit: type=1400 audit(2000000838.943:1451): avc: denied { bind } for pid=11743 comm="syz.4.4194" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 356.355262][ T2779] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 356.364786][ T20] usb 4-1: config 0 descriptor?? [ 356.715209][ T2779] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 356.725172][ T2779] usb 3-1: config 0 interface 0 has no altsetting 0 [ 356.837671][ T20] acrux 0003:1A34:0802.0060: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0 [ 356.848606][ T20] acrux 0003:1A34:0802.0060: no inputs found [ 356.854352][ T20] acrux 0003:1A34:0802.0060: Failed to enable force feedback support, error: -19 [ 356.885244][ T2779] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 356.894221][ T2779] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 356.902055][ T2779] usb 3-1: Product: syz [ 356.906030][ T2779] usb 3-1: Manufacturer: syz [ 356.910407][ T2779] usb 3-1: SerialNumber: syz [ 356.916589][ T2779] usb 3-1: config 0 descriptor?? [ 356.956313][ T2779] usb 3-1: selecting invalid altsetting 0 [ 356.961944][ T2779] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 357.052772][ T2779] usb 4-1: USB disconnect, device number 56 [ 357.157739][ T8237] usb 3-1: USB disconnect, device number 50 [ 357.295253][ T20] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 357.365175][ T548] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 357.565191][ T20] usb 1-1: Using ep0 maxpacket: 32 [ 357.604875][T11769] xt_bpf: check failed: parse error [ 357.615346][ T548] usb 5-1: Using ep0 maxpacket: 16 [ 357.623010][T11771] input: syz0 as /devices/virtual/input/input48 [ 357.682345][ T30] audit: type=1400 audit(2000000840.373:1452): avc: denied { ioctl } for pid=11772 comm="syz.2.4207" path="/184/file0" dev="tmpfs" ino=1027 ioctlcmd=0x1269 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 357.715410][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 357.733279][ T20] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 357.744756][ T20] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 357.755060][ T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.770338][ T20] usb 1-1: config 0 descriptor?? [ 357.778300][T11777] device veth0_vlan left promiscuous mode [ 357.784403][T11777] device veth0_vlan entered promiscuous mode [ 357.795209][T11758] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 357.815235][ T2779] Bluetooth: hci0: command 0x1009 tx timeout [ 357.816560][ T20] hub 1-1:0.0: USB hub found [ 357.868350][T11780] loop3: detected capacity change from 0 to 512 [ 357.873494][T11775] loop2: detected capacity change from 0 to 40427 [ 357.915882][T11775] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 357.916281][T11780] EXT4-fs warning (device loop3): ext4_multi_mount_protect:326: fsck is running on the filesystem [ 357.926456][T11775] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 357.937493][T11780] EXT4-fs warning (device loop3): ext4_multi_mount_protect:326: MMP failure info: last update time: 1669132786, last update node: dvyukov-desk.muc.corp.google.com, last update device: loop4 [ 357.943413][T11775] F2FS-fs (loop2): invalid crc value [ 357.960640][ T548] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 357.974444][ T548] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.975979][T11775] F2FS-fs (loop2): Found nat_bits in checkpoint [ 357.982681][ T548] usb 5-1: Product: syz [ 357.992591][ T548] usb 5-1: Manufacturer: syz [ 357.997157][ T548] usb 5-1: SerialNumber: syz [ 358.005672][ T548] r8152-cfgselector 5-1: config 0 descriptor?? [ 358.018143][T11775] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 358.024989][T11775] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 358.083477][ T9250] attempt to access beyond end of device [ 358.083477][ T9250] loop2: rw=1, want=45104, limit=40427 [ 358.125216][ T20] hub 1-1:0.0: config failed, can't read hub descriptor (err -22) [ 358.245203][ T20] usbhid 1-1:0.0: can't add hid device: -71 [ 358.253636][ T20] usbhid: probe of 1-1:0.0 failed with error -71 [ 358.285786][ T20] usb 1-1: USB disconnect, device number 54 [ 358.351998][T11805] input: syz0 as /devices/virtual/input/input49 [ 358.475326][ T548] r8152-cfgselector 5-1: Unknown version 0x0000 [ 358.486339][ T548] r8152-cfgselector 5-1: bad CDC descriptors [ 358.505493][ T548] r8152-cfgselector 5-1: Unknown version 0x0000 [ 358.519312][ T548] r8152-cfgselector 5-1: USB disconnect, device number 57 [ 358.531221][T11811] xt_bpf: check failed: parse error [ 358.545193][ T26] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 358.546859][T11813] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 358.559422][T11813] overlayfs: failed to set xattr on upper [ 358.669527][T11815] loop2: detected capacity change from 0 to 40427 [ 358.741862][ T30] audit: type=1400 audit(2000000841.433:1453): avc: denied { read } for pid=7041 comm="syz-executor" name="loop0" dev="devtmpfs" ino=1759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 358.764723][ T30] audit: type=1400 audit(2000000841.433:1454): avc: denied { ioctl } for pid=7041 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=1759 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 358.789731][T11815] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 358.807822][T11815] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 358.816240][ T30] audit: type=1400 audit(2000000841.513:1455): avc: denied { mounton } for pid=11828 comm="syz.0.4230" path="/405/file0" dev="tmpfs" ino=2240 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 358.818550][T11815] F2FS-fs (loop2): Found nat_bits in checkpoint [ 358.867202][T11815] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 358.874057][T11815] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 358.915276][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 358.926452][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 358.936306][ T26] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 358.949107][ T26] usb 4-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 358.958106][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.969876][ T26] usb 4-1: config 0 descriptor?? [ 359.043848][T11845] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 359.051120][T11845] overlayfs: failed to set xattr on upper [ 359.648563][ T26] acrux 0003:1A34:0802.0061: hidraw0: USB HID v0.00 Device [HID 1a34:0802] on usb-dummy_hcd.3-1/input0 [ 359.663124][ T26] acrux 0003:1A34:0802.0061: no inputs found [ 359.669363][ T26] acrux 0003:1A34:0802.0061: Failed to enable force feedback support, error: -19 [ 359.705640][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 359.705661][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 359.713212][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 359.720639][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 359.728023][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 359.735605][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 359.742994][ T8904] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 359.785246][ T2779] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 359.862881][ T26] usb 4-1: USB disconnect, device number 57 [ 359.879611][T11854] syz.2.4237[11854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 359.879700][T11854] syz.2.4237[11854] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 360.035184][ T2779] usb 5-1: Using ep0 maxpacket: 32 [ 360.039242][T11874] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 360.061212][T11874] overlayfs: failed to set xattr on upper [ 360.165288][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 360.176612][ T2779] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 360.187894][ T2779] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 360.196946][ T2779] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.205626][ T2779] usb 5-1: config 0 descriptor?? [ 360.225255][T11851] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 360.245816][ T2779] hub 5-1:0.0: USB hub found [ 360.525220][ T2779] hub 5-1:0.0: config failed, can't read hub descriptor (err -22) [ 360.625237][ T2779] usbhid 5-1:0.0: can't add hid device: -71 [ 360.631041][ T2779] usbhid: probe of 5-1:0.0 failed with error -71 [ 360.665435][ T2779] usb 5-1: USB disconnect, device number 58 [ 360.815158][ T548] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 361.815228][ T548] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 361.835601][ T548] usb 4-1: config 0 interface 0 has no altsetting 0 [ 361.935782][ T30] audit: type=1326 audit(2000000844.633:1456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 361.971918][ T30] audit: type=1326 audit(2000000844.653:1457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 361.995387][ T30] audit: type=1326 audit(2000000844.653:1458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 362.018880][ T30] audit: type=1326 audit(2000000844.653:1459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 362.055203][ T548] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 362.064163][ T548] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 362.093285][ T548] usb 4-1: Product: syz [ 362.098098][ T548] usb 4-1: Manufacturer: syz [ 362.102502][ T548] usb 4-1: SerialNumber: syz [ 362.110597][ T30] audit: type=1326 audit(2000000844.653:1460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 362.137547][ T30] audit: type=1326 audit(2000000844.653:1461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 362.161290][ T548] usb 4-1: config 0 descriptor?? [ 362.167082][ T30] audit: type=1326 audit(2000000844.653:1462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 362.203161][ T30] audit: type=1326 audit(2000000844.653:1463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=47 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 362.230344][T11928] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.239088][T11928] bridge0: port 1(bridge_slave_0) entered disabled state [ 362.249487][T11928] device bridge_slave_0 entered promiscuous mode [ 362.259657][T11928] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.267154][T11928] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.288154][T11928] device bridge_slave_1 entered promiscuous mode [ 362.392019][ T30] audit: type=1326 audit(2000000844.713:1464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 362.433699][ T30] audit: type=1326 audit(2000000844.713:1465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11925 comm="syz.4.4268" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x7ffc0000 [ 362.446546][ T548] usb 4-1: selecting invalid altsetting 0 [ 362.477992][ T548] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 362.530061][ T26] usb 4-1: USB disconnect, device number 58 [ 362.554970][T11928] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.561969][T11928] bridge0: port 2(bridge_slave_1) entered forwarding state [ 362.588564][ T548] bridge0: port 2(bridge_slave_1) entered disabled state [ 362.597865][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 362.606365][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 362.617520][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 362.625823][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 362.633820][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 362.640680][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 362.656921][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 362.665382][ T548] bridge0: port 2(bridge_slave_1) entered blocking state [ 362.672232][ T548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 362.690079][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 362.698200][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 362.720917][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 362.729962][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 362.738024][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 362.746068][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 362.754480][T11928] device veth0_vlan entered promiscuous mode [ 362.771740][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 362.781889][T11928] device veth1_macvtap entered promiscuous mode [ 362.792763][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 362.806939][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 362.896075][T11959] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4276'. [ 363.055875][ T7660] device bridge_slave_1 left promiscuous mode [ 363.061990][ T7660] bridge0: port 2(bridge_slave_1) entered disabled state [ 363.070792][ T7660] device bridge_slave_0 left promiscuous mode [ 363.077282][ T7660] bridge0: port 1(bridge_slave_0) entered disabled state [ 363.088476][ T7660] device veth1_macvtap left promiscuous mode [ 363.094332][ T7660] device veth0_vlan left promiscuous mode [ 363.368108][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 363.721750][T12008] overlayfs: failed to resolve './file2': -2 [ 363.829702][T12022] loop1: detected capacity change from 0 to 512 [ 363.916993][T12022] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 363.932830][T12022] ext4 filesystem being mounted at /9/bus supports timestamps until 2038 (0x7fffffff) [ 364.123379][T12030] loop1: detected capacity change from 0 to 512 [ 364.196832][T12030] EXT4-fs (loop1): orphan cleanup on readonly fs [ 364.203771][T12030] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.4304: bg 0: block 97: padding at end of block bitmap is not set [ 364.218764][T12030] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2925: inode #15: comm syz.1.4304: corrupted xattr block 19 [ 364.230965][T12030] EXT4-fs warning (device loop1): ext4_evict_inode:303: xattr delete (err -117) [ 364.239941][T12030] EXT4-fs (loop1): 1 orphan inode deleted [ 364.246927][T12030] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 364.446724][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 364.473258][T12042] serio: Serial port pts0 [ 364.537098][ T523] Bluetooth: hci0: command 0x1003 tx timeout [ 364.553157][ T4463] Bluetooth: hci0: sending frame failed (-49) [ 364.561225][T12052] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 364.576820][T12052] overlayfs: failed to set xattr on upper [ 364.580545][T12055] loop4: detected capacity change from 0 to 512 [ 364.651039][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 364.686426][T12055] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 364.717191][T12055] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 364.731842][T12055] EXT4-fs (loop4): 1 truncate cleaned up [ 364.737537][T12055] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodelalloc,block_validity,sysvgroups,,errors=continue. Quota mode: writeback. [ 364.782762][T12072] overlayfs: failed to resolve './file2': -2 [ 365.384987][T12081] serio: Serial port pts0 [ 365.402311][T12084] overlayfs: statfs failed on './file0' [ 365.467338][T12089] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 365.474168][T12089] overlayfs: failed to set xattr on upper [ 365.686282][T12109] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4336'. [ 365.730470][T12111] overlayfs: statfs failed on './file0' [ 365.899707][T12093] loop1: detected capacity change from 0 to 131072 [ 365.995527][T12093] F2FS-fs (loop1): Invalid log_blocksize (32), supports only 12 [ 366.003067][T12093] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 366.013810][T12093] F2FS-fs (loop1): Found nat_bits in checkpoint [ 366.042007][T12093] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 366.048892][T12093] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 366.059953][T12093] F2FS-fs (loop1): access invalid blkaddr:0 [ 366.065978][T12093] CPU: 1 PID: 12093 Comm: syz.1.4330 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 366.075764][T12093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 366.085668][T12093] Call Trace: [ 366.088783][T12093] [ 366.091563][T12093] dump_stack_lvl+0x151/0x1b7 [ 366.096075][T12093] ? io_uring_drop_tctx_refs+0x190/0x190 [ 366.101542][T12093] ? memcpy+0x56/0x70 [ 366.105363][T12093] dump_stack+0x15/0x17 [ 366.109356][T12093] f2fs_is_valid_blkaddr+0xcc3/0x12d0 [ 366.114566][T12093] f2fs_iget+0x1d69/0x4de0 [ 366.118823][T12093] f2fs_lookup+0x410/0xd80 [ 366.123070][T12093] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 366.128971][T12093] ? d_hash_and_lookup+0x1e0/0x1e0 [ 366.133922][T12093] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 366.139817][T12093] path_openat+0x1194/0x2f40 [ 366.144251][T12093] ? do_filp_open+0x460/0x460 [ 366.148763][T12093] do_filp_open+0x21c/0x460 [ 366.153097][T12093] ? vfs_tmpfile+0x2c0/0x2c0 [ 366.157533][T12093] do_sys_openat2+0x13f/0x830 [ 366.162039][T12093] ? do_sys_open+0x220/0x220 [ 366.166461][T12093] ? check_zeroed_user+0x13f/0x190 [ 366.171422][T12093] __x64_sys_openat+0x243/0x290 [ 366.176105][T12093] ? __ia32_sys_open+0x270/0x270 [ 366.180870][T12093] ? __kasan_check_read+0x11/0x20 [ 366.185736][T12093] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 366.191201][T12093] do_syscall_64+0x3d/0xb0 [ 366.195453][T12093] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 366.201190][T12093] RIP: 0033:0x7f6d6f8c6f19 [ 366.205434][T12093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 366.224876][T12093] RSP: 002b:00007f6d6eb48048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 366.233120][T12093] RAX: ffffffffffffffda RBX: 00007f6d6fa54f60 RCX: 00007f6d6f8c6f19 [ 366.240929][T12093] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 366.248841][T12093] RBP: 00007f6d6f935bcd R08: 0000000000000000 R09: 0000000000000000 [ 366.256652][T12093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 366.264463][T12093] R13: 000000000000000b R14: 00007f6d6fa54f60 R15: 00007ffd17aa2f48 [ 366.272280][T12093] [ 366.277586][T12093] F2FS-fs (loop1): sanity_check_inode: inode (ino=7) extent info [0, 0, 54528] is incorrect, run fsck to fix [ 366.595904][T12126] overlayfs: failed to resolve './file2': -2 [ 366.650611][T12128] serio: Serial port pts0 [ 366.817020][T12136] loop1: detected capacity change from 0 to 512 [ 366.844311][ T523] Bluetooth: hci0: command 0x1001 tx timeout [ 366.850192][ T4463] Bluetooth: hci0: sending frame failed (-49) [ 366.876881][T12136] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 366.889172][T12136] ext4 filesystem being mounted at /23/file0 supports timestamps until 2038 (0x7fffffff) [ 367.359418][T12154] loop1: detected capacity change from 0 to 131072 [ 367.445463][T12154] F2FS-fs (loop1): Invalid log_blocksize (32), supports only 12 [ 367.453094][T12154] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 367.463772][T12154] F2FS-fs (loop1): Found nat_bits in checkpoint [ 367.491648][T12154] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 367.498809][T12154] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 367.517475][T12154] F2FS-fs (loop1): access invalid blkaddr:0 [ 367.523219][T12154] CPU: 1 PID: 12154 Comm: syz.1.4351 Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 367.532990][T12154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 367.542887][T12154] Call Trace: [ 367.546004][T12154] [ 367.548782][T12154] dump_stack_lvl+0x151/0x1b7 [ 367.553297][T12154] ? io_uring_drop_tctx_refs+0x190/0x190 [ 367.558765][T12154] ? memcpy+0x56/0x70 [ 367.562585][T12154] dump_stack+0x15/0x17 [ 367.566578][T12154] f2fs_is_valid_blkaddr+0xcc3/0x12d0 [ 367.571783][T12154] f2fs_iget+0x1d69/0x4de0 [ 367.576041][T12154] f2fs_lookup+0x410/0xd80 [ 367.580288][T12154] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 367.586290][T12154] ? d_hash_and_lookup+0x1e0/0x1e0 [ 367.591236][T12154] ? f2fs_encrypted_symlink_getattr+0x50/0x50 [ 367.597138][T12154] path_openat+0x1194/0x2f40 [ 367.601569][T12154] ? do_filp_open+0x460/0x460 [ 367.606077][T12154] do_filp_open+0x21c/0x460 [ 367.610415][T12154] ? vfs_tmpfile+0x2c0/0x2c0 [ 367.614848][T12154] do_sys_openat2+0x13f/0x830 [ 367.619356][T12154] ? do_sys_open+0x220/0x220 [ 367.623780][T12154] ? check_zeroed_user+0x13f/0x190 [ 367.628731][T12154] __x64_sys_openat+0x243/0x290 [ 367.633415][T12154] ? __ia32_sys_open+0x270/0x270 [ 367.638188][T12154] ? __kasan_check_read+0x11/0x20 [ 367.643050][T12154] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 367.648517][T12154] do_syscall_64+0x3d/0xb0 [ 367.652767][T12154] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 367.658497][T12154] RIP: 0033:0x7f6d6f8c6f19 [ 367.662751][T12154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 367.682192][T12154] RSP: 002b:00007f6d6eb48048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 367.690435][T12154] RAX: ffffffffffffffda RBX: 00007f6d6fa54f60 RCX: 00007f6d6f8c6f19 [ 367.698247][T12154] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c [ 367.706144][T12154] RBP: 00007f6d6f935bcd R08: 0000000000000000 R09: 0000000000000000 [ 367.713964][T12154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 367.721773][T12154] R13: 000000000000000b R14: 00007f6d6fa54f60 R15: 00007ffd17aa2f48 [ 367.729585][T12154] [ 367.734291][T12154] F2FS-fs (loop1): sanity_check_inode: inode (ino=7) extent info [0, 0, 54528] is incorrect, run fsck to fix [ 367.795233][ T523] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 368.041839][T12168] loop1: detected capacity change from 0 to 512 [ 368.126555][T12168] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 368.139003][T12168] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038 (0x7fffffff) [ 368.155276][ T523] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.166034][ T523] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 368.175547][ T523] usb 5-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 368.184347][ T523] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.192908][ T523] usb 5-1: config 0 descriptor?? [ 368.387822][T12191] loop1: detected capacity change from 0 to 256 [ 368.683641][ T523] hid-multitouch 0003:0EEF:72D0.0062: unknown main item tag 0x0 [ 368.707040][ T523] hid-multitouch 0003:0EEF:72D0.0062: unknown main item tag 0x0 [ 368.767088][ T523] hid-multitouch 0003:0EEF:72D0.0062: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.4-1/input0 [ 368.994220][ T2779] Bluetooth: hci0: command 0x1009 tx timeout [ 369.002933][ T523] usb 5-1: USB disconnect, device number 59 [ 369.265189][ T2779] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 369.695255][ T2779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 369.706843][ T2779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 369.718051][ T2779] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 369.733667][T12235] loop4: detected capacity change from 0 to 16 [ 369.735174][ T2779] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 369.748681][ T2779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.757226][ T2779] usb 3-1: config 0 descriptor?? [ 369.765975][T12235] erofs: (device loop4): mounted with root inode @ nid 36. [ 369.774846][T12235] attempt to access beyond end of device [ 369.774846][T12235] loop4: rw=0, want=14552337264, limit=16 [ 369.786027][T12196] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 369.842890][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 369.842905][ T30] audit: type=1326 audit(2000000000.160:1478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12236 comm="syz.4.4384" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58a5361f19 code=0x0 [ 370.246011][ T2779] plantronics 0003:047F:FFFF.0063: unknown main item tag 0x0 [ 370.253445][ T2779] plantronics 0003:047F:FFFF.0063: No inputs registered, leaving [ 370.262158][ T2779] plantronics 0003:047F:FFFF.0063: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 370.526506][ T523] usb 3-1: USB disconnect, device number 51 [ 370.685191][ T20] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 371.048355][T12251] loop2: detected capacity change from 0 to 512 [ 371.095410][ T20] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 371.105557][ T20] usb 2-1: config 0 interface 0 has no altsetting 0 [ 371.147101][T12251] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 371.210486][T12253] syz.2.4389[12253] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 371.210575][T12253] syz.2.4389[12253] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 371.222807][T12253] 9pnet: Insufficient options for proto=fd [ 371.275282][ T20] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 371.284351][ T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.292349][ T20] usb 2-1: Product: syz [ 371.296516][ T20] usb 2-1: Manufacturer: syz [ 371.300950][ T20] usb 2-1: SerialNumber: syz [ 371.309811][ T20] usb 2-1: config 0 descriptor?? [ 371.347372][ T20] usb 2-1: selecting invalid altsetting 0 [ 371.353056][ T20] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 371.548400][ T548] usb 2-1: USB disconnect, device number 47 [ 371.955001][ T30] audit: type=1400 audit(2000000002.270:1479): avc: denied { read } for pid=138 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 371.992827][ T30] audit: type=1400 audit(2000000002.270:1480): avc: denied { search } for pid=138 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 372.023828][ T30] audit: type=1400 audit(2000000002.270:1481): avc: denied { read } for pid=138 comm="dhcpcd" name="n15" dev="tmpfs" ino=26740 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 372.046929][ T30] audit: type=1400 audit(2000000002.270:1482): avc: denied { open } for pid=138 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=26740 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 372.069860][ T30] audit: type=1400 audit(2000000002.270:1483): avc: denied { getattr } for pid=138 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=26740 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 372.092976][ T30] audit: type=1400 audit(2000000002.300:1484): avc: denied { read } for pid=12263 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 372.119169][ T30] audit: type=1400 audit(2000000002.300:1485): avc: denied { open } for pid=12263 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 372.145633][ T30] audit: type=1400 audit(2000000002.300:1486): avc: denied { getattr } for pid=12263 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=296 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 372.195660][ T30] audit: type=1400 audit(2000000002.360:1487): avc: denied { write } for pid=12262 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=295 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 372.265858][T12279] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.275161][T12279] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.282440][T12279] device bridge_slave_0 entered promiscuous mode [ 372.305940][T12279] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.324255][T12279] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.344836][T12279] device bridge_slave_1 entered promiscuous mode [ 372.404627][T12286] loop2: detected capacity change from 0 to 40427 [ 372.435359][T12286] F2FS-fs (loop2): Found nat_bits in checkpoint [ 372.479200][T12286] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 372.505851][T12279] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.512720][T12279] bridge0: port 2(bridge_slave_1) entered forwarding state [ 372.519827][T12279] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.526607][T12279] bridge0: port 1(bridge_slave_0) entered forwarding state [ 372.551575][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 372.559573][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 372.567172][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 372.585806][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 372.608821][ T548] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 372.617825][ T8237] bridge0: port 1(bridge_slave_0) entered blocking state [ 372.624660][ T8237] bridge0: port 1(bridge_slave_0) entered forwarding state [ 372.632182][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 372.640268][ T8237] bridge0: port 2(bridge_slave_1) entered blocking state [ 372.647124][ T8237] bridge0: port 2(bridge_slave_1) entered forwarding state [ 372.665262][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 372.733785][T12286] attempt to access beyond end of device [ 372.733785][T12286] loop2: rw=2049, want=54224, limit=40427 [ 372.814529][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 372.844112][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 372.866628][ T8904] attempt to access beyond end of device [ 372.866628][ T8904] loop2: rw=2049, want=45112, limit=40427 [ 372.884591][T12279] device veth0_vlan entered promiscuous mode [ 372.919485][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 372.927708][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 372.937884][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 372.961961][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 372.970274][ T8237] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 372.979614][T12279] device veth1_macvtap entered promiscuous mode [ 372.996257][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 373.003725][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 373.018525][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 373.026954][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 373.035031][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 373.045240][ T548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 373.074778][ T548] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 373.096254][ T548] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 373.118080][ T548] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 373.127173][ T548] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.127980][T12313] loop0: detected capacity change from 0 to 16 [ 373.146110][ T548] usb 4-1: config 0 descriptor?? [ 373.165997][T12292] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 373.181235][T12313] erofs: (device loop0): mounted with root inode @ nid 36. [ 373.196122][T12313] attempt to access beyond end of device [ 373.196122][T12313] loop0: rw=0, want=14552337264, limit=16 [ 373.282648][T12320] device pim6reg1 entered promiscuous mode [ 373.429418][T12326] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.436331][T12326] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.443444][T12326] device bridge_slave_0 entered promiscuous mode [ 373.450473][T12326] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.457467][T12326] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.464585][T12326] device bridge_slave_1 entered promiscuous mode [ 373.508377][T12326] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.515234][T12326] bridge0: port 2(bridge_slave_1) entered forwarding state [ 373.522301][T12326] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.525169][ T290] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 373.529133][T12326] bridge0: port 1(bridge_slave_0) entered forwarding state [ 373.556932][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 373.564375][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 373.571528][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 373.586930][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 373.594975][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 373.601812][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 373.609003][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 373.617011][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 373.623827][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 373.631492][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 373.639265][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 373.647706][ T548] plantronics 0003:047F:FFFF.0064: unknown main item tag 0x0 [ 373.655055][ T548] plantronics 0003:047F:FFFF.0064: No inputs registered, leaving [ 373.665537][ T548] plantronics 0003:047F:FFFF.0064: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 373.683186][T12326] device veth0_vlan entered promiscuous mode [ 373.690272][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 373.698504][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 373.706279][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 373.713432][ T548] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 373.724375][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 373.733644][T12326] device veth1_macvtap entered promiscuous mode [ 373.745979][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 373.754236][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 373.915389][ T290] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 373.928506][ T290] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.931411][ T20] usb 4-1: USB disconnect, device number 59 [ 374.004503][T12337] loop2: detected capacity change from 0 to 40427 [ 374.056652][T12337] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 374.064270][T12337] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 374.074609][T12337] F2FS-fs (loop2): Found nat_bits in checkpoint [ 374.102314][T12337] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 374.109441][T12337] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 374.116839][ T290] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 374.129019][ T290] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.137137][ T290] usb 1-1: Product: syz [ 374.141108][ T290] usb 1-1: Manufacturer: syz [ 374.145601][ T290] usb 1-1: SerialNumber: syz [ 374.153607][ T290] usb 1-1: config 0 descriptor?? [ 374.206085][ T290] usb 1-1: selecting invalid altsetting 0 [ 374.211672][ T290] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 374.490165][ T8237] usb 1-1: USB disconnect, device number 55 [ 374.994470][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 374.994494][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 375.004660][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 375.012104][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 375.020189][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 375.027570][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 375.034911][T12326] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 375.095673][ T20] Bluetooth: hci0: command 0x1003 tx timeout [ 375.113781][ T4463] Bluetooth: hci0: sending frame failed (-49) [ 375.901448][T12364] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc [ 376.176408][T12376] loop0: detected capacity change from 0 to 256 [ 376.231608][T12376] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1c9fa50a, utbl_chksum : 0xe619d30d) [ 376.243774][T12376] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 376.257796][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 376.257819][ T30] audit: type=1400 audit(2000000006.580:1496): avc: denied { execute } for pid=12375 comm="syz.0.4424" path="/4/file2/bus" dev="loop0" ino=1049007 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 376.312695][T12380] loop0: detected capacity change from 0 to 512 [ 376.379395][ T30] audit: type=1326 audit(2000000006.700:1497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12381 comm="syz.2.4427" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb52f07af19 code=0x0 [ 376.390444][T12380] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 376.427634][T12380] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1053: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 376.442644][T12380] EXT4-fs (loop0): 1 truncate cleaned up [ 376.448193][T12380] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,block_validity,sysvgroups,,errors=continue. Quota mode: writeback. [ 376.634693][T12391] loop3: detected capacity change from 0 to 2048 [ 376.677022][ T100] loop3: p2 p3 p7 [ 376.687800][T12391] loop3: p2 p3 p7 [ 377.269341][ T8237] Bluetooth: hci0: command 0x1001 tx timeout [ 377.307611][ T4463] Bluetooth: hci0: sending frame failed (-49) [ 377.345268][T12401] netlink: 'syz.0.4432': attribute type 4 has an invalid length. [ 377.356278][T12401] x_tables: duplicate underflow at hook 2 [ 377.498561][T12409] loop0: detected capacity change from 0 to 512 [ 377.506494][T12409] EXT4-fs (loop0): Ignoring removed oldalloc option [ 377.557253][T12409] EXT4-fs (loop0): mounted filesystem without journal. Opts: oldalloc,,errors=continue. Quota mode: none. [ 377.628789][T12418] loop3: detected capacity change from 0 to 256 [ 377.720003][T12418] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1c9fa50a, utbl_chksum : 0xe619d30d) [ 377.732080][T12418] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 377.820566][T12422] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc [ 377.990697][T12424] device syzkaller0 entered promiscuous mode [ 378.310559][ T30] audit: type=1326 audit(2000000008.630:1498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12431 comm="syz.2.4441" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb52f07af19 code=0x0 [ 378.745564][T12442] netlink: 'syz.0.4444': attribute type 4 has an invalid length. [ 378.754199][T12442] x_tables: duplicate underflow at hook 2 [ 379.076108][T12459] device syzkaller0 entered promiscuous mode [ 379.180060][T12470] netlink: 'syz.3.4456': attribute type 4 has an invalid length. [ 379.194846][T12470] x_tables: duplicate underflow at hook 2 [ 379.281469][ T30] audit: type=1326 audit(2000000009.600:1499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12482 comm="syz.2.4462" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb52f07af19 code=0x0 [ 379.511195][ T6] Bluetooth: hci0: command 0x1009 tx timeout [ 379.740918][T12488] device syzkaller0 entered promiscuous mode [ 379.859258][T12492] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.866188][T12492] bridge0: port 1(bridge_slave_0) entered disabled state [ 379.873224][T12492] device bridge_slave_0 entered promiscuous mode [ 379.880021][T12492] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.887220][T12492] bridge0: port 2(bridge_slave_1) entered disabled state [ 379.894328][T12492] device bridge_slave_1 entered promiscuous mode [ 379.945763][T12492] bridge0: port 2(bridge_slave_1) entered blocking state [ 379.952620][T12492] bridge0: port 2(bridge_slave_1) entered forwarding state [ 379.959716][T12492] bridge0: port 1(bridge_slave_0) entered blocking state [ 379.966494][T12492] bridge0: port 1(bridge_slave_0) entered forwarding state [ 379.990343][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 379.997923][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 380.004912][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 380.014368][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 380.022467][ T523] bridge0: port 1(bridge_slave_0) entered blocking state [ 380.029313][ T523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 380.039974][ T523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 380.082900][ T523] bridge0: port 2(bridge_slave_1) entered blocking state [ 380.089864][ T523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 380.096999][ T290] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 380.098854][T12497] loop3: detected capacity change from 0 to 1024 [ 380.114892][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 380.122910][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 380.147175][T12492] device veth0_vlan entered promiscuous mode [ 380.155276][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 380.163485][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 380.171480][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 380.178755][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 380.189917][T12492] device veth1_macvtap entered promiscuous mode [ 380.197365][ T2779] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 380.206172][T12497] EXT4-fs (loop3): Ignoring removed orlov option [ 380.214496][T12497] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 380.226411][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 380.239593][T12497] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 380.264685][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 380.284850][T12499] loop2: detected capacity change from 0 to 40427 [ 380.298214][T12497] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz.3.4466: corrupt xattr in inline inode [ 380.311513][T12497] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz.3.4466: corrupted in-inode xattr [ 380.330020][ T9405] ================================================================== [ 380.337978][ T9405] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 SYZFAIL: failed to recv rpc fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor) [ 380.345789][ T9405] Read of size 4 at addr ffff8881371e8000 by task syz-executor/9405 [ 380.353595][ T9405] [ 380.355766][ T9405] CPU: 1 PID: 9405 Comm: syz-executor Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 380.365666][ T9405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 380.375555][ T9405] Call Trace: [ 380.378679][ T9405] [ 380.381460][ T9405] dump_stack_lvl+0x151/0x1b7 [ 380.385974][ T9405] ? io_uring_drop_tctx_refs+0x190/0x190 [ 380.391437][ T9405] ? panic+0x751/0x751 [ 380.395348][ T9405] print_address_description+0x87/0x3b0 [ 380.400728][ T9405] kasan_report+0x179/0x1c0 [ 380.405026][T12499] F2FS-fs (loop2): Found nat_bits in checkpoint [ 380.405064][ T9405] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 380.416608][ T9405] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 380.422076][ T9405] __asan_report_load4_noabort+0x14/0x20 [ 380.427547][ T9405] ext4_xattr_delete_inode+0xcd0/0xce0 [ 380.432836][ T9405] ? sb_end_intwrite+0x120/0x120 [ 380.437611][ T9405] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 380.443513][ T9405] ? ext4_journal_check_start+0x16c/0x230 [ 380.449069][ T9405] ? __kasan_check_read+0x11/0x20 [ 380.453928][ T9405] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 380.459658][ T9405] ? ext4_evict_inode+0xb8d/0x14e0 [ 380.464602][ T9405] ext4_evict_inode+0xea1/0x14e0 [ 380.469377][ T9405] ? _raw_spin_unlock+0x4d/0x70 [ 380.474063][ T9405] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 380.479793][ T9405] ? _raw_spin_unlock+0x4d/0x70 [ 380.484477][ T9405] ? inode_io_list_del+0x18b/0x1a0 [ 380.489430][ T9405] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 380.495152][ T9405] evict+0x2a3/0x630 [ 380.498888][ T9405] iput+0x63b/0x7e0 [ 380.502531][ T9405] vfs_rmdir+0x359/0x470 [ 380.506610][ T9405] do_rmdir+0x3ab/0x630 [ 380.510603][ T9405] ? d_delete_notify+0x160/0x160 [ 380.515379][ T9405] __x64_sys_unlinkat+0xdf/0xf0 [ 380.520064][ T9405] do_syscall_64+0x3d/0xb0 [ 380.524315][ T9405] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 380.530045][ T9405] RIP: 0033:0x7fda103f1597 [ 380.534308][ T9405] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 380.553738][ T9405] RSP: 002b:00007ffc530e0c98 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 380.561982][ T9405] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fda103f1597 [ 380.569795][ T9405] RDX: 0000000000000200 RSI: 00007ffc530e1e40 RDI: 00000000ffffff9c [ 380.577603][ T9405] RBP: 00007fda1045f65d R08: 0000000000000000 R09: 0000000000000000 [ 380.585421][ T9405] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffc530e1e40 [ 380.593236][ T9405] R13: 00007fda1045f65d R14: 000000000005ccad R15: 0000000000000007 [ 380.601043][ T9405] [ 380.603901][ T9405] [ 380.606090][ T9405] The buggy address belongs to the page: [ 380.611557][ T9405] page:ffffea0004dc7a00 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x1371e8 [ 380.621614][ T9405] flags: 0x4000000000000000(zone=1) [ 380.626652][ T9405] raw: 4000000000000000 ffffea0004beac08 ffffea0004c282c8 0000000000000000 [ 380.635066][ T9405] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 380.643479][ T9405] page dumped because: kasan: bad access detected [ 380.649733][ T9405] page_owner tracks the page as freed [ 380.654935][ T9405] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 12380, ts 376657361025, free_ts 377306073268 [ 380.669525][ T9405] post_alloc_hook+0x1a3/0x1b0 [ 380.674121][ T9405] prep_new_page+0x1b/0x110 [ 380.678458][ T9405] get_page_from_freelist+0x3550/0x35d0 [ 380.683836][ T9405] __alloc_pages+0x27e/0x8f0 [ 380.688265][ T9405] shmem_alloc_and_acct_page+0x4bd/0xa80 [ 380.693733][ T9405] shmem_getpage_gfp+0x1388/0x23c0 [ 380.698680][ T9405] shmem_fault+0x1b8/0x6c0 [ 380.702933][ T9405] __do_fault+0x273/0x300 [ 380.707099][ T9405] handle_pte_fault+0x167b/0x24d0 [ 380.711961][ T9405] do_handle_mm_fault+0x1ea9/0x23a0 [ 380.716994][ T9405] __get_user_pages+0x379/0xee0 [ 380.721679][ T9405] __mm_populate+0x38d/0x560 [ 380.726104][ T9405] vm_mmap_pgoff+0x271/0x450 [ 380.730530][ T9405] ksys_mmap_pgoff+0xed/0x1e0 [ 380.735044][ T9405] __x64_sys_mmap+0x103/0x120 [ 380.739559][ T9405] do_syscall_64+0x3d/0xb0 [ 380.743813][ T9405] page last free stack trace: [ 380.748323][ T9405] free_unref_page_prepare+0x7c8/0x7d0 [ 380.753616][ T9405] free_unref_page_list+0x14b/0xa60 [ 380.758652][ T9405] release_pages+0x1310/0x1370 [ 380.763253][ T9405] __pagevec_release+0x84/0x100 [ 380.767939][ T9405] shmem_undo_range+0x604/0x1560 [ 380.772713][ T9405] shmem_evict_inode+0x215/0x9d0 [ 380.777484][ T9405] evict+0x2a3/0x630 [ 380.781217][ T9405] iput+0x63b/0x7e0 [ 380.784864][ T9405] dentry_unlink_inode+0x34f/0x440 [ 380.789809][ T9405] __dentry_kill+0x447/0x660 [ 380.794237][ T9405] dentry_kill+0xc0/0x2a0 [ 380.798403][ T9405] dput+0x45/0x80 [ 380.801873][ T9405] __fput+0x662/0x910 [ 380.805693][ T9405] ____fput+0x15/0x20 [ 380.809513][ T9405] task_work_run+0x129/0x190 [ 380.813939][ T9405] do_exit+0xc48/0x2ca0 [ 380.817931][ T9405] [ 380.820099][ T9405] Memory state around the buggy address: [ 380.825573][ T9405] ffff8881371e7f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 380.833468][ T9405] ffff8881371e7f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 380.841374][ T9405] >ffff8881371e8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 380.849264][ T9405] ^ [ 380.853169][ T9405] ffff8881371e8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 380.861071][ T9405] ffff8881371e8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 380.868963][ T9405] ================================================================== [ 380.876865][ T9405] Disabling lock debugging due to kernel taint