last executing test programs: 24.145389421s ago: executing program 3 (id=334): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) 24.128832672s ago: executing program 3 (id=335): bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0xd, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x13}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0x5c, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r0}, 0xc) 24.116247473s ago: executing program 3 (id=336): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80180002"], 0x44}}, 0x0) 24.094842495s ago: executing program 3 (id=338): mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='./bus\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f0000000140)='./bus\x00') syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@orlov}, {@debug}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=") 24.000187883s ago: executing program 3 (id=340): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0x4, 0x6, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="17fa00000000090000000400000000001c110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000007d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000000700000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffff"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10) 23.870103453s ago: executing program 3 (id=341): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0x2) 23.825726127s ago: executing program 32 (id=341): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0x2) 20.694911889s ago: executing program 4 (id=434): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) recvmmsg(r0, &(0x7f00000016c0)=[{{0x0, 0x0, 0x0}, 0x7f}, {{0x0, 0x0, &(0x7f0000000200)=[{0x0}, {0x0}], 0x2}, 0x1}], 0x2, 0x40010102, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f0000000000010000000000", @ANYRES64=0x0, @ANYRES64=0x2710], 0x48}}, 0x0) sendmsg$NL80211_CMD_SET_CQM(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB="340200", @ANYRES16], 0x234}}, 0x0) 20.618829836s ago: executing program 4 (id=438): r0 = syz_io_uring_setup(0x94f, &(0x7f00000016c0), &(0x7f0000000080)=0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) io_uring_enter(r0, 0x7, 0x464f, 0x1, 0x0, 0x0) io_uring_enter(r0, 0x1815, 0x0, 0x0, 0x0, 0x0) io_uring_enter(r0, 0x276f, 0x0, 0x8, 0x0, 0xfffffffffffffda7) 20.416562772s ago: executing program 4 (id=444): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=@framed={{}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000) 20.358709656s ago: executing program 4 (id=447): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) umount2(&(0x7f0000000000)='./file0/../file0\x00', 0x1) 20.344817228s ago: executing program 4 (id=448): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x141800, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xffffffffffffffff) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000040)={0x79, 0x0, 0x5}) 20.229626107s ago: executing program 4 (id=452): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x38, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_MASK={0x8, 0x5, "a1b444f0"}, @ETHTOOL_A_BITSET_SIZE={0x8}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004000}, 0x4044094) 20.205347019s ago: executing program 33 (id=452): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={0x38, r1, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_LINKMODES_OURS={0x18, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x4}, @ETHTOOL_A_BITSET_MASK={0x8, 0x5, "a1b444f0"}, @ETHTOOL_A_BITSET_SIZE={0x8}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x20004000}, 0x4044094) 2.874151518s ago: executing program 2 (id=986): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x46, &(0x7f0000002280)={@broadcast, @local, @val, {@mpls_mc={0x8100, {[], @ipv6=@udp={0x1, 0x6, "4ecaef", 0x8, 0x11, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {0x4e21, 0x4e21, 0x8}}}}}}}, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x20044050) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 2.559391983s ago: executing program 2 (id=996): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001780)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) syz_mount_image$fuse(0x0, &(0x7f0000000900)='./file0\x00', 0x1a5000, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f0000004000)=0x7, 0x5, 0x2, 0x0, &(0x7f0000004000)=0x4, 0xb2020000) 2.525032226s ago: executing program 2 (id=997): ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, 0x0) getegid() r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x5ac, 0x324, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000480)={0x24, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x2, "438ba30b"}]}}, 0x0}, 0x0) 2.2278407s ago: executing program 0 (id=1004): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6b478000) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00008cc000/0x1000)=nil, 0x1000}, 0x5}) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000000c0)={&(0x7f0000000000/0xc00000)=nil, 0xc00000}) 2.156178346s ago: executing program 0 (id=1007): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r1}, 0x10) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x1}, 0x10) sendmsg$nl_route(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000006c0)=ANY=[@ANYBLOB="240000001a00010029bd7000000000000a00000000000000000020"], 0x24}}, 0x0) 2.120764579s ago: executing program 0 (id=1010): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000200)={0x2, &(0x7f00000001c0)=[{0x20, 0x1, 0x53, 0xfffff010}, {0x6, 0x4, 0x6, 0x4}]}, 0x10) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000008082295"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000}, 0x94) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xb68, 0xffffffffffffff6b, &(0x7f0000000000)="ff", 0x0, 0x149c, 0x503, 0x0, 0x0, 0x0, 0x0, 0x2, 0xffff80fe}, 0x48) 2.120605029s ago: executing program 5 (id=1011): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) write$cgroup_int(r1, &(0x7f0000000240)=0x2, 0x12) 2.011707057s ago: executing program 5 (id=1013): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x5, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x18) r2 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) write$selinux_access(r2, &(0x7f0000001a80)=ANY=[@ANYBLOB="737973746529f6753a6f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afafffffffeffffff3a73302030"], 0x56) 2.000803578s ago: executing program 5 (id=1015): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) syz_open_dev$usbmon(&(0x7f00000005c0), 0x9, 0x40040) 1.835751572s ago: executing program 5 (id=1017): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000130000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='vm_unmapped_area\x00', r1}, 0x10) io_setup(0x3, &(0x7f0000000340)) 1.772953527s ago: executing program 0 (id=1020): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x57e, 0x200e, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x3, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x81, 0x0, 0x1}}}}}]}}]}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kfree\x00', r1}, 0x18) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000000c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x7, {[@local=@item_4={0x3, 0x2, 0x8, "ce884bfe"}, @main=@item_012={0x1, 0x0, 0xa, "01"}]}}, 0x0}, 0x0) 1.756226128s ago: executing program 5 (id=1022): mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1000, 0xfffffff7) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x101240, 0x10a) r0 = io_uring_setup(0x7109, &(0x7f0000000080)={0x0, 0xfaa2, 0x10, 0x3, 0x10a}) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x40, 0x1) close_range(r0, r0, 0x0) 1.754899918s ago: executing program 6 (id=1031): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a5df"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='scsi_dispatch_cmd_start\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 901.770037ms ago: executing program 5 (id=1023): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa2"], 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd03010000092100000001220100090581"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000a80)=ANY=[@ANYBLOB="002281"], 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f00000000c0), 0x0, 0x107380) 901.658727ms ago: executing program 6 (id=1024): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0044, &(0x7f0000000100)={[{@noblock_validity}, {@resuid}, {@grpquota}, {@noload}, {@nobarrier}, {@lazytime}]}, 0xfe, 0x472, &(0x7f0000000940)="$eJzs3MtvG8UfAPDvOk6a9PFLfyU8GloIFETEI2nSBz1wAYHEAQQSHIo4BSetQt0GNUGiVQSBQxDigCpxRxyR+As4wQUBJySucEeVEMqlhZPR2rtp4tohDydO8ecjbTuzu+7Md2fHnp2xG0DHGkr/SCL2R8SvEdEfEcX6E4Zqf91cmi/9tTRfSqJSee3PJH1Z3FiaL2X/RHVL7avtqFSy/J4G5S6+GTFRLk9dzvKjcxffGZ29cvWp6YsT56fOT10aP3Pm5ImjPafHT7UkzjSuG4Pvzxw5/OIb114unb321o9fp/Xdnx3P42ilodrVbejRVhfWZgdWpJNiGyvChhzI+nt3tf/3R1f0LR/rjxc+amvlgG1VqVQqjT6fMwsV4D8siXbXAGiP/IM+ff7Ntx0aeuwKfzxbewBK476ZbbUjxShk53TXPd+2Um9EnF34+4t0i22ahwAAWOnbdPzzZKPxXyHuWXHe/7I1lIMR8f+IOBQRd0XEQETcHVE9996IuG+D5devkNw+/ilc31Rg65SO/57J1rZWj//y0V8c7MpyB6rxdyfnpstTx7NrMhzde9L82KqXrPbd8798Vr/v02yafWjF+C/d0vLzsWBWj+vFugm6yYm5iZYEn8b/YcRgsVH8yfI6YBIRhyNicJNlTD/+1ZFmx/49/jW0YJ2p8mXEY7X2X4i6+HNJ0/XJsadPj58a7Y3y1PHR/K643U8/L77arPwtxd8CafvvbXj/1+JPnxGT3ojZK1cvVNdrZzdexuJvH5eSJscGNnn/9ySvV9M92b73JubmLo9F9CQvpdm+VfvHb702z+fnp/EPH2vc/w/VHs+qV+L+iEhv4qMR8UBEPJi13UMR8XBEHFsj/h+ee+TtZseat/8as/ItlMY/uUb7p295aepW+2880XXh+2+alV9ZV/ufrKaGsz3ref9bbwW3cu0AAADgTlGofgc+KYwspwuFkZHad/gHYm+hPDM798S5mXcvTda+K38wugv5TFf/ivnQsWxuOM+P1+VPZPPGn3f1VfMjpZnyZLuDhw63r0n/T/3e1e7aAdvO77Wgc+n/0Ln0f+hc+j90Lv0fOlRP490f7HQ9gLbY+Od/77bUA9h5xv/QufR/6Fz6P3Skpr+NL2zpJ/93aqK4O6rRMNG3O6qRJ6KwK6rRusQrn9S6xG6pT54orvs/s9hkYk/DQ+1+ZwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGiNfwIAAP//RwfmeQ==") r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r0, &(0x7f0000000400)="2ae0e710", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast1}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f00000000c0)=0x6, 0x4) recvmmsg(r0, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0) 855.744291ms ago: executing program 2 (id=1026): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0xfffffffffffffd75) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 783.771746ms ago: executing program 6 (id=1027): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000c80)='./file1\x00', 0x210000, &(0x7f0000000580)={[{@jqfmt_vfsv1}, {@resgid}, {@nodioread_nolock}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@resgid}, {@errors_remount}, {@grpid}, {@orlov}]}, 0xfc, 0x572, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hvSuj6TKadKx14PbgXnyRIYg4EP8A330c/gP+FQMdDBlFH0So3PSmy9qkv5aZbPl84Lbn5N7bc78593t7Tm5CAhhYx7IfhYiXI+KbJOJQy7pi5CuPrW63/PD6VLYksbLy6Z9JJPljze2T/PeBvPJSRPz6VcTJwsZ2a4tLs+VKJZ3P62P1uStjtcWlU5fmyjPpTHp5YnLyzFuTE+++83bXYn39/N/ff3L3wzNfH1/+7uf7h28ncTYO5uta43gCN1orx8r/5qXhOLtuw/EuNNZPkl4fALsylOf5cGTXgEMxlGc98Pz7MiJWgAGVyH8YUM1xQHNu36V58DPjwQerE6BG7COt8RdXXxuJvY250f7l5LGZUTbfHe1C+1kbv/xx53a2xOavQ+zbog6wIzduRsTpYnHj9T/Jr3+7d7rx4vHm1rcxaP9/oJfuZuOfN9qN/wpr459oM/450CZ3d2Pr/C/c70IzHWXjv/fajn/XLl2jQ3nthcaYbzi5eKmSno6IFyPiRAzvyeqb3c85s3xvpdO61vFftmTtN8eC+XHcL+55fJ/pcr0cESNPEnfTg5sRrxTbxZ+s9X/Spv+z5+P8Nts4mt55tdO6reN/ulZ+initbf8/uqOVbH5/cqxxPow1z4qN/rp19LdO7fc6/qz/928e/2jSer+2tvM2ftz7T9pp3W7P/5Hks0a5mQTXyvX6/HjESPLxxscnHu3brDe3z+I/cXzz61+78z+bfH2+zfhvHbnVcdN+6P/pHfX/zgv3Pvrih07tb6//32yUTuSP5Ne/9vJzZbsH+KTPHwAAAAAAAPSTQkQcjKRQWisXCqXS6vs7jsT+QqVaq5+8WF24PB2Nz8qOxnCheaf7UMv7Icbz98M26xPr6pMRcTgivh3a16iXpqqV6V4HDwAAAAAAAAAAAAAAAAAAAH3iQIfP/2d+H+r10QFPXeOLDfb0+iiAXtjyK/+78U1PQF/aMv+B55b8h8El/2FwyX8YXPIfBpf8h8El/2FwyX8AAAAAAAAAAAAAAAAAAAAAAAAAAADoqvPnzmXLyvLD61NZffrq4sJs9eqp6bQ2W5pbmCpNVeevlGaq1ZlKWpqqzm319yrV6pXxiVi4NlZPa/Wx2uLShbnqwuX6hUtz5Zn0Qjr8v0QFAAAAAAAAAAAAAAAAAAAAz5ba4tJsuVJJ5xU6Ft6PvjiMpxngql3tXuyXKBQ6FG7m3buzvXp4UQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAdf4LAAD//++4Mnc=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) fallocate(r0, 0x0, 0x0, 0xffff) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0) read$FUSE(r0, &(0x7f0000004480)={0x2020}, 0x2020) 772.270527ms ago: executing program 2 (id=1030): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000380)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x55a8, &(0x7f00000014c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64asumCJWPBPEEisWPIbWMASdogFiB1SkWcm0KQNtI3jqO3zSDNn5vj1mXdGlqUzYzmAZ9ZC+sdvSZyIIxExFxHHk8i3k3KJuBNxsRj7QkScjIjKPUtS5v9OHIyIoxFxYlK8qJmUL31xenzq/K9v//7t94cOHPvymx/29cSBffViRPRXi+3b/SJmnSLeKPONcTeP/XPjMq5uqdHPivzt9kpe4XZjc1wjj2c7xfhs9dZwEq/3Gs1J7HSv5/nVQXHA4bizWWfyhvRGYy3fb7VX8tgdZnnsbBTHXd8ovts2hqOiTqus90lePkajzVjk2+vt4nxWb+axORiV+aJu1mqvT+K4jOXhopn1Wvk8Vh7zIj8B3ukObq2n4/basJsN0vO1+ku1+oVqfS1rtUftc9VGv3XhXLrY6U2GVUftRv9iJ8s6vXatmfWX0sVOs1mt19PFS+2VbmOQ1uu1s7Uz1fNL5dbp9I2rH6S9Vro4ia91B7dG3d4wvZ6tpcU7ltLl2tmXl9JT9fS9K9fSa+9evnzl2vsfXfrw6qtX3nq9HHTftNLF5TPLy9X6mepyfekZOv9Py0k/wvknD07/9OPuLhsUdviAAbCz+/r/2N7/h/4fmLrd9P/9m+X+3vT/8TD9f0yz/5+0VPr//+5/K4/U/56YSv87H/r/PTx/2JXH6/8PTn0eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM3M/zX72ZbywU+8fK/P/K1HPlfhIRlYi4+wBzcXBLzbmyzvwO4+e3zeG7JPIKk2McKpejEXGxXP78/15fBQAAAHh6fX3n5OdFt16sFvZ7QsxScdOmcvzjKdVLImJ+4ZcpVatMVs9PqVj++T4Q61Oqlt/AOjylYsUttwPTqvZQ5raEw/eEpAiVmU4HAACYia2dwGy7EAAAAGbps3999ZWZzYMZS2LzUebms+D8l/f/PBA8Mlnd3fbjfgAAAOBJkuz3BAAAAIA9l/f//v8PAAAAnm7F//8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NzPjdpAFAfgZ4OB/FNQlHtayQ3KSAk55hgoIE1QAmkhDVADkXJICStYYc8ieRek1TLGWvR9ku2d8ernGeDyxtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXfpbree/f375dWnObn+ZPLMBAAAATtlW63n9x7Rpv0v9H1LXp9QuIqKMiFO1+yBGrcxByqnO/H/1aAx/IuqEQ/84HW8j4ms67j52/SkAAADA7dosV7OmWm9OaQngX7+j4kqaRZvy/bdMeUVEVNP/mdLKw+lzprD69z2MH5nS6gWsSaawZsltePreKNdD2gaty8NMFvWXWLfKbp4LAAD0qV0JnKlCAAAAuAHf+x4A1/C0tC+Op+N7xnFzSS8E37RaAAAAwCtU9D0AAAAAoHN1/d/N/n+TF+3/V9j/DwAAALJr9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS9tqPd8sV7Nz9xfPzNntL5NvRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9+zPOwqEQBiEwd71ncnc/7DSoKGxSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvfveX/xNT40wy99pYeh5J1k6NrVNj79w4+sP4+jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsW//vm1UcQDA3/lspylUhIAiEUAFdYCFpm5p6YoQKGLgT0CKUqcEXAptBlpFlCxsKHMXBAsSQkigsOV/6NxIXcrWIUOQmBiC7lf6nJgmpO05TT8f6fl9/Xx5P86Wla/fHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQWX83vNIo4zR7GCviqu32xuJsVq9tqzOry3cms5LFyUjVeuz1+mZ/oL0aPzk+MbyJAAAAcFgc2/WItMrvQwh3WyvTWd0Yy/P/VnVMlvP/UHaVlG3b8/61jcUj5UuTVf7/x+/3XtwaaCzNx8k6nZvvdU/tnEpz38t8wj236xHN/Mznv72k+RvS+HDphfVWfj6T727der+dhyN1zBYA2I+TVV0G1f9DWd0Z5sQAeGo0o8S7yv/TseHOCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAO60vhmSpOQgiTzftxZm1jcXZQ/c3yncnVspy7eXM57jProhVCmJvvdU/VuJaDqzqb1z+b6fW6V65eqzs4HkIY8NKNvf15Wk7/P49phxD6Wk68NKCfj/cw1rZ+dgTlxzPUew5Hs/XtenDS15LsOOHvbRaG8QGoK2iU78/jGGK09ve9P6g+e4++5//zXTLyaL6SAAA41FplyTLRu62V6awtGQ9h88f+/P+NKA59ef/mjaKleL4a5f/3Pjl3Ox4rzv87Na3vSTC1cOmLqavXrr81f2nmYvdi9/O3T3fe6Zw5f/bs+an8t5KpudDwiwkAAAAPoV2WOP8fHbD/fzSKwwP2/4st4SL///L7ztfxWKn8f6D7m37DngkAAMDTqL0VPf/a338lA45I2u3w1czCwpVO8bj1/HTxWOt092mkLHH+n44Pe1YAAABAHdaXkr79/wtRHB6w/x9f///szy//GveZFtcWXA4hdE/OXu5dqG85B1r/Tb8/pY/jRuV8oPawVwoAAMCwjJYl3v9vjWf5f2PrkodGCOHNEyH8U97DH/aY/6cffPtLPFZ8/f+ZWld58DQmivOR1xMhNCeGPSMAAAAOsyNlyZL9P1sr05/+dvSjtuv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr2bwAAAP//aR4tAA==") mkdir(&(0x7f0000000080)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x10) r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='.\x00', 0x0, 0xd) renameat2(0xffffffffffffff9c, &(0x7f0000000480)='./bus\x00', r0, &(0x7f00000004c0)='./file0\x00', 0x2) 699.704573ms ago: executing program 6 (id=1035): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000fc0)=ANY=[@ANYBLOB="180000000000000000000000fcffffff18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200002c2e65c4b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$selinux_create(r2, &(0x7f00000000c0)=@objname={'system_u:object_r:fonts_t:s0', 0x20, '/usr/lib/telepathy/mission-control-5', 0x20, 0x9, 0x20, './file0\x00'}, 0x5f) 631.833219ms ago: executing program 6 (id=1036): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x4028af11, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x3a8bc000) 452.896933ms ago: executing program 6 (id=1038): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000e00)=ANY=[@ANYBLOB="1201000000000040de28021100000000000109022400010000d00009040004010300000009210100f90122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB="200b4000000028b1"], 0x0, 0x0, 0x0, 0x0}, 0x0) ptrace$getregset(0x4204, 0x0, 0x6, 0x0) syz_open_dev$evdev(0x0, 0x40, 0x0) 363.13344ms ago: executing program 2 (id=1042): io_setup(0x9, &(0x7f0000000b80)=0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) creat(0x0, 0x0) io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0xc0502100, &(0x7f00000009c0)) 350.719911ms ago: executing program 1 (id=1044): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00'], 0x48}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001180)={0x38, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}}, 0x0) 333.205113ms ago: executing program 1 (id=1045): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 267.733878ms ago: executing program 1 (id=1046): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000003b810100850000006d000000850000005000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000480)={0x14, r1, 0x62c21a4ade68aba1, 0x70bd23, 0xfffffffd, {{0x32}, {@val={0x8, 0x117, 0x59}, @void, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x0) 267.534458ms ago: executing program 1 (id=1047): syz_mount_image$ext4(&(0x7f00000008c0)='ext4\x00', &(0x7f0000000300)='./file1\x00', 0x800080, &(0x7f00000000c0)={[{@test_dummy_encryption}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x6}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x40000}}]}, 0x3, 0x45f, &(0x7f0000000900)="$eJzs28tvG0UYAPBvN4++iSnl0QcQKIiIR9K0BXrgAAgkDkVCggMcoyStSt0GNUFqqwpahMoJISTuiCP/Aie4IMQJiSvcUaUK9dKWk9F6dxvHtd0kteOCfz9pk5nd2Z35vDv27I4dwMAaz/4kEdsj4o+IGMuzKwuM5/9uXLswe/PahdkkarV3/07q5a5fuzBbFi3321ZkJtKI9PMk9raod/Hc+ZMz1er8mSI/tXTqo6nFc+dfOHFq5vj88fnTB48cOXxo+uWXDr7YlTizNl3f88nCvt1vffD120e/zNaNlvE3xdEl4502Pl2rdbm6/trRkE6G+9gQ1mQoIrLTNVLv/2MxFMsnbyze/KyvjQN6qlar1ba133yxBvyPbW14J8jo8jAoyg/67P63XJoHAa/2ZuhxT7j6Wn4DlMV9o1jyLcORFmVGmu5vu2k8It6/+M+32RK9eQ4BALDCj9n45/lW4780Hmood18xN1SJiPsjYmdEPBARuyLiwYh62Ycj4pE11t88SXL7+Ce9sq7AVikb/71SzG2tHP+Vo7+oDBW5HfX4R5JjJ6rzB4rXZCJGNmX56Q51/PTG71+129Y4/suWrP5yLFi048rwppX7zM0szdxNzI2uXorYM9wq/uTWTEASEbsjYs866zjx7Pf72m27c/wddGGeqfZdxDP5+b8YTfGXks7zk1Obozp/YKq8Km7362+X32lX/13F3wXZ+d/a8vq/FX8laZyvXVx7HZf//KLtPc0qr/9K4z7Z9T+avFdPjxbrzs4sLZ2ZjhhNjuaNblx/cHnfMl+Wz+Kf2N+6/++M5Vdib0RkF/GjEfFYRDxetP2JiHgyIvZ3iP+X15/6cP3x91YW/9yazv9yYjSa17RODJ38+YcVlVZui/9m5/N/uJ6aKNas5v1vNe1a39UMAAAA/z1pRGyPJJ28lU7Tycn8+/K7ItLqwuLSc8cWPj49l/9GoBIjafmka6zheeh0cVuf5y9FRP7VgnL7oeK58TdDW+r5ydmF6ly/g4cBt61N/8/8NdTv1gE95/daMLj0fxhc+j8Mrtb9f8uGtwPYeC36v84PA6LV5/+nfWgHsPGa+r9pPxggnv/B4NL/YXDp/zCQFrfEnX8k3zFRHmmdu3dKDJ/ND939I29AIkbuiWbkic3dP3Kk90BcEj1L9PFNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoIv+DQAA///U99eV") syz_mount_image$exfat(0x0, &(0x7f0000000940)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1380443, 0x0, 0x3, 0x0, &(0x7f0000000000)) creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1000, 0x1) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 163.263927ms ago: executing program 1 (id=1048): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) syz_emit_ethernet(0x46, &(0x7f0000002280)={@broadcast, @local, @val, {@mpls_mc={0x8100, {[], @ipv6=@udp={0x1, 0x6, "4ecaef", 0x8, 0x11, 0x1, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, {[], {0x4e21, 0x4e21, 0x8}}}}}}}, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) sendmsg$NFT_MSG_GETSETELEM(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4001}, 0x20044050) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) 84.664023ms ago: executing program 0 (id=1049): mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$incfs(&(0x7f00000007c0)='.\x00', &(0x7f0000000800)='./bus\x00', &(0x7f0000000840), 0x1004002, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') mkdir(&(0x7f0000000140)='./control\x00', 0x5) rmdir(&(0x7f0000000100)='./control\x00') 5.763879ms ago: executing program 0 (id=1050): chdir(0x0) setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r0 = open(&(0x7f00000002c0)='./file2\x00', 0x60142, 0x40) r1 = open(&(0x7f0000000a00)='./bus\x00', 0x189a40, 0x80) copy_file_range(r1, 0x0, r0, 0x0, 0x6, 0x0) 0s ago: executing program 1 (id=1051): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001540)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0xb, "08405af3"}, @local=@item_4, @local=@item_4={0x3, 0x2, 0x0, "6fe695cd"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$int_in(r1, 0x5452, &(0x7f0000000280)=0xfff) kernel console output (not intermixed with test programs): ino=258 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 30.212794][ T445] loop2: detected capacity change from 0 to 40427 [ 30.229871][ T445] F2FS-fs (loop2): invalid crc value [ 30.239169][ T445] F2FS-fs (loop2): Found nat_bits in checkpoint [ 30.274130][ T445] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 30.303869][ T28] audit: type=1400 audit(1756722725.761:136): avc: denied { create } for pid=443 comm="syz.2.39" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 30.324261][ T286] syz-executor: attempt to access beyond end of device [ 30.324261][ T286] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 30.364978][ T28] audit: type=1400 audit(1756722725.821:137): avc: denied { read write } for pid=463 comm="syz.1.44" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 30.394902][ T28] audit: type=1400 audit(1756722725.821:138): avc: denied { open } for pid=463 comm="syz.1.44" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 30.419874][ T334] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 30.420556][ T28] audit: type=1400 audit(1756722725.831:139): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 30.513788][ T28] audit: type=1400 audit(1756722725.971:140): avc: denied { read } for pid=475 comm="syz.4.50" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 30.554766][ T28] audit: type=1400 audit(1756722726.001:141): avc: denied { open } for pid=475 comm="syz.4.50" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 30.585188][ T28] audit: type=1400 audit(1756722726.001:142): avc: denied { ioctl } for pid=475 comm="syz.4.50" path="/dev/binderfs/binder0" dev="binder" ino=13 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 30.613384][ T334] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 30.623398][ T334] usb 1-1: config 0 has no interface number 0 [ 30.642467][ T334] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 30.675511][ T334] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 30.691310][ T334] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 30.705388][ T334] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 30.717388][ T334] usb 1-1: config 0 descriptor?? [ 30.846425][ T520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.69'. [ 30.855682][ T520] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 30.960607][ T533] loop3: detected capacity change from 0 to 1024 [ 30.991283][ T533] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 31.063407][ T283] EXT4-fs (loop3): unmounting filesystem. [ 31.126283][ T334] prodikeys 0003:041E:2801.0001: unknown main item tag 0x1 [ 31.139972][ T334] prodikeys 0003:041E:2801.0001: unbalanced delimiter at end of report description [ 31.160085][ T334] prodikeys 0003:041E:2801.0001: hid parse failed [ 31.176925][ T334] prodikeys: probe of 0003:041E:2801.0001 failed with error -22 [ 31.191925][ T560] capability: warning: `syz.3.87' uses 32-bit capabilities (legacy support in use) [ 31.272013][ T339] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 31.335933][ T334] usb 1-1: USB disconnect, device number 2 [ 31.356400][ T584] loop3: detected capacity change from 0 to 256 [ 31.377567][ T584] FAT-fs (loop3): Directory bread(block 64) failed [ 31.385068][ T584] FAT-fs (loop3): Directory bread(block 65) failed [ 31.399243][ T584] FAT-fs (loop3): Directory bread(block 66) failed [ 31.406924][ T584] FAT-fs (loop3): Directory bread(block 67) failed [ 31.414124][ T584] FAT-fs (loop3): Directory bread(block 68) failed [ 31.420792][ T584] FAT-fs (loop3): Directory bread(block 69) failed [ 31.428140][ T584] FAT-fs (loop3): Directory bread(block 70) failed [ 31.440035][ T584] FAT-fs (loop3): Directory bread(block 71) failed [ 31.453229][ T584] FAT-fs (loop3): Directory bread(block 72) failed [ 31.467812][ T339] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 31.473594][ T584] FAT-fs (loop3): Directory bread(block 73) failed [ 31.491079][ T339] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 31.512930][ T339] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 31.525700][ T6] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 31.525915][ T339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 31.542812][ T339] usb 5-1: config 0 descriptor?? [ 31.545935][ T6] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 31.605988][ T601] loop3: detected capacity change from 0 to 256 [ 31.619036][ T597] fido_id[597]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 31.636947][ T601] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6438d2e, utbl_chksum : 0xe619d30d) [ 31.746966][ T617] incfs: Options parsing error. -22 [ 31.752528][ T617] incfs: mount failed -22 [ 31.775393][ T619] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 31.781608][ T619] pim6reg0: linktype set to 774 [ 31.868154][ T285] EXT4-fs (loop0): unmounting filesystem. [ 31.949604][ T638] loop0: detected capacity change from 0 to 512 [ 31.958199][ T339] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 31.964515][ T638] EXT4-fs: Ignoring removed oldalloc option [ 31.979898][ T339] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 31.985581][ T643] loop2: detected capacity change from 0 to 128 [ 31.989608][ T339] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 32.009652][ T339] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 32.013703][ T638] EXT4-fs (loop0): 1 truncate cleaned up [ 32.022911][ T339] playstation 0003:054C:0DF2.0003: unknown main item tag 0x0 [ 32.031260][ T339] playstation 0003:054C:0DF2.0003: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0 [ 32.044302][ T638] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 32.083883][ T638] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 32.117966][ T285] EXT4-fs (loop0): unmounting filesystem. [ 32.129900][ T654] overlayfs: unrecognized mount option " 2572 kB [ 32.129900][ T654] SecPageTables: 0 kB [ 32.129900][ T654] NFS_Unstable: 0 kB [ 32.129900][ T654] Bounce: 0 kB [ 32.129900][ T654] WritebackTmp: 0 kB [ 32.129900][ T654] CommitLimit: 3625424 kB [ 32.129900][ T654] Committed_AS: 504680 kB [ 32.129900][ T654] VmallocTotal: 34359738367 kB [ 32.129900][ T654] VmallocUsed: 233888 kB [ 32.129900][ T654] VmallocChunk: 0 kB [ 32.129900][ T654] Percpu: 1464 kB [ 32.129900][ T654] AnonHugePages: 0 kB [ 32.129900][ T654] ShmemHugePages: 0 kB [ 32.129900][ T654] ShmemPmdMapped: 0 kB [ 32.129900][ T654] FileHugePages: 0 kB [ 32.129900][ T654] FilePmdMapped: 0 kB [ 32.129900][ T654] CmaTotal: 0 kB [ 32.129900][ T654] CmaFree: 0 kB [ 32.129900][ T654] DirectMap4k: 24564 kB [ 32.219235][ T339] playstation 0003:054C:0DF2.0003: Invalid byte count transferred, expected 20 got 0 [ 32.236387][ T339] playstation 0003:054C:0DF2.0003: Failed to retrieve DualSense pairing info: -22 [ 32.258223][ T339] playstation 0003:054C:0DF2.0003: Failed to get MAC address from DualSense [ 32.283756][ T339] playstation 0003:054C:0DF2.0003: Failed to create dualsense. [ 32.294154][ T339] playstation: probe of 0003:054C:0DF2.0003 failed with error -22 [ 32.384213][ T291] kernel write not supported for file /vcsa (pid: 291 comm: kworker/1:2) [ 32.445105][ T291] usb 5-1: USB disconnect, device number 2 [ 32.459608][ T680] loop3: detected capacity change from 0 to 256 [ 32.470739][ T684] loop1: detected capacity change from 0 to 128 [ 32.481689][ T680] exfat: Deprecated parameter 'utf8' [ 32.488313][ T680] exfat: Deprecated parameter 'namecase' [ 32.518519][ T680] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x7b823c56, utbl_chksum : 0xe619d30d) [ 32.566978][ T684] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 32.613172][ T684] fscrypt (loop1, inode 12): Unsupported encryption flags (0x80) [ 32.626544][ T704] capability: warning: `syz.3.151' uses deprecated v2 capabilities in a way that may be insecure [ 32.648073][ T704] overlayfs: upper fs does not support tmpfile. [ 32.656340][ T284] EXT4-fs (loop1): unmounting filesystem. [ 32.709768][ T711] loop2: detected capacity change from 0 to 512 [ 32.717655][ T711] EXT4-fs: Ignoring removed oldalloc option [ 32.732281][ T711] EXT4-fs (loop2): 1 truncate cleaned up [ 32.743920][ T711] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 32.792504][ T711] EXT4-fs (loop2): re-mounted. Quota mode: writeback. [ 32.803910][ T721] loop3: detected capacity change from 0 to 128 [ 32.841675][ T286] EXT4-fs (loop2): unmounting filesystem. [ 33.079809][ T19] kernel write not supported for file /vcsa (pid: 19 comm: kworker/0:1) [ 33.092020][ T334] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 33.118385][ T753] loop4: detected capacity change from 0 to 512 [ 33.125283][ T753] EXT4-fs: Ignoring removed oldalloc option [ 33.145136][ T753] EXT4-fs (loop4): 1 truncate cleaned up [ 33.151289][ T753] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 33.184710][ T753] EXT4-fs (loop4): re-mounted. Quota mode: writeback. [ 33.196688][ T760] overlayfs: upper fs does not support tmpfile. [ 33.219041][ T287] EXT4-fs (loop4): unmounting filesystem. [ 33.248478][ T766] loop1: detected capacity change from 0 to 512 [ 33.281956][ T334] usb 1-1: Using ep0 maxpacket: 32 [ 33.282022][ T766] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 33.290525][ T334] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 33.306944][ T334] usb 1-1: config 0 has no interface number 0 [ 33.314254][ T334] usb 1-1: config 0 interface 184 has no altsetting 0 [ 33.330088][ T766] EXT4-fs (loop1): 1 truncate cleaned up [ 33.333807][ T334] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 33.336047][ T766] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 33.365454][ T334] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 33.374172][ T334] usb 1-1: Product: syz [ 33.378436][ T334] usb 1-1: Manufacturer: syz [ 33.383507][ T334] usb 1-1: SerialNumber: syz [ 33.384373][ T284] EXT4-fs (loop1): unmounting filesystem. [ 33.397184][ T334] usb 1-1: config 0 descriptor?? [ 33.405863][ T334] smsc75xx v1.0.0 [ 33.420818][ T775] overlayfs: unrecognized mount option " 2548 kB [ 33.420818][ T775] SecPageTables: 0 kB [ 33.420818][ T775] NFS_Unstable: 0 kB [ 33.420818][ T775] Bounce: 0 kB [ 33.420818][ T775] WritebackTmp: 0 kB [ 33.420818][ T775] CommitLimit: 3625424 kB [ 33.420818][ T775] Committed_AS: 504424 kB [ 33.420818][ T775] VmallocTotal: 34359738367 kB [ 33.420818][ T775] VmallocUsed: 233900 kB [ 33.420818][ T775] VmallocChunk: 0 kB [ 33.420818][ T775] Percpu: 2584 kB [ 33.420818][ T775] AnonHugePages: 0 kB [ 33.420818][ T775] ShmemHugePages: 0 kB [ 33.420818][ T775] ShmemPmdMapped: 0 kB [ 33.420818][ T775] FileHugePages: 0 kB [ 33.420818][ T775] FilePmdMapped: 0 kB [ 33.420818][ T775] CmaTotal: 0 kB [ 33.420818][ T775] CmaFree: 0 kB [ 33.420818][ T775] DirectMap4k: 24564 kB [ 33.735858][ T781] loop1: detected capacity change from 0 to 256 [ 33.747381][ T6] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 33.755899][ T6] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 33.760328][ T781] FAT-fs (loop1): Directory bread(block 64) failed [ 33.772867][ T781] FAT-fs (loop1): Directory bread(block 65) failed [ 33.782847][ T781] FAT-fs (loop1): Directory bread(block 66) failed [ 33.801043][ T781] FAT-fs (loop1): Directory bread(block 67) failed [ 33.816830][ T784] fido_id[784]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 33.825581][ T788] loop4: detected capacity change from 0 to 256 [ 33.849309][ T781] FAT-fs (loop1): Directory bread(block 68) failed [ 33.859221][ T781] FAT-fs (loop1): Directory bread(block 69) failed [ 33.867979][ T781] FAT-fs (loop1): Directory bread(block 70) failed [ 33.880215][ T781] FAT-fs (loop1): Directory bread(block 71) failed [ 33.892621][ T788] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6438d2e, utbl_chksum : 0xe619d30d) [ 33.909367][ T792] loop3: detected capacity change from 0 to 512 [ 33.911200][ T781] FAT-fs (loop1): Directory bread(block 72) failed [ 33.922982][ T792] EXT4-fs: Ignoring removed oldalloc option [ 33.934956][ T781] FAT-fs (loop1): Directory bread(block 73) failed [ 33.968328][ T792] EXT4-fs (loop3): 1 truncate cleaned up [ 33.974346][ T792] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 34.004744][ T792] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 34.060235][ T283] EXT4-fs (loop3): unmounting filesystem. [ 34.214512][ T334] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 34.255061][ T334] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 34.302871][ T334] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 34.314050][ T334] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 34.324434][ T334] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 34.341995][ T334] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 34.351508][ T334] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 34.359932][ T349] udevd[349]: failed to send result of seq 4632 to main daemon: Connection refused [ 34.370605][ T334] usb 1-1: USB disconnect, device number 3 [ 34.446272][ T831] loop1: detected capacity change from 0 to 256 [ 34.455939][ T831] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6438d2e, utbl_chksum : 0xe619d30d) [ 34.487023][ T834] loop1: detected capacity change from 0 to 512 [ 34.493631][ T834] EXT4-fs: Ignoring removed oldalloc option [ 34.501652][ T834] EXT4-fs (loop1): 1 truncate cleaned up [ 34.507953][ T834] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 34.533129][ T834] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 34.555574][ T284] EXT4-fs (loop1): unmounting filesystem. [ 34.587238][ T844] loop1: detected capacity change from 0 to 1024 [ 34.596519][ T844] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 34.691949][ T291] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 34.820675][ T28] kauditd_printk_skb: 216 callbacks suppressed [ 34.820694][ T28] audit: type=1400 audit(34.782:359): avc: denied { read write } for pid=285 comm="syz-executor" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 34.850688][ T28] audit: type=1400 audit(34.782:360): avc: denied { open } for pid=285 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 34.874272][ T39] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 34.882611][ T28] audit: type=1400 audit(34.782:361): avc: denied { ioctl } for pid=285 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 34.907725][ T28] audit: type=1400 audit(34.792:362): avc: denied { bpf } for pid=863 comm="syz.0.218" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 34.927617][ T28] audit: type=1400 audit(34.792:363): avc: denied { prog_load } for pid=863 comm="syz.0.218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 34.928278][ T291] usb 3-1: Using ep0 maxpacket: 16 [ 34.949730][ T28] audit: type=1400 audit(34.792:364): avc: denied { perfmon } for pid=863 comm="syz.0.218" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 34.984385][ T28] audit: type=1400 audit(34.802:365): avc: denied { prog_run } for pid=863 comm="syz.0.218" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 35.002838][ T28] audit: type=1400 audit(34.922:366): avc: denied { ioctl } for pid=843 comm="syz.1.208" path="/dev/raw-gadget" dev="devtmpfs" ino=258 ioctlcmd=0x5503 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 35.027542][ T291] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 35.030260][ T874] loop3: detected capacity change from 0 to 512 [ 35.038246][ T291] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 35.045187][ T28] audit: type=1400 audit(34.922:367): avc: denied { read } for pid=867 comm="syz.4.229" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 35.075460][ T874] EXT4-fs: Ignoring removed oldalloc option [ 35.076640][ T291] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 35.081772][ T28] audit: type=1400 audit(34.922:368): avc: denied { open } for pid=867 comm="syz.4.229" path="/dev/kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 35.092203][ T291] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.121331][ T291] usb 3-1: Product: syz [ 35.126383][ T291] usb 3-1: Manufacturer: syz [ 35.131206][ T291] usb 3-1: SerialNumber: syz [ 35.138224][ T874] EXT4-fs (loop3): 1 truncate cleaned up [ 35.144112][ T874] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 35.154443][ T39] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 35.162599][ T39] usb 2-1: config 0 has no interface number 0 [ 35.168865][ T39] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 35.181456][ T39] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 35.191725][ T39] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 35.201152][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.208683][ T874] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 35.210705][ T39] usb 2-1: config 0 descriptor?? [ 35.236596][ T283] EXT4-fs (loop3): unmounting filesystem. [ 35.340308][ T887] loop3: detected capacity change from 0 to 512 [ 35.347547][ T887] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 35.359580][ T887] EXT4-fs (loop3): 1 truncate cleaned up [ 35.365607][ T887] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 35.388298][ T283] EXT4-fs (loop3): unmounting filesystem. [ 35.544341][ T291] usb 3-1: 0:2 : does not exist [ 35.625062][ T39] prodikeys 0003:041E:2801.0005: unknown main item tag 0x1 [ 35.632803][ T39] prodikeys 0003:041E:2801.0005: unbalanced delimiter at end of report description [ 35.647995][ T39] prodikeys 0003:041E:2801.0005: hid parse failed [ 35.656445][ T39] prodikeys: probe of 0003:041E:2801.0005 failed with error -22 [ 35.709050][ T39] hid-generic 0000:0004:0000.0006: unknown main item tag 0x0 [ 35.718563][ T39] hid-generic 0000:0004:0000.0006: unknown main item tag 0x0 [ 35.726987][ T39] hid-generic 0000:0004:0000.0006: unknown main item tag 0x0 [ 35.735964][ T39] hid-generic 0000:0004:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz0 [ 35.836860][ T334] usb 2-1: USB disconnect, device number 2 [ 35.900548][ T926] process 'syz.0.243' launched '/dev/fd/3' with NULL argv: empty string added [ 35.953193][ T291] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 35.966626][ T291] usb 3-1: USB disconnect, device number 2 [ 36.218437][ T946] batadv0: tun_chr_ioctl cmd 1074025677 [ 36.224334][ T946] batadv0: linktype set to 805 [ 36.354208][ T284] EXT4-fs (loop1): unmounting filesystem. [ 36.368315][ T950] loop0: detected capacity change from 0 to 512 [ 36.382896][ T950] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 36.418173][ T43] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 36.537825][ T936] loop4: detected capacity change from 0 to 131072 [ 36.545420][ T936] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 36.553824][ T936] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 36.563305][ T936] F2FS-fs (loop4): invalid crc value [ 36.570449][ T936] F2FS-fs (loop4): Found nat_bits in checkpoint [ 36.610907][ T936] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 36.618159][ T936] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 36.671909][ T39] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 36.690434][ T961] loop2: detected capacity change from 0 to 40427 [ 36.698099][ T961] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 36.706042][ T961] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 36.715313][ T961] F2FS-fs (loop2): invalid crc value [ 36.722329][ T961] F2FS-fs (loop2): Found nat_bits in checkpoint [ 36.758300][ T961] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 36.765571][ T961] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 36.799266][ T970] netlink: 87 bytes leftover after parsing attributes in process `syz.0.269'. [ 36.863241][ T39] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 36.875691][ T39] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 36.915073][ T39] usb 2-1: config 220 has an invalid descriptor of length 255, skipping remainder of the config [ 36.951986][ T39] usb 2-1: config 220 has no interface number 2 [ 36.975759][ T39] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 36.989320][ T39] usb 2-1: config 220 interface 0 has no altsetting 0 [ 36.996405][ T39] usb 2-1: config 220 interface 76 has no altsetting 0 [ 37.003564][ T39] usb 2-1: config 220 interface 1 has no altsetting 0 [ 37.023050][ T39] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 37.041963][ T39] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.060279][ T39] usb 2-1: Product: syz [ 37.064861][ T39] usb 2-1: Manufacturer: syz [ 37.069514][ T39] usb 2-1: SerialNumber: syz [ 37.249097][ T961] F2FS-fs (loop2): Start checkpoint disabled! [ 37.255718][ T961] syz.2.258: attempt to access beyond end of device [ 37.255718][ T961] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 37.279092][ T994] netlink: 12 bytes leftover after parsing attributes in process `syz.3.267'. [ 37.289430][ T994] netlink: 16 bytes leftover after parsing attributes in process `syz.3.267'. [ 37.299778][ T994] netlink: 16 bytes leftover after parsing attributes in process `syz.3.267'. [ 37.310540][ T39] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 37.319652][ T39] usb 2-1: No valid video chain found. [ 37.344841][ T39] usb 2-1: selecting invalid altsetting 0 [ 37.362995][ T999] loop3: detected capacity change from 0 to 128 [ 37.373242][ T39] usb 2-1: USB disconnect, device number 3 [ 37.402476][ T999] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 37.436687][ T999] fscrypt (loop3, inode 12): Direct key flag not allowed with different contents and filenames modes [ 37.483225][ T283] EXT4-fs (loop3): unmounting filesystem. [ 37.513481][ T1007] loop3: detected capacity change from 0 to 128 [ 37.640069][ T1033] loop3: detected capacity change from 0 to 1024 [ 37.648029][ T1033] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 37.656742][ T1033] EXT4-fs (loop3): orphan cleanup on readonly fs [ 37.663509][ T1033] EXT4-fs warning (device loop3): ext4_enable_quotas:7053: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 37.678178][ T1033] EXT4-fs (loop3): Cannot turn on quotas: error -5 [ 37.685526][ T1033] EXT4-fs (loop3): 1 truncate cleaned up [ 37.691386][ T1033] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 37.725059][ T283] EXT4-fs (loop3): unmounting filesystem. [ 37.779498][ T1030] loop0: detected capacity change from 0 to 40427 [ 37.786656][ T1030] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 37.794645][ T291] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 37.794817][ T1030] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 37.811967][ T1030] F2FS-fs (loop0): invalid crc value [ 37.822853][ T1030] F2FS-fs (loop0): Found nat_bits in checkpoint [ 37.852733][ T1030] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 37.859848][ T1030] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 37.891125][ T1030] syz.0.285: attempt to access beyond end of device [ 37.891125][ T1030] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 37.913266][ T43] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 37.922675][ T43] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 38.003054][ T291] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 38.013280][ T291] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 38.024197][ T291] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 38.034309][ T291] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 38.042639][ T291] usb 3-1: Product: syz [ 38.046926][ T291] usb 3-1: Manufacturer: syz [ 38.051815][ T291] usb 3-1: SerialNumber: syz [ 38.151929][ T334] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 38.182808][ T1052] loop0: detected capacity change from 0 to 40427 [ 38.189931][ T1052] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 38.197862][ T1052] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 38.206950][ T1052] F2FS-fs (loop0): invalid crc value [ 38.214291][ T1052] F2FS-fs (loop0): Found nat_bits in checkpoint [ 38.246713][ T1052] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 38.254114][ T1052] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 38.264453][ T291] usb 3-1: 0:2 : does not exist [ 38.271676][ T291] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 38.286079][ T1053] f2fs_ckpt-7:0: attempt to access beyond end of device [ 38.286079][ T1053] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 38.302206][ T1052] syz.0.292: attempt to access beyond end of device [ 38.302206][ T1052] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 38.310532][ T291] usb 3-1: USB disconnect, device number 3 [ 38.316915][ T1052] syz.0.292: attempt to access beyond end of device [ 38.316915][ T1052] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 38.353023][ T334] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 38.364146][ T334] usb 4-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 38.373769][ T334] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.392292][ T334] usb 4-1: config 0 descriptor?? [ 38.397658][ T1048] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 38.446158][ T1063] input: syz1 as /devices/virtual/input/input5 [ 38.492239][ T1073] loop0: detected capacity change from 0 to 2048 [ 38.503466][ T1073] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 38.520342][ T285] EXT4-fs (loop0): unmounting filesystem. [ 38.699497][ T1102] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 38.709062][ T1102] FAT-fs (loop9): unable to read boot sector [ 38.754515][ T1108] netlink: 24 bytes leftover after parsing attributes in process `syz.0.316'. [ 38.815683][ T334] logitech 0003:046D:C24F.0007: unknown main item tag 0x0 [ 38.831325][ T334] logitech 0003:046D:C24F.0007: unknown main item tag 0x0 [ 38.840308][ T334] logitech 0003:046D:C24F.0007: unknown main item tag 0x0 [ 38.851031][ T334] logitech 0003:046D:C24F.0007: unknown main item tag 0x0 [ 38.858385][ T334] logitech 0003:046D:C24F.0007: unknown main item tag 0x0 [ 38.866408][ T334] logitech 0003:046D:C24F.0007: hidraw0: USB HID v1.01 Device [HID 046d:c24f] on usb-dummy_hcd.3-1/input0 [ 38.877872][ T334] logitech 0003:046D:C24F.0007: no inputs found [ 38.935355][ T1131] loop4: detected capacity change from 0 to 256 [ 39.030767][ T1134] usb 4-1: USB disconnect, device number 2 [ 39.071960][ T39] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 39.121919][ T291] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 39.232234][ T339] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 39.263207][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.274244][ T39] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 39.284192][ T39] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 39.297363][ T39] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 39.306786][ T39] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.316142][ T291] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 39.328204][ T291] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 39.337406][ T39] usb 3-1: config 0 descriptor?? [ 39.348444][ T291] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 39.357676][ T291] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 39.366150][ T291] usb 1-1: SerialNumber: syz [ 39.372785][ T1143] loop1: detected capacity change from 0 to 256 [ 39.382945][ T1143] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 39.412045][ T339] usb 5-1: Using ep0 maxpacket: 8 [ 39.418627][ T339] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 39.427342][ T339] usb 5-1: config 179 has no interface number 0 [ 39.433961][ T339] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 39.445715][ T339] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 39.457417][ T339] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 39.468939][ T339] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 39.480475][ T339] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 39.494061][ T339] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 39.503510][ T339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.513044][ T1133] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 39.585891][ T291] usb 1-1: 0:2 : does not exist [ 39.598689][ T1156] loop3: detected capacity change from 0 to 512 [ 39.606770][ T291] usb 1-1: USB disconnect, device number 4 [ 39.611775][ T1156] EXT4-fs: Ignoring removed orlov option [ 39.619210][ T1156] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 39.629010][ T1156] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 39.630033][ T1160] serio: Serial port ttynull [ 39.638379][ T1156] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2195: inode #15: comm syz.3.338: corrupted in-inode xattr [ 39.653913][ T1156] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.338: couldn't read orphan inode 15 (err -117) [ 39.666020][ T1156] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 39.691302][ T283] EXT4-fs (loop3): unmounting filesystem. [ 39.735321][ T1134] usb 5-1: USB disconnect, device number 3 [ 39.735355][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 39.735375][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 39.759190][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.768360][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.777634][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.785254][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.793176][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.800705][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.808201][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.816950][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.831923][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.851992][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.859477][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.867124][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.874727][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.883759][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.891244][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.898790][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.906269][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.913751][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.921198][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.928760][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.936269][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.943925][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.951440][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.959329][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.970183][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 39.977837][ T28] kauditd_printk_skb: 143 callbacks suppressed [ 39.977853][ T28] audit: type=1400 audit(39.942:511): avc: denied { mounton } for pid=1166 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 40.005196][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.012749][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.017094][ T28] audit: type=1400 audit(39.942:512): avc: denied { module_request } for pid=1166 comm="syz-executor" kmod="netdev-nr5" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 40.020292][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.050625][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.059960][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.067896][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.075427][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.082988][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.090491][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.100356][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.100399][ T1166] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.107833][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.122359][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.129787][ T1166] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.130389][ T1166] device bridge_slave_0 entered promiscuous mode [ 40.137457][ T39] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 40.145498][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.152416][ T39] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 40.158616][ T1166] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.174413][ T39] plantronics 0003:047F:FFFF.0008: hiddev96,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 40.187730][ T1166] device bridge_slave_1 entered promiscuous mode [ 40.190643][ T39] usb 3-1: USB disconnect, device number 4 [ 40.212145][ T28] audit: type=1400 audit(40.182:513): avc: denied { nlmsg_read } for pid=1170 comm="syz.0.343" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 40.213332][ T1171] netlink: 272 bytes leftover after parsing attributes in process `syz.0.343'. [ 40.286491][ T28] audit: type=1400 audit(40.252:514): avc: denied { mounton } for pid=1172 comm="syz.0.344" path="/79/file0" dev="tmpfs" ino=432 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 40.318223][ T28] audit: type=1400 audit(40.272:515): avc: denied { mounton } for pid=1172 comm="syz.0.344" path="/79/file0" dev="loop0" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=fifo_file permissive=1 [ 40.352651][ T1179] loop0: detected capacity change from 0 to 16 [ 40.364829][ T1179] erofs: (device loop0): mounted with root inode @ nid 36. [ 40.374161][ T1179] erofs: (device loop0): z_erofs_fill_inode_lazy: unknown HEAD1 format 5 for nid 36, please upgrade kernel [ 40.377768][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.385855][ T1179] erofs: (device loop0): z_erofs_fill_inode_lazy: unknown HEAD1 format 5 for nid 36, please upgrade kernel [ 40.392810][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.392924][ T1166] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.404823][ T1179] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-95] [ 40.411468][ T1166] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.428232][ T1179] erofs: (device loop0): z_erofs_fill_inode_lazy: unknown HEAD1 format 5 for nid 36, please upgrade kernel [ 40.445801][ T1179] erofs: (device loop0): z_erofs_fill_inode_lazy: unknown HEAD1 format 5 for nid 36, please upgrade kernel [ 40.457519][ T1179] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-95] [ 40.469435][ T1179] erofs: (device loop0): erofs_readdir: fail to readdir of logical block 0 of nid 36 [ 40.500696][ T28] audit: type=1400 audit(40.462:516): avc: denied { append } for pid=1188 comm="syz.4.347" name="ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 40.511463][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 40.534464][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.543378][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.572084][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 40.581932][ T28] audit: type=1400 audit(40.492:517): avc: denied { open } for pid=1188 comm="syz.4.347" path="/dev/ptp0" dev="devtmpfs" ino=264 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 40.583788][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 40.611575][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 40.626036][ T1199] loop4: detected capacity change from 0 to 512 [ 40.632852][ T1199] EXT4-fs: Ignoring removed oldalloc option [ 40.639215][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 40.648933][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 40.656028][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 40.656128][ T1202] netlink: 24 bytes leftover after parsing attributes in process `syz.2.352'. [ 40.674047][ T335] device bridge_slave_1 left promiscuous mode [ 40.680231][ T335] bridge0: port 2(bridge_slave_1) entered disabled state [ 40.688714][ T1199] EXT4-fs (loop4): 1 truncate cleaned up [ 40.697016][ T1199] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 40.717851][ T287] EXT4-fs (loop4): unmounting filesystem. [ 40.724602][ T335] device bridge_slave_0 left promiscuous mode [ 40.731093][ T335] bridge0: port 1(bridge_slave_0) entered disabled state [ 40.742156][ T335] device veth1_macvtap left promiscuous mode [ 40.748748][ T335] device veth0_vlan left promiscuous mode [ 40.796226][ T28] audit: type=1400 audit(40.762:518): avc: denied { create } for pid=1219 comm="syz.1.359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 40.815425][ T28] audit: type=1400 audit(40.762:519): avc: denied { write } for pid=1219 comm="syz.1.359" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 40.900024][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 40.908436][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 40.936946][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 40.945515][ T28] audit: type=1400 audit(40.912:520): avc: denied { write } for pid=1224 comm="syz.4.361" name="anycast6" dev="proc" ino=4026532683 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 40.946193][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 40.984650][ T1166] device veth0_vlan entered promiscuous mode [ 40.991562][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 41.002500][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 41.014573][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 41.022840][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 41.030829][ T1242] netlink: 4 bytes leftover after parsing attributes in process `syz.4.365'. [ 41.046498][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 41.055167][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 41.069096][ T1166] device veth1_macvtap entered promiscuous mode [ 41.096120][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 41.106337][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 41.116411][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 41.138028][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 41.156714][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 41.269565][ T1271] 9p: Unknown access argument 18446744073709551615: -34 [ 41.453368][ T1292] netlink: 8 bytes leftover after parsing attributes in process `syz.2.388'. [ 41.482612][ T1298] netlink: 12 bytes leftover after parsing attributes in process `syz.5.391'. [ 41.511060][ T1302] loop5: detected capacity change from 0 to 1024 [ 41.517890][ T1302] EXT4-fs: Ignoring removed mblk_io_submit option [ 41.533561][ T1302] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 41.554388][ T1166] EXT4-fs (loop5): unmounting filesystem. [ 41.788391][ T1325] IPv6: addrconf: prefix option has invalid lifetime [ 41.796366][ T1325] IPv6: addrconf: prefix option has invalid lifetime [ 41.997252][ T1338] loop0: detected capacity change from 0 to 1024 [ 42.004491][ T1338] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 42.015484][ T1338] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869) [ 42.025127][ T291] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 42.026703][ T1338] JBD2: no valid journal superblock found [ 42.038563][ T1338] EXT4-fs (loop0): error loading journal [ 42.051043][ T1341] Driver unsupported XDP return value 0 on prog (id 116) dev N/A, expect packet loss! [ 42.102339][ T1338] netlink: 8 bytes leftover after parsing attributes in process `syz.0.408'. [ 42.223097][ T291] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 42.241937][ T291] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 42.264434][ T291] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 42.281913][ T291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 42.283247][ T1351] loop2: detected capacity change from 0 to 40427 [ 42.296480][ T291] usb 2-1: Product: syz [ 42.297379][ T1351] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 42.300866][ T291] usb 2-1: Manufacturer: syz [ 42.323140][ T1351] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 42.332048][ T291] usb 2-1: SerialNumber: syz [ 42.335978][ T1351] F2FS-fs (loop2): invalid crc value [ 42.345308][ T1362] SELinux: policydb magic number 0x4c5047 does not match expected magic number 0xf97cff8c [ 42.355858][ T1362] SELinux: failed to load policy [ 42.368304][ T1351] F2FS-fs (loop2): Found nat_bits in checkpoint [ 42.448516][ T1351] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 42.462046][ T1360] loop4: detected capacity change from 0 to 40427 [ 42.466734][ T1351] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 42.489965][ T1360] F2FS-fs (loop4): fault_injection options not supported [ 42.509037][ T1360] F2FS-fs (loop4): fault_type options not supported [ 42.529157][ T1360] F2FS-fs (loop4): invalid crc value [ 42.540293][ T291] usb 2-1: 0:2 : does not exist [ 42.544897][ T335] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 42.554110][ T291] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 42.558557][ T291] usb 2-1: USB disconnect, device number 4 [ 42.562381][ T335] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 42.577224][ T1360] F2FS-fs (loop4): Found nat_bits in checkpoint [ 42.644491][ T1360] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 42.724681][ T287] syz-executor: attempt to access beyond end of device [ 42.724681][ T287] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 42.955127][ T1400] loop5: detected capacity change from 0 to 512 [ 42.972348][ T1400] EXT4-fs: Ignoring removed i_version option [ 42.979091][ T1400] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 42.994283][ T1400] EXT4-fs (loop5): 1 truncate cleaned up [ 43.000077][ T1400] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 43.019763][ T1166] EXT4-fs (loop5): unmounting filesystem. [ 43.106073][ T1414] loop2: detected capacity change from 0 to 512 [ 43.114184][ T1414] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 43.128727][ T1416] loop1: detected capacity change from 0 to 512 [ 43.170493][ T1419] loop1: detected capacity change from 0 to 256 [ 43.197879][ T1419] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 43.231000][ T1419] exFAT-fs (loop1): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 43.283961][ T1405] loop5: detected capacity change from 0 to 40427 [ 43.293755][ T1405] F2FS-fs (loop5): invalid crc value [ 43.301081][ T1405] F2FS-fs (loop5): Found nat_bits in checkpoint [ 43.343906][ T1405] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 43.441699][ T1166] syz-executor: attempt to access beyond end of device [ 43.441699][ T1166] loop5: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 43.611166][ T1458] xt_bpf: check failed: parse error [ 43.753547][ T1466] bridge0: port 1(bridge_slave_0) entered blocking state [ 43.760722][ T1466] bridge0: port 1(bridge_slave_0) entered disabled state [ 43.768959][ T1466] device bridge_slave_0 entered promiscuous mode [ 43.782939][ T1466] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.790055][ T1466] bridge0: port 2(bridge_slave_1) entered disabled state [ 43.800106][ T1466] device bridge_slave_1 entered promiscuous mode [ 43.830362][ T1485] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only [ 43.986647][ T1466] bridge0: port 2(bridge_slave_1) entered blocking state [ 43.993814][ T1466] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.001176][ T1466] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.008286][ T1466] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.087900][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 44.096804][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.112139][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.124300][ T348] device bridge_slave_1 left promiscuous mode [ 44.130593][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.142647][ T348] device bridge_slave_0 left promiscuous mode [ 44.153283][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.167346][ T348] device veth1_macvtap left promiscuous mode [ 44.176928][ T348] device veth0_vlan left promiscuous mode [ 44.307022][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 44.316562][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.323671][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.356452][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 44.367849][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.374964][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.412441][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 44.422775][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 44.430900][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 44.440466][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 44.456312][ T1466] device veth0_vlan entered promiscuous mode [ 44.463068][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 44.471759][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 44.481319][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 44.498597][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 44.510470][ T1528] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 44.521663][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 44.539726][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 44.559920][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 44.568902][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 44.581852][ T1466] device veth1_macvtap entered promiscuous mode [ 44.596203][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 44.604923][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 44.614408][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 44.624213][ T1537] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.631479][ T1537] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.650503][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 44.662794][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 44.704951][ T1540] loop5: detected capacity change from 0 to 2048 [ 44.725943][ T1540] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 44.746997][ T1166] EXT4-fs (loop5): unmounting filesystem. [ 44.767441][ T1552] loop5: detected capacity change from 0 to 256 [ 44.780930][ T1538] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.788960][ T1538] bridge0: port 1(bridge_slave_0) entered disabled state [ 44.795649][ T1552] syz.5.495: attempt to access beyond end of device [ 44.795649][ T1552] loop5: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 44.797577][ T1538] device bridge_slave_0 entered promiscuous mode [ 44.822577][ T1538] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.829663][ T1538] bridge0: port 2(bridge_slave_1) entered disabled state [ 44.839184][ T1538] device bridge_slave_1 entered promiscuous mode [ 44.845827][ T19] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 44.935882][ T1538] bridge0: port 2(bridge_slave_1) entered blocking state [ 44.943028][ T1538] bridge0: port 2(bridge_slave_1) entered forwarding state [ 44.950343][ T1538] bridge0: port 1(bridge_slave_0) entered blocking state [ 44.957425][ T1538] bridge0: port 1(bridge_slave_0) entered forwarding state [ 44.989627][ T28] kauditd_printk_skb: 42 callbacks suppressed [ 44.989645][ T28] audit: type=1400 audit(44.952:563): avc: denied { write } for pid=1571 comm="syz.6.503" path="socket:[22877]" dev="sockfs" ino=22877 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 45.011648][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 45.038070][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.051956][ T19] usb 1-1: Using ep0 maxpacket: 16 [ 45.060216][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.068235][ T19] usb 1-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 45.088574][ T19] usb 1-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 45.098580][ T19] usb 1-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 45.117881][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 45.126575][ T19] usb 1-1: config 1 interface 0 has no altsetting 0 [ 45.132146][ T291] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 45.133611][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 45.133631][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 45.133814][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 45.156745][ T1564] loop1: detected capacity change from 0 to 40427 [ 45.166003][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 45.171828][ T1564] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 45.177690][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 45.185864][ T1564] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 45.193640][ T19] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 45.210261][ T19] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 45.218514][ T19] usb 1-1: Product: syz [ 45.223083][ T19] usb 1-1: Manufacturer: syz [ 45.230473][ T1564] F2FS-fs (loop1): invalid crc value [ 45.230758][ T19] usb 1-1: SerialNumber: syz [ 45.238541][ T1564] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 45.253947][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 45.255878][ T1564] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 45.262712][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 45.289782][ T1584] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 45.299289][ T1564] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 45.308029][ T1564] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 45.312990][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 45.322926][ T291] usb 6-1: Using ep0 maxpacket: 8 [ 45.327529][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 45.337846][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 45.338094][ T291] usb 6-1: config 179 has an invalid interface number: 65 but max is 0 [ 45.346419][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 45.363487][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 45.372277][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 45.380647][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 45.382016][ T291] usb 6-1: config 179 has no interface number 0 [ 45.391305][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 45.403239][ T1564] syz.1.502: attempt to access beyond end of device [ 45.403239][ T1564] loop1: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 45.404563][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 45.417286][ T291] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 45.445421][ T291] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 45.459415][ T291] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 45.462269][ T1538] device veth0_vlan entered promiscuous mode [ 45.471934][ T291] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 45.482084][ T19] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 45.488443][ T291] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 45.512999][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 45.521003][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 45.529295][ T291] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 45.538476][ T291] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.538843][ T348] device bridge_slave_1 left promiscuous mode [ 45.553702][ T348] bridge0: port 2(bridge_slave_1) entered disabled state [ 45.561418][ T348] device bridge_slave_0 left promiscuous mode [ 45.567897][ T348] bridge0: port 1(bridge_slave_0) entered disabled state [ 45.572026][ T1558] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 45.583672][ T348] device veth1_macvtap left promiscuous mode [ 45.592488][ T348] device veth0_vlan left promiscuous mode [ 45.603312][ T1587] loop6: detected capacity change from 0 to 16 [ 45.610632][ T1587] erofs: (device loop6): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 45.621560][ T1587] erofs: (device loop6): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 45.633423][ T1587] erofs: (device loop6): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk! [ 45.645755][ T1587] erofs: (device loop6): mounted with root inode @ nid 36. [ 45.692332][ T1135] usb 1-1: USB disconnect, device number 5 [ 45.700703][ T1135] usblp0: removed [ 45.778056][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 45.786180][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 45.822553][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 45.831074][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 45.843026][ T1538] device veth1_macvtap entered promiscuous mode [ 45.855953][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 45.869248][ T339] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input6 [ 45.870367][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 45.888624][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 45.915005][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 45.928473][ T28] audit: type=1400 audit(45.892:564): avc: denied { relabelfrom } for pid=1597 comm="syz.6.513" name="NETLINK" dev="sockfs" ino=23025 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 45.928609][ T1598] SELinux: Context system_u:object_r:iptables_conf_t:s0 is not valid (left unmapped). [ 45.956614][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 45.981573][ T28] audit: type=1400 audit(45.892:565): avc: denied { mac_admin } for pid=1597 comm="syz.6.513" capability=33 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 46.009092][ T28] audit: type=1400 audit(45.942:566): avc: denied { relabelto } for pid=1597 comm="syz.6.513" name="NETLINK" dev="sockfs" ino=23025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_netfilter_socket permissive=1 trawcon="system_u:object_r:iptables_conf_t:s0" [ 46.094392][ T1558] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 46.095690][ T28] audit: type=1400 audit(46.062:567): avc: denied { mount } for pid=1613 comm="syz.6.520" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 46.134781][ T1558] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 46.140437][ T28] audit: type=1400 audit(46.102:568): avc: denied { mounton } for pid=1613 comm="syz.6.520" path="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 46.169979][ T28] audit: type=1400 audit(46.132:569): avc: denied { unmount } for pid=1466 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 46.226354][ T1619] loop2: detected capacity change from 0 to 512 [ 46.233280][ T1619] EXT4-fs: Ignoring removed oldalloc option [ 46.239591][ T1621] syz.6.524[1621] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.239680][ T1621] syz.6.524[1621] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.272930][ T1619] EXT4-fs (loop2): 1 truncate cleaned up [ 46.292765][ T1619] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 46.315984][ T1619] EXT4-fs error (device loop2): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz.2.522: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0 [ 46.337969][ T1619] EXT4-fs (loop2): Remounting filesystem read-only [ 46.362284][ T1538] EXT4-fs (loop2): unmounting filesystem. [ 46.365240][ T1135] usb 6-1: USB disconnect, device number 2 [ 46.368097][ C1] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 46.368129][ C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 46.404501][ T1135] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 46.533854][ T1651] loop2: detected capacity change from 0 to 256 [ 46.549510][ T1653] syz.1.537 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 46.562532][ T1651] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 46.583516][ T1638] loop0: detected capacity change from 0 to 40427 [ 46.596831][ T1638] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 46.605360][ T1651] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 46.614653][ T1638] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 46.633399][ T1638] F2FS-fs (loop0): invalid crc value [ 46.652601][ T1638] F2FS-fs (loop0): Found nat_bits in checkpoint [ 46.704901][ T1638] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 46.712071][ T1638] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 46.812479][ T1674] syz.6.545[1674] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.812574][ T1674] syz.6.545[1674] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 46.850362][ T1677] SELinux: policydb table sizes (0,538976256) do not match mine (8,7) [ 46.871333][ T1677] SELinux: failed to load policy [ 46.941996][ T1686] loop2: detected capacity change from 0 to 2048 [ 46.957601][ T28] audit: type=1400 audit(46.922:570): avc: denied { setopt } for pid=1689 comm="syz.5.553" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 46.984016][ T1686] loop2: p1 < > p4 [ 46.989966][ T28] audit: type=1400 audit(46.952:571): avc: denied { append } for pid=1691 comm="syz.5.554" name="001" dev="devtmpfs" ino=182 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 47.012726][ T1686] loop2: p4 size 8388608 extends beyond EOD, truncated [ 47.056051][ T1698] loop5: detected capacity change from 0 to 256 [ 47.088239][ T28] audit: type=1400 audit(47.052:572): avc: denied { read write } for pid=1699 comm="syz.6.559" name="loop-control" dev="devtmpfs" ino=117 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 47.131303][ T1638] F2FS-fs (loop0): Start checkpoint disabled! [ 47.138201][ T1638] syz.0.530: attempt to access beyond end of device [ 47.138201][ T1638] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 47.142780][ T1707] device bridge0 entered promiscuous mode [ 47.171106][ T1707] device macsec1 entered promiscuous mode [ 47.183014][ T1707] bridge0: port 3(macsec1) entered blocking state [ 47.189860][ T1707] bridge0: port 3(macsec1) entered disabled state [ 47.205903][ T1716] loop5: detected capacity change from 0 to 256 [ 47.215906][ T1707] device bridge0 left promiscuous mode [ 47.260459][ T1718] loop5: detected capacity change from 0 to 512 [ 47.309724][ T1718] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 47.324232][ T1718] System zones: 0-2, 18-18, 34-35 [ 47.339786][ T1718] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 47.412924][ T1166] EXT4-fs (loop5): unmounting filesystem. [ 47.483685][ T1746] loop2: detected capacity change from 0 to 1024 [ 47.493666][ T1746] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.576: bg 0: block 10: padding at end of block bitmap is not set [ 47.502705][ T1749] loop1: detected capacity change from 0 to 256 [ 47.508521][ T1746] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.576: Failed to acquire dquot type 0 [ 47.516363][ T1749] exfat: Deprecated parameter 'utf8' [ 47.530915][ T1749] exfat: Deprecated parameter 'namecase' [ 47.532874][ T1746] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.576: Failed to acquire dquot type 0 [ 47.548902][ T1746] EXT4-fs error (device loop2): ext4_free_blocks:6210: comm syz.2.576: Freeing blocks not in datazone - block = 0, count = 4096 [ 47.550842][ T1749] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x7b823c56, utbl_chksum : 0xe619d30d) [ 47.563776][ T1746] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.576: Failed to acquire dquot type 0 [ 47.586195][ T1746] EXT4-fs (loop2): 1 orphan inode deleted [ 47.604896][ T1746] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 47.643261][ T1538] EXT4-fs (loop2): unmounting filesystem. [ 47.649211][ T1746] syz.2.576 (1746) used greatest stack depth: 20544 bytes left [ 47.721935][ T1135] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 47.732759][ T1772] loop1: detected capacity change from 0 to 2048 [ 47.762783][ T1772] loop1: p1 < > p4 < > [ 47.815801][ T1783] netlink: 12 bytes leftover after parsing attributes in process `syz.5.592'. [ 47.852883][ T1787] device macsec1 entered promiscuous mode [ 47.858729][ T1787] device bridge0 entered promiscuous mode [ 47.865002][ T1787] bridge0: port 3(macsec1) entered blocking state [ 47.871497][ T1787] bridge0: port 3(macsec1) entered disabled state [ 47.894185][ T1787] device bridge0 left promiscuous mode [ 47.913168][ T1135] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 47.928987][ T1135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.942647][ T1135] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.958278][ T1135] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 47.988548][ T1135] usb 1-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 47.997992][ T1135] usb 1-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 48.006641][ T1135] usb 1-1: Manufacturer: syz [ 48.012271][ T1135] usb 1-1: config 0 descriptor?? [ 48.243498][ T1808] loop2: detected capacity change from 0 to 40427 [ 48.252426][ T1808] F2FS-fs (loop2): invalid crc value [ 48.259709][ T1808] F2FS-fs (loop2): Found nat_bits in checkpoint [ 48.299896][ T1808] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 48.356021][ T1538] syz-executor: attempt to access beyond end of device [ 48.356021][ T1538] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 48.420847][ T1135] appleir 0003:05AC:8243.0009: unknown main item tag 0x0 [ 48.428611][ T1135] appleir 0003:05AC:8243.0009: No inputs registered, leaving [ 48.437629][ T1135] appleir 0003:05AC:8243.0009: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 48.502231][ T1830] netlink: 9 bytes leftover after parsing attributes in process `syz.2.612'. [ 48.511709][ T1830] device gretap0 entered promiscuous mode [ 48.520959][ T1830] netlink: 5 bytes leftover after parsing attributes in process `syz.2.612'. [ 48.530018][ T1830] 0ªX¹¦D: renamed from gretap0 [ 48.535592][ T1830] device 30ªX¹¦D left promiscuous mode [ 48.541918][ T1830] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 48.551943][ T339] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 48.631933][ T1134] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 48.702751][ T1135] usb 1-1: USB disconnect, device number 6 [ 48.743057][ T339] usb 7-1: Using ep0 maxpacket: 8 [ 48.749343][ T339] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 48.758092][ T339] usb 7-1: config 179 has no interface number 0 [ 48.764446][ T339] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 48.775643][ T339] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 48.787071][ T339] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 48.798330][ T339] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 48.809981][ T339] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 48.827787][ T1134] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 48.840148][ T339] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 48.850255][ T1134] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 48.860400][ T339] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.868680][ T1134] usb 6-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 48.878903][ T1134] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.887342][ T1817] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22 [ 48.895688][ T1134] usb 6-1: config 0 descriptor?? [ 49.040226][ T1853] loop2: detected capacity change from 0 to 512 [ 49.047338][ T1853] EXT4-fs: Ignoring removed i_version option [ 49.054219][ T1853] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 49.066710][ T1853] EXT4-fs (loop2): 1 truncate cleaned up [ 49.072653][ T1853] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 49.087675][ T1853] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.623: corrupted in-inode xattr [ 49.100031][ T1853] EXT4-fs warning (device loop2): ext4_xattr_set_entry:1732: inode #15: comm syz.2.623: unable to update i_inline_off [ 49.112776][ T1853] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 49.126286][ T1853] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.623: corrupted in-inode xattr [ 49.144081][ T1855] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.623: corrupted in-inode xattr [ 49.158441][ T334] usb 7-1: USB disconnect, device number 2 [ 49.158472][ C1] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 49.172933][ C1] dummy_hcd dummy_hcd.6: timer fired with no URBs pending? [ 49.182149][ T1538] EXT4-fs (loop2): unmounting filesystem. [ 49.291581][ T1878] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=1878 comm=syz.0.633 [ 49.328186][ T1134] hid-steam 0003:28DE:1142.000A: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0 [ 49.341390][ T1134] hid-steam 0003:28DE:1142.000B: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.5-1/input0 [ 49.413449][ T1893] device vlan1 entered promiscuous mode [ 49.422022][ T1134] hid-steam 0003:28DE:1142.000A: Steam wireless receiver connected [ 49.431104][ T1892] device vlan1 left promiscuous mode [ 49.535651][ T334] usb 6-1: USB disconnect, device number 3 [ 49.548678][ T334] hid-steam 0003:28DE:1142.000A: Steam wireless receiver disconnected [ 49.620189][ T1920] loop0: detected capacity change from 0 to 512 [ 49.634186][ T1920] EXT4-fs error (device loop0): ext4_acquire_dquot:6801: comm syz.0.653: Failed to acquire dquot type 1 [ 49.646277][ T1920] EXT4-fs (loop0): 1 truncate cleaned up [ 49.652330][ T1920] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 49.690692][ T285] EXT4-fs (loop0): unmounting filesystem. [ 49.714550][ T1928] loop6: detected capacity change from 0 to 256 [ 49.724007][ T1928] exFAT-fs (loop6): failed to load upcase table (idx : 0x00012153, chksum : 0xc3dffc2e, utbl_chksum : 0xe619d30d) [ 49.759371][ T1916] loop2: detected capacity change from 0 to 40427 [ 49.767065][ T1916] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 49.775240][ T1916] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 49.788958][ T1916] F2FS-fs (loop2): Found nat_bits in checkpoint [ 49.800754][ T1936] loop0: detected capacity change from 0 to 512 [ 49.807728][ T1936] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 49.832628][ T1916] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 49.839828][ T1916] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 50.086437][ T1954] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 50.098991][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 50.099008][ T28] audit: type=1400 audit(50.080:584): avc: denied { ioctl } for pid=1955 comm="syz.0.664" path="/117/file0/.pending_reads" dev="incremental-fs" ino=2 ioctlcmd=0x4b71 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 50.169785][ T28] audit: type=1400 audit(50.140:585): avc: denied { ioctl } for pid=1960 comm="syz.6.666" path="socket:[25720]" dev="sockfs" ino=25720 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 50.249807][ T28] audit: type=1400 audit(50.220:586): avc: denied { connect } for pid=1973 comm="syz.0.673" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 50.301736][ T28] audit: type=1326 audit(50.270:587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1979 comm="syz.0.676" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f99d618ebe9 code=0x0 [ 50.338999][ T28] audit: type=1400 audit(50.310:588): avc: denied { mounton } for pid=1984 comm="syz.1.678" path="/130/file0" dev="tmpfs" ino=700 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 50.685710][ T2016] loop6: detected capacity change from 0 to 1024 [ 50.694957][ T2016] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.692: bg 0: block 10: padding at end of block bitmap is not set [ 50.709651][ T2016] Quota error (device loop6): write_blk: dquota write failed [ 50.717303][ T2016] Quota error (device loop6): find_free_dqentry: Can't write quota data block 2 [ 50.726650][ T2016] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota [ 50.736884][ T2016] EXT4-fs error (device loop6): ext4_acquire_dquot:6801: comm syz.6.692: Failed to acquire dquot type 0 [ 50.748779][ T2016] Quota error (device loop6): write_blk: dquota write failed [ 50.756377][ T2016] Quota error (device loop6): find_free_dqentry: Can't write quota data block 2 [ 50.765684][ T2016] EXT4-fs error (device loop6): ext4_acquire_dquot:6801: comm syz.6.692: Failed to acquire dquot type 0 [ 50.777264][ T2016] EXT4-fs error (device loop6): ext4_free_blocks:6210: comm syz.6.692: Freeing blocks not in datazone - block = 0, count = 4096 [ 50.791283][ T2016] EXT4-fs error (device loop6): ext4_acquire_dquot:6801: comm syz.6.692: Failed to acquire dquot type 0 [ 50.803079][ T2016] EXT4-fs (loop6): 1 orphan inode deleted [ 50.808866][ T2016] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 50.834418][ T1466] EXT4-fs (loop6): unmounting filesystem. [ 50.891941][ T334] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 51.084670][ T334] usb 6-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 51.093903][ T334] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.102153][ T334] usb 6-1: Product: syz [ 51.106414][ T334] usb 6-1: Manufacturer: syz [ 51.111113][ T334] usb 6-1: SerialNumber: syz [ 51.132078][ T334] r8152-cfgselector 6-1: config 0 descriptor?? [ 51.231951][ T339] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 51.278678][ T2044] loop1: detected capacity change from 0 to 16 [ 51.294787][ T2044] erofs: (device loop1): mounted with root inode @ nid 36. [ 51.423097][ T339] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 51.450542][ T339] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.471926][ T339] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 51.495903][ T339] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 51.519270][ T339] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 51.540529][ T339] usb 7-1: Manufacturer: syz [ 51.544566][ T334] r8152-cfgselector 6-1: Unknown version 0x0000 [ 51.549799][ T339] usb 7-1: config 0 descriptor?? [ 51.551537][ T334] r8152-cfgselector 6-1: bad CDC descriptors [ 51.582709][ T334] r8152-cfgselector 6-1: Unknown version 0x0000 [ 51.600431][ T334] r8152-cfgselector 6-1: USB disconnect, device number 4 [ 51.720960][ T549] Bluetooth: hci0: Frame reassembly failed (-84) [ 51.794271][ T2067] loop2: detected capacity change from 0 to 512 [ 51.803185][ T2067] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.714: iget: bad extended attribute block 1 [ 51.819325][ T2067] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.714: couldn't read orphan inode 15 (err -117) [ 51.832289][ T2067] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 51.877914][ T1538] EXT4-fs (loop2): unmounting filesystem. [ 51.968126][ T339] appleir 0003:05AC:8243.000C: unknown main item tag 0x0 [ 51.975796][ T339] appleir 0003:05AC:8243.000C: No inputs registered, leaving [ 51.984695][ T339] appleir 0003:05AC:8243.000C: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0 [ 52.034098][ T2076] loop2: detected capacity change from 0 to 40427 [ 52.035491][ T2081] loop0: detected capacity change from 0 to 512 [ 52.043130][ T2076] F2FS-fs (loop2): invalid crc value [ 52.047432][ T2081] EXT4-fs: Ignoring removed nobh option [ 52.054355][ T2076] F2FS-fs (loop2): Found nat_bits in checkpoint [ 52.095679][ T2081] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #3: comm syz.0.719: corrupted inode contents [ 52.099404][ T2076] F2FS-fs (loop2): Start checkpoint disabled! [ 52.114633][ T2081] EXT4-fs error (device loop0): ext4_dirty_inode:6121: inode #3: comm syz.0.719: mark_inode_dirty error [ 52.126198][ T2076] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 52.134386][ T2081] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #3: comm syz.0.719: corrupted inode contents [ 52.156692][ T2081] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #3: comm syz.0.719: mark_inode_dirty error [ 52.182875][ T2081] EXT4-fs error (device loop0): ext4_acquire_dquot:6801: comm syz.0.719: Failed to acquire dquot type 0 [ 52.197039][ T43] kworker/u4:2: attempt to access beyond end of device [ 52.197039][ T43] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 52.202972][ T2095] input: syz0 as /devices/virtual/input/input7 [ 52.218883][ T2081] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #16: comm syz.0.719: corrupted inode contents [ 52.238664][ T2081] EXT4-fs error (device loop0): ext4_dirty_inode:6121: inode #16: comm syz.0.719: mark_inode_dirty error [ 52.252863][ T334] usb 7-1: USB disconnect, device number 3 [ 52.270636][ T2081] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #16: comm syz.0.719: corrupted inode contents [ 52.284340][ T2081] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz.0.719: mark_inode_dirty error [ 52.296298][ T2081] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #16: comm syz.0.719: corrupted inode contents [ 52.309015][ T2081] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 52.328533][ T2081] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #16: comm syz.0.719: corrupted inode contents [ 52.330682][ T2100] random: crng reseeded on system resumption [ 52.340800][ T2081] EXT4-fs error (device loop0): ext4_truncate:4314: inode #16: comm syz.0.719: mark_inode_dirty error [ 52.358460][ T2081] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 52.368773][ T2081] EXT4-fs (loop0): 1 truncate cleaned up [ 52.374883][ T2081] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 52.419928][ T285] EXT4-fs (loop0): unmounting filesystem. [ 52.503868][ T2117] sock: sock_set_timeout: `syz.2.734' (pid 2117) tries to set negative timeout [ 52.652743][ T2119] loop2: detected capacity change from 0 to 40427 [ 52.659925][ T2119] F2FS-fs (loop2): heap/no_heap options were deprecated [ 52.667338][ T2119] F2FS-fs (loop2): fault_injection options not supported [ 52.674558][ T2119] F2FS-fs (loop2): fault_type options not supported [ 52.682178][ T2119] F2FS-fs (loop2): invalid crc value [ 52.689727][ T2119] F2FS-fs (loop2): Found nat_bits in checkpoint [ 52.730593][ T2119] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 52.744694][ T2136] xt_bpf: check failed: parse error [ 52.784692][ T1538] syz-executor: attempt to access beyond end of device [ 52.784692][ T1538] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 52.836573][ T2143] loop0: detected capacity change from 0 to 8192 [ 53.024607][ T2166] loop6: detected capacity change from 0 to 256 [ 53.031268][ T2166] exfat: Deprecated parameter 'namecase' [ 53.040536][ T2166] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 53.134549][ T2182] loop6: detected capacity change from 0 to 512 [ 53.142539][ T2182] EXT4-fs (loop6): warning: mounting unchecked fs, running e2fsck is recommended [ 53.152538][ T2182] EXT4-fs (loop6): Errors on filesystem, clearing orphan list. [ 53.160274][ T2182] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 53.173252][ T2182] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 53.194103][ T1466] EXT4-fs (loop6): unmounting filesystem. [ 53.243230][ T2189] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 53.311917][ T334] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 53.332179][ T1134] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 53.493299][ T334] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 53.504746][ T334] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.514980][ T334] usb 3-1: config 0 interface 0 has no altsetting 0 [ 53.521709][ T334] usb 3-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 53.531224][ T334] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.533396][ T1134] usb 1-1: unable to get BOS descriptor or descriptor too short [ 53.547930][ T1134] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 94, changing to 10 [ 53.551589][ T334] usb 3-1: config 0 descriptor?? [ 53.564819][ T1134] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x81 has invalid maxpacket 25502, setting to 1024 [ 53.576298][ T1134] usb 1-1: config 1 interface 0 has no altsetting 0 [ 53.585445][ T1134] usb 1-1: string descriptor 0 read error: -22 [ 53.591806][ T1134] usb 1-1: New USB device found, idVendor=172f, idProduct=0501, bcdDevice= 0.40 [ 53.601258][ T1134] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 53.612309][ T1134] usbhid 1-1:1.0: can't add hid device: -22 [ 53.618374][ T1134] usbhid: probe of 1-1:1.0 failed with error -22 [ 53.631921][ T6] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 53.781920][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 53.782048][ T2061] Bluetooth: hci0: command 0x1003 tx timeout [ 53.811927][ T6] usb 7-1: Using ep0 maxpacket: 32 [ 53.818292][ T6] usb 7-1: config 0 has an invalid interface number: 184 but max is 0 [ 53.838818][ T6] usb 7-1: config 0 has no interface number 0 [ 53.848947][ T6] usb 7-1: config 0 interface 184 has no altsetting 0 [ 53.856753][ T19] usb 1-1: USB disconnect, device number 7 [ 53.864024][ T6] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 53.875489][ T6] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 53.884041][ T6] usb 7-1: Product: syz [ 53.888266][ T6] usb 7-1: Manufacturer: syz [ 53.893177][ T6] usb 7-1: SerialNumber: syz [ 53.899201][ T6] usb 7-1: config 0 descriptor?? [ 53.913363][ T6] smsc75xx v1.0.0 [ 53.927154][ T2203] loop1: detected capacity change from 0 to 512 [ 53.944699][ T2203] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 53.969011][ T284] EXT4-fs (loop1): unmounting filesystem. [ 53.976904][ T334] hid-steam 0003:28DE:1102.000D: unknown main item tag 0x0 [ 53.984453][ T334] hid-steam 0003:28DE:1102.000D: unknown main item tag 0x0 [ 53.992308][ T334] hid-steam 0003:28DE:1102.000D: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0 [ 54.004630][ T334] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 54.011943][ T334] hid-steam 0003:28DE:1102.000E: unknown main item tag 0x0 [ 54.031533][ T334] hid-steam 0003:28DE:1102.000E: hidraw0: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.2-1/input0 [ 54.111939][ T334] hid-steam 0003:28DE:1102.000D: Steam Controller 'XXXXXXXXXX' connected [ 54.123693][ T334] input: Steam Controller as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28DE:1102.000D/input/input8 [ 54.153792][ T2230] xt_hashlimit: size too large, truncated to 1048576 [ 54.193165][ T334] usb 3-1: USB disconnect, device number 5 [ 54.212803][ T334] hid-steam 0003:28DE:1102.000D: Steam Controller 'XXXXXXXXXX' disconnected [ 54.442035][ T1135] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 54.633477][ T1135] usb 6-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 54.646551][ T1135] usb 6-1: config 1 interface 0 has no altsetting 0 [ 54.658938][ T1135] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 54.668175][ T1135] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 54.676286][ T1135] usb 6-1: SerialNumber: syz [ 54.719645][ T2260] netem: change failed [ 54.724857][ T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 54.736148][ T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 54.748311][ T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 54.759620][ T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 54.769706][ T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 54.780286][ T6] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 54.790384][ T6] smsc75xx: probe of 7-1:0.184 failed with error -71 [ 54.798457][ T6] usb 7-1: USB disconnect, device number 4 [ 54.900126][ T2282] x_tables: duplicate underflow at hook 4 [ 54.902027][ T334] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 54.936805][ T2286] netlink: 40 bytes leftover after parsing attributes in process `syz.2.800'. [ 55.032463][ T2299] loop1: detected capacity change from 0 to 128 [ 55.040769][ T2299] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 55.069367][ T284] EXT4-fs (loop1): unmounting filesystem. [ 55.103069][ T334] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 55.111237][ T334] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 55.123324][ T334] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 55.129887][ T2308] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 55.134797][ T334] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 55.155047][ T334] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 55.157105][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 55.164776][ T334] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.181930][ T334] usb 1-1: config 0 descriptor?? [ 55.192565][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 55.193254][ T2248] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 55.210934][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 55.220049][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 55.229362][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 55.238048][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 55.246832][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 55.256217][ T549] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 55.287500][ T1135] cdc_ether 6-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.5-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 55.458833][ T2345] loop1: detected capacity change from 0 to 512 [ 55.466885][ T2345] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 55.478222][ T2345] EXT4-fs (loop1): Errors on filesystem, clearing orphan list. [ 55.486732][ T2345] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 55.506341][ T2345] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 55.530733][ T284] EXT4-fs (loop1): unmounting filesystem. [ 55.536093][ T2354] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 55.581713][ T2360] netlink: 28 bytes leftover after parsing attributes in process `syz.1.833'. [ 55.606266][ T2362] IPv6: NLM_F_REPLACE set, but no existing node found! [ 55.626108][ T334] plantronics 0003:047F:FFFF.000F: unknown main item tag 0xd [ 55.633807][ T19] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 55.643677][ T334] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 55.652831][ T2366] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 55.662685][ T334] plantronics 0003:047F:FFFF.000F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 55.706922][ T1134] usb 6-1: USB disconnect, device number 5 [ 55.713742][ T1134] cdc_ether 6-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.5-1, CDC Ethernet Device [ 55.733608][ T2374] loop1: detected capacity change from 0 to 512 [ 55.740271][ T2374] EXT4-fs: Ignoring removed nomblk_io_submit option [ 55.747443][ T2374] EXT4-fs: Ignoring removed nomblk_io_submit option [ 55.755178][ T2374] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 55.765545][ T2374] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 55.774260][ T2374] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 55.783153][ T2374] EXT4-fs (loop1): 1 truncate cleaned up [ 55.788836][ T2374] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 55.802801][ T2374] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 55.817667][ T284] EXT4-fs (loop1): unmounting filesystem. [ 55.832038][ T19] usb 3-1: Using ep0 maxpacket: 16 [ 55.850118][ T19] usb 3-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0 [ 55.867581][ T2372] loop6: detected capacity change from 0 to 40427 [ 55.874898][ T19] usb 3-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0 [ 55.885171][ T2372] F2FS-fs (loop6): heap/no_heap options were deprecated [ 55.885608][ T19] usb 3-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 55.902049][ T2372] F2FS-fs (loop6): fault_injection options not supported [ 55.905672][ T19] usb 3-1: config 1 interface 0 has no altsetting 0 [ 55.918431][ T2372] F2FS-fs (loop6): fault_type options not supported [ 55.922159][ T19] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 55.935161][ T2372] F2FS-fs (loop6): invalid crc value [ 55.935168][ T19] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 55.935193][ T19] usb 3-1: Product: syz [ 55.954770][ T19] usb 3-1: Manufacturer: syz [ 55.959642][ T19] usb 3-1: SerialNumber: syz [ 55.965397][ T203] usb 1-1: USB disconnect, device number 8 [ 55.974577][ T2372] F2FS-fs (loop6): Found nat_bits in checkpoint [ 56.012805][ T2372] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 56.052507][ T1466] syz-executor: attempt to access beyond end of device [ 56.052507][ T1466] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 56.173842][ T19] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 6 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8 [ 56.231463][ T2387] loop1: detected capacity change from 0 to 128 [ 56.242993][ T2389] loop5: detected capacity change from 0 to 512 [ 56.253026][ T2389] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended [ 56.263687][ T2389] EXT4-fs (loop5): Errors on filesystem, clearing orphan list. [ 56.271277][ T2389] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 56.285127][ T2389] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 212 vs 220 free clusters [ 56.308671][ T1166] EXT4-fs (loop5): unmounting filesystem. [ 56.400842][ T203] usb 3-1: USB disconnect, device number 6 [ 56.408582][ T203] usblp0: removed [ 56.755712][ T28] kauditd_printk_skb: 29 callbacks suppressed [ 56.755730][ T28] audit: type=1400 audit(56.730:612): avc: denied { map } for pid=2420 comm="syz.5.859" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 56.963288][ T2391] loop6: detected capacity change from 0 to 131072 [ 56.973133][ T2391] F2FS-fs (loop6): Found nat_bits in checkpoint [ 57.012267][ T2391] F2FS-fs (loop6): Mounted with checkpoint version = 753bd00b [ 57.038025][ T28] audit: type=1400 audit(57.000:613): avc: denied { write } for pid=2390 comm="syz.6.844" name="encrypted_dir" dev="loop6" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 57.058310][ T2400] loop1: detected capacity change from 0 to 131072 [ 57.060204][ T28] audit: type=1400 audit(57.000:614): avc: denied { add_name } for pid=2390 comm="syz.6.844" name="file" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 57.068579][ T2400] F2FS-fs (loop1): invalid crc value [ 57.085751][ T339] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 57.108783][ T28] audit: type=1400 audit(57.080:615): avc: denied { mount } for pid=2431 comm="syz.2.872" name="/" dev="ramfs" ino=26765 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 57.150890][ T2400] F2FS-fs (loop1): Found nat_bits in checkpoint [ 57.207130][ T2444] netlink: 44 bytes leftover after parsing attributes in process `syz.2.867'. [ 57.219642][ T2400] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 57.268854][ T28] audit: type=1400 audit(57.240:616): avc: denied { mounton } for pid=2399 comm="syz.1.848" path="/176/file0/bus" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 57.290899][ T339] usb 6-1: Using ep0 maxpacket: 32 [ 57.305113][ T339] usb 6-1: config 216 has an invalid interface number: 164 but max is 0 [ 57.312097][ T28] audit: type=1400 audit(57.280:617): avc: denied { setattr } for pid=2399 comm="syz.1.848" name="work" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 57.321914][ T339] usb 6-1: config 216 has an invalid descriptor of length 10, skipping remainder of the config [ 57.341149][ T28] audit: type=1400 audit(57.280:618): avc: denied { remove_name } for pid=2399 comm="syz.1.848" name="#9" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 57.367613][ T339] usb 6-1: config 216 has no interface number 0 [ 57.369221][ T28] audit: type=1400 audit(57.280:619): avc: denied { rename } for pid=2399 comm="syz.1.848" name="#9" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 57.374574][ T2400] overlayfs: failed to resolve './file0/../file0': -2 [ 57.395662][ T28] audit: type=1400 audit(57.300:620): avc: denied { unlink } for pid=2399 comm="syz.1.848" name="#9" dev="loop1" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 57.411950][ T1134] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 57.430310][ T339] usb 6-1: config 216 interface 164 has no altsetting 0 [ 57.443326][ T339] usb 6-1: New USB device found, idVendor=0781, idProduct=55e8, bcdDevice=36.bb [ 57.453075][ T339] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.461607][ T339] usb 6-1: Product: syz [ 57.471734][ T339] usb 6-1: Manufacturer: syz [ 57.477264][ T339] usb 6-1: SerialNumber: syz [ 57.590143][ T28] audit: type=1400 audit(57.560:621): avc: denied { mount } for pid=2462 comm="syz.6.876" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 57.644532][ T1134] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 57.657040][ T1134] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.665241][ T1134] usb 1-1: Product: syz [ 57.669448][ T1134] usb 1-1: Manufacturer: syz [ 57.674769][ T1134] usb 1-1: SerialNumber: syz [ 57.680288][ T1134] r8152-cfgselector 1-1: config 0 descriptor?? [ 57.690188][ T339] usb-storage 6-1:216.164: USB Mass Storage device detected [ 57.702843][ T339] usb-storage 6-1:216.164: Quirks match for vid 0781 pid 55e8: 800000 [ 57.754943][ T339] usb 6-1: USB disconnect, device number 6 [ 58.037707][ T2504] futex_wake_op: syz.6.893 tries to shift op by 32; fix this program [ 58.091318][ T1134] r8152-cfgselector 1-1: Unknown version 0x0000 [ 58.097860][ T1134] r8152-cfgselector 1-1: bad CDC descriptors [ 58.106423][ T1134] r8152-cfgselector 1-1: Unknown version 0x0000 [ 58.115291][ T1134] r8152-cfgselector 1-1: USB disconnect, device number 9 [ 58.173115][ T2523] syz.6.902[2523] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.173236][ T2523] syz.6.902[2523] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 58.181081][ T2525] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 58.219911][ T2529] loop6: detected capacity change from 0 to 128 [ 58.230816][ T2529] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 58.289649][ T1466] EXT4-fs (loop6): unmounting filesystem. [ 58.304154][ T2535] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 58.376012][ T2543] loop6: detected capacity change from 0 to 512 [ 58.384230][ T2543] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.911: casefold flag without casefold feature [ 58.397255][ T2543] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.911: couldn't read orphan inode 15 (err -117) [ 58.410011][ T2543] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 58.427056][ T1466] EXT4-fs (loop6): unmounting filesystem. [ 58.465885][ T2557] loop1: detected capacity change from 0 to 1024 [ 58.493720][ T2557] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 58.506771][ T2557] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.924: Allocating blocks 385-513 which overlap fs metadata [ 58.523398][ T2557] EXT4-fs (loop1): pa ffff8881388e7540: logic 16, phys. 129, len 24 [ 58.531436][ T2557] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 58.551562][ T2562] loop2: detected capacity change from 0 to 128 [ 58.563501][ T2557] syz.1.924 (2557) used greatest stack depth: 19400 bytes left [ 58.573167][ T2563] loop6: detected capacity change from 0 to 1024 [ 58.573716][ T284] EXT4-fs (loop1): unmounting filesystem. [ 58.581643][ T2563] EXT4-fs: Ignoring removed i_version option [ 58.593413][ T2562] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 58.619270][ T2563] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.637764][ T2572] loop0: detected capacity change from 0 to 512 [ 58.647585][ T2563] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 58.654413][ T2574] bridge0: port 2(bridge_slave_1) entered blocking state [ 58.663590][ T2574] bridge0: port 2(bridge_slave_1) entered forwarding state [ 58.671016][ T2574] bridge0: port 1(bridge_slave_0) entered blocking state [ 58.678246][ T2574] bridge0: port 1(bridge_slave_0) entered forwarding state [ 58.688188][ T2574] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 58.690860][ T1538] EXT4-fs (loop2): unmounting filesystem. [ 58.702793][ T1466] EXT4-fs (loop6): unmounting filesystem. [ 58.706744][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 58.718449][ T2572] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 58.728164][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.746588][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 58.755424][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.764634][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.772371][ T2572] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #2: comm syz.0.922: corrupted inode contents [ 58.773379][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.794056][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.802609][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.811569][ T2572] EXT4-fs error (device loop0): ext4_dirty_inode:6121: inode #2: comm syz.0.922: mark_inode_dirty error [ 58.822992][ T2586] device ip6_vti0 entered promiscuous mode [ 58.829118][ T2572] EXT4-fs error (device loop0): ext4_do_update_inode:5256: inode #2: comm syz.0.922: corrupted inode contents [ 58.842796][ T2572] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.922: mark_inode_dirty error [ 58.894803][ T285] EXT4-fs (loop0): unmounting filesystem. [ 58.956165][ T2610] loop0: detected capacity change from 0 to 128 [ 58.969688][ T2612] netlink: 96 bytes leftover after parsing attributes in process `syz.6.939'. [ 58.971031][ T2610] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 59.020889][ T2617] loop5: detected capacity change from 0 to 1024 [ 59.039892][ T285] EXT4-fs (loop0): unmounting filesystem. [ 59.046403][ T2617] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.941: Failed to acquire dquot type 0 [ 59.056768][ T2622] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 59.060576][ T2617] EXT4-fs error (device loop5): mb_free_blocks:1815: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 59.080966][ T2617] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #13: comm syz.5.941: corrupted inode contents [ 59.093384][ T2617] EXT4-fs error (device loop5): ext4_dirty_inode:6121: inode #13: comm syz.5.941: mark_inode_dirty error [ 59.104870][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 59.113676][ T2617] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #13: comm syz.5.941: corrupted inode contents [ 59.126295][ T2617] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #13: comm syz.5.941: mark_inode_dirty error [ 59.138510][ T2617] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #13: comm syz.5.941: corrupted inode contents [ 59.153126][ T2617] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 59.162605][ T2617] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #13: comm syz.5.941: corrupted inode contents [ 59.168820][ T2626] device syz_tun entered promiscuous mode [ 59.175419][ T2617] EXT4-fs error (device loop5): ext4_truncate:4314: inode #13: comm syz.5.941: mark_inode_dirty error [ 59.192002][ T2617] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 59.194539][ T2625] device syz_tun left promiscuous mode [ 59.202151][ T2617] EXT4-fs (loop5): 1 truncate cleaned up [ 59.212498][ T2617] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 59.238291][ T2630] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 59.252249][ T203] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 59.257263][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 59.270472][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 59.286669][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 59.295165][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 59.303696][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 59.312135][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 59.320490][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 59.329154][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 59.473458][ T203] usb 3-1: unable to get BOS descriptor or descriptor too short [ 59.489920][ T2651] loop5: detected capacity change from 0 to 128 [ 59.497086][ T203] usb 3-1: not running at top speed; connect to a high speed hub [ 59.505985][ T203] usb 3-1: config 4 has an invalid interface number: 147 but max is 0 [ 59.515660][ T2645] SELinux: failed to load policy [ 59.531933][ T203] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 59.560616][ T203] usb 3-1: config 4 has no interface number 0 [ 59.574110][ T2657] incfs: Options parsing error. -22 [ 59.578970][ T203] usb 3-1: string descriptor 0 read error: -22 [ 59.585898][ T203] usb 3-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 59.595190][ T203] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 59.602145][ T2657] incfs: mount failed -22 [ 59.613374][ T203] usb 3-1: Found UVC 0.00 device (04f2:b746) [ 59.631915][ T203] usb 3-1: No valid video chain found. [ 59.682092][ T2661] kvm [2660]: vcpu0, guest rIP: 0xfff0 unimplemented MMIO_CONF_BASE wrmsr: 0xcd [ 59.775277][ T2653] loop6: detected capacity change from 0 to 40427 [ 59.787751][ T2653] F2FS-fs (loop6): Found nat_bits in checkpoint [ 59.822266][ T6] usb 3-1: USB disconnect, device number 7 [ 59.826745][ T2653] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 59.847992][ T2675] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 59.865856][ T2670] f2fs_ckpt-7:6: attempt to access beyond end of device [ 59.865856][ T2670] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 59.990287][ T2685] loop6: detected capacity change from 0 to 128 [ 60.051936][ T339] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 60.059877][ T2693] loop6: detected capacity change from 0 to 512 [ 60.066619][ T203] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 60.233004][ T339] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 60.251963][ T339] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 60.263502][ T339] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 60.273854][ T203] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 60.286928][ T339] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 60.288201][ T203] usb 6-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 60.305375][ T339] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 60.305648][ T203] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 60.321719][ T339] usb 2-1: Manufacturer: syz [ 60.327360][ T339] usb 2-1: config 0 descriptor?? [ 60.332148][ T203] usb 6-1: config 0 descriptor?? [ 60.346067][ T2701] loop6: detected capacity change from 0 to 40427 [ 60.353554][ T2701] F2FS-fs (loop6): Small segment_count (9 < 1 * 24) [ 60.360200][ T2701] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock [ 60.371362][ T2701] F2FS-fs (loop6): Found nat_bits in checkpoint [ 60.372949][ T2705] loop2: detected capacity change from 0 to 512 [ 60.384413][ T2705] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22 [ 60.429887][ T2701] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0 [ 60.445615][ T2701] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 60.468982][ T2706] f2fs_ckpt-7:6: attempt to access beyond end of device [ 60.468982][ T2706] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 60.493628][ T2718] loop0: detected capacity change from 0 to 128 [ 60.650158][ T2716] loop2: detected capacity change from 0 to 40427 [ 60.657910][ T2716] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 60.665875][ T2716] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 60.681992][ T2716] F2FS-fs (loop2): invalid crc value [ 60.690298][ T2716] F2FS-fs (loop2): Found nat_bits in checkpoint [ 60.699808][ T2728] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 60.732374][ T2716] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 60.739547][ T2716] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 60.753036][ T203] nintendo 0003:057E:200E.0010: unbalanced collection at end of report description [ 60.763814][ T339] appleir 0003:05AC:8243.0011: unknown main item tag 0x0 [ 60.771141][ T339] appleir 0003:05AC:8243.0011: No inputs registered, leaving [ 60.776412][ T203] nintendo 0003:057E:200E.0010: HID parse failed [ 60.781536][ T339] appleir 0003:05AC:8243.0011: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 60.785943][ T203] nintendo 0003:057E:200E.0010: probe - fail = -22 [ 60.810525][ T203] nintendo: probe of 0003:057E:200E.0010 failed with error -22 [ 60.854577][ T2738] loop0: detected capacity change from 0 to 128 [ 60.915624][ T2748] loop0: detected capacity change from 0 to 1024 [ 60.932453][ T2748] EXT4-fs: Ignoring removed orlov option [ 60.991265][ T2748] EXT4-fs error (device loop0): ext4_expand_extra_isize_ea:2748: inode #15: comm syz.0.994: corrupted in-inode xattr [ 61.012814][ T6] usb 6-1: USB disconnect, device number 7 [ 61.029999][ T2748] EXT4-fs (loop0): Remounting filesystem read-only [ 61.054058][ T291] usb 2-1: USB disconnect, device number 5 [ 61.096543][ T2753] loop0: detected capacity change from 0 to 128 [ 61.126432][ T2746] loop6: detected capacity change from 0 to 40427 [ 61.135116][ T2756] futex_wake_op: syz.2.996 tries to shift op by 32; fix this program [ 61.143542][ T2746] F2FS-fs (loop6): invalid crc value [ 61.152920][ T2746] F2FS-fs (loop6): Found nat_bits in checkpoint [ 61.196009][ T2746] F2FS-fs (loop6): Start checkpoint disabled! [ 61.202976][ T2746] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6 [ 61.261586][ T2766] loop0: detected capacity change from 0 to 1024 [ 61.265012][ T335] kworker/u4:3: attempt to access beyond end of device [ 61.265012][ T335] loop6: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 61.278593][ T2766] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz.0.1009: Allocating blocks 385-513 which overlap fs metadata [ 61.300989][ T2766] EXT4-fs (loop0): pa ffff888113830bd0: logic 16, phys. 129, len 24 [ 61.309122][ T2766] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8 [ 61.370535][ T2772] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 61.431953][ T203] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 61.487505][ T2781] x_tables: duplicate underflow at hook 4 [ 61.613250][ T203] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.644613][ T203] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.670576][ T203] usb 3-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00 [ 61.683129][ T203] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.703114][ T203] usb 3-1: config 0 descriptor?? [ 61.800916][ T28] kauditd_printk_skb: 22 callbacks suppressed [ 61.800941][ T28] audit: type=1400 audit(61.770:642): avc: denied { read } for pid=2799 comm="syz.5.1015" name="usbmon9" dev="devtmpfs" ino=186 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 61.830637][ T28] audit: type=1400 audit(61.770:643): avc: denied { open } for pid=2799 comm="syz.5.1015" path="/dev/usbmon9" dev="devtmpfs" ino=186 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 61.887386][ T28] audit: type=1400 audit(61.860:644): avc: denied { setopt } for pid=2809 comm="syz.1.1019" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 62.113243][ T203] magicmouse 0003:05AC:0324.0012: hidraw0: USB HID v0.00 Device [HID 05ac:0324] on usb-dummy_hcd.2-1/input0 [ 62.125042][ T203] magicmouse 0003:05AC:0324.0012: magicmouse input not registered [ 62.133461][ T203] magicmouse: probe of 0003:05AC:0324.0012 failed with error -12 [ 62.191948][ T334] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 62.315841][ T203] usb 3-1: USB disconnect, device number 8 [ 62.372987][ T334] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 62.382848][ T334] usb 1-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 62.392005][ T334] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.400610][ T334] usb 1-1: config 0 descriptor?? [ 62.794511][ T2825] loop6: detected capacity change from 0 to 512 [ 62.804600][ T2825] EXT4-fs error (device loop6): ext4_read_inode_bitmap:140: comm syz.6.1024: Invalid inode bitmap blk 4 in block_group 0 [ 62.827809][ T28] audit: type=1400 audit(62.800:645): avc: denied { read } for pid=2821 comm="syz.6.1024" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 62.847707][ T334] nintendo 0003:057E:200E.0013: unbalanced collection at end of report description [ 62.867489][ T334] nintendo 0003:057E:200E.0013: HID parse failed [ 62.870809][ T2837] loop6: detected capacity change from 0 to 1024 [ 62.881012][ T2837] EXT4-fs: Ignoring removed orlov option [ 62.886917][ T334] nintendo 0003:057E:200E.0013: probe - fail = -22 [ 62.902152][ T334] nintendo: probe of 0003:057E:200E.0013 failed with error -22 [ 62.932276][ T2837] EXT4-fs error (device loop6): ext4_expand_extra_isize_ea:2748: inode #15: comm syz.6.1027: corrupted in-inode xattr [ 62.950269][ T2837] EXT4-fs (loop6): Remounting filesystem read-only [ 63.025670][ T334] usb 1-1: USB disconnect, device number 10 [ 63.071912][ T291] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 63.134319][ T2843] loop2: detected capacity change from 0 to 40427 [ 63.141685][ T2843] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 63.149727][ T2843] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 63.158958][ T2843] F2FS-fs (loop2): invalid crc value [ 63.172635][ T2843] F2FS-fs (loop2): Found nat_bits in checkpoint [ 63.240652][ T2843] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 63.247928][ T2843] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 63.282972][ T291] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 63.294021][ T291] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.307143][ T291] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 63.341969][ T291] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 63.351267][ T291] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 63.382174][ T291] usb 6-1: Manufacturer: syz [ 63.387762][ T291] usb 6-1: config 0 descriptor?? [ 63.395284][ T2877] loop1: detected capacity change from 0 to 512 [ 63.402882][ T2877] EXT4-fs (loop1): Test dummy encryption mode enabled [ 63.409697][ T2877] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 63.421659][ T2877] EXT4-fs (loop1): 1 truncate cleaned up [ 63.429840][ T2877] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 63.440334][ T2877] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 63.449034][ T28] audit: type=1400 audit(63.420:646): avc: denied { link } for pid=2876 comm="syz.1.1047" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 63.449306][ T2877] EXT4-fs warning (device loop1): __ext4fs_dirhash:270: inode #2: comm syz.1.1047: Siphash requires key [ 63.502943][ T19] usb 7-1: new full-speed USB device number 5 using dummy_hcd [ 63.617683][ T285] ------------[ cut here ]------------ [ 63.623309][ T285] WARNING: CPU: 1 PID: 285 at fs/inode.c:332 drop_nlink+0xc5/0x110 [ 63.631287][ T285] Modules linked in: [ 63.635281][ T285] CPU: 1 PID: 285 Comm: syz-executor Not tainted syzkaller #0 [ 63.642807][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 63.653003][ T285] RIP: 0010:drop_nlink+0xc5/0x110 [ 63.658093][ T285] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 03 ea f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b 82 ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 63.677856][ T285] RSP: 0018:ffffc9000d31fc38 EFLAGS: 00010293 [ 63.684316][ T285] RAX: ffffffff81c386c5 RBX: ffff8881152dd368 RCX: ffff88810e688000 [ 63.692512][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 63.693377][ T19] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 63.700533][ T285] RBP: ffffc9000d31fc60 R08: 0000000000000004 R09: 0000000000000003 [ 63.712130][ T19] usb 7-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.719808][ T285] R10: fffff52001a63f78 R11: 1ffff92001a63f78 R12: dffffc0000000000 [ 63.729973][ T19] usb 7-1: config 0 interface 0 has no altsetting 0 [ 63.737698][ T285] R13: 1ffff11022a5ba76 R14: ffff8881152dd3b0 R15: 0000000000000000 [ 63.737720][ T285] FS: 0000555566bee500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 63.744821][ T19] usb 7-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 63.752377][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 63.761753][ T19] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.770413][ T285] CR2: 0000555566c114e8 CR3: 000000012ef95000 CR4: 00000000003506a0 [ 63.770440][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 63.770452][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 63.778818][ T19] usb 7-1: config 0 descriptor?? [ 63.785267][ T285] Call Trace: [ 63.817508][ T285] [ 63.820458][ T285] shmem_rmdir+0x5b/0x90 [ 63.824762][ T285] vfs_rmdir+0x393/0x500 [ 63.829037][ T285] incfs_kill_sb+0x105/0x220 [ 63.833689][ T285] deactivate_locked_super+0xb5/0x120 [ 63.839122][ T285] deactivate_super+0xaf/0xe0 [ 63.843885][ T285] cleanup_mnt+0x45f/0x4e0 [ 63.848346][ T285] __cleanup_mnt+0x19/0x20 [ 63.852931][ T285] task_work_run+0x1db/0x240 [ 63.857571][ T285] ? __cfi_task_work_run+0x10/0x10 [ 63.862741][ T285] ? __x64_sys_umount+0x125/0x160 [ 63.867809][ T285] ? __cfi___x64_sys_umount+0x10/0x10 [ 63.873293][ T285] exit_to_user_mode_loop+0x9b/0xb0 [ 63.878533][ T285] exit_to_user_mode_prepare+0x5a/0xa0 [ 63.884094][ T285] syscall_exit_to_user_mode+0x1a/0x30 [ 63.889685][ T285] do_syscall_64+0x58/0xa0 [ 63.894166][ T285] ? clear_bhb_loop+0x30/0x80 [ 63.898890][ T285] ? clear_bhb_loop+0x30/0x80 [ 63.906394][ T285] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 63.912415][ T285] RIP: 0033:0x7f99d618ff17 [ 63.916871][ T285] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 63.936558][ T285] RSP: 002b:00007ffe888cc558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 63.945051][ T285] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f99d618ff17 [ 63.952024][ T334] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 63.953101][ T285] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe888cc610 [ 63.968621][ T285] RBP: 00007ffe888cc610 R08: 0000000000000000 R09: 0000000000000000 [ 63.976664][ T285] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe888cd6a0 [ 63.984714][ T285] R13: 00007f99d6211c05 R14: 000000000000f860 R15: 00007ffe888cd6e0 [ 63.992776][ T285] [ 63.995831][ T285] ---[ end trace 0000000000000000 ]--- [ 64.001424][ T285] ================================================================== [ 64.002691][ T291] appleir 0003:05AC:8243.0014: unknown main item tag 0x0 [ 64.009523][ T285] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 64.016965][ T291] appleir 0003:05AC:8243.0014: No inputs registered, leaving [ 64.022788][ T285] Write of size 4 at addr 0000000000000170 by task syz-executor/285 [ 64.022810][ T285] [ 64.022816][ T285] CPU: 0 PID: 285 Comm: syz-executor Tainted: G W syzkaller #0 [ 64.032169][ T291] appleir 0003:05AC:8243.0014: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 64.038183][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 64.070611][ T285] Call Trace: [ 64.073927][ T285] [ 64.076963][ T285] __dump_stack+0x21/0x24 [ 64.081341][ T285] dump_stack_lvl+0xee/0x150 [ 64.085954][ T285] ? __cfi_dump_stack_lvl+0x8/0x8 [ 64.090999][ T285] ? ihold+0x20/0x60 [ 64.094927][ T285] ? ihold+0x20/0x60 [ 64.098839][ T285] print_report+0x3d/0x60 [ 64.103197][ T285] kasan_report+0x122/0x150 [ 64.107716][ T285] ? ihold+0x20/0x60 [ 64.111631][ T285] kasan_check_range+0x280/0x290 [ 64.116749][ T285] __kasan_check_write+0x14/0x20 [ 64.121717][ T285] ihold+0x20/0x60 [ 64.125458][ T285] vfs_rmdir+0x25f/0x500 [ 64.129734][ T285] incfs_kill_sb+0x105/0x220 [ 64.134350][ T285] deactivate_locked_super+0xb5/0x120 [ 64.139768][ T285] deactivate_super+0xaf/0xe0 [ 64.144504][ T285] cleanup_mnt+0x45f/0x4e0 [ 64.148941][ T285] __cleanup_mnt+0x19/0x20 [ 64.153367][ T285] task_work_run+0x1db/0x240 [ 64.157967][ T285] ? __cfi_task_work_run+0x10/0x10 [ 64.163090][ T285] ? __x64_sys_umount+0x125/0x160 [ 64.168125][ T285] ? __cfi___x64_sys_umount+0x10/0x10 [ 64.173503][ T285] exit_to_user_mode_loop+0x9b/0xb0 [ 64.178708][ T285] exit_to_user_mode_prepare+0x5a/0xa0 [ 64.184172][ T285] syscall_exit_to_user_mode+0x1a/0x30 [ 64.189669][ T285] do_syscall_64+0x58/0xa0 [ 64.194086][ T285] ? clear_bhb_loop+0x30/0x80 [ 64.198777][ T285] ? clear_bhb_loop+0x30/0x80 [ 64.203459][ T285] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 64.209359][ T285] RIP: 0033:0x7f99d618ff17 [ 64.213782][ T285] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 64.233392][ T285] RSP: 002b:00007ffe888cc558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 64.243461][ T285] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f99d618ff17 [ 64.251854][ T285] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe888cc610 [ 64.259862][ T285] RBP: 00007ffe888cc610 R08: 0000000000000000 R09: 0000000000000000 [ 64.267965][ T285] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe888cd6a0 [ 64.275948][ T285] R13: 00007f99d6211c05 R14: 000000000000f860 R15: 00007ffe888cd6e0 [ 64.283938][ T285] [ 64.287016][ T285] ================================================================== [ 64.297360][ T285] Disabling lock debugging due to kernel taint [ 64.302815][ T28] audit: type=1326 audit(64.280:647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2878 comm="syz.2.1042" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e8cd8ebe9 code=0x7fc00000 [ 64.304026][ T285] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 64.328687][ T19] hid-steam 0003:28DE:1102.0015: unknown main item tag 0x0 [ 64.333940][ T285] #PF: supervisor write access in kernel mode [ 64.333956][ T285] #PF: error_code(0x0002) - not-present page [ 64.333975][ T285] PGD 132b20067 P4D 132b20067 PUD 0 [ 64.334005][ T285] Oops: 0002 [#1] PREEMPT SMP KASAN [ 64.334025][ T285] CPU: 1 PID: 285 Comm: syz-executor Tainted: G B W syzkaller #0 [ 64.334048][ T285] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 64.334060][ T285] RIP: 0010:ihold+0x26/0x60 [ 64.356459][ T19] hid-steam 0003:28DE:1102.0015: unknown main item tag 0x0 [ 64.358831][ T285] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 01 7a ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 f1 [ 64.358853][ T285] RSP: 0018:ffffc9000d31fc78 EFLAGS: 00010246 [ 64.364878][ T19] hid-steam 0003:28DE:1102.0015: : USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.6-1/input0 [ 64.372987][ T285] RAX: ffff88810e688000 RBX: 0000000000000000 RCX: ffff88810e688000 [ 64.373010][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 64.373021][ T285] RBP: ffffc9000d31fc88 R08: dffffc0000000000 R09: fffffbfff0f2d6fd [ 64.373035][ T285] R10: fffffbfff0f2d6fd R11: 1ffffffff0f2d6fc R12: ffff8881152dd374 [ 64.373051][ T285] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 64.385074][ T19] hid-steam 0003:28DE:1102.0016: unknown main item tag 0x0 [ 64.387603][ T285] FS: 0000555566bee500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 64.387628][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.395087][ T19] hid-steam 0003:28DE:1102.0016: unknown main item tag 0x0 [ 64.414447][ T285] CR2: 0000000000000170 CR3: 000000012ef95000 CR4: 00000000003506a0 [ 64.414473][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.414484][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.414496][ T285] Call Trace: [ 64.414503][ T285] [ 64.414513][ T285] vfs_rmdir+0x25f/0x500 [ 64.414543][ T285] incfs_kill_sb+0x105/0x220 [ 64.423746][ T6] usb 6-1: USB disconnect, device number 8 [ 64.431376][ T285] deactivate_locked_super+0xb5/0x120 [ 64.431414][ T285] deactivate_super+0xaf/0xe0 [ 64.440670][ T19] hid-steam 0003:28DE:1102.0016: hidraw1: USB HID v0.01 Device [HID 28de:1102] on usb-dummy_hcd.6-1/input0 [ 64.447375][ T285] cleanup_mnt+0x45f/0x4e0 [ 64.447412][ T285] __cleanup_mnt+0x19/0x20 [ 64.456914][ T334] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 64.463597][ T285] task_work_run+0x1db/0x240 [ 64.463632][ T285] ? __cfi_task_work_run+0x10/0x10 [ 64.473676][ T334] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 64.478968][ T285] ? __x64_sys_umount+0x125/0x160 [ 64.488137][ T334] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 64.494497][ T285] ? __cfi___x64_sys_umount+0x10/0x10 [ 64.494532][ T285] exit_to_user_mode_loop+0x9b/0xb0 [ 64.502210][ T334] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 64.509708][ T285] exit_to_user_mode_prepare+0x5a/0xa0 [ 64.517955][ T334] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 64.525743][ T285] syscall_exit_to_user_mode+0x1a/0x30 [ 64.525777][ T285] do_syscall_64+0x58/0xa0 [ 64.525795][ T285] ? clear_bhb_loop+0x30/0x80 [ 64.531419][ T334] usb 2-1: config 0 descriptor?? [ 64.532071][ T285] ? clear_bhb_loop+0x30/0x80 [ 64.532104][ T285] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 64.538608][ T28] audit: type=1400 audit(64.510:648): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 64.540932][ T285] RIP: 0033:0x7f99d618ff17 [ 64.540954][ T285] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 64.540973][ T285] RSP: 002b:00007ffe888cc558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 64.540995][ T285] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f99d618ff17 [ 64.547025][ T19] hid-steam 0003:28DE:1102.0015: Steam Controller 'XXXXXXXXXX' connected [ 64.552162][ T285] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe888cc610 [ 64.552178][ T285] RBP: 00007ffe888cc610 R08: 0000000000000000 R09: 0000000000000000 [ 64.560239][ T28] audit: type=1400 audit(64.510:649): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 64.568468][ T285] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe888cd6a0 [ 64.568483][ T285] R13: 00007f99d6211c05 R14: 000000000000f860 R15: 00007ffe888cd6e0 [ 64.568501][ T285] [ 64.568508][ T285] Modules linked in: [ 64.568539][ T285] CR2: 0000000000000170 [ 64.568547][ T285] ---[ end trace 0000000000000000 ]--- [ 64.568557][ T285] RIP: 0010:ihold+0x26/0x60 [ 64.574744][ T19] input: Steam Controller as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:28DE:1102.0015/input/input11 [ 64.577384][ T285] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 01 7a ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 f1 [ 64.577405][ T285] RSP: 0018:ffffc9000d31fc78 EFLAGS: 00010246 [ 64.589072][ T28] audit: type=1400 audit(64.510:650): avc: denied { append } for pid=84 comm="syslogd" name="messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 64.592814][ T285] [ 64.592820][ T285] RAX: ffff88810e688000 RBX: 0000000000000000 RCX: ffff88810e688000 [ 64.592835][ T285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 64.592847][ T285] RBP: ffffc9000d31fc88 R08: dffffc0000000000 R09: fffffbfff0f2d6fd [ 64.592863][ T285] R10: fffffbfff0f2d6fd R11: 1ffffffff0f2d6fc R12: ffff8881152dd374 [ 64.598607][ T28] audit: type=1400 audit(64.510:651): avc: denied { open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 64.607664][ T285] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 64.607681][ T285] FS: 0000555566bee500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 64.607699][ T285] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 64.607713][ T285] CR2: 0000000000000170 CR3: 000000012ef95000 CR4: 00000000003506a0 [ 64.607730][ T285] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 64.607743][ T285] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 64.619305][ T19] usb 7-1: USB disconnect, device number 5 [ 64.625640][ T285] Kernel panic - not syncing: Fatal exception [ 64.626100][ T285] Kernel Offset: disabled [ 65.010644][ T285] Rebooting in 86400 seconds..