last executing test programs: 7.187651604s ago: executing program 3 (id=11709): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, 0x0}, &(0x7f00000000c0)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90) io_setup(0x0, &(0x7f00000000c0)) io_setup(0x4, &(0x7f0000000000)) syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket(0x10, 0x803, 0x0) r9 = socket(0x10, 0x803, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]}) 5.959372851s ago: executing program 4 (id=11718): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000300)='kvm_fpu\x00', r1}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 2) 4.869188026s ago: executing program 4 (id=11726): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000010000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000008c0)='page_pool_state_hold\x00', r0}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 4.868608666s ago: executing program 0 (id=11727): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 4.782378314s ago: executing program 4 (id=11729): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000080000000000000000000001811", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 4.740560597s ago: executing program 1 (id=11730): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f0000000180)={[{@test_dummy_encryption}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@barrier_val={'barrier', 0x3d, 0xb24}}, {@init_itable}, {@orlov}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@inlinecrypt}, {@data_err_abort}]}, 0xd, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000140)) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) socket$tipc(0x1e, 0x5, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) clock_gettime(0xffffffc3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10) creat(&(0x7f0000000000)='./bus\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="850000006100000054000000000000009500000000000000b4a8b1541206000000e9c79077fa15ba36eca61299de54cf77c9062430bc068829afff36b31fa7e35ce95d0436c712910560020000005094931ab5affea652f9848fdd33ae4e7df071ae8d7ea01c986008da3e339490eac13d3f1b867ff8c951f8c4b28f441377b5a7566a3524411c461d46f07799a5083f512f211d07acf9e3c8890933d1b2fc9af227c50ee67acebb3bc0d012910bff219d7fb737185ba004f2436bb3675437bd9970185f46527ecec93941fa0432c689a9bc7e0545216ea318985751657e615ced6f0c1bfabe1c15e0cae2a480ec0127cdb5354cd5856a503722fc9775631fcf2042e6f20b7a520197f489fe44d21e90bb234a2f94af09d5203482fcdce01626ff5bde607caba78ee651fc05b17f6511f09e96ddf300232b576ad0ae8630813f8e751b9811efe6fa82ab494e80ac0f82959da1212b3764b089c5e3a1c08e732d822cb5378f4a00cfbb96451a4e03005d0ce3f4a7e21231e282f5c38a91269369a46ab42db4b714e50f040450927045d36be4d7491f75f0c7e3699243e9801d958e2fff00e8de4c3a72067822ee537e365fb2e9ed25f5ea5b254bafc6aadec480a14691cf10ca8b18f5286c4639be88ace76f643abcd4595fc6e74c52cf9b3e871dcdf1e5289a15edc515ce0e876f665e06a420a87029d38a2d9408410817cfc41117649e2a60a2217a5290a75c15cf4150c96851e5b457d9af481880e481ff5a6b0100f3cbe4b6d3a7b598d527f43a6e59240332d653002f19abb3cb6662f8f068f2a501441df4357a090d8aa311080b0ad09ed668d9baeb8a70f24cdbd20c520400a188b8719a0db1ff61168c8fb387e50ded3ab98c87d30676829313caa6ea85b0f8e3ca325bba62dfb59406fbd452100032176b7a491f6dfe25593505a416b15970cc0ecd7a4ea733131961c6c3ee523e41e08150aa48e42399e9ea78131cc0a5ff5e641523450a6737798d22919ea798778dfe9cfbdd3ecd3534ccdea46edd2f1c06653e87d1af043ef2005a9217d8f00eb22b793bfde8c009970446d8bb5cad553fd896a2c8c566"], &(0x7f0000281ffc)='GPL\x00'}, 0x48) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x0) bind$bt_hci(r5, &(0x7f0000000140), 0x6) ioctl$TIOCVHANGUP(0xffffffffffffffff, 0x5437, 0x0) 4.740106127s ago: executing program 0 (id=11731): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000010000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f00000008c0)='page_pool_state_hold\x00', r0}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 2) 4.439396594s ago: executing program 4 (id=11732): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, 0x0}, &(0x7f00000000c0)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90) io_setup(0x0, &(0x7f00000000c0)) io_setup(0x4, &(0x7f0000000000)) syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket(0x10, 0x803, 0x0) r7 = socket(0x10, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10) 4.398678537s ago: executing program 0 (id=11733): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0) 4.398044967s ago: executing program 0 (id=11734): ioctl$KVM_CHECK_EXTENSION(0xffffffffffffffff, 0xae03, 0x1f) socket$inet(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000008002b000000000000000018040000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$unix(0x1, 0x5, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r5}, 0x10) rt_sigaction(0x22, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0xa, 0x3, &(0x7f0000000440)=ANY=[@ANYRES16=r4, @ANYRESOCT=r3, @ANYRESOCT=r4, @ANYRESHEX=r5], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x28, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r7, 0x8983, &(0x7f0000000000)={0x6, 'pimreg0\x00', {0x2}, 0x4}) io_setup(0x6, &(0x7f00000000c0)=0x0) r9 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/profiling', 0x1a1081, 0x0) io_submit(r8, 0x1, &(0x7f0000000040)=[&(0x7f0000001500)={0x0, 0x0, 0x0, 0x1, 0x0, r9, &(0x7f0000000100)='9', 0x1}]) getsockname$packet(r7, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0xab) sendmsg$nl_route_sched(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003e80)=@newtfilter={0x30, 0x2c, 0x800, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r10, {}, {0x10}, {0x0, 0xfff3}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}}, 0x0) syz_open_procfs(0x0, 0x0) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000000)='./file1\x00', 0x1000801, &(0x7f0000000140)=ANY=[], 0xff, 0x208, &(0x7f0000000780)="$eJzsmb9rFEEUx78zu7d7BhEstLA5i4ARzN7unkoai9iKICSilodZQ3STk8sWSUAw2Nj4B/iPKFxlYWcjFlYWKggWXmmj4Mj82Lu5W2917zgs8j7F8J03M2/evNm8gRwIgjiyfP70/eOzqyvrFwAcxyJ8Y//qDOdwa/6H507NyNc7Jx71xv0xAEIM++5f9vcAvFp1gMfarRA/hD2+aHyugystuQmO80bfAkOQxyokWiZguGPM9y3dOWZEmrC7nXTj3laahLKJZBPLpgWIkfj7hwwbAOpmC2bFt7t/8KCdAl0t0iQXNZHvUxiqKsryp+Jb5bhipUDe1+2nTw5lPzD20MpfBI7I6BYY1oxegY8gCBqmm0TW+c+4Q/+Ovjbr/P96kvpsiagqTi6XzskPMe8wfom5ePamuoL5CBlH9VW8UVzlVfPjTREzG7fIP+iB5XS/96a46st/Te9sQhUuAIWhdwtpet22vL1mxKkRP2ft/Fgi/wInfhK6fjAXOGfVJ9d6FZrZ9sPm7v7B8tZ2ezPZTHbiuHU5vBiGl+Kmqs26Lal/dVWfFiz/tQlzPeZhr51l3WgPyLrRoB/r1qq4ay8639Qaruofx9JPIfLnRR3b//Me6v3z9TqmekvOxOAJgiAIgiAIgiAIgiAIgiBKaLwvWPAS5n+VLP9NrIgb31CzfwcAAP//+HdjKA==") socket(0x89bf93a2af2e115d, 0x5, 0x80004) 4.006817671s ago: executing program 3 (id=11735): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r6 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r9 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000022ac1b26000000000000000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x2d) 3.843381815s ago: executing program 1 (id=11736): io_setup(0x3, &(0x7f0000000340)) 3.582840168s ago: executing program 1 (id=11737): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000e8000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000dc0)={&(0x7f0000000980)='neigh_update\x00', r1}, 0x10) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCSARP(r2, 0x8955, &(0x7f0000000040)={{0x2, 0x0, @multicast2}, {}, 0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'ip6gre0\x00'}) (fail_nth: 2) 3.467676558s ago: executing program 0 (id=11738): r0 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'veth0_vlan\x00', 0x0}) unshare(0x62040200) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, 0x0) r3 = gettid() sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r3], 0x28}}, 0x0) 3.168292474s ago: executing program 1 (id=11739): syz_io_uring_setup(0x1390, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mount$bind(&(0x7f00000002c0)='.\x00', 0x0, 0x0, 0x101091, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b00000109022400010000002009040000fd0301000009210000000122010009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x1, {[@main]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000100), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f0000000000)={0x0, 0xffffffff}) r2 = syz_open_procfs(0xffffffffffffffff, 0x0) r3 = syz_open_dev$loop(&(0x7f00000003c0), 0x0, 0x10f242) r4 = memfd_create(&(0x7f0000000640)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xefE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xd1\xa7@\xa1_B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xb0\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcd\x90\x95\xdd\x8a\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x17\x94\xdfW\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xcb\xf0C\x9c\xabf\x1d0x0, 0x2b, 0xa, 0x5c, 0x249db97d, 0x1, @dev={0xfe, 0x80, '\x00', 0x22}, @local, 0x7, 0x8000, 0xffffff81, 0x200}}) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x7fff, 0x0, r2, 0xce4, '\x00', r5, 0xffffffffffffffff, 0x2, 0x2, 0x4}, 0x48) umount2(&(0x7f0000000000)='./file0\x00', 0x0) 3.110697129s ago: executing program 0 (id=11741): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYRES32=0x0], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4000}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000140)='mm_page_alloc\x00', r0}, 0x10) unshare(0x64000600) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000002200000c0000000000feff00760000000f00000045000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='io_uring_register\x00', r1}, 0x10) syz_io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0xd42, 0x20003}, 0x0, 0x0) r2 = syz_io_uring_setup(0x49, &(0x7f0000000340), &(0x7f0000000140), &(0x7f0000000100)) r3 = syz_io_uring_setup(0x1868, &(0x7f00000003c0), &(0x7f0000000040), &(0x7f0000000240)) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_freezer_state(r4, &(0x7f00000000c0), 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000001b40)='sched_switch\x00', r6}, 0x10) r7 = openat$cgroup_procs(r4, &(0x7f00000001c0)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r7, &(0x7f0000000040), 0x12) write$cgroup_freezer_state(r5, &(0x7f0000000400)='FROZEN\x00', 0x7) write$cgroup_freezer_state(r5, &(0x7f0000000080)='THAWED\x00', 0x7) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r2, 0x18, 0x20000000, r8) r9 = creat(&(0x7f0000000080)='./bus\x00', 0x0) r10 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r10, &(0x7f0000000440), 0x10) listen(r10, 0x0) r11 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r11, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10) setsockopt$sock_timeval(r11, 0x1, 0x43, &(0x7f0000000040)={0x0, 0x2710}, 0x10) writev(r11, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x2) writev(r11, &(0x7f0000000740), 0x0) fsetxattr$system_posix_acl(r9, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000010"], 0xfe44, 0x0) 2.558259067s ago: executing program 3 (id=11746): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, 0x0}, &(0x7f00000000c0)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90) io_setup(0x0, &(0x7f00000000c0)) io_setup(0x4, &(0x7f0000000000)) syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket(0x10, 0x803, 0x0) r9 = socket(0x10, 0x803, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]}) 2.115306726s ago: executing program 4 (id=11747): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, 0x0}, &(0x7f00000000c0)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90) io_setup(0x0, &(0x7f00000000c0)) io_setup(0x4, &(0x7f0000000000)) syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc) recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket(0x10, 0x803, 0x0) r9 = socket(0x10, 0x803, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="34000000100081eee80000040000000810000000", @ANYRES32=r11, @ANYBLOB="ddfffffdff000000140012000c000100627269646765"], 0x34}}, 0x0) sendmsg$nl_route(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001400b59500000000002e34000a000000", @ANYBLOB="14000100fc00000000000000000000000000000014000200fe8000000000000000000000000000aa"], 0x48}}, 0x0) getsockname$packet(r9, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000003c0)=@ipv6_newaddr={0x40, 0x14, 0x9535393fea6295b5, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r12}, [@IFA_LOCAL={0x14, 0x2, @local}, @IFA_CACHEINFO={0x14, 0x6, {0x78, 0x1f}}]}, 0x40}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r4}, 0x10) syz_usb_connect$cdc_ncm(0x0, 0x93, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010102020000402505a1a440000102030109028100020100f01f0904000001020d00000624060001c605240001000d240f0102000000010002008106241a040002088f904ea70940000c241b01a70100003709001f0424e9070724141f00ff7f052401010409058103002fab4a804c6793d500020d00000904010102020d0000090582020002c10903090503020004010240"], &(0x7f0000000640)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x250, 0x0, 0x2, 0xa, 0x8, 0xfc}, 0x45, &(0x7f00000001c0)={0x5, 0xf, 0x45, 0x5, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x8, 0x9, 0x6c, 0xffff}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0xc5, "e1c12e4953e95652f92ea7ad11fd5ac3"}, @wireless={0xb, 0x10, 0x1, 0x4, 0xf2, 0x8, 0x7, 0x0, 0x8}, @ss_container_id={0x14, 0x10, 0x4, 0x3, "c2084e74e011acafa7d2bd01f325e399"}]}, 0x6, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x458}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x3009}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x2401}}, {0x7e, &(0x7f0000000300)=@string={0x7e, 0x3, "da582397830a80cba3c89b977de5fee09051f100d9c51117c655ee802f8fa44e30ee334e5bf7bd98bb276b034d390cb115b6457a2648e18a418a0a2324f428a58fbe177719341c215efdf84e407e3fc092c7e2cd1cb86cbf9cd2b1cbb1f835d52b8752e1b37be11932884c869e9274c2c13e27b32611188987477ca2"}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x81a}}, {0x6b, &(0x7f0000000480)=@string={0x6b, 0x3, "bec9a58fdb60d5936738d0a5f6bf3fc759a41ada184f4982ff7ff293bb6418994d3d6a049d358287dfa137fa7b1c154e3a4d5b280ebfc8e838cc3ccecc28f8e0912ba02ada0f43d9475584cd72f2938e59d395a7cf93764fb241de1accbfc00b59d917076499a94cec"}}]}) 831.708988ms ago: executing program 1 (id=11749): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) mkdir(0x0, 0x0) r1 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000029000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r2, 0x5452, &(0x7f0000000180)=0xffffffffffffffff) fcntl$setsig(r2, 0xa, 0x12) ppoll(&(0x7f0000000100)=[{r3}], 0x1, 0x0, &(0x7f0000000080)={[0x8001a0ffffffff]}, 0x8) dup2(r2, r3) fcntl$setown(r3, 0x8, r1) tkill(r1, 0x13) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, 0x0, 0x0, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10) socket(0x10, 0x3, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r6, 0x8982, &(0x7f0000000000)={0x1, 'xfrm0\x00', {}, 0x4}) 831.047028ms ago: executing program 2 (id=11750): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdfe}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r3}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) (fail_nth: 2) 830.334008ms ago: executing program 3 (id=11751): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r1}, 0x10) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r2}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r5}, 0x69) 487.403768ms ago: executing program 2 (id=11752): r0 = socket$netlink(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000000)=0xf) (async) ioctl$TCFLSH(r1, 0x400455c8, 0x0) (async) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x6, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000340)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYBLOB="0000000000000000b70800000000c82a7b8af8ff00000069bfa200000000000007020000f8ffffffb703000048000000b704000000000000850000000100199b4aaf77ba59df31dc205e1a40ae531f7f29ca5fcfc953f7851caa51aba11b80eefe341d3e88a3b96d32d46cccf800"/121], 0x0, 0x2, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='mem_disconnect\x00'}, 0x10) (async) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, 0x0, 0x38}, 0x0) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x9f1b}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={0xffffffffffffffff, r4}, 0xc) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x7, 0x4, 0x4, 0xba, 0x1100, r4}, 0x48) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0}, 0xffffffffffffff64) (async) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={0x0}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0xa0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10) ioctl$TIOCSTI(r1, 0x5437, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket(0x10, 0x3, 0x0) sendmsg$GTP_CMD_DELPDP(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x14}}, 0x0) (async) getsockname$packet(r8, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000000000090", @ANYRES32=r9, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) (async) sendmsg$nl_route_sched(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0x4, 0xffff}, {0x0, 0xfff2}}, [@TCA_RATE={0x6, 0x5, {0x0, 0x8}}]}, 0x2c}}, 0x0) (async) r10 = socket$inet_udp(0x2, 0x2, 0x0) r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r10, 0x1, 0x32, &(0x7f0000000300)=r11, 0x4) 482.845428ms ago: executing program 3 (id=11753): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x2, 0x4, 0x10008, 0x1, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008180000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdfe}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000006c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e8500000008"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2], 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x4, &(0x7f00000007c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000002c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f00000008c0)='page_pool_state_hold\x00', r3}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r4, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 482.382798ms ago: executing program 2 (id=11754): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000008000000000000000000000181100", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r2}, 0x10) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000180)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r3, 0x400454d9, &(0x7f0000000100)={'vlan0\x00', 0x400}) 457.554821ms ago: executing program 1 (id=11755): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000100)={[{@noinline_xattr}, {@io_bits={'io_bits', 0x3d, 0xcd}}, {@four_active_logs}, {@jqfmt_vfsv1}, {@inline_xattr}, {@user_xattr}, {@noflush_merge}, {@fsync_mode_posix}, {@noinline_dentry}, {@noextent_cache}]}, 0x21, 0x552d, &(0x7f000000abc0)="$eJzs3EtvG1UUAODjpOmbEiEW7DqoQkqk2qrTh2BXoBUP0aoqsGAFju1abmxPFDtOyIoFS8SCf4JAYsWS38CCNTvEAsQOCeS5E2gKlZDixKT5Pml85t65c+beURTpzFgO4NhazH77pRIX4kxEzEfE+Yhiv1JuhZspvBARFyNi7pGtUvb/1XEyIs5GxIVJ8pSzUh764vL40vWf3/712+9PnTj35Tc/zG7VwKy9FBH99bS/1U8x76T4sOxvjLtF7F8blzEd6K+V7TzFrfZqkWGrsTuuUcSrnTQ+X98cTuKDXqM5iZ3ug6J/fZAuOBx3dvMUJzxsbBTtVnu1iN1hXsTOTprX9k7637YzHKU8rTLfx0X6GI12Y+pvb7fTetbXitgcjMr+lDdvtbcncVzG8nLRzHutYh6r+7nT/2svvtMdbG5n4/bGsJsPsuu1+su1+o1qfSNvtUfta9VGv3XjWrbU6U2GVUftRv9mJ887vXatmfeXs6VOs1mt17OlW+3VbmOQ1eu1q7Ur1evL5d7l7I2772e9VrY0ia91B5ujbm+YPcg3snTGcrZSu/rKcnapnr1751527/7t23fuvffhrQ/uvnrnrdfLQf+YVra0cmVlpVq/Ul2pL+/vBhyp9X9aTnqK64d9qcx6AgBHj/ofmIWDq/837kccfP0f6v+pOFL173Gv/w9g/bAv6n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGPrx4Wv3ix2FlP7XNn/TNn1XNmuRMRcRPzxL+bj5J6c82WehSeMX3hsDt9VosgwucapcjsbETfL7fdnD/ouAAAAwNPr608ufp6q9fSxOOsJcZjSQ5u58x9NKV8lIhYWf5pStrnJx/NTSlb8fZ+I7SllKx5gnZ5SsvTI7cS0sv0n83vC6UdCJYW5x8+Y2moBAICZ2VsJHG4VAgAAwGH67IlH1g51HhyySuy+ytx9F1x88/7vl31nUturPwAAADi6KrOeAAAAAHDgivrf7/8BAADA0y39/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+ycy+5aQNxHID/NrjQl4qq7nuV7uAYPUKXXVYcoJfgCOQKuQBnILscIYIIj4NCRB7EY6xE3yfZgy3zmxkei5mRBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLV9VydvHv5/+2OZttO3l6AwAAAByzrpaz+sUkXX9u7n9tbn1vrouIKCPi2Nh9EB8OMgdNTvXI89WDNlxG1Am7OkbN8SkifqVjG9+6/hQAAADgXRruTqv5YppG6+k06btVtHbCd5gmbcovvzNVXURENbnOlFbu8n5kCqt/38P4mymtnsAaZwpLU27DXGkvUv/d97N243tFkYry6fdn6zsAAHBGg4PivKMQAAAAzulP3w2gCx+ffaKIu6XM/VLgKBXjgwiLfQAAAPB2FX03AAAAAOhcPf4/Zf+/6Gf/v7ix/x8AAAC8Wtr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC6tq+VsNV9M2+Zstu3k6Q0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADALfvzjgIhEAZhsHd9ZzL3P6w0aGpqUgXCx98YDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7M9LCoRAEETBnPG/k77/YSVBzyBCBDQ8qqhFAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc7Ny/b9xUHADwZ/t8/QGII6AbghBIDLDQ67W0dEMMoIiBPwEpSq8l9MqPNgOtKqQsbChzFwQjQkigsPUfYOqG1EpdytbhhiKxsByyz845TSUuRLEvyecjPb/vOY7f99lSlK+fEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDR6bxon2aYzieNi373Ht1ay/v4TfebOxoPFrGVxVGfSB8Mr1Q9Rt7lEAAAAODqSsr4PITxMN5eyPu7k9X9aHpPV/N8/N4nLev7Jur/sy9o/a7/9+uilrYE6k3Gyk15aHQ5O70yltX+znG/P/+cRrfzK589ekvyGxB+uvzhK8+sZfXv37vvtPDxWR7YAwP9xquyLoPx9KOv7TSYGwJHRqhTeZf2fdJrNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAOo/XwTBlHIYTF1jTO3H98a+Vp/Z2NB4tlO3/79kb1nNkp0hDCpdXh4HSNc5l312/cvLI8HA6u1R+8GkJoavR3i+lf+XiGg0No5PrsV/DPeDze1Xcdbz7nPQVxcbPnJZ+DETT4QwkAgEMpLVpW1z9MN5eyfdFCCOMfttf/b1TiMGP9/+iT8/eqY1Xr/35tM5x/vbWrX/Su37j51urV5cuDy4PP3j7Tf6d/9sK5cxd6+bOSnicmAAAA7E27aNX6P17Yuf5/shKHGev/L7/rfz0d6Y98q/7fabro13QmAAAAR9sLr/39V/SU/VG7Hb5aXlu71p9stz6fmWwbSHXXjhWtWv8nC01nBQAAANRhtB5tW/+/WInDjOv/z/748s/VcyYhhBPF+v+plc+HF+ubzlyr48+Jm54jAAAAzTpRtOr6f5q//x9vvfIQhxDefH0SF/8GcKb6P/ngm5+qYyWV9//P1jfFuRR3J9cj77shtLrbvvx7Y4kBAABwKB0vWlbs/5luLn36y8mP2t7/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjbvwEAAP//E41CoA==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000200)={0xf0}) fstat(r0, &(0x7f0000000340)) 440.373402ms ago: executing program 2 (id=11756): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x8a024, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0) 437.362102ms ago: executing program 3 (id=11757): getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000080)={@empty, 0x0}, &(0x7f00000000c0)=0x14) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{0x1, 0xffffffffffffffff}, &(0x7f0000000100), &(0x7f0000000140)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1b, 0x6, &(0x7f0000000000)=@raw=[@map_fd={0x18, 0x4, 0x1, 0x0, r1}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x3}, @cb_func={0x18, 0x1, 0x4, 0x0, 0xfffffffffffffffe}], &(0x7f0000000240)='syzkaller\x00', 0x5, 0x0, &(0x7f0000000280), 0x41100, 0x51, '\x00', r0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f00000002c0)={0x6, 0x3}, 0x8, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000300)=[r1, r1, r1, r1, r1, r1, r1, r1, r1], 0x0, 0x10, 0x7}, 0x90) io_setup(0x0, &(0x7f00000000c0)) io_setup(0x4, &(0x7f0000000000)) syz_usb_connect$uac1(0x4, 0xa9, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x97, 0x3, 0x1, 0x0, 0x0, 0x7f, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc, 0x24, 0x2, 0x0, 0x0, 0xff}, @selector_unit={0x9, 0x24, 0x5, 0x6, 0x3, "6f853eca"}, @processing_unit={0xd, 0x24, 0x7, 0xfe, 0x0, 0x0, "4336d88b1a56"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x40, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x3, 0x0, 0x2, "f6f81132fff8"}, @as_header={0x7, 0x24, 0x1, 0xfe}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='memory.events\x00', 0x26e1, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc4c, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='ext4_ext_rm_leaf\x00', r3}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x808, 0x8}, 0x48) syz_usb_connect(0x0, 0x2d, &(0x7f0000000540)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b0001000000000904"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) bind$netlink(r2, &(0x7f0000000380)={0x10, 0x0, 0x25dfdbff, 0x2000}, 0xc) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket(0x10, 0x803, 0x0) r7 = socket(0x10, 0x803, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0) r8 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r8}, 0x10) 403.000615ms ago: executing program 2 (id=11758): clock_gettime(0x0, 0x0) 357.408809ms ago: executing program 2 (id=11759): bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1, 0x2, 0x10000, 0x5, 0x0, 0x1}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000340)={0x0, 0x0}) sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x238804}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, 0x3e9, 0x10, 0x70bd28, 0x25dfdbfe, {0x43, 0x0, 0x0, r0, 0x6, 0x80000000, 0x9b38, 0x4, 0x0, 0x7, 0x5}, ["", "", "", "", "", "", "", ""]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000}, 0x11) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$loop_ctrl(0xffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000c80)=0x9) socket$netlink(0x10, 0x3, 0x4) getpgid(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket(0xa, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x11, 0x5, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='kmem_cache_free\x00', r7}, 0x10) syz_emit_ethernet(0x4e, &(0x7f0000000100)=ANY=[@ANYBLOB="85a2fa90e20700000000000086dd6000000000180000fe8000000000000000000000000000bbff020000000000000000000000000001860090"], 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000002c0)={0x0, @loopback, @local}, &(0x7f00000004c0)=0xc) setresgid(0x0, r6, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000100), &(0x7f0000000180)=0xc) sendmmsg$unix(r4, &(0x7f0000002fc0)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000001b40)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0xee00, r6}}}], 0x20}}], 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu/syz1\x00', 0x1ff) 0s ago: executing program 4 (id=11760): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8c}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000280)='sys_enter\x00'}, 0x10) getrlimit(0xe, &(0x7f0000000180)) (fail_nth: 1) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) kernel console output (not intermixed with test programs): T12093] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2296.181766][T12093] Call Trace: [ 2296.184889][T12093] [ 2296.187669][T12093] dump_stack_lvl+0x151/0x1b7 [ 2296.192181][T12093] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2296.197475][T12093] ? selinux_socket_bind+0x3c3/0xe40 [ 2296.202600][T12093] dump_stack+0x15/0x1c [ 2296.206588][T12093] should_fail_ex+0x3d0/0x520 [ 2296.211104][T12093] ? unix_bind+0x25c/0xec0 [ 2296.215465][T12093] __should_failslab+0xaf/0xf0 [ 2296.220062][T12093] should_failslab+0x9/0x20 [ 2296.224400][T12093] __kmem_cache_alloc_node+0x3d/0x250 [ 2296.229609][T12093] ? unix_bind+0x25c/0xec0 [ 2296.233862][T12093] __kmalloc+0xa3/0x1e0 [ 2296.237857][T12093] unix_bind+0x25c/0xec0 [ 2296.241934][T12093] ? check_stack_object+0x114/0x130 [ 2296.246971][T12093] ? unix_release+0xc0/0xc0 [ 2296.251308][T12093] ? security_socket_bind+0x82/0xb0 [ 2296.256339][T12093] __sys_bind+0x233/0x2e0 [ 2296.260510][T12093] ? __ia32_sys_socketpair+0xb0/0xb0 [ 2296.265718][T12093] ? debug_smp_processor_id+0x17/0x20 [ 2296.267225][T11963] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2296.270920][T12093] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2296.280894][ T8747] Bluetooth: hci3: Opcode 0x1003 failed: -110 [ 2296.286716][T12093] __x64_sys_bind+0x7a/0x90 [ 2296.296972][T12093] x64_sys_call+0x17f/0x9a0 [ 2296.301302][T12093] do_syscall_64+0x3b/0xb0 [ 2296.305549][T12093] ? clear_bhb_loop+0x55/0xb0 [ 2296.310061][T12093] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2296.315797][T12093] RIP: 0033:0x7f469d57cef9 [ 2296.320539][T12093] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2296.340188][T12093] RSP: 002b:00007f469e2ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 2296.348433][T12093] RAX: ffffffffffffffda RBX: 00007f469d736130 RCX: 00007f469d57cef9 [ 2296.356349][T12093] RDX: 000000000000006e RSI: 0000000020003000 RDI: 0000000000000006 [ 2296.364142][T12093] RBP: 00007f469e2ba090 R08: 0000000000000000 R09: 0000000000000000 [ 2296.371953][T12093] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2296.379764][T12093] R13: 0000000000000000 R14: 00007f469d736130 R15: 00007ffff19bef08 [ 2296.387580][T12093] [ 2296.454221][T12096] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11511'. [ 2296.465543][T12096] device sit3 entered promiscuous mode [ 2296.523761][ T28] audit: type=1400 audit(1725779810.672:622): avc: denied { unmount } for pid=1439 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 2296.547135][T11963] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2296.564813][T11963] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2296.587421][T11963] usb 3-1: Product: syz [ 2296.591417][T11963] usb 3-1: Manufacturer: syz [ 2296.595843][T11963] usb 3-1: SerialNumber: syz [ 2296.617956][T11963] usb 3-1: config 0 descriptor?? [ 2296.687037][T10833] bio_check_eod: 102203 callbacks suppressed [ 2296.687059][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.687059][T10833] loop2: rw=524288, sector=87960, nr_sectors = 8 limit=40427 [ 2296.707024][T11676] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2296.717054][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.717054][T10833] loop2: rw=524288, sector=87968, nr_sectors = 8 limit=40427 [ 2296.731039][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.731039][T10833] loop2: rw=524288, sector=87976, nr_sectors = 8 limit=40427 [ 2296.744989][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.744989][T10833] loop2: rw=524288, sector=87984, nr_sectors = 8 limit=40427 [ 2296.759084][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.759084][T10833] loop2: rw=524288, sector=87992, nr_sectors = 8 limit=40427 [ 2296.773051][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.773051][T10833] loop2: rw=524288, sector=88000, nr_sectors = 8 limit=40427 [ 2296.787167][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.787167][T10833] loop2: rw=524288, sector=88008, nr_sectors = 8 limit=40427 [ 2296.801396][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.801396][T10833] loop2: rw=524288, sector=88016, nr_sectors = 8 limit=40427 [ 2296.815432][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.815432][T10833] loop2: rw=524288, sector=88024, nr_sectors = 8 limit=40427 [ 2296.829536][T10833] syz.2.11195: attempt to access beyond end of device [ 2296.829536][T10833] loop2: rw=524288, sector=88032, nr_sectors = 8 limit=40427 [ 2296.848031][T12103] loop4: detected capacity change from 0 to 40427 [ 2296.878575][T11963] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 2296.891947][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2296.897458][T11963] usb 3-1: USB disconnect, device number 113 [ 2296.913469][T11676] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2296.922563][T11676] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2296.930675][T11676] usb 4-1: Product: syz [ 2296.938169][T12103] F2FS-fs (loop4): Found nat_bits in checkpoint [ 2296.947097][T11676] usb 4-1: Manufacturer: syz [ 2296.959301][T11676] usb 4-1: SerialNumber: syz [ 2296.972880][T11676] usb 4-1: config 0 descriptor?? [ 2297.010456][T12103] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 2297.208287][ T28] audit: type=1400 audit(1725779811.362:623): avc: denied { create } for pid=12102 comm="syz.4.11513" name=E91F7189591E9233614B scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 2297.318304][T12087] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11510'. [ 2297.345131][T12087] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11510'. [ 2297.399744][T11676] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 2297.407517][T11676] usb 4-1: USB disconnect, device number 107 [ 2297.407717][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2297.701935][T12121] FAULT_INJECTION: forcing a failure. [ 2297.701935][T12121] name failslab, interval 1, probability 0, space 0, times 0 [ 2297.714486][T12121] CPU: 1 PID: 12121 Comm: syz.2.11519 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2297.724695][T12121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2297.734594][T12121] Call Trace: [ 2297.737715][T12121] [ 2297.740494][T12121] dump_stack_lvl+0x151/0x1b7 [ 2297.745008][T12121] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2297.750304][T12121] dump_stack+0x15/0x1c [ 2297.754295][T12121] should_fail_ex+0x3d0/0x520 [ 2297.758809][T12121] ? disk_seqf_start+0x6f/0x110 [ 2297.763493][T12121] __should_failslab+0xaf/0xf0 [ 2297.768095][T12121] should_failslab+0x9/0x20 [ 2297.772436][T12121] __kmem_cache_alloc_node+0x3d/0x250 [ 2297.777641][T12121] ? disk_seqf_start+0x6f/0x110 [ 2297.782330][T12121] kmalloc_trace+0x2a/0xa0 [ 2297.786587][T12121] disk_seqf_start+0x6f/0x110 [ 2297.791092][T12121] traverse+0x151/0x530 [ 2297.795088][T12121] ? bit_wait_io_timeout+0x120/0x120 [ 2297.800212][T12121] seq_lseek+0x170/0x270 [ 2297.804285][T12121] proc_reg_llseek+0x1af/0x280 [ 2297.808891][T12121] __x64_sys_lseek+0x14f/0x1e0 [ 2297.813489][T12121] x64_sys_call+0x60/0x9a0 [ 2297.817740][T12121] do_syscall_64+0x3b/0xb0 [ 2297.821993][T12121] ? clear_bhb_loop+0x55/0xb0 [ 2297.826504][T12121] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2297.832234][T12121] RIP: 0033:0x7f2ad377cef9 [ 2297.836487][T12121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2297.855928][T12121] RSP: 002b:00007f2ad44a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000008 [ 2297.864173][T12121] RAX: ffffffffffffffda RBX: 00007f2ad3935f80 RCX: 00007f2ad377cef9 [ 2297.871983][T12121] RDX: 0000000000000000 RSI: 0146e80000000000 RDI: 0000000000000009 [ 2297.879805][T12121] RBP: 00007f2ad44a3090 R08: 0000000000000000 R09: 0000000000000000 [ 2297.887609][T12121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2297.895425][T12121] R13: 0000000000000000 R14: 00007f2ad3935f80 R15: 00007ffd64575978 [ 2297.903239][T12121] [ 2297.911836][T12123] loop4: detected capacity change from 0 to 1024 [ 2297.918377][T12123] EXT4-fs: Ignoring removed orlov option [ 2297.937403][T12123] EXT4-fs (loop4): Test dummy encryption mode enabled [ 2297.967953][T12123] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 2298.707698][ T8749] Bluetooth: hci0: sending frame failed (-49) [ 2298.714205][ T8747] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 2299.208266][ T9754] EXT4-fs (loop4): unmounting filesystem. [ 2299.384217][T12152] FAULT_INJECTION: forcing a failure. [ 2299.384217][T12152] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2299.397135][T12152] CPU: 1 PID: 12152 Comm: syz.3.11523 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2299.406806][T12152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2299.416698][T12152] Call Trace: [ 2299.419823][T12152] [ 2299.422600][T12152] dump_stack_lvl+0x151/0x1b7 [ 2299.427113][T12152] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2299.432409][T12152] ? __check_object_size+0x76/0x650 [ 2299.437445][T12152] dump_stack+0x15/0x1c [ 2299.441432][T12152] should_fail_ex+0x3d0/0x520 [ 2299.445957][T12152] should_fail+0xb/0x10 [ 2299.449938][T12152] should_fail_usercopy+0x1a/0x20 [ 2299.454821][T12152] _copy_from_user+0x1e/0xc0 [ 2299.459229][T12152] move_addr_to_kernel+0x87/0x150 [ 2299.464173][T12152] __sys_sendto+0x2b4/0x600 [ 2299.468516][T12152] ? __ia32_sys_getpeername+0x90/0x90 [ 2299.473822][T12152] ? finish_task_switch+0x167/0x7b0 [ 2299.478864][T12152] ? __kasan_check_write+0x14/0x20 [ 2299.483793][T12152] ? fpregs_restore_userregs+0x130/0x290 [ 2299.489260][T12152] __x64_sys_sendto+0xe5/0x100 [ 2299.493868][T12152] x64_sys_call+0x15c/0x9a0 [ 2299.498633][T12152] do_syscall_64+0x3b/0xb0 [ 2299.502884][T12152] ? clear_bhb_loop+0x55/0xb0 [ 2299.507398][T12152] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2299.513125][T12152] RIP: 0033:0x7f11a297ed8c [ 2299.517816][T12152] Code: 2a 5a 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5a 02 00 48 8b [ 2299.537255][T12152] RSP: 002b:00007f11a27dcec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c [ 2299.545500][T12152] RAX: ffffffffffffffda RBX: 00007f11a27dcfc0 RCX: 00007f11a297ed8c [ 2299.553315][T12152] RDX: 0000000000000020 RSI: 00007f11a27dd010 RDI: 0000000000000003 [ 2299.561126][T12152] RBP: 0000000000000000 R08: 00007f11a27dcf14 R09: 000000000000000c [ 2299.569370][T12152] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000003 [ 2299.577180][T12152] R13: 00007f11a27dcf68 R14: 00007f11a27dd010 R15: 0000000000000000 [ 2299.584998][T12152] [ 2299.833696][T12143] loop1: detected capacity change from 0 to 40427 [ 2299.873326][T12143] F2FS-fs (loop1): Found nat_bits in checkpoint [ 2299.997949][T12143] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 2300.219845][T12166] FAULT_INJECTION: forcing a failure. [ 2300.219845][T12166] name failslab, interval 1, probability 0, space 0, times 0 [ 2300.232323][T12166] CPU: 1 PID: 12166 Comm: syz.1.11525 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2300.242004][T12166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2300.251895][T12166] Call Trace: [ 2300.255042][T12166] [ 2300.257803][T12166] dump_stack_lvl+0x151/0x1b7 [ 2300.262313][T12166] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2300.267703][T12166] ? preempt_schedule_irq+0xe7/0x140 [ 2300.272824][T12166] ? selinux_socket_bind+0x3c3/0xe40 [ 2300.277945][T12166] dump_stack+0x15/0x1c [ 2300.281934][T12166] should_fail_ex+0x3d0/0x520 [ 2300.286450][T12166] ? unix_bind+0x25c/0xec0 [ 2300.290702][T12166] __should_failslab+0xaf/0xf0 [ 2300.295301][T12166] should_failslab+0x9/0x20 [ 2300.299661][T12166] __kmem_cache_alloc_node+0x3d/0x250 [ 2300.304849][T12166] ? unix_bind+0x25c/0xec0 [ 2300.309101][T12166] __kmalloc+0xa3/0x1e0 [ 2300.313100][T12166] unix_bind+0x25c/0xec0 [ 2300.317171][T12166] ? asm_sysvec_reschedule_ipi+0x1b/0x20 [ 2300.322643][T12166] ? __sys_bind+0x16d/0x2e0 [ 2300.326993][T12166] ? unix_release+0xc0/0xc0 [ 2300.331323][T12166] ? security_socket_bind+0x82/0xb0 [ 2300.336357][T12166] __sys_bind+0x233/0x2e0 [ 2300.340522][T12166] ? __ia32_sys_socketpair+0xb0/0xb0 [ 2300.345642][T12166] ? fpregs_restore_userregs+0x130/0x290 [ 2300.351117][T12166] __x64_sys_bind+0x7a/0x90 [ 2300.355450][T12166] x64_sys_call+0x17f/0x9a0 [ 2300.359787][T12166] do_syscall_64+0x3b/0xb0 [ 2300.364038][T12166] ? clear_bhb_loop+0x55/0xb0 [ 2300.368554][T12166] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2300.374281][T12166] RIP: 0033:0x7faa2bd7cef9 [ 2300.378539][T12166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2300.397978][T12166] RSP: 002b:00007faa2cafc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 2300.406222][T12166] RAX: ffffffffffffffda RBX: 00007faa2bf36130 RCX: 00007faa2bd7cef9 [ 2300.414117][T12166] RDX: 000000000000006e RSI: 0000000020003000 RDI: 0000000000000008 [ 2300.421928][T12166] RBP: 00007faa2cafc090 R08: 0000000000000000 R09: 0000000000000000 [ 2300.429760][T12166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2300.437554][T12166] R13: 0000000000000000 R14: 00007faa2bf36130 R15: 00007fff2ba15c38 [ 2300.445368][T12166] [ 2300.603681][T12171] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11528'. [ 2300.799741][T12175] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11534'. [ 2301.056988][ T3012] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 2301.106992][T29701] usb 3-1: new full-speed USB device number 114 using dummy_hcd [ 2301.276534][T12183] loop1: detected capacity change from 0 to 40427 [ 2301.294639][T12183] F2FS-fs (loop1): Found nat_bits in checkpoint [ 2301.343171][T12183] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 2301.467073][ T3012] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2301.574033][T29701] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 2301.600674][T29701] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 2301.697573][T10833] bio_check_eod: 60726 callbacks suppressed [ 2301.697654][T10833] syz.2.11195: attempt to access beyond end of device [ 2301.697654][T10833] loop2: rw=0, sector=86760, nr_sectors = 8 limit=40427 [ 2301.747541][ T3012] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2301.762674][ T3012] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2301.777862][T10833] syz.2.11195: attempt to access beyond end of device [ 2301.777862][T10833] loop2: rw=0, sector=86768, nr_sectors = 8 limit=40427 [ 2301.887098][T29701] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2301.896210][ T3012] usb 4-1: Product: syz [ 2301.900557][T29701] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2301.908670][ T3012] usb 4-1: Manufacturer: syz [ 2301.913086][ T3012] usb 4-1: SerialNumber: syz [ 2301.927076][T10833] syz.2.11195: attempt to access beyond end of device [ 2301.927076][T10833] loop2: rw=0, sector=86776, nr_sectors = 8 limit=40427 [ 2301.940952][ T1439] syz-executor: attempt to access beyond end of device [ 2301.940952][ T1439] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 2301.953750][T29701] usb 3-1: Product: syz [ 2301.961643][ T3012] usb 4-1: config 0 descriptor?? [ 2301.967263][T29701] usb 3-1: Manufacturer: syz [ 2301.987153][T10833] syz.2.11195: attempt to access beyond end of device [ 2301.987153][T10833] loop2: rw=0, sector=86784, nr_sectors = 8 limit=40427 [ 2301.989446][T29701] usb 3-1: SerialNumber: syz [ 2302.000709][T10833] syz.2.11195: attempt to access beyond end of device [ 2302.000709][T10833] loop2: rw=0, sector=86792, nr_sectors = 8 limit=40427 [ 2302.018922][T10833] syz.2.11195: attempt to access beyond end of device [ 2302.018922][T10833] loop2: rw=0, sector=86800, nr_sectors = 8 limit=40427 [ 2302.034336][T10833] syz.2.11195: attempt to access beyond end of device [ 2302.034336][T10833] loop2: rw=0, sector=86808, nr_sectors = 8 limit=40427 [ 2302.072777][T10833] syz.2.11195: attempt to access beyond end of device [ 2302.072777][T10833] loop2: rw=0, sector=86816, nr_sectors = 8 limit=40427 [ 2302.106822][T10833] syz.2.11195: attempt to access beyond end of device [ 2302.106822][T10833] loop2: rw=0, sector=86824, nr_sectors = 8 limit=40427 [ 2302.188923][T12200] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11537'. [ 2302.228580][T12172] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11531'. [ 2302.241507][T12172] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11531'. [ 2302.272020][ T3012] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 2302.283676][ T3012] usb 4-1: USB disconnect, device number 108 [ 2302.290756][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2302.660594][T12214] FAULT_INJECTION: forcing a failure. [ 2302.660594][T12214] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2302.673627][T12214] CPU: 0 PID: 12214 Comm: syz.0.11535 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2302.683270][T12214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2302.693155][T12214] Call Trace: [ 2302.696278][T12214] [ 2302.699060][T12214] dump_stack_lvl+0x151/0x1b7 [ 2302.703582][T12214] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2302.708870][T12214] dump_stack+0x15/0x1c [ 2302.712856][T12214] should_fail_ex+0x3d0/0x520 [ 2302.717374][T12214] should_fail+0xb/0x10 [ 2302.721363][T12214] should_fail_usercopy+0x1a/0x20 [ 2302.726312][T12214] _copy_to_user+0x1e/0x90 [ 2302.730565][T12214] bpf_obj_get_info_by_fd+0xe0b/0x3e60 [ 2302.735857][T12214] ? kasan_set_track+0x4b/0x70 [ 2302.740458][T12214] ? kasan_save_free_info+0x2b/0x40 [ 2302.745498][T12214] ? _kstrtol+0x150/0x150 [ 2302.749660][T12214] ? avc_has_perm_noaudit+0x348/0x430 [ 2302.754877][T12214] ? memcpy+0x56/0x70 [ 2302.758687][T12214] ? bpf_map_get_fd_by_id+0x350/0x350 [ 2302.763896][T12214] ? avc_denied+0x1b0/0x1b0 [ 2302.768235][T12214] ? selinux_capable+0x2f1/0x430 [ 2302.773100][T12214] ? selinux_capset+0xf0/0xf0 [ 2302.777701][T12214] ? vfs_write+0xbb3/0xeb0 [ 2302.781951][T12214] ? __kasan_slab_free+0x11/0x20 [ 2302.786728][T12214] ? cap_capable+0x1d2/0x270 [ 2302.791155][T12214] ? selinux_bpf+0xd2/0x100 [ 2302.795500][T12214] ? security_bpf+0x82/0xb0 [ 2302.799833][T12214] __sys_bpf+0x479/0x7f0 [ 2302.803913][T12214] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 2302.809127][T12214] ? __ia32_sys_read+0x90/0x90 [ 2302.813729][T12214] ? debug_smp_processor_id+0x17/0x20 [ 2302.819012][T12214] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2302.824920][T12214] __x64_sys_bpf+0x7c/0x90 [ 2302.829171][T12214] x64_sys_call+0x87f/0x9a0 [ 2302.833508][T12214] do_syscall_64+0x3b/0xb0 [ 2302.837767][T12214] ? clear_bhb_loop+0x55/0xb0 [ 2302.842279][T12214] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2302.848003][T12214] RIP: 0033:0x7f038417cef9 [ 2302.852266][T12214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2302.871695][T12214] RSP: 002b:00007f0384f7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 2302.879944][T12214] RAX: ffffffffffffffda RBX: 00007f0384336130 RCX: 00007f038417cef9 [ 2302.887757][T12214] RDX: 0000000000000010 RSI: 0000000020000380 RDI: 000000000000000f [ 2302.895566][T12214] RBP: 00007f0384f7e090 R08: 0000000000000000 R09: 0000000000000000 [ 2302.903374][T12214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2302.911449][T12214] R13: 0000000000000000 R14: 00007f0384336130 R15: 00007ffd2e79cfd8 [ 2302.919268][T12214] [ 2303.518411][T12216] loop1: detected capacity change from 0 to 40427 [ 2303.539277][T12216] F2FS-fs (loop1): Invalid segment count (0) [ 2303.557373][T12216] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 2303.594264][T12216] F2FS-fs (loop1): invalid crc value [ 2303.634534][T12216] F2FS-fs (loop1): Found nat_bits in checkpoint [ 2303.768789][T12216] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 2303.778621][T12216] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 2303.824480][T12228] loop3: detected capacity change from 0 to 40427 [ 2303.868499][T12228] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 2303.879660][T12228] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 2303.888857][T12228] F2FS-fs (loop3): invalid crc value [ 2303.910069][T12228] F2FS-fs (loop3): Found nat_bits in checkpoint [ 2304.248705][T11676] usb 3-1: USB disconnect, device number 114 [ 2304.364495][T12228] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 2304.372472][T12228] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 2304.418594][T12246] netlink: 44 bytes leftover after parsing attributes in process `syz.2.11550'. [ 2304.597567][T12255] FAULT_INJECTION: forcing a failure. [ 2304.597567][T12255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2304.610613][T12255] CPU: 1 PID: 12255 Comm: syz.3.11547 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2304.620266][T12255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2304.630185][T12255] Call Trace: [ 2304.633283][T12255] [ 2304.636061][T12255] dump_stack_lvl+0x151/0x1b7 [ 2304.640589][T12255] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2304.645870][T12255] ? __check_object_size+0x76/0x650 [ 2304.650899][T12255] ? ___ratelimit+0xb2/0x5a0 [ 2304.655336][T12255] dump_stack+0x15/0x1c [ 2304.659340][T12255] should_fail_ex+0x3d0/0x520 [ 2304.663837][T12255] should_fail+0xb/0x10 [ 2304.667834][T12255] should_fail_usercopy+0x1a/0x20 [ 2304.672687][T12255] _copy_from_user+0x1e/0xc0 [ 2304.677206][T12255] iovec_from_user+0xc7/0x320 [ 2304.681715][T12255] __import_iovec+0x70/0x430 [ 2304.686309][T12255] ? rcu_read_unlock_special+0xdb/0x4e0 [ 2304.691693][T12255] import_iovec+0xe5/0x120 [ 2304.695950][T12255] copy_msghdr_from_user+0x527/0x670 [ 2304.701071][T12255] ? sendmsg_copy_msghdr+0x70/0x70 [ 2304.706022][T12255] __sys_sendmsg+0x236/0x390 [ 2304.710442][T12255] ? ____sys_sendmsg+0x9a0/0x9a0 [ 2304.715225][T12255] ? __kasan_check_write+0x14/0x20 [ 2304.720250][T12255] ? mutex_unlock+0xb2/0x260 [ 2304.724688][T12255] ? __kasan_check_write+0x14/0x20 [ 2304.729629][T12255] ? fpregs_restore_userregs+0x130/0x290 [ 2304.735094][T12255] __x64_sys_sendmsg+0x7f/0x90 [ 2304.739692][T12255] x64_sys_call+0x16a/0x9a0 [ 2304.744032][T12255] do_syscall_64+0x3b/0xb0 [ 2304.748284][T12255] ? clear_bhb_loop+0x55/0xb0 [ 2304.752802][T12255] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2304.758598][T12255] RIP: 0033:0x7f11a297cef9 [ 2304.762780][T12255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2304.782223][T12255] RSP: 002b:00007f11a27de038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2304.790465][T12255] RAX: ffffffffffffffda RBX: 00007f11a2b36130 RCX: 00007f11a297cef9 [ 2304.798282][T12255] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000000000008 [ 2304.806086][T12255] RBP: 00007f11a27de090 R08: 0000000000000000 R09: 0000000000000000 [ 2304.813900][T12255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2304.821710][T12255] R13: 0000000000000000 R14: 00007f11a2b36130 R15: 00007ffeddd65ad8 [ 2304.829613][T12255] [ 2304.848713][T12258] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11551'. [ 2304.971902][T11676] usb 3-1: new full-speed USB device number 115 using dummy_hcd [ 2305.246999][T11676] usb 3-1: device descriptor read/64, error -71 [ 2305.297041][T11963] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 2305.335178][T12234] loop4: detected capacity change from 0 to 131072 [ 2305.350964][T12234] F2FS-fs (loop4): Test dummy encryption mode enabled [ 2305.359279][T12234] F2FS-fs (loop4): invalid crc value [ 2305.365847][T12234] F2FS-fs (loop4): Found nat_bits in checkpoint [ 2305.377014][ T1847] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 2305.421845][T12234] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 2305.601656][T12282] FAULT_INJECTION: forcing a failure. [ 2305.601656][T12282] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2305.614711][T12282] CPU: 1 PID: 12282 Comm: syz.4.11549 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2305.624365][T12282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2305.634276][T12282] Call Trace: [ 2305.637387][T12282] [ 2305.640164][T12282] dump_stack_lvl+0x151/0x1b7 [ 2305.644680][T12282] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2305.649974][T12282] dump_stack+0x15/0x1c [ 2305.654046][T12282] should_fail_ex+0x3d0/0x520 [ 2305.658567][T12282] should_fail+0xb/0x10 [ 2305.662554][T12282] should_fail_usercopy+0x1a/0x20 [ 2305.667414][T12282] strncpy_from_user+0x24/0x2b0 [ 2305.672100][T12282] ? getname_flags+0xba/0x520 [ 2305.676705][T12282] getname_flags+0xf2/0x520 [ 2305.681044][T12282] __se_sys_newfstatat+0xe2/0x7b0 [ 2305.685901][T12282] ? __this_cpu_preempt_check+0x13/0x20 [ 2305.691282][T12282] ? __x64_sys_newfstatat+0xb0/0xb0 [ 2305.696317][T12282] ? _raw_spin_unlock+0x4c/0x70 [ 2305.701003][T12282] ? finish_task_switch+0x167/0x7b0 [ 2305.706128][T12282] ? __schedule+0xcbd/0x1560 [ 2305.710560][T12282] ? fpregs_restore_userregs+0x130/0x290 [ 2305.716023][T12282] __x64_sys_newfstatat+0x9b/0xb0 [ 2305.720879][T12282] x64_sys_call+0x6e2/0x9a0 [ 2305.725220][T12282] do_syscall_64+0x3b/0xb0 [ 2305.729471][T12282] ? clear_bhb_loop+0x55/0xb0 [ 2305.733985][T12282] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2305.739717][T12282] RIP: 0033:0x7f469d57cef9 [ 2305.743967][T12282] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2305.763408][T12282] RSP: 002b:00007f469e2ba038 EFLAGS: 00000246 ORIG_RAX: 0000000000000106 [ 2305.771653][T12282] RAX: ffffffffffffffda RBX: 00007f469d736130 RCX: 00007f469d57cef9 [ 2305.779470][T12282] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c [ 2305.787273][T12282] RBP: 00007f469e2ba090 R08: 0000000000000000 R09: 0000000000000000 [ 2305.795175][T12282] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 2305.802986][T12282] R13: 0000000000000001 R14: 00007f469d736130 R15: 00007ffff19bef08 [ 2305.810804][T12282] [ 2305.937222][T11963] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2306.167052][T11963] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2306.186176][T11963] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2306.216461][T11963] usb 2-1: Product: syz [ 2306.221634][T11963] usb 2-1: Manufacturer: syz [ 2306.226049][T11963] usb 2-1: SerialNumber: syz [ 2306.263439][T11963] usb 2-1: config 0 descriptor?? [ 2306.327022][T11676] usb 3-1: device descriptor read/64, error -71 [ 2306.427044][ T1847] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2306.518500][T12263] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11555'. [ 2306.541208][T12263] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11555'. [ 2306.568787][T11963] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 2306.592088][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2306.597148][T11676] usb 3-1: new full-speed USB device number 116 using dummy_hcd [ 2306.608680][T11963] usb 2-1: USB disconnect, device number 94 [ 2306.615331][ T1847] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2306.657078][ T1847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2306.664917][ T1847] usb 4-1: Product: syz [ 2306.677062][ T1847] usb 4-1: Manufacturer: syz [ 2306.681499][ T1847] usb 4-1: SerialNumber: syz [ 2306.690618][ T1847] usb 4-1: config 0 descriptor?? [ 2306.716991][T10833] bio_check_eod: 54232 callbacks suppressed [ 2306.717010][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.717010][T10833] loop2: rw=524288, sector=89040, nr_sectors = 8 limit=40427 [ 2306.757049][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.757049][T10833] loop2: rw=524288, sector=89048, nr_sectors = 8 limit=40427 [ 2306.791350][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.791350][T10833] loop2: rw=524288, sector=89056, nr_sectors = 8 limit=40427 [ 2306.815629][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.815629][T10833] loop2: rw=524288, sector=89064, nr_sectors = 8 limit=40427 [ 2306.847135][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.847135][T10833] loop2: rw=524288, sector=89072, nr_sectors = 8 limit=40427 [ 2306.871221][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.871221][T10833] loop2: rw=524288, sector=89080, nr_sectors = 8 limit=40427 [ 2306.903613][T12285] loop4: detected capacity change from 0 to 40427 [ 2306.910002][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.910002][T10833] loop2: rw=524288, sector=89088, nr_sectors = 8 limit=40427 [ 2306.917249][T11676] usb 3-1: device descriptor read/64, error -71 [ 2306.924678][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.924678][T10833] loop2: rw=524288, sector=89096, nr_sectors = 8 limit=40427 [ 2306.938596][T12272] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11558'. [ 2306.943743][T12285] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 2306.967430][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.967430][T10833] loop2: rw=524288, sector=89104, nr_sectors = 8 limit=40427 [ 2306.972218][T12272] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11558'. [ 2306.981339][T12285] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2306.998277][T10833] syz.2.11195: attempt to access beyond end of device [ 2306.998277][T10833] loop2: rw=524288, sector=89112, nr_sectors = 8 limit=40427 [ 2307.013077][T12285] F2FS-fs (loop4): invalid crc value [ 2307.028936][ T1847] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 2307.036730][ T1847] usb 4-1: USB disconnect, device number 109 [ 2307.046420][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2307.073174][T12285] F2FS-fs (loop4): Found nat_bits in checkpoint [ 2307.235222][T12285] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 2307.247006][T12285] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 2308.183730][T12301] loop4: detected capacity change from 0 to 128 [ 2308.193431][T12301] EXT4-fs (loop4): Test dummy encryption mode enabled [ 2308.206660][T12303] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11565'. [ 2308.321788][T12301] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 2308.333782][T12301] ext4 filesystem being mounted at /142/mnt supports timestamps until 2038 (0x7fffffff) [ 2308.488349][T12315] FAULT_INJECTION: forcing a failure. [ 2308.488349][T12315] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2308.520795][T12315] CPU: 0 PID: 12315 Comm: syz.2.11567 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2308.530530][T12315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2308.540425][T12315] Call Trace: [ 2308.543553][T12315] [ 2308.546323][T12315] dump_stack_lvl+0x151/0x1b7 [ 2308.550841][T12315] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2308.556222][T12315] dump_stack+0x15/0x1c [ 2308.560215][T12315] should_fail_ex+0x3d0/0x520 [ 2308.564730][T12315] should_fail+0xb/0x10 [ 2308.568730][T12315] should_fail_usercopy+0x1a/0x20 [ 2308.573577][T12315] _copy_from_user+0x1e/0xc0 [ 2308.578009][T12315] memdup_user+0x63/0xc0 [ 2308.582085][T12315] strndup_user+0x68/0xc0 [ 2308.586249][T12315] __se_sys_mount+0x9b/0x3b0 [ 2308.590679][T12315] ? __x64_sys_mount+0xd0/0xd0 [ 2308.595275][T12315] ? debug_smp_processor_id+0x17/0x20 [ 2308.600484][T12315] __x64_sys_mount+0xbf/0xd0 [ 2308.604909][T12315] x64_sys_call+0x49d/0x9a0 [ 2308.609249][T12315] do_syscall_64+0x3b/0xb0 [ 2308.613503][T12315] ? clear_bhb_loop+0x55/0xb0 [ 2308.618017][T12315] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2308.623750][T12315] RIP: 0033:0x7f2ad377cef9 [ 2308.628005][T12315] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2308.647442][T12315] RSP: 002b:00007f2ad44a3038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2308.655682][T12315] RAX: ffffffffffffffda RBX: 00007f2ad3935f80 RCX: 00007f2ad377cef9 [ 2308.663581][T12315] RDX: 0000000020000b80 RSI: 00000000200010c0 RDI: 0000000000000000 [ 2308.671388][T12315] RBP: 00007f2ad44a3090 R08: 0000000020001000 R09: 0000000000000000 [ 2308.679547][T12315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2308.687368][T12315] R13: 0000000000000000 R14: 00007f2ad3935f80 R15: 00007ffd64575978 [ 2308.695183][T12315] [ 2308.799436][T12323] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11570'. [ 2309.104834][ T9754] EXT4-fs (loop4): unmounting filesystem. [ 2309.133907][T12333] loop4: detected capacity change from 0 to 1024 [ 2309.154786][T12333] EXT4-fs: Ignoring removed orlov option [ 2309.163183][T12333] EXT4-fs (loop4): Test dummy encryption mode enabled [ 2309.172585][T12333] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 2309.207116][T11676] usb usb3-port1: attempt power cycle [ 2309.327115][ T3012] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 2309.767116][ T3012] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 2309.795647][ T3012] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11 [ 2309.819297][ T3012] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024 [ 2309.847064][ T3012] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2309.866480][ T3012] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2309.917070][T12331] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 2309.957215][T11676] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 2310.006881][ T9754] EXT4-fs (loop4): unmounting filesystem. [ 2310.041559][T12347] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11577'. [ 2310.187149][T11676] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 2310.201795][T11676] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 240, changing to 11 [ 2310.241549][T11676] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 33535, setting to 1024 [ 2310.252865][T11676] usb 3-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2310.266787][T11676] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2310.284568][T11676] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2310.338063][T11676] usb 3-1: invalid MIDI in EP 0 [ 2310.796601][T11676] snd-usb-audio: probe of 3-1:27.0 failed with error -22 [ 2310.813156][T11676] usb 3-1: USB disconnect, device number 117 [ 2311.148652][T12363] FAULT_INJECTION: forcing a failure. [ 2311.148652][T12363] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2311.161712][T12363] CPU: 0 PID: 12363 Comm: syz.4.11581 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2311.171426][T12363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2311.181406][T12363] Call Trace: [ 2311.184551][T12363] [ 2311.187307][T12363] dump_stack_lvl+0x151/0x1b7 [ 2311.191820][T12363] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2311.197116][T12363] ? _parse_integer+0x2a/0x40 [ 2311.201630][T12363] dump_stack+0x15/0x1c [ 2311.205622][T12363] should_fail_ex+0x3d0/0x520 [ 2311.210135][T12363] should_fail+0xb/0x10 [ 2311.214129][T12363] should_fail_usercopy+0x1a/0x20 [ 2311.218990][T12363] _copy_from_user+0x1e/0xc0 [ 2311.223417][T12363] iovec_from_user+0xc7/0x320 [ 2311.227927][T12363] ? kasan_set_track+0x4b/0x70 [ 2311.232524][T12363] ? kasan_save_free_info+0x2b/0x40 [ 2311.237564][T12363] __import_iovec+0x70/0x430 [ 2311.241992][T12363] import_iovec+0xe5/0x120 [ 2311.246242][T12363] copy_msghdr_from_user+0x527/0x670 [ 2311.251363][T12363] ? sendmsg_copy_msghdr+0x70/0x70 [ 2311.256315][T12363] __sys_sendmsg+0x236/0x390 [ 2311.260740][T12363] ? ____sys_sendmsg+0x9a0/0x9a0 [ 2311.265511][T12363] ? __kasan_check_write+0x14/0x20 [ 2311.270455][T12363] ? mutex_unlock+0xb2/0x260 [ 2311.274888][T12363] ? __kasan_check_write+0x14/0x20 [ 2311.279834][T12363] ? __ia32_sys_read+0x90/0x90 [ 2311.284439][T12363] ? debug_smp_processor_id+0x17/0x20 [ 2311.289637][T12363] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2311.295547][T12363] __x64_sys_sendmsg+0x7f/0x90 [ 2311.300142][T12363] x64_sys_call+0x16a/0x9a0 [ 2311.304478][T12363] do_syscall_64+0x3b/0xb0 [ 2311.308732][T12363] ? clear_bhb_loop+0x55/0xb0 [ 2311.313247][T12363] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2311.318973][T12363] RIP: 0033:0x7f469d57cef9 [ 2311.323228][T12363] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2311.342671][T12363] RSP: 002b:00007f469e2fc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2311.350913][T12363] RAX: ffffffffffffffda RBX: 00007f469d735f80 RCX: 00007f469d57cef9 [ 2311.358723][T12363] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003 [ 2311.366536][T12363] RBP: 00007f469e2fc090 R08: 0000000000000000 R09: 0000000000000000 [ 2311.374346][T12363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2311.382164][T12363] R13: 0000000000000000 R14: 00007f469d735f80 R15: 00007ffff19bef08 [ 2311.389977][T12363] [ 2311.457005][T29409] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 2311.726993][T10833] bio_check_eod: 69226 callbacks suppressed [ 2311.727013][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.727013][T10833] loop2: rw=524288, sector=88528, nr_sectors = 8 limit=40427 [ 2311.747237][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.747237][T10833] loop2: rw=524288, sector=88536, nr_sectors = 8 limit=40427 [ 2311.781147][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.781147][T10833] loop2: rw=524288, sector=88544, nr_sectors = 8 limit=40427 [ 2311.795462][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.795462][T10833] loop2: rw=524288, sector=88552, nr_sectors = 8 limit=40427 [ 2311.809766][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.809766][T10833] loop2: rw=524288, sector=88560, nr_sectors = 8 limit=40427 [ 2311.823833][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.823833][T10833] loop2: rw=524288, sector=88568, nr_sectors = 8 limit=40427 [ 2311.838044][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.838044][T10833] loop2: rw=524288, sector=88576, nr_sectors = 8 limit=40427 [ 2311.852083][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.852083][T10833] loop2: rw=524288, sector=88584, nr_sectors = 8 limit=40427 [ 2311.865950][T29409] usb 2-1: config index 0 descriptor too short (expected 61732, got 36) [ 2311.867351][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.867351][T10833] loop2: rw=524288, sector=88592, nr_sectors = 8 limit=40427 [ 2311.874448][T29409] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2311.888044][T10833] syz.2.11195: attempt to access beyond end of device [ 2311.888044][T10833] loop2: rw=524288, sector=88600, nr_sectors = 8 limit=40427 [ 2312.860839][T29409] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2312.885937][T29409] usb 2-1: New USB device found, idVendor=045e, idProduct=009d, bcdDevice= 0.00 [ 2312.895568][T12379] FAULT_INJECTION: forcing a failure. [ 2312.895568][T12379] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2312.943706][ T3012] usb 4-1: USB disconnect, device number 110 [ 2312.952096][T12379] CPU: 1 PID: 12379 Comm: syz.4.11586 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2312.961825][T12379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2312.971721][T12379] Call Trace: [ 2312.974842][T12379] [ 2312.977623][T12379] dump_stack_lvl+0x151/0x1b7 [ 2312.982131][T12379] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2312.987430][T12379] dump_stack+0x15/0x1c [ 2312.991419][T12379] should_fail_ex+0x3d0/0x520 [ 2312.995933][T12379] should_fail+0xb/0x10 [ 2312.999926][T12379] should_fail_usercopy+0x1a/0x20 [ 2313.004785][T12379] _copy_to_user+0x1e/0x90 [ 2313.009037][T12379] simple_read_from_buffer+0xc7/0x150 [ 2313.014247][T12379] proc_fail_nth_read+0x1a3/0x210 [ 2313.019107][T12379] ? proc_fault_inject_write+0x390/0x390 [ 2313.024573][T12379] ? fsnotify_perm+0x470/0x5d0 [ 2313.029181][T12379] ? security_file_permission+0x86/0xb0 [ 2313.034556][T12379] ? proc_fault_inject_write+0x390/0x390 [ 2313.040025][T12379] vfs_read+0x26c/0xad0 [ 2313.042047][T29409] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2313.044016][T12379] ? kernel_read+0x1f0/0x1f0 [ 2313.056253][T12379] ? mutex_lock+0xb1/0x1e0 [ 2313.060507][T12379] ? bit_wait_io_timeout+0x120/0x120 [ 2313.065630][T12379] ? __fdget_pos+0x2e2/0x390 [ 2313.070053][T12379] ? ksys_read+0x77/0x2c0 [ 2313.074222][T12379] ksys_read+0x199/0x2c0 [ 2313.078301][T12379] ? vfs_write+0xeb0/0xeb0 [ 2313.082551][T12379] ? debug_smp_processor_id+0x17/0x20 [ 2313.087764][T12379] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2313.090084][T29409] usb 2-1: config 0 descriptor?? [ 2313.093703][T12379] __x64_sys_read+0x7b/0x90 [ 2313.102790][T12379] x64_sys_call+0x28/0x9a0 [ 2313.107029][T12379] do_syscall_64+0x3b/0xb0 [ 2313.111281][T12379] ? clear_bhb_loop+0x55/0xb0 [ 2313.115812][T12379] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2313.121522][T12379] RIP: 0033:0x7f469d57b93c [ 2313.125777][T12379] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 2313.145217][T12379] RSP: 002b:00007f469e2fc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2313.153465][T12379] RAX: ffffffffffffffda RBX: 00007f469d735f80 RCX: 00007f469d57b93c [ 2313.161275][T12379] RDX: 000000000000000f RSI: 00007f469e2fc0a0 RDI: 0000000000000004 [ 2313.169084][T12379] RBP: 00007f469e2fc090 R08: 0000000000000000 R09: 0000000000000000 [ 2313.176897][T12379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2313.184706][T12379] R13: 0000000000000000 R14: 00007f469d735f80 R15: 00007ffff19bef08 [ 2313.192527][T12379] [ 2313.317812][T12391] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11588'. [ 2313.600162][T29409] microsoft 0003:045E:009D.005A: unbalanced delimiter at end of report description [ 2313.609964][T29409] microsoft 0003:045E:009D.005A: parse failed [ 2313.615916][T29409] microsoft: probe of 0003:045E:009D.005A failed with error -22 [ 2313.948164][T12406] loop3: detected capacity change from 0 to 1024 [ 2313.954615][T12406] EXT4-fs: quotafile must be on filesystem root [ 2314.620650][T12414] bridge0: port 1(bridge_slave_0) entered blocking state [ 2314.627890][T12414] bridge0: port 1(bridge_slave_0) entered disabled state [ 2314.635317][T12414] device bridge_slave_0 entered promiscuous mode [ 2314.642647][T12414] bridge0: port 2(bridge_slave_1) entered blocking state [ 2314.650169][T12414] bridge0: port 2(bridge_slave_1) entered disabled state [ 2314.657810][T12414] device bridge_slave_1 entered promiscuous mode [ 2314.665931][T11877] device bridge_slave_1 left promiscuous mode [ 2314.672317][T11877] bridge0: port 2(bridge_slave_1) entered disabled state [ 2314.679939][T11877] device bridge_slave_0 left promiscuous mode [ 2314.686063][T11877] bridge0: port 1(bridge_slave_0) entered disabled state [ 2314.694736][T11877] device dummy0 left promiscuous mode [ 2314.700098][T11877] device veth1_macvtap left promiscuous mode [ 2314.706031][T11877] device veth0_vlan left promiscuous mode [ 2315.073660][T12414] bridge0: port 2(bridge_slave_1) entered blocking state [ 2315.080652][T12414] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2315.087759][T12414] bridge0: port 1(bridge_slave_0) entered blocking state [ 2315.094704][T12414] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2315.155096][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2315.164012][T11676] bridge0: port 1(bridge_slave_0) entered disabled state [ 2315.171489][T11676] bridge0: port 2(bridge_slave_1) entered disabled state [ 2315.190155][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2315.198477][ T1847] bridge0: port 1(bridge_slave_0) entered blocking state [ 2315.205363][ T1847] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2315.213162][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2315.225670][ T1847] bridge0: port 2(bridge_slave_1) entered blocking state [ 2315.232553][ T1847] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2315.257779][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2315.267899][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2315.567088][ T8749] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 2315.567126][ T8747] Bluetooth: hci0: command 0x1003 tx timeout [ 2315.585858][T12414] device veth0_vlan entered promiscuous mode [ 2315.592349][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2315.601019][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2315.609468][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2315.617268][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2315.632631][T12414] device veth1_macvtap entered promiscuous mode [ 2315.640262][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2315.647798][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2315.656740][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2315.665175][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2315.674995][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2315.691876][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2315.700402][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2315.717151][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2315.740242][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2315.772421][T12427] FAULT_INJECTION: forcing a failure. [ 2315.772421][T12427] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2315.788250][T12427] CPU: 0 PID: 12427 Comm: syz.3.11599 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2315.797970][T12427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2315.807864][T12427] Call Trace: [ 2315.810988][T12427] [ 2315.813768][T12427] dump_stack_lvl+0x151/0x1b7 [ 2315.818279][T12427] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2315.823580][T12427] ? _parse_integer+0x2a/0x40 [ 2315.828089][T12427] dump_stack+0x15/0x1c [ 2315.832079][T12427] should_fail_ex+0x3d0/0x520 [ 2315.836591][T12427] should_fail+0xb/0x10 [ 2315.840584][T12427] should_fail_usercopy+0x1a/0x20 [ 2315.845443][T12427] _copy_from_user+0x1e/0xc0 [ 2315.849873][T12427] iovec_from_user+0xc7/0x320 [ 2315.854384][T12427] ? kasan_set_track+0x4b/0x70 [ 2315.858986][T12427] ? kasan_save_free_info+0x2b/0x40 [ 2315.864018][T12427] __import_iovec+0x70/0x430 [ 2315.868449][T12427] import_iovec+0xe5/0x120 [ 2315.872699][T12427] copy_msghdr_from_user+0x527/0x670 [ 2315.877820][T12427] ? sendmsg_copy_msghdr+0x70/0x70 [ 2315.882771][T12427] __sys_sendmsg+0x236/0x390 [ 2315.887197][T12427] ? ____sys_sendmsg+0x9a0/0x9a0 [ 2315.891969][T12427] ? __kasan_check_write+0x14/0x20 [ 2315.896915][T12427] ? mutex_unlock+0xb2/0x260 [ 2315.901344][T12427] ? __kasan_check_write+0x14/0x20 [ 2315.906289][T12427] ? __ia32_sys_read+0x90/0x90 [ 2315.910978][T12427] ? debug_smp_processor_id+0x17/0x20 [ 2315.916180][T12427] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2315.922086][T12427] __x64_sys_sendmsg+0x7f/0x90 [ 2315.926688][T12427] x64_sys_call+0x16a/0x9a0 [ 2315.931031][T12427] do_syscall_64+0x3b/0xb0 [ 2315.935275][T12427] ? clear_bhb_loop+0x55/0xb0 [ 2315.939792][T12427] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2315.945519][T12427] RIP: 0033:0x7f9ccf17cef9 [ 2315.949772][T12427] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2315.969225][T12427] RSP: 002b:00007f9ccfee6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2315.977454][T12427] RAX: ffffffffffffffda RBX: 00007f9ccf335f80 RCX: 00007f9ccf17cef9 [ 2315.985266][T12427] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 2315.993078][T12427] RBP: 00007f9ccfee6090 R08: 0000000000000000 R09: 0000000000000000 [ 2316.000899][T12427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2316.008701][T12427] R13: 0000000000000000 R14: 00007f9ccf335f80 R15: 00007ffff29c7a78 [ 2316.016519][T12427] [ 2316.737183][T10833] bio_check_eod: 90538 callbacks suppressed [ 2316.737228][T10833] syz.2.11195: attempt to access beyond end of device [ 2316.737228][T10833] loop2: rw=0, sector=88232, nr_sectors = 8 limit=40427 [ 2316.873095][ T3012] usb 2-1: USB disconnect, device number 95 [ 2317.009629][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.009629][T10833] loop2: rw=0, sector=88240, nr_sectors = 8 limit=40427 [ 2317.023381][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.023381][T10833] loop2: rw=0, sector=88248, nr_sectors = 8 limit=40427 [ 2317.048123][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.048123][T10833] loop2: rw=0, sector=88256, nr_sectors = 8 limit=40427 [ 2317.066645][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.066645][T10833] loop2: rw=0, sector=88264, nr_sectors = 8 limit=40427 [ 2317.083808][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.083808][T10833] loop2: rw=0, sector=88272, nr_sectors = 8 limit=40427 [ 2317.098912][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.098912][T10833] loop2: rw=0, sector=88280, nr_sectors = 8 limit=40427 [ 2317.148444][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.148444][T10833] loop2: rw=0, sector=88288, nr_sectors = 8 limit=40427 [ 2317.209342][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.209342][T10833] loop2: rw=0, sector=88296, nr_sectors = 8 limit=40427 [ 2317.253394][T10833] syz.2.11195: attempt to access beyond end of device [ 2317.253394][T10833] loop2: rw=0, sector=88304, nr_sectors = 8 limit=40427 [ 2318.130309][T12465] loop3: detected capacity change from 0 to 40427 [ 2318.155239][T12465] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 2318.163104][T12465] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 2318.561132][T12465] F2FS-fs (loop3): Found nat_bits in checkpoint [ 2318.617217][T12465] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 2318.624284][T12465] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 2318.661102][ T28] audit: type=1400 audit(1725779832.812:624): avc: denied { create } for pid=12464 comm="syz.3.11609" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 2318.935628][T12484] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11613'. [ 2318.986499][ T28] audit: type=1400 audit(1725779833.132:625): avc: denied { read } for pid=12464 comm="syz.3.11609" name="file0" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 2319.014358][ T28] audit: type=1400 audit(1725779833.162:626): avc: denied { rename } for pid=12464 comm="syz.3.11609" name="file0" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 2319.069942][T12487] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11615'. [ 2319.152359][T12491] netlink: 40 bytes leftover after parsing attributes in process `syz.3.11614'. [ 2319.488649][ T1847] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 2319.676397][T12499] FAULT_INJECTION: forcing a failure. [ 2319.676397][T12499] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2319.689326][T12499] CPU: 1 PID: 12499 Comm: syz.4.11617 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2319.699076][T12499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2319.708983][T12499] Call Trace: [ 2319.712095][T12499] [ 2319.714876][T12499] dump_stack_lvl+0x151/0x1b7 [ 2319.719389][T12499] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2319.724684][T12499] dump_stack+0x15/0x1c [ 2319.728763][T12499] should_fail_ex+0x3d0/0x520 [ 2319.733276][T12499] should_fail+0xb/0x10 [ 2319.737266][T12499] should_fail_usercopy+0x1a/0x20 [ 2319.742126][T12499] _copy_from_user+0x1e/0xc0 [ 2319.746553][T12499] iovec_from_user+0xc7/0x320 [ 2319.751071][T12499] __import_iovec+0x70/0x430 [ 2319.755496][T12499] ? exc_page_fault+0x4e5/0x6d0 [ 2319.760183][T12499] import_iovec+0xe5/0x120 [ 2319.764433][T12499] copy_msghdr_from_user+0x527/0x670 [ 2319.769553][T12499] ? sendmsg_copy_msghdr+0x70/0x70 [ 2319.774508][T12499] __sys_sendmsg+0x236/0x390 [ 2319.778929][T12499] ? ____sys_sendmsg+0x9a0/0x9a0 [ 2319.783718][T12499] ? fpregs_restore_userregs+0x130/0x290 [ 2319.789172][T12499] __x64_sys_sendmsg+0x7f/0x90 [ 2319.793772][T12499] x64_sys_call+0x16a/0x9a0 [ 2319.798114][T12499] do_syscall_64+0x3b/0xb0 [ 2319.802357][T12499] ? clear_bhb_loop+0x55/0xb0 [ 2319.806873][T12499] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2319.812603][T12499] RIP: 0033:0x7f469d57cef9 [ 2319.817135][T12499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2319.836562][T12499] RSP: 002b:00007f469e2ba038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2319.844809][T12499] RAX: ffffffffffffffda RBX: 00007f469d736130 RCX: 00007f469d57cef9 [ 2319.852620][T12499] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000009 [ 2319.860430][T12499] RBP: 00007f469e2ba090 R08: 0000000000000000 R09: 0000000000000000 [ 2319.868242][T12499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2319.876057][T12499] R13: 0000000000000000 R14: 00007f469d736130 R15: 00007ffff19bef08 [ 2319.883870][T12499] [ 2320.127061][ T1847] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2320.297320][ T1847] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2320.306345][ T1847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2320.597095][ T1847] usb 4-1: Product: syz [ 2320.616051][ T1847] usb 4-1: Manufacturer: syz [ 2320.620705][ T1847] usb 4-1: SerialNumber: syz [ 2320.623166][T12069] Bluetooth: hci0: command 0x1003 tx timeout [ 2320.627245][ T8749] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 2320.679041][ T1847] usb 4-1: config 0 descriptor?? [ 2320.747519][T12518] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11625'. [ 2321.121833][T12495] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11616'. [ 2321.147260][T12495] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11616'. [ 2321.166140][T12526] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11628'. [ 2321.178909][ T1847] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 2321.200212][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2321.217291][ T1847] usb 4-1: USB disconnect, device number 111 [ 2321.395905][T12530] bridge0: port 1(bridge_slave_0) entered blocking state [ 2321.411244][T12530] bridge0: port 1(bridge_slave_0) entered disabled state [ 2321.425995][T12530] device bridge_slave_0 entered promiscuous mode [ 2321.443737][T12530] bridge0: port 2(bridge_slave_1) entered blocking state [ 2321.451048][T12530] bridge0: port 2(bridge_slave_1) entered disabled state [ 2321.458649][T12530] device bridge_slave_1 entered promiscuous mode [ 2321.507295][ T4431] tipc: Left network mode [ 2321.554469][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.562702][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.570454][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.577786][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.585020][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.592347][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.599715][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.607024][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.614531][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.621870][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.629324][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.635234][T12530] bridge0: port 2(bridge_slave_1) entered blocking state [ 2321.636585][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.643399][T12530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2321.643497][T12530] bridge0: port 1(bridge_slave_0) entered blocking state [ 2321.664471][T12530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2321.666996][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.680962][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.688355][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.695549][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.702966][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.727055][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.734288][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.747021][T10833] bio_check_eod: 90785 callbacks suppressed [ 2321.747038][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.747038][T10833] loop2: rw=524288, sector=89912, nr_sectors = 8 limit=40427 [ 2321.747708][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.753019][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.753019][T10833] loop2: rw=524288, sector=89920, nr_sectors = 8 limit=40427 [ 2321.774527][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.788509][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.788509][T10833] loop2: rw=524288, sector=89928, nr_sectors = 8 limit=40427 [ 2321.799958][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.808805][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.808805][T10833] loop2: rw=524288, sector=89936, nr_sectors = 8 limit=40427 [ 2321.829875][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.837310][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.844616][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.851211][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.851211][T10833] loop2: rw=524288, sector=89944, nr_sectors = 8 limit=40427 [ 2321.853773][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.871839][T12530] device veth0_vlan entered promiscuous mode [ 2321.878743][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.880208][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.880208][T10833] loop2: rw=524288, sector=89952, nr_sectors = 8 limit=40427 [ 2321.886115][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.900830][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.900830][T10833] loop2: rw=524288, sector=89960, nr_sectors = 8 limit=40427 [ 2321.908150][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.921021][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.921021][T10833] loop2: rw=524288, sector=89968, nr_sectors = 8 limit=40427 [ 2321.929480][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.942499][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.942499][T10833] loop2: rw=0, sector=86016, nr_sectors = 8 limit=40427 [ 2321.949395][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.970407][T10833] syz.2.11195: attempt to access beyond end of device [ 2321.970407][T10833] loop2: rw=0, sector=86024, nr_sectors = 8 limit=40427 [ 2321.971090][T29409] hid-generic 0000:0000:0000.005B: unknown main item tag 0x0 [ 2321.993131][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2322.000552][T29409] hid-generic 0000:0000:0000.005B: hidraw0: HID v0.00 Device [syz0] on syz0 [ 2322.010400][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2322.018908][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2322.028583][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2322.036473][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2322.044788][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2322.053353][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2322.061476][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2322.068836][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2322.076333][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2322.085118][T12530] device veth1_macvtap entered promiscuous mode [ 2322.101815][T12538] loop3: detected capacity change from 0 to 16 [ 2322.112156][T12538] erofs: (device loop3): mounted with root inode @ nid 36. [ 2322.128538][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2322.195714][ T3012] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2322.216717][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2322.225623][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2322.305239][T12544] input: syz0 as /devices/virtual/input/input30 [ 2322.778006][ T4431] device bridge_slave_1 left promiscuous mode [ 2322.785047][ T4431] bridge0: port 2(bridge_slave_1) entered disabled state [ 2322.802695][ T4431] device bridge_slave_0 left promiscuous mode [ 2322.821027][ T4431] bridge0: port 1(bridge_slave_0) entered disabled state [ 2322.835265][T12558] loop1: detected capacity change from 0 to 2048 [ 2322.848056][ T4431] device veth1_macvtap left promiscuous mode [ 2322.861074][ T4431] device veth0_vlan left promiscuous mode [ 2322.867586][T12558] EXT4-fs error (device loop1): __ext4_fill_super:5386: inode #2: comm syz.1.11635: casefold flag without casefold feature [ 2322.906632][T12558] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 2322.995917][T12548] loop4: detected capacity change from 0 to 40427 [ 2323.003391][T12563] loop3: detected capacity change from 0 to 16 [ 2323.010257][T12558] EXT4-fs (loop1): Errors on filesystem, clearing orphan list. [ 2323.026205][T12548] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 2323.032409][T12558] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 2323.034192][T12563] erofs: (device loop3): mounted with root inode @ nid 36. [ 2323.049822][T12548] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 2323.085286][T12548] F2FS-fs (loop4): invalid crc value [ 2323.128161][T12548] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 2323.262052][T12548] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 2323.273449][T12548] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 2323.699767][T12570] input: syz0 as /devices/virtual/input/input31 [ 2324.141516][T12577] netlink: 40 bytes leftover after parsing attributes in process `syz.4.11637'. [ 2324.417037][ T3012] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 2324.649898][T12584] loop4: detected capacity change from 0 to 40427 [ 2324.667146][ T3012] usb 3-1: Using ep0 maxpacket: 8 [ 2324.675692][T12584] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 2324.695570][T12584] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 2324.744960][T12584] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 2324.817058][ T3012] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2324.817183][T12584] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 2324.844926][T12584] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 2324.847221][ T3012] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2324.902471][ T3012] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 2324.937085][ T3012] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2324.969624][ T3012] usb 3-1: config 0 descriptor?? [ 2325.428930][ T3012] hid-picolcd 0003:04D8:F002.005C: item fetching failed at offset 5/7 [ 2325.447158][ T3012] hid-picolcd 0003:04D8:F002.005C: device report parse failed [ 2325.466988][ T3012] hid-picolcd: probe of 0003:04D8:F002.005C failed with error -22 [ 2325.629472][ T552] usb 3-1: USB disconnect, device number 118 [ 2325.698636][T12530] EXT4-fs (loop1): unmounting filesystem. [ 2325.797110][T12586] loop3: detected capacity change from 0 to 131072 [ 2325.808744][T12586] F2FS-fs (loop3): Test dummy encryption mode enabled [ 2325.817555][ T4431] device bridge_slave_1 left promiscuous mode [ 2325.824416][ T4431] bridge0: port 2(bridge_slave_1) entered disabled state [ 2325.831924][T12586] F2FS-fs (loop3): invalid crc value [ 2325.847686][ T4431] device bridge_slave_0 left promiscuous mode [ 2325.859225][ T4431] bridge0: port 1(bridge_slave_0) entered disabled state [ 2325.866563][T12586] F2FS-fs (loop3): Found nat_bits in checkpoint [ 2325.897881][ T4431] device veth1_macvtap left promiscuous mode [ 2325.903758][ T4431] device veth0_vlan left promiscuous mode [ 2325.924475][T12586] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 2326.139163][T12607] 9pnet_fd: Insufficient options for proto=fd [ 2326.280593][T12599] bridge0: port 1(bridge_slave_0) entered blocking state [ 2326.296975][T12599] bridge0: port 1(bridge_slave_0) entered disabled state [ 2326.314591][T12599] device bridge_slave_0 entered promiscuous mode [ 2326.325097][T12599] bridge0: port 2(bridge_slave_1) entered blocking state [ 2326.344366][T12599] bridge0: port 2(bridge_slave_1) entered disabled state [ 2326.354965][T12599] device bridge_slave_1 entered promiscuous mode [ 2326.514396][T12599] bridge0: port 2(bridge_slave_1) entered blocking state [ 2326.521309][T12599] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2326.528399][T12599] bridge0: port 1(bridge_slave_0) entered blocking state [ 2326.535156][T12599] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2326.546989][ T3012] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 2326.616395][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 2326.625674][ T317] bridge0: port 1(bridge_slave_0) entered disabled state [ 2326.645996][ T317] bridge0: port 2(bridge_slave_1) entered disabled state [ 2326.676141][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 2326.680507][ T552] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 2326.685241][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 2326.707212][T29701] bridge0: port 1(bridge_slave_0) entered blocking state [ 2326.714079][T29701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2326.747076][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 2326.755277][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 2326.757148][T10833] bio_check_eod: 66454 callbacks suppressed [ 2326.757166][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.757166][T10833] loop2: rw=0, sector=86968, nr_sectors = 8 limit=40427 [ 2326.770529][T29701] bridge0: port 2(bridge_slave_1) entered blocking state [ 2326.782537][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.782537][T10833] loop2: rw=0, sector=86976, nr_sectors = 8 limit=40427 [ 2326.789125][T29701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2326.805664][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 2326.809789][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.809789][T10833] loop2: rw=0, sector=86984, nr_sectors = 8 limit=40427 [ 2326.830690][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.830690][T10833] loop2: rw=0, sector=86992, nr_sectors = 8 limit=40427 [ 2326.844940][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 2326.845128][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.845128][T10833] loop2: rw=0, sector=87000, nr_sectors = 8 limit=40427 [ 2326.866100][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.866100][T10833] loop2: rw=0, sector=87008, nr_sectors = 8 limit=40427 [ 2326.867427][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 2326.879666][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.879666][T10833] loop2: rw=0, sector=87016, nr_sectors = 8 limit=40427 [ 2326.900680][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.900680][T10833] loop2: rw=0, sector=87024, nr_sectors = 8 limit=40427 [ 2326.907660][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 2326.914969][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.914969][T10833] loop2: rw=0, sector=87032, nr_sectors = 8 limit=40427 [ 2326.935763][T10833] syz.2.11195: attempt to access beyond end of device [ 2326.935763][T10833] loop2: rw=0, sector=87040, nr_sectors = 8 limit=40427 [ 2326.947840][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 2326.957513][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 2326.978118][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 2326.986079][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 2326.997132][ T3012] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2327.007488][T12599] device veth0_vlan entered promiscuous mode [ 2327.016147][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 2327.026313][T11676] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 2327.050993][T12599] device veth1_macvtap entered promiscuous mode [ 2327.057158][ T552] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2327.077745][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 2327.085755][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 2327.107378][ T1847] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 2327.128959][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 2327.140186][ T317] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 2327.175927][T12617] loop3: detected capacity change from 0 to 128 [ 2327.177387][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 2327.187518][T12617] EXT4-fs: Ignoring removed i_version option [ 2327.191694][T29701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 2327.203950][T12617] EXT4-fs: Ignoring removed orlov option [ 2327.210146][T12617] ext2: Unknown parameter 'func' [ 2327.217090][ T3012] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2327.226223][ T3012] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2327.227918][ T552] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2327.245445][ T3012] usb 3-1: Product: syz [ 2327.256837][ T3012] usb 3-1: Manufacturer: syz [ 2327.261684][ T28] audit: type=1400 audit(1725779841.412:627): avc: denied { mount } for pid=12616 comm="syz.3.11649" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 2327.264809][ T552] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2327.284163][ T3012] usb 3-1: SerialNumber: syz [ 2327.296535][ T28] audit: type=1400 audit(1725779841.412:628): avc: denied { remount } for pid=12616 comm="syz.3.11649" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 2327.301849][ T552] usb 2-1: Product: syz [ 2327.317569][ T3012] usb 3-1: config 0 descriptor?? [ 2327.331009][ T552] usb 2-1: Manufacturer: syz [ 2327.336282][ T28] audit: type=1400 audit(1725779841.482:629): avc: denied { unmount } for pid=12414 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 2327.363858][T12623] netlink: 40 bytes leftover after parsing attributes in process `syz.3.11651'. [ 2327.372842][ T552] usb 2-1: SerialNumber: syz [ 2327.382362][ T552] usb 2-1: config 0 descriptor?? [ 2327.485805][T12629] loop3: detected capacity change from 0 to 16 [ 2327.506068][T12629] erofs: (device loop3): z_erofs_load_lz4_config: too large lz4 pclusterblks 16832 [ 2327.622974][T12612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11648'. [ 2327.842553][T12603] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11647'. [ 2327.851753][T12633] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11648'. [ 2327.864844][T12635] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11647'. [ 2327.899582][ T3012] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 2327.912820][ T3012] usb 3-1: USB disconnect, device number 119 [ 2327.920717][ T552] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 2327.930053][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2327.950318][ T552] usb 2-1: USB disconnect, device number 96 [ 2327.960022][T12640] FAULT_INJECTION: forcing a failure. [ 2327.960022][T12640] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2327.969992][ T8166] udevd[8166]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2327.973175][T12640] CPU: 0 PID: 12640 Comm: syz.3.11655 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2327.998123][T12640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2328.008109][T12640] Call Trace: [ 2328.011231][T12640] [ 2328.014004][T12640] dump_stack_lvl+0x151/0x1b7 [ 2328.018614][T12640] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2328.023915][T12640] ? _parse_integer+0x2a/0x40 [ 2328.028420][T12640] dump_stack+0x15/0x1c [ 2328.032407][T12640] should_fail_ex+0x3d0/0x520 [ 2328.036934][T12640] should_fail+0xb/0x10 [ 2328.040915][T12640] should_fail_usercopy+0x1a/0x20 [ 2328.045774][T12640] _copy_from_user+0x1e/0xc0 [ 2328.050287][T12640] iovec_from_user+0xc7/0x320 [ 2328.054971][T12640] ? kasan_set_track+0x4b/0x70 [ 2328.059573][T12640] ? kasan_save_free_info+0x2b/0x40 [ 2328.064608][T12640] __import_iovec+0x70/0x430 [ 2328.069039][T12640] import_iovec+0xe5/0x120 [ 2328.073295][T12640] copy_msghdr_from_user+0x527/0x670 [ 2328.078412][T12640] ? sendmsg_copy_msghdr+0x70/0x70 [ 2328.083535][T12640] __sys_sendmsg+0x236/0x390 [ 2328.088047][T12640] ? ____sys_sendmsg+0x9a0/0x9a0 [ 2328.092827][T12640] ? __kasan_check_write+0x14/0x20 [ 2328.097767][T12640] ? mutex_unlock+0xb2/0x260 [ 2328.102196][T12640] ? __kasan_check_write+0x14/0x20 [ 2328.107229][T12640] ? __ia32_sys_read+0x90/0x90 [ 2328.111827][T12640] ? debug_smp_processor_id+0x17/0x20 [ 2328.117117][T12640] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2328.123024][T12640] __x64_sys_sendmsg+0x7f/0x90 [ 2328.127622][T12640] x64_sys_call+0x16a/0x9a0 [ 2328.131959][T12640] do_syscall_64+0x3b/0xb0 [ 2328.136212][T12640] ? clear_bhb_loop+0x55/0xb0 [ 2328.140734][T12640] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2328.146453][T12640] RIP: 0033:0x7f9ccf17cef9 [ 2328.150706][T12640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2328.170151][T12640] RSP: 002b:00007f9ccfee6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2328.178394][T12640] RAX: ffffffffffffffda RBX: 00007f9ccf335f80 RCX: 00007f9ccf17cef9 [ 2328.186325][T12640] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003 [ 2328.194135][T12640] RBP: 00007f9ccfee6090 R08: 0000000000000000 R09: 0000000000000000 [ 2328.201953][T12640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2328.209847][T12640] R13: 0000000000000000 R14: 00007f9ccf335f80 R15: 00007ffff29c7a78 [ 2328.217666][T12640] [ 2328.237752][T12643] FAULT_INJECTION: forcing a failure. [ 2328.237752][T12643] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2328.262806][T12643] CPU: 1 PID: 12643 Comm: syz.3.11656 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2328.272541][T12643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2328.282447][T12643] Call Trace: [ 2328.285565][T12643] [ 2328.288335][T12643] dump_stack_lvl+0x151/0x1b7 [ 2328.292847][T12643] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2328.298160][T12643] dump_stack+0x15/0x1c [ 2328.302142][T12643] should_fail_ex+0x3d0/0x520 [ 2328.306651][T12643] should_fail+0xb/0x10 [ 2328.310642][T12643] should_fail_usercopy+0x1a/0x20 [ 2328.315503][T12643] _copy_from_user+0x1e/0xc0 [ 2328.319931][T12643] iovec_from_user+0xc7/0x320 [ 2328.324453][T12643] __import_iovec+0x70/0x430 [ 2328.328874][T12643] import_iovec+0xe5/0x120 [ 2328.333123][T12643] copy_msghdr_from_user+0x527/0x670 [ 2328.338246][T12643] ? putname+0xfa/0x150 [ 2328.342238][T12643] ? sendmsg_copy_msghdr+0x70/0x70 [ 2328.347186][T12643] do_recvmmsg+0x408/0xab0 [ 2328.351444][T12643] ? __sys_recvmmsg+0x270/0x270 [ 2328.356129][T12643] ? vfs_write+0xbb3/0xeb0 [ 2328.360373][T12643] ? __kasan_slab_free+0x11/0x20 [ 2328.365154][T12643] ? __kasan_check_write+0x14/0x20 [ 2328.370097][T12643] ? mutex_unlock+0xb2/0x260 [ 2328.374545][T12643] ? fput+0x15b/0x1b0 [ 2328.378344][T12643] ? ksys_write+0x260/0x2c0 [ 2328.382684][T12643] __x64_sys_recvmmsg+0x195/0x240 [ 2328.387543][T12643] ? do_recvmmsg+0xab0/0xab0 [ 2328.391965][T12643] ? debug_smp_processor_id+0x17/0x20 [ 2328.397263][T12643] ? exit_to_user_mode_prepare+0x39/0xa0 [ 2328.402736][T12643] x64_sys_call+0x7e5/0x9a0 [ 2328.407072][T12643] do_syscall_64+0x3b/0xb0 [ 2328.411323][T12643] ? clear_bhb_loop+0x55/0xb0 [ 2328.415839][T12643] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2328.421565][T12643] RIP: 0033:0x7f9ccf17cef9 [ 2328.425824][T12643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2328.445260][T12643] RSP: 002b:00007f9ccfee6038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 2328.453504][T12643] RAX: ffffffffffffffda RBX: 00007f9ccf335f80 RCX: 00007f9ccf17cef9 [ 2328.461316][T12643] RDX: 0000000000000001 RSI: 0000000020002a00 RDI: 0000000000000003 [ 2328.469128][T12643] RBP: 00007f9ccfee6090 R08: 0000000000000000 R09: 0000000000000000 [ 2328.476941][T12643] R10: 00007fb14727fda9 R11: 0000000000000246 R12: 0000000000000001 [ 2328.484749][T12643] R13: 0000000000000000 R14: 00007f9ccf335f80 R15: 00007ffff29c7a78 [ 2328.492568][T12643] [ 2328.528768][T12647] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11658'. [ 2328.615275][T12649] A link change request failed with some changes committed already. Interface ip6tnl0 may have been left with an inconsistent configuration, please check. [ 2328.918540][ T552] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 2329.007354][ T317] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 2329.062056][T12658] loop4: detected capacity change from 0 to 512 [ 2329.082272][T12658] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 2329.154071][T12599] EXT4-fs (loop4): unmounting filesystem. [ 2329.197248][T12669] loop4: detected capacity change from 0 to 2048 [ 2329.218764][T12669] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 2329.227185][T12669] ext4 filesystem being mounted at /5/bus supports timestamps until 2038 (0x7fffffff) [ 2329.254449][ T28] audit: type=1400 audit(1725779843.402:630): avc: denied { ioctl } for pid=12668 comm="syz.4.11664" path="/5/bus/file0/file0" dev="loop4" ino=13 ioctlcmd=0x6685 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 2329.279543][T12669] fs-verity: sha512 using implementation "sha512-avx2" [ 2329.296261][T12599] EXT4-fs (loop4): unmounting filesystem. [ 2329.302027][ T552] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2329.346883][T12675] loop4: detected capacity change from 0 to 2048 [ 2329.407067][ T317] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2329.444247][T12675] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 2329.452647][T12675] ext4 filesystem being mounted at /6/bus supports timestamps until 2038 (0x7fffffff) [ 2329.472764][T12675] FAULT_INJECTION: forcing a failure. [ 2329.472764][T12675] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2329.486591][T12675] CPU: 1 PID: 12675 Comm: syz.4.11665 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2329.496312][T12675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2329.497027][ T552] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2329.506202][T12675] Call Trace: [ 2329.506213][T12675] [ 2329.506222][T12675] dump_stack_lvl+0x151/0x1b7 [ 2329.525475][T12675] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2329.530764][T12675] ? do_vfs_ioctl+0x19df/0x29a0 [ 2329.535452][T12675] dump_stack+0x15/0x1c [ 2329.539445][T12675] should_fail_ex+0x3d0/0x520 [ 2329.543958][T12675] should_fail+0xb/0x10 [ 2329.547953][T12675] should_fail_usercopy+0x1a/0x20 [ 2329.552808][T12675] _copy_to_user+0x1e/0x90 [ 2329.557065][T12675] simple_read_from_buffer+0xc7/0x150 [ 2329.562289][T12675] proc_fail_nth_read+0x1a3/0x210 [ 2329.567137][T12675] ? proc_fault_inject_write+0x390/0x390 [ 2329.572597][T12675] ? fsnotify_perm+0x470/0x5d0 [ 2329.577200][T12675] ? security_file_permission+0x86/0xb0 [ 2329.582581][T12675] ? proc_fault_inject_write+0x390/0x390 [ 2329.588048][T12675] vfs_read+0x26c/0xad0 [ 2329.592045][T12675] ? kernel_read+0x1f0/0x1f0 [ 2329.596468][T12675] ? mutex_lock+0xb1/0x1e0 [ 2329.600720][T12675] ? bit_wait_io_timeout+0x120/0x120 [ 2329.605930][T12675] ? __fdget_pos+0x2e2/0x390 [ 2329.610353][T12675] ? ksys_read+0x77/0x2c0 [ 2329.614524][T12675] ksys_read+0x199/0x2c0 [ 2329.618604][T12675] ? vfs_write+0xeb0/0xeb0 [ 2329.622851][T12675] ? debug_smp_processor_id+0x17/0x20 [ 2329.628061][T12675] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2329.633978][T12675] __x64_sys_read+0x7b/0x90 [ 2329.638302][T12675] x64_sys_call+0x28/0x9a0 [ 2329.642554][T12675] do_syscall_64+0x3b/0xb0 [ 2329.646804][T12675] ? clear_bhb_loop+0x55/0xb0 [ 2329.651318][T12675] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2329.657047][T12675] RIP: 0033:0x7f5af1d7b93c [ 2329.661475][T12675] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 2329.680918][T12675] RSP: 002b:00007f5af2ba6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2329.689161][T12675] RAX: ffffffffffffffda RBX: 00007f5af1f35f80 RCX: 00007f5af1d7b93c [ 2329.696972][T12675] RDX: 000000000000000f RSI: 00007f5af2ba60a0 RDI: 0000000000000006 [ 2329.704784][T12675] RBP: 00007f5af2ba6090 R08: 0000000000000000 R09: 0000000000000000 [ 2329.712611][T12675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2329.720408][T12675] R13: 0000000000000000 R14: 00007f5af1f35f80 R15: 00007ffec257d138 [ 2329.728230][T12675] [ 2329.731494][ T552] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2329.745396][ T552] usb 3-1: Product: syz [ 2329.746045][T12599] EXT4-fs (loop4): unmounting filesystem. [ 2329.749423][ T552] usb 3-1: Manufacturer: syz [ 2329.749440][ T552] usb 3-1: SerialNumber: syz [ 2329.768610][ T552] usb 3-1: config 0 descriptor?? [ 2329.847979][ T317] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2329.856830][ T317] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2329.864985][ T317] usb 2-1: Product: syz [ 2329.869123][ T317] usb 2-1: Manufacturer: syz [ 2329.873545][ T317] usb 2-1: SerialNumber: syz [ 2329.879182][ T3012] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 2329.887868][ T317] usb 2-1: config 0 descriptor?? [ 2330.008534][T12652] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11660'. [ 2330.021216][T12652] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11660'. [ 2330.047712][T18974] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 2330.056264][ T552] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 2330.067971][ T8166] udevd[8166]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2330.084407][ T552] usb 3-1: USB disconnect, device number 120 [ 2330.138329][T12654] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11661'. [ 2330.147451][T12654] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11661'. [ 2330.188516][ T317] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 2330.197386][ T317] usb 2-1: USB disconnect, device number 97 [ 2330.202715][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2330.327053][ T3012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2330.338312][ T3012] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2330.349276][ T3012] usb 4-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 2330.359055][ T3012] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2330.379249][ T3012] usb 4-1: config 0 descriptor?? [ 2330.747009][T18974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2330.766956][T18974] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2330.786750][T18974] usb 5-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 2330.806986][T18974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2330.824393][T18974] usb 5-1: config 0 descriptor?? [ 2330.956978][T11676] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 2331.256987][ T3012] usbhid 4-1:0.0: can't add hid device: -71 [ 2331.262862][ T3012] usbhid: probe of 4-1:0.0 failed with error -71 [ 2331.277731][ T3012] usb 4-1: USB disconnect, device number 112 [ 2331.308396][T18974] hid-led 0003:1D34:000A.005D: unknown main item tag 0x0 [ 2331.317168][T11676] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2331.487064][T11676] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2331.496060][T11676] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2331.504131][T11676] usb 2-1: Product: syz [ 2331.508514][T11676] usb 2-1: Manufacturer: syz [ 2331.512923][T11676] usb 2-1: SerialNumber: syz [ 2331.520881][T12683] loop4: detected capacity change from 0 to 512 [ 2331.541974][T12683] EXT4-fs: Ignoring removed nobh option [ 2331.568316][T11676] usb 2-1: config 0 descriptor?? [ 2331.575402][T12683] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 2331.584574][T12683] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #13: comm syz.4.11668: attempt to clear invalid blocks 2 len 1 [ 2331.597940][T12683] EXT4-fs (loop4): Remounting filesystem read-only [ 2331.605211][T12683] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 2331.657878][T12683] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.11668: invalid indirect mapped block 1819239214 (level 0) [ 2331.766922][T10833] bio_check_eod: 130237 callbacks suppressed [ 2331.839843][T12683] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.11668: invalid indirect mapped block 1819239214 (level 1) [ 2331.901131][T10833] syz.2.11195: attempt to access beyond end of device [ 2331.901131][T10833] loop2: rw=524288, sector=87464, nr_sectors = 8 limit=40427 [ 2331.912514][T12692] netlink: 4 bytes leftover after parsing attributes in process `syz.1.11671'. [ 2331.915796][T10833] syz.2.11195: attempt to access beyond end of device [ 2331.915796][T10833] loop2: rw=524288, sector=87472, nr_sectors = 8 limit=40427 [ 2331.928107][T12692] netlink: 48 bytes leftover after parsing attributes in process `syz.1.11671'. [ 2331.938130][T12683] EXT4-fs (loop4): 1 truncate cleaned up [ 2331.952485][T12683] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 2331.954339][T10833] syz.2.11195: attempt to access beyond end of device [ 2331.954339][T10833] loop2: rw=524288, sector=87480, nr_sectors = 8 limit=40427 [ 2331.977969][T18974] hid-led 0003:1D34:000A.005D: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.4-1/input0 [ 2331.980171][T10833] syz.2.11195: attempt to access beyond end of device [ 2331.980171][T10833] loop2: rw=524288, sector=87488, nr_sectors = 8 limit=40427 [ 2331.994243][T18974] hid-led 0003:1D34:000A.005D: Dream Cheeky Webmail Notifier initialized [ 2332.003083][T10833] syz.2.11195: attempt to access beyond end of device [ 2332.003083][T10833] loop2: rw=524288, sector=87496, nr_sectors = 8 limit=40427 [ 2332.028515][T11676] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 2332.032164][T10833] syz.2.11195: attempt to access beyond end of device [ 2332.032164][T10833] loop2: rw=524288, sector=87504, nr_sectors = 8 limit=40427 [ 2332.039891][ T8166] udevd[8166]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2332.049611][T10833] syz.2.11195: attempt to access beyond end of device [ 2332.049611][T10833] loop2: rw=524288, sector=87512, nr_sectors = 8 limit=40427 [ 2332.065358][T11676] usb 2-1: USB disconnect, device number 98 [ 2332.084070][T10833] syz.2.11195: attempt to access beyond end of device [ 2332.084070][T10833] loop2: rw=524288, sector=87520, nr_sectors = 8 limit=40427 [ 2332.101694][T10833] syz.2.11195: attempt to access beyond end of device [ 2332.101694][T10833] loop2: rw=524288, sector=87528, nr_sectors = 8 limit=40427 [ 2332.115857][T10833] syz.2.11195: attempt to access beyond end of device [ 2332.115857][T10833] loop2: rw=524288, sector=87536, nr_sectors = 8 limit=40427 [ 2332.207407][ T552] usb 5-1: USB disconnect, device number 105 [ 2332.861631][T12599] EXT4-fs (loop4): unmounting filesystem. [ 2332.869179][T12727] loop1: detected capacity change from 0 to 128 [ 2332.893602][T12727] EXT4-fs: Ignoring removed i_version option [ 2332.906374][T12727] EXT4-fs: Ignoring removed orlov option [ 2332.912350][T12727] ext2: Unknown parameter 'func' [ 2332.999756][T12732] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11682'. [ 2333.108199][T12740] loop3: detected capacity change from 0 to 512 [ 2333.125166][T12740] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 2333.187020][T18974] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 2333.229541][T12414] EXT4-fs (loop3): unmounting filesystem. [ 2333.547003][T18974] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2333.586963][ T552] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 2333.717566][T18974] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2333.726806][T18974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2333.734905][T18974] usb 5-1: Product: syz [ 2333.739783][T18974] usb 5-1: Manufacturer: syz [ 2333.744326][T18974] usb 5-1: SerialNumber: syz [ 2333.759775][T18974] usb 5-1: config 0 descriptor?? [ 2333.916239][ T28] audit: type=1400 audit(1725779848.062:631): avc: denied { validate_trans } for pid=12761 comm="syz.1.11690" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 2333.977605][ T552] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2333.999703][T12729] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11681'. [ 2334.032286][T18974] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 2334.048383][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2334.072577][T18974] usb 5-1: USB disconnect, device number 106 [ 2334.147056][ T552] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2334.155981][ T552] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2334.168548][ T552] usb 3-1: Product: syz [ 2334.172537][ T552] usb 3-1: Manufacturer: syz [ 2334.177480][ T552] usb 3-1: SerialNumber: syz [ 2334.191875][ T552] usb 3-1: config 0 descriptor?? [ 2334.513704][T12757] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11688'. [ 2334.706691][T12757] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11688'. [ 2334.824750][ T552] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 2334.834207][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2334.852218][ T552] usb 3-1: USB disconnect, device number 121 [ 2335.210115][T12782] loop3: detected capacity change from 0 to 512 [ 2335.228410][T12782] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 2335.360190][T12414] EXT4-fs (loop3): unmounting filesystem. [ 2335.463714][T12799] loop3: detected capacity change from 0 to 1024 [ 2335.470325][T12799] EXT4-fs: Ignoring removed orlov option [ 2335.480180][T12799] EXT4-fs (loop3): Test dummy encryption mode enabled [ 2335.499504][T12799] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 2335.962613][ T28] audit: type=1400 audit(1725779850.112:632): avc: denied { bind } for pid=12810 comm="syz.2.11702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 2336.246986][ T552] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 2336.338422][T12414] EXT4-fs (loop3): unmounting filesystem. [ 2336.363983][T12816] netlink: 40 bytes leftover after parsing attributes in process `syz.3.11704'. [ 2336.498147][T12819] loop3: detected capacity change from 0 to 256 [ 2336.516995][ T8747] Bluetooth: hci0: command 0x1003 tx timeout [ 2336.517009][ T8749] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 2336.607015][ T552] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2336.774537][T12824] overlayfs: unrecognized mount option "func=MMAP_CHECK" or missing value [ 2336.777600][ T552] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2336.783024][T10833] bio_check_eod: 121899 callbacks suppressed [ 2336.783042][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.783042][T10833] loop2: rw=524288, sector=88576, nr_sectors = 8 limit=40427 [ 2336.799183][ T552] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2336.813228][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.813228][T10833] loop2: rw=524288, sector=88584, nr_sectors = 8 limit=40427 [ 2336.819960][ T552] usb 3-1: Product: syz [ 2336.833833][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.833833][T10833] loop2: rw=524288, sector=88592, nr_sectors = 8 limit=40427 [ 2336.837828][ T552] usb 3-1: Manufacturer: syz [ 2336.851875][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.851875][T10833] loop2: rw=524288, sector=88600, nr_sectors = 8 limit=40427 [ 2336.856213][ T552] usb 3-1: SerialNumber: syz [ 2336.871069][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.871069][T10833] loop2: rw=524288, sector=88608, nr_sectors = 8 limit=40427 [ 2336.887959][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.887959][T10833] loop2: rw=524288, sector=88616, nr_sectors = 8 limit=40427 [ 2336.902177][ T552] usb 3-1: config 0 descriptor?? [ 2336.902206][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.902206][T10833] loop2: rw=524288, sector=88624, nr_sectors = 8 limit=40427 [ 2336.921864][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.921864][T10833] loop2: rw=524288, sector=88632, nr_sectors = 8 limit=40427 [ 2336.936142][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.936142][T10833] loop2: rw=524288, sector=88640, nr_sectors = 8 limit=40427 [ 2336.950231][T10833] syz.2.11195: attempt to access beyond end of device [ 2336.950231][T10833] loop2: rw=524288, sector=88648, nr_sectors = 8 limit=40427 [ 2337.086978][ T8749] Bluetooth: hci1: command 0x1003 tx timeout [ 2337.087029][T12069] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 2337.149919][T12813] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11703'. [ 2337.168159][T12813] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11703'. [ 2337.168381][T12835] loop4: detected capacity change from 0 to 1024 [ 2337.190122][ T552] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 2337.197505][T12835] EXT4-fs: Ignoring removed orlov option [ 2337.210646][T12835] EXT4-fs (loop4): Test dummy encryption mode enabled [ 2337.211097][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2337.239630][ T552] usb 3-1: USB disconnect, device number 122 [ 2337.242112][T12835] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 2337.317023][T18974] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 2337.798226][T12853] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11715'. [ 2337.890215][T12856] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11716'. [ 2337.937052][T18974] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2337.975469][T12859] FAULT_INJECTION: forcing a failure. [ 2337.975469][T12859] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2338.023915][T12859] CPU: 0 PID: 12859 Comm: syz.1.11717 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2338.024994][T12599] EXT4-fs (loop4): unmounting filesystem. [ 2338.033640][T12859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2338.033655][T12859] Call Trace: [ 2338.033662][T12859] [ 2338.033669][T12859] dump_stack_lvl+0x151/0x1b7 [ 2338.059512][T12859] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2338.064801][T12859] ? __alloc_pages+0x3a1/0x780 [ 2338.069414][T12859] dump_stack+0x15/0x1c [ 2338.073393][T12859] should_fail_ex+0x3d0/0x520 [ 2338.078099][T12859] should_fail+0xb/0x10 [ 2338.082091][T12859] should_fail_usercopy+0x1a/0x20 [ 2338.086953][T12859] _copy_from_user+0x1e/0xc0 [ 2338.091374][T12859] simple_transaction_get+0x11d/0x150 [ 2338.096582][T12859] selinux_transaction_write+0xb4/0x140 [ 2338.101965][T12859] ? sel_write_enforce+0x790/0x790 [ 2338.106910][T12859] vfs_write+0x41d/0xeb0 [ 2338.110986][T12859] ? __kasan_slab_free+0x11/0x20 [ 2338.115769][T12859] ? file_end_write+0x1c0/0x1c0 [ 2338.120535][T12859] ? mutex_lock+0xb1/0x1e0 [ 2338.124788][T12859] ? bit_wait_io_timeout+0x120/0x120 [ 2338.129925][T12859] ? __fdget_pos+0x2e2/0x390 [ 2338.134330][T12859] ? ksys_write+0x77/0x2c0 [ 2338.138586][T12859] ksys_write+0x199/0x2c0 [ 2338.142750][T12859] ? __ia32_sys_read+0x90/0x90 [ 2338.147439][T12859] ? debug_smp_processor_id+0x17/0x20 [ 2338.152655][T12859] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2338.158546][T12859] __x64_sys_write+0x7b/0x90 [ 2338.162972][T12859] x64_sys_call+0x2f/0x9a0 [ 2338.167228][T12859] do_syscall_64+0x3b/0xb0 [ 2338.171476][T12859] ? clear_bhb_loop+0x55/0xb0 [ 2338.175999][T12859] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2338.181718][T12859] RIP: 0033:0x7fe0b7f7cef9 [ 2338.185973][T12859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2338.205420][T12859] RSP: 002b:00007fe0b8dcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2338.213662][T12859] RAX: ffffffffffffffda RBX: 00007fe0b8135f80 RCX: 00007fe0b7f7cef9 [ 2338.221474][T12859] RDX: 0000000000000046 RSI: 0000000020000580 RDI: 0000000000000006 [ 2338.229283][T12859] RBP: 00007fe0b8dcf090 R08: 0000000000000000 R09: 0000000000000000 [ 2338.237095][T12859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2338.244906][T12859] R13: 0000000000000000 R14: 00007fe0b8135f80 R15: 00007ffebc2a8708 [ 2338.252723][T12859] [ 2338.309129][T12861] FAULT_INJECTION: forcing a failure. [ 2338.309129][T12861] name failslab, interval 1, probability 0, space 0, times 0 [ 2338.338929][T12867] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11719'. [ 2338.370836][T12861] CPU: 0 PID: 12861 Comm: syz.4.11718 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2338.380573][T12861] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2338.390465][T12861] Call Trace: [ 2338.393588][T12861] [ 2338.396368][T12861] dump_stack_lvl+0x151/0x1b7 [ 2338.400883][T12861] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2338.406182][T12861] ? kasan_save_alloc_info+0x1f/0x30 [ 2338.411293][T12861] ? __kasan_kmalloc+0x9c/0xb0 [ 2338.415891][T12861] ? kvmalloc_node+0x221/0x640 [ 2338.420492][T12861] dump_stack+0x15/0x1c [ 2338.424483][T12861] should_fail_ex+0x3d0/0x520 [ 2338.428998][T12861] ? __kvm_mmu_topup_memory_cache+0x1a5/0x4a0 [ 2338.434898][T12861] __should_failslab+0xaf/0xf0 [ 2338.439497][T12861] should_failslab+0x9/0x20 [ 2338.443838][T12861] kmem_cache_alloc+0x3b/0x2c0 [ 2338.448436][T12861] ? debug_smp_processor_id+0x17/0x20 [ 2338.453647][T12861] __kvm_mmu_topup_memory_cache+0x1a5/0x4a0 [ 2338.459377][T12861] kvm_mmu_topup_memory_cache+0x22/0x30 [ 2338.464756][T12861] kvm_mmu_load+0x111/0x2970 [ 2338.469185][T12861] ? __kasan_check_write+0x14/0x20 [ 2338.474126][T12861] ? mutex_unlock+0xb2/0x260 [ 2338.478557][T12861] ? kvm_mmu_unload+0x120/0x120 [ 2338.483326][T12861] ? xa_find+0x2e0/0x2e0 [ 2338.487409][T12861] ? memset+0x35/0x40 [ 2338.491233][T12861] ? vmx_flush_tlb_all+0xc2/0x380 [ 2338.496088][T12861] ? vmx_get_if_flag+0x40/0x40 [ 2338.500695][T12861] ? queue_delayed_work_on+0x13f/0x180 [ 2338.505983][T12861] ? kvm_apic_has_interrupt+0x9d0/0xa70 [ 2338.511361][T12861] ? kvm_hv_activate_synic+0x100/0x100 [ 2338.516674][T12861] vcpu_enter_guest+0x6c78/0x9490 [ 2338.521531][T12861] ? avc_has_perm+0x16f/0x260 [ 2338.526047][T12861] ? pvclock_gtod_update_fn+0x2b0/0x2b0 [ 2338.531418][T12861] ? 0xffffffffa0000674 [ 2338.535415][T12861] ? is_bpf_text_address+0x172/0x190 [ 2338.540528][T12861] ? stack_trace_save+0x1c0/0x1c0 [ 2338.545391][T12861] ? kernel_text_address+0xa9/0xe0 [ 2338.550335][T12861] ? __kernel_text_address+0xd/0x40 [ 2338.555373][T12861] ? unwind_get_return_address+0x4d/0x90 [ 2338.560921][T12861] ? arch_stack_walk+0xf3/0x140 [ 2338.565612][T12861] ? _parse_integer_limit+0x19b/0x1e0 [ 2338.570821][T12861] ? memset+0x35/0x40 [ 2338.574636][T12861] ? __bpf_get_stack+0x2af/0x590 [ 2338.579408][T12861] ? nested_vmx_inject_exception_vmexit+0x4d0/0x4d0 [ 2338.585919][T12861] ? stack_map_get_build_id_offset+0x9a0/0x9a0 [ 2338.591909][T12861] ? bpf_get_stack+0x31/0x40 [ 2338.596342][T12861] ? bpf_get_stack_raw_tp+0x1b2/0x220 [ 2338.601542][T12861] ? bpf_trace_run1+0x10b/0x240 [ 2338.606229][T12861] ? bpf_put_raw_tracepoint+0x60/0x60 [ 2338.611440][T12861] ? fpu_swap_kvm_fpstate+0x4e2/0x5d0 [ 2338.616653][T12861] ? fpu_swap_kvm_fpstate+0x81/0x5d0 [ 2338.621765][T12861] ? __bpf_trace_kvm_fpu+0x1b/0x20 [ 2338.626712][T12861] kvm_arch_vcpu_ioctl_run+0x1478/0x2270 [ 2338.632184][T12861] ? __kvm_request_immediate_exit+0x70/0x70 [ 2338.637905][T12861] ? vfs_write+0xbb3/0xeb0 [ 2338.642162][T12861] kvm_vcpu_ioctl+0x7eb/0xcf0 [ 2338.646674][T12861] ? xa_release+0x40/0x40 [ 2338.650844][T12861] ? selinux_file_ioctl+0x3cc/0x540 [ 2338.655871][T12861] ? __mutex_lock_slowpath+0x10/0x10 [ 2338.660997][T12861] ? selinux_file_alloc_security+0x120/0x120 [ 2338.666812][T12861] ? __fget_files+0x2cb/0x330 [ 2338.671323][T12861] ? security_file_ioctl+0x84/0xb0 [ 2338.676278][T12861] ? xa_release+0x40/0x40 [ 2338.680436][T12861] __se_sys_ioctl+0x114/0x190 [ 2338.684961][T12861] __x64_sys_ioctl+0x7b/0x90 [ 2338.689379][T12861] x64_sys_call+0x98/0x9a0 [ 2338.693630][T12861] do_syscall_64+0x3b/0xb0 [ 2338.697882][T12861] ? clear_bhb_loop+0x55/0xb0 [ 2338.702396][T12861] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2338.708126][T12861] RIP: 0033:0x7f5af1d7cef9 [ 2338.712378][T12861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2338.731922][T12861] RSP: 002b:00007f5af2ba6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2338.740148][T12861] RAX: ffffffffffffffda RBX: 00007f5af1f35f80 RCX: 00007f5af1d7cef9 [ 2338.747960][T12861] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 2338.755772][T12861] RBP: 00007f5af2ba6090 R08: 0000000000000000 R09: 0000000000000000 [ 2338.763584][T12861] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2338.771397][T12861] R13: 0000000000000000 R14: 00007f5af1f35f80 R15: 00007ffec257d138 [ 2338.779210][T12861] [ 2338.798586][T18974] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2338.816987][T18974] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2338.835061][T18974] usb 4-1: Product: syz [ 2338.839227][T18974] usb 4-1: Manufacturer: syz [ 2338.843574][T18974] usb 4-1: SerialNumber: syz [ 2338.852477][T12865] loop1: detected capacity change from 0 to 16 [ 2338.858724][T12865] erofs: Unknown parameter '/sys/kernel/profiling' [ 2338.869159][T18974] usb 4-1: config 0 descriptor?? [ 2338.907316][ T8166] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 2339.205691][T12831] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11709'. [ 2339.295425][T12878] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11709'. [ 2339.366235][T18974] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 2339.382063][T12890] fuse: Bad value for 'fd' [ 2339.385376][T18974] usb 4-1: USB disconnect, device number 113 [ 2339.396428][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2339.475412][T12894] loop1: detected capacity change from 0 to 1024 [ 2339.487225][T12897] FAULT_INJECTION: forcing a failure. [ 2339.487225][T12897] name failslab, interval 1, probability 0, space 0, times 0 [ 2339.495508][T12894] EXT4-fs: Ignoring removed orlov option [ 2339.506601][T12897] CPU: 0 PID: 12897 Comm: syz.0.11731 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2339.516316][T12897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2339.526327][T12897] Call Trace: [ 2339.529452][T12897] [ 2339.532228][T12897] dump_stack_lvl+0x151/0x1b7 [ 2339.536740][T12897] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2339.542048][T12897] ? _parse_integer+0x2a/0x40 [ 2339.546542][T12897] ? kstrtoull+0x1cd/0x2e0 [ 2339.550798][T12897] dump_stack+0x15/0x1c [ 2339.554791][T12897] should_fail_ex+0x3d0/0x520 [ 2339.559303][T12897] ? bpf_test_init+0xf1/0x190 [ 2339.563947][T12897] __should_failslab+0xaf/0xf0 [ 2339.568550][T12897] should_failslab+0x9/0x20 [ 2339.572886][T12897] __kmem_cache_alloc_node+0x3d/0x250 [ 2339.578189][T12897] ? kasan_save_free_info+0x2b/0x40 [ 2339.583224][T12897] ? bpf_test_init+0xf1/0x190 [ 2339.587745][T12897] __kmalloc+0xa3/0x1e0 [ 2339.591733][T12897] bpf_test_init+0xf1/0x190 [ 2339.596076][T12897] bpf_prog_test_run_xdp+0x414/0x1130 [ 2339.601276][T12897] ? avc_denied+0x1b0/0x1b0 [ 2339.605620][T12897] ? dev_put+0x80/0x80 [ 2339.609526][T12897] ? __kasan_check_write+0x14/0x20 [ 2339.614468][T12897] ? fput+0x15b/0x1b0 [ 2339.618291][T12897] ? dev_put+0x80/0x80 [ 2339.622192][T12897] bpf_prog_test_run+0x3b0/0x630 [ 2339.626969][T12897] ? bpf_prog_query+0x260/0x260 [ 2339.631656][T12897] ? selinux_bpf+0xd2/0x100 [ 2339.636082][T12897] ? security_bpf+0x82/0xb0 [ 2339.640420][T12897] __sys_bpf+0x59f/0x7f0 [ 2339.644500][T12897] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 2339.649723][T12897] ? __ia32_sys_read+0x90/0x90 [ 2339.654397][T12897] ? debug_smp_processor_id+0x17/0x20 [ 2339.659697][T12897] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2339.665592][T12897] __x64_sys_bpf+0x7c/0x90 [ 2339.669843][T12897] x64_sys_call+0x87f/0x9a0 [ 2339.674189][T12897] do_syscall_64+0x3b/0xb0 [ 2339.678437][T12897] ? clear_bhb_loop+0x55/0xb0 [ 2339.682950][T12897] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2339.688686][T12897] RIP: 0033:0x7f038417cef9 [ 2339.692933][T12897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2339.712371][T12897] RSP: 002b:00007f0384fc0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 2339.720618][T12897] RAX: ffffffffffffffda RBX: 00007f0384335f80 RCX: 00007f038417cef9 [ 2339.728430][T12897] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 2339.736261][T12897] RBP: 00007f0384fc0090 R08: 0000000000000000 R09: 0000000000000000 [ 2339.744050][T12897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2339.751861][T12897] R13: 0000000000000000 R14: 00007f0384335f80 R15: 00007ffd2e79cfd8 [ 2339.759769][T12897] [ 2339.767569][T12894] EXT4-fs (loop1): Test dummy encryption mode enabled [ 2339.782206][T12894] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 2339.819241][T12898] xt_hashlimit: size too large, truncated to 1048576 [ 2340.277105][ T1847] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 2340.432699][T12530] EXT4-fs (loop1): unmounting filesystem. [ 2340.652658][T12921] FAULT_INJECTION: forcing a failure. [ 2340.652658][T12921] name failslab, interval 1, probability 0, space 0, times 0 [ 2340.677009][ T1847] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2340.706471][T12921] CPU: 1 PID: 12921 Comm: syz.1.11737 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2340.716503][T12921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2340.726395][T12921] Call Trace: [ 2340.729518][T12921] [ 2340.732293][T12921] dump_stack_lvl+0x151/0x1b7 [ 2340.736810][T12921] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2340.742102][T12921] ? avc_denied+0x1b0/0x1b0 [ 2340.746446][T12921] dump_stack+0x15/0x1c [ 2340.750436][T12921] should_fail_ex+0x3d0/0x520 [ 2340.754981][T12921] ? ___neigh_create+0x6af/0x1db0 [ 2340.759808][T12921] __should_failslab+0xaf/0xf0 [ 2340.764407][T12921] should_failslab+0x9/0x20 [ 2340.768751][T12921] __kmem_cache_alloc_node+0x3d/0x250 [ 2340.773954][T12921] ? avc_has_perm_noaudit+0x2dd/0x430 [ 2340.779163][T12921] ? ___neigh_create+0x6af/0x1db0 [ 2340.784020][T12921] __kmalloc+0xa3/0x1e0 [ 2340.788016][T12921] ___neigh_create+0x6af/0x1db0 [ 2340.792705][T12921] ? neigh_ifdown+0x30/0x30 [ 2340.797035][T12921] ? selinux_capable+0x2f1/0x430 [ 2340.801822][T12921] __neigh_create+0x32/0x40 [ 2340.806239][T12921] arp_req_set+0x400/0x820 [ 2340.810493][T12921] ? arp_req_delete+0x460/0x460 [ 2340.815178][T12921] ? mutex_lock+0xb1/0x1e0 [ 2340.819434][T12921] ? cap_capable+0x1d2/0x270 [ 2340.823877][T12921] ? bit_wait_io_timeout+0x120/0x120 [ 2340.829153][T12921] ? full_name_hash+0x9d/0xf0 [ 2340.833670][T12921] arp_ioctl+0x436/0x660 [ 2340.837753][T12921] ? neigh_release+0x80/0x80 [ 2340.842174][T12921] ? _kstrtol+0x150/0x150 [ 2340.846347][T12921] inet_ioctl+0x34d/0x400 [ 2340.850509][T12921] ? inet_shutdown+0x3d0/0x3d0 [ 2340.855113][T12921] sock_do_ioctl+0x152/0x450 [ 2340.859549][T12921] ? has_cap_mac_admin+0x3c0/0x3c0 [ 2340.864477][T12921] ? sock_show_fdinfo+0xa0/0xa0 [ 2340.869169][T12921] ? selinux_file_ioctl+0x3cc/0x540 [ 2340.874200][T12921] sock_ioctl+0x455/0x740 [ 2340.878366][T12921] ? sock_poll+0x400/0x400 [ 2340.882616][T12921] ? __fget_files+0x2cb/0x330 [ 2340.887135][T12921] ? security_file_ioctl+0x84/0xb0 [ 2340.892080][T12921] ? sock_poll+0x400/0x400 [ 2340.896343][T12921] __se_sys_ioctl+0x114/0x190 [ 2340.900844][T12921] __x64_sys_ioctl+0x7b/0x90 [ 2340.905284][T12921] x64_sys_call+0x98/0x9a0 [ 2340.909522][T12921] do_syscall_64+0x3b/0xb0 [ 2340.913781][T12921] ? clear_bhb_loop+0x55/0xb0 [ 2340.918387][T12921] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2340.924112][T12921] RIP: 0033:0x7fe0b7f7cef9 [ 2340.928376][T12921] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2340.947898][T12921] RSP: 002b:00007fe0b8dcf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2340.956229][T12921] RAX: ffffffffffffffda RBX: 00007fe0b8135f80 RCX: 00007fe0b7f7cef9 [ 2340.964039][T12921] RDX: 0000000020000040 RSI: 0000000000008955 RDI: 0000000000000006 [ 2340.971851][T12921] RBP: 00007fe0b8dcf090 R08: 0000000000000000 R09: 0000000000000000 [ 2340.979661][T12921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2340.987477][T12921] R13: 0000000000000000 R14: 00007fe0b8135f80 R15: 00007ffebc2a8708 [ 2340.995325][T12921] [ 2341.057050][ T1847] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2341.072037][ T1847] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2341.080571][ T1847] usb 5-1: Product: syz [ 2341.084586][ T1847] usb 5-1: Manufacturer: syz [ 2341.096962][ T1847] usb 5-1: SerialNumber: syz [ 2341.124387][ T1847] usb 5-1: config 0 descriptor?? [ 2341.296995][T18974] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 2341.748436][T18974] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 2341.765938][ T1847] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 2341.786960][T10833] bio_check_eod: 65735 callbacks suppressed [ 2341.786989][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.786989][T10833] loop2: rw=0, sector=87856, nr_sectors = 8 limit=40427 [ 2341.789874][ T1847] usb 5-1: USB disconnect, device number 107 [ 2341.798265][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2341.806476][T18974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2341.812343][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.812343][T10833] loop2: rw=0, sector=87864, nr_sectors = 8 limit=40427 [ 2341.828829][T18974] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2341.839270][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.839270][T10833] loop2: rw=0, sector=87872, nr_sectors = 8 limit=40427 [ 2341.853329][T18974] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 2341.864026][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.864026][T10833] loop2: rw=0, sector=87880, nr_sectors = 8 limit=40427 [ 2341.901665][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.901665][T10833] loop2: rw=0, sector=87888, nr_sectors = 8 limit=40427 [ 2341.915489][T29701] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 2341.923359][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.923359][T10833] loop2: rw=0, sector=87896, nr_sectors = 8 limit=40427 [ 2341.937361][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.937361][T10833] loop2: rw=0, sector=87904, nr_sectors = 8 limit=40427 [ 2341.947223][T18974] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 2341.950950][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.950950][T10833] loop2: rw=0, sector=87912, nr_sectors = 8 limit=40427 [ 2341.960087][T18974] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 2341.973378][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.973378][T10833] loop2: rw=0, sector=87920, nr_sectors = 8 limit=40427 [ 2341.981426][T18974] usb 2-1: Manufacturer: syz [ 2341.994514][T10833] syz.2.11195: attempt to access beyond end of device [ 2341.994514][T10833] loop2: rw=0, sector=87928, nr_sectors = 8 limit=40427 [ 2342.010816][T18974] usb 2-1: config 0 descriptor?? [ 2342.297020][T29701] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2342.407022][T11511] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 2342.527038][T29701] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2342.535934][T29701] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2342.543758][T29701] usb 4-1: Product: syz [ 2342.548027][T29701] usb 4-1: Manufacturer: syz [ 2342.548855][T18974] appleir 0003:05AC:8243.005E: unknown main item tag 0x0 [ 2342.552435][T29701] usb 4-1: SerialNumber: syz [ 2342.564720][T29701] usb 4-1: config 0 descriptor?? [ 2342.569851][T18974] appleir 0003:05AC:8243.005E: No inputs registered, leaving [ 2342.580002][T18974] appleir 0003:05AC:8243.005E: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 2342.827013][T11511] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2342.828944][T18974] usb 2-1: USB disconnect, device number 99 [ 2342.843904][T12945] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11746'. [ 2342.860531][T12945] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11746'. [ 2342.888865][T29701] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 2342.902823][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2342.907041][T29701] usb 4-1: USB disconnect, device number 114 [ 2343.057012][T11511] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2343.066209][T11511] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2343.074084][T11511] usb 5-1: Product: syz [ 2343.078078][T11511] usb 5-1: Manufacturer: syz [ 2343.082440][T11511] usb 5-1: SerialNumber: syz [ 2343.097210][T11511] usb 5-1: config 0 descriptor?? [ 2343.350289][T12948] netlink: 4 bytes leftover after parsing attributes in process `syz.4.11747'. [ 2343.389088][T12953] FAULT_INJECTION: forcing a failure. [ 2343.389088][T12953] name failslab, interval 1, probability 0, space 0, times 0 [ 2343.391566][T12948] netlink: 48 bytes leftover after parsing attributes in process `syz.4.11747'. [ 2343.413848][T12953] CPU: 1 PID: 12953 Comm: syz.2.11750 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2343.423561][T12953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2343.433460][T12953] Call Trace: [ 2343.436580][T12953] [ 2343.439360][T12953] dump_stack_lvl+0x151/0x1b7 [ 2343.443872][T12953] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2343.449165][T12953] ? _parse_integer+0x2a/0x40 [ 2343.453681][T12953] ? kstrtoull+0x1cd/0x2e0 [ 2343.457932][T12953] dump_stack+0x15/0x1c [ 2343.461924][T12953] should_fail_ex+0x3d0/0x520 [ 2343.466440][T12953] ? bpf_test_init+0xf1/0x190 [ 2343.470966][T12953] __should_failslab+0xaf/0xf0 [ 2343.475558][T12953] should_failslab+0x9/0x20 [ 2343.479889][T12953] __kmem_cache_alloc_node+0x3d/0x250 [ 2343.485096][T12953] ? kasan_save_free_info+0x2b/0x40 [ 2343.490136][T12953] ? bpf_test_init+0xf1/0x190 [ 2343.494646][T12953] __kmalloc+0xa3/0x1e0 [ 2343.498729][T12953] bpf_test_init+0xf1/0x190 [ 2343.503068][T12953] bpf_prog_test_run_xdp+0x414/0x1130 [ 2343.508275][T12953] ? avc_denied+0x1b0/0x1b0 [ 2343.512623][T12953] ? dev_put+0x80/0x80 [ 2343.516523][T12953] ? __kasan_check_write+0x14/0x20 [ 2343.521469][T12953] ? fput+0x15b/0x1b0 [ 2343.525400][T12953] ? dev_put+0x80/0x80 [ 2343.529304][T12953] bpf_prog_test_run+0x3b0/0x630 [ 2343.534076][T12953] ? bpf_prog_query+0x260/0x260 [ 2343.538763][T12953] ? selinux_bpf+0xd2/0x100 [ 2343.543099][T12953] ? security_bpf+0x82/0xb0 [ 2343.547441][T12953] __sys_bpf+0x59f/0x7f0 [ 2343.551528][T12953] ? bpf_link_show_fdinfo+0x2d0/0x2d0 [ 2343.556733][T12953] ? __ia32_sys_read+0x90/0x90 [ 2343.561330][T12953] ? debug_smp_processor_id+0x17/0x20 [ 2343.566537][T12953] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2343.572437][T12953] __x64_sys_bpf+0x7c/0x90 [ 2343.576692][T12953] x64_sys_call+0x87f/0x9a0 [ 2343.581028][T12953] do_syscall_64+0x3b/0xb0 [ 2343.585281][T12953] ? clear_bhb_loop+0x55/0xb0 [ 2343.589795][T12953] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2343.595525][T12953] RIP: 0033:0x7f2ad377cef9 [ 2343.599777][T12953] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2343.619306][T12953] RSP: 002b:00007f2ad44a3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 2343.627637][T12953] RAX: ffffffffffffffda RBX: 00007f2ad3935f80 RCX: 00007f2ad377cef9 [ 2343.635449][T12953] RDX: 0000000000000050 RSI: 00000000200000c0 RDI: 000000000000000a [ 2343.643260][T12953] RBP: 00007f2ad44a3090 R08: 0000000000000000 R09: 0000000000000000 [ 2343.651071][T12953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2343.658883][T12953] R13: 0000000000000000 R14: 00007f2ad3935f80 R15: 00007ffd64575978 [ 2343.666698][T12953] [ 2343.674317][T11511] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 2343.687777][T11511] usb 5-1: USB disconnect, device number 108 [ 2343.701301][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2344.258827][T12982] FAULT_INJECTION: forcing a failure. [ 2344.258827][T12982] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2344.271909][T12982] CPU: 1 PID: 12982 Comm: syz.4.11760 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2344.281583][T12982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2344.291481][T12982] Call Trace: [ 2344.294601][T12982] [ 2344.297379][T12982] dump_stack_lvl+0x151/0x1b7 [ 2344.301900][T12982] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2344.307185][T12982] ? mutex_unlock+0xb2/0x260 [ 2344.311617][T12982] ? __mutex_lock_slowpath+0x10/0x10 [ 2344.316735][T12982] dump_stack+0x15/0x1c [ 2344.318132][T12969] loop1: detected capacity change from 0 to 40427 [ 2344.320723][T12982] should_fail_ex+0x3d0/0x520 [ 2344.331490][T12982] should_fail+0xb/0x10 [ 2344.335478][T12982] should_fail_usercopy+0x1a/0x20 [ 2344.340340][T12982] _copy_to_user+0x1e/0x90 [ 2344.344594][T12982] __x64_sys_getrlimit+0x19e/0x1f0 [ 2344.349544][T12982] ? __ia32_sys_setdomainname+0x70/0x70 [ 2344.354921][T12982] ? debug_smp_processor_id+0x17/0x20 [ 2344.356569][T12969] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 2344.360126][T12982] ? exit_to_user_mode_prepare+0x39/0xa0 [ 2344.360157][T12982] x64_sys_call+0x2cf/0x9a0 [ 2344.360180][T12982] do_syscall_64+0x3b/0xb0 [ 2344.360198][T12982] ? clear_bhb_loop+0x55/0xb0 [ 2344.360222][T12982] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2344.371148][T12969] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 2344.372363][T12982] RIP: 0033:0x7f5af1d7cef9 [ 2344.372383][T12982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2344.378883][T12969] ================================================================================ [ 2344.380955][T12982] RSP: 002b:00007f5af2ba6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000061 [ 2344.387235][T12969] UBSAN: shift-out-of-bounds in fs/f2fs/super.c:911:5 [ 2344.391195][T12982] RAX: ffffffffffffffda RBX: 00007f5af1f35f80 RCX: 00007f5af1d7cef9 [ 2344.391214][T12982] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 000000000000000e [ 2344.413715][T12969] shift exponent 133 is too large for 64-bit type 'unsigned long' [ 2344.422878][T12982] RBP: 00007f5af2ba6090 R08: 0000000000000000 R09: 0000000000000000 [ 2344.422895][T12982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2344.422908][T12982] R13: 0000000000000000 R14: 00007f5af1f35f80 R15: 00007ffec257d138 [ 2344.422930][T12982] [ 2344.496974][ T317] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 2344.497844][T12969] CPU: 0 PID: 12969 Comm: syz.1.11755 Not tainted 6.1.93-syzkaller-00100-g27310ed6b677 #0 [ 2344.514233][T12969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 2344.524132][T12969] Call Trace: [ 2344.527252][T12969] [ 2344.530033][T12969] dump_stack_lvl+0x151/0x1b7 [ 2344.534543][T12969] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 2344.539845][T12969] dump_stack+0x15/0x1c [ 2344.543831][T12969] __ubsan_handle_shift_out_of_bounds+0x3e1/0x440 [ 2344.550089][T12969] parse_options+0x4b90/0x4ba0 [ 2344.554684][T12969] ? mount_bdev+0x282/0x3b0 [ 2344.559031][T12969] ? f2fs_mount+0x34/0x40 [ 2344.563199][T12969] ? default_options+0xc80/0xc80 [ 2344.567966][T12969] ? kstrdup+0x54/0x70 [ 2344.571865][T12969] ? memcpy+0x56/0x70 [ 2344.575686][T12969] f2fs_fill_super+0x23bc/0x6dc0 [ 2344.580472][T12969] ? kill_f2fs_super+0x3c0/0x3c0 [ 2344.585233][T12969] ? set_blocksize+0x1cb/0x360 [ 2344.589836][T12969] ? sb_set_blocksize+0xa8/0xf0 [ 2344.594529][T12969] mount_bdev+0x282/0x3b0 [ 2344.598687][T12969] ? kill_f2fs_super+0x3c0/0x3c0 [ 2344.603464][T12969] f2fs_mount+0x34/0x40 [ 2344.607455][T12969] legacy_get_tree+0xf1/0x190 [ 2344.611966][T12969] ? trace_raw_output_f2fs__rw_end+0x110/0x110 [ 2344.617956][T12969] vfs_get_tree+0x88/0x290 [ 2344.622206][T12969] do_new_mount+0x2ba/0xb30 [ 2344.626547][T12969] ? do_move_mount_old+0x160/0x160 [ 2344.631498][T12969] ? security_capable+0x87/0xb0 [ 2344.636197][T12969] ? ns_capable+0x89/0xe0 [ 2344.640350][T12969] path_mount+0x671/0x1070 [ 2344.644609][T12969] ? user_path_at_empty+0x14e/0x1a0 [ 2344.649634][T12969] __se_sys_mount+0x2c4/0x3b0 [ 2344.654150][T12969] ? __x64_sys_mount+0xd0/0xd0 [ 2344.658750][T12969] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 2344.664653][T12969] __x64_sys_mount+0xbf/0xd0 [ 2344.669076][T12969] x64_sys_call+0x49d/0x9a0 [ 2344.673413][T12969] do_syscall_64+0x3b/0xb0 [ 2344.677666][T12969] ? clear_bhb_loop+0x55/0xb0 [ 2344.682183][T12969] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 2344.687919][T12969] RIP: 0033:0x7fe0b7f7e69a [ 2344.692248][T12969] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2344.711691][T12969] RSP: 002b:00007fe0b8dcee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2344.719936][T12969] RAX: ffffffffffffffda RBX: 00007fe0b8dceef0 RCX: 00007fe0b7f7e69a [ 2344.727745][T12969] RDX: 0000000020000040 RSI: 00000000200000c0 RDI: 00007fe0b8dceeb0 [ 2344.735563][T12969] RBP: 0000000020000040 R08: 00007fe0b8dceef0 R09: 0000000000000000 [ 2344.743370][T12969] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200000c0 [ 2344.751405][T12969] R13: 00007fe0b8dceeb0 R14: 000000000000552d R15: 0000000020000100 [ 2344.759236][T12969] [ 2344.782327][T12969] ================================================================================ [ 2344.791556][T12969] F2FS-fs (loop1): Not support 32, larger than 256 [ 2344.996993][ T317] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2345.177582][ T317] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 2345.186575][ T317] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2345.194545][ T317] usb 4-1: Product: syz [ 2345.198543][ T317] usb 4-1: Manufacturer: syz [ 2345.202924][ T317] usb 4-1: SerialNumber: syz [ 2345.217167][ T317] usb 4-1: config 0 descriptor?? [ 2345.478401][ T317] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 2345.492072][T11622] udevd[11622]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 2345.497082][ T317] usb 4-1: USB disconnect, device number 115 [ 2346.796954][T10833] bio_check_eod: 186039 callbacks suppressed [ 2346.796974][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.796974][T10833] loop2: rw=0, sector=87288, nr_sectors = 8 limit=40427 [ 2346.816235][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.816235][T10833] loop2: rw=0, sector=87296, nr_sectors = 8 limit=40427 [ 2346.829566][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.829566][T10833] loop2: rw=0, sector=87304, nr_sectors = 8 limit=40427 [ 2346.843210][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.843210][T10833] loop2: rw=0, sector=87312, nr_sectors = 8 limit=40427 [ 2346.856709][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.856709][T10833] loop2: rw=0, sector=87320, nr_sectors = 8 limit=40427 [ 2346.870284][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.870284][T10833] loop2: rw=0, sector=87328, nr_sectors = 8 limit=40427 [ 2346.883821][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.883821][T10833] loop2: rw=0, sector=87336, nr_sectors = 8 limit=40427 [ 2346.897448][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.897448][T10833] loop2: rw=0, sector=87344, nr_sectors = 8 limit=40427 [ 2346.910926][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.910926][T10833] loop2: rw=0, sector=87352, nr_sectors = 8 limit=40427 [ 2346.924272][T10833] syz.2.11195: attempt to access beyond end of device [ 2346.924272][T10833] loop2: rw=0, sector=87360, nr_sectors = 8 limit=40427 [ 2351.806938][T10833] bio_check_eod: 275617 callbacks suppressed [ 2351.806962][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.806962][T10833] loop2: rw=524288, sector=86584, nr_sectors = 8 limit=40427 [ 2351.826671][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.826671][T10833] loop2: rw=524288, sector=86592, nr_sectors = 8 limit=40427 [ 2351.840442][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.840442][T10833] loop2: rw=524288, sector=86600, nr_sectors = 8 limit=40427 [ 2351.854255][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.854255][T10833] loop2: rw=524288, sector=86608, nr_sectors = 8 limit=40427 [ 2351.868052][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.868052][T10833] loop2: rw=524288, sector=86616, nr_sectors = 8 limit=40427 [ 2351.881845][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.881845][T10833] loop2: rw=524288, sector=86624, nr_sectors = 8 limit=40427 [ 2351.895648][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.895648][T10833] loop2: rw=524288, sector=86632, nr_sectors = 8 limit=40427 [ 2351.909434][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.909434][T10833] loop2: rw=524288, sector=86640, nr_sectors = 8 limit=40427 [ 2351.923319][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.923319][T10833] loop2: rw=524288, sector=86648, nr_sectors = 8 limit=40427 [ 2351.937125][T10833] syz.2.11195: attempt to access beyond end of device [ 2351.937125][T10833] loop2: rw=524288, sector=86656, nr_sectors = 8 limit=40427