last executing test programs: 47.733708597s ago: executing program 3 (id=2243): bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x5, 0x0, 0x9fd, 0x84}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$packet(0x11, 0x0, 0x300) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6(0xa, 0x3, 0xff) bind$inet6(r4, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c) r5 = dup2(r4, r4) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000940)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad1f50ad32d3fd25dfd73a015e0ca6a0f68a7d007f15451dfb265a0e3ccae669e173a64bc1cfd5587d452d64e7cc957d77578f4c25235138d5521f9453559c35da860e8efbc64e57cbb7aee976f2b54421eed73d5661ca3dbe74bd09de8793dbcceef76b2e5feecf9c66c54c3b3ffe1b4ce25d7c983c044c06cd0a48dfe3e26e7a23129d6606fd28a69989d552af6d9a9df2c3af36e0360050011bbecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f163d1a13ed38ae82f87925bfacba83109753f541cd027edd68149ee99eebc6f7d6dd4aed4af7588c8e1b44ccb19e810879b70a7000000e7ffffff00000000d7900a820b63278f4e9a217b98ef7042ad2a92895614cd50cbe43a1ed25268816b00000000000009d27d753a30a147b24a48435bd8a568669596e9e0867958e1dd7a0defb6670c06054002238260000000000040587c1ed797aa21a38e1e389f640a0b8b0000000000a835ad0f61ba73c31b05c00fba8a4aee676d7c45bb29671a68ee2e60da7b01a2e5785a238afa4aba70c07fcd95bf8b0d71b6f72d6a8d87fb08533d97ad96d3943c4cc8306dac433a5cdf334178b04963d67dd5a5707e618a1ef9057fec00f9e930219fa8d30e716de8cde9c60f0000000c3b64d10f0939b42b788daa7075fa542242b00f6bf9b64ad460e386b6f388351fbdacb3ad074574ee9d450f9dcfaef1be95ff3c449e6482e4403174618c20e887d6f320616d31d78a0e5421d5742cc52509fd90cf2df6d1404f6b8f810d7b94d421971b77a3270153a0d57cccfe27872f3e8e44480f93c33421986a7737842627301fb2fee8cabab074adaa2024ff57e609ba2f4d83b3bbf52309484532416f48f43b31395c6f45fee8f1682a4e8d5e3b9ae634ed24fb0e8b5fadaf5cb7eea62b7bb4264e72950c9dc791d771acc24c08cdb6ef24c813d082a86d9b879bdf5aefdfd905a2bd4ea36b0b54915a68fe149db154a8340017e1855511e9c0fe62d0cf55"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_open_dev$usbfs(0x0, 0x76, 0x141201) 44.600394043s ago: executing program 3 (id=2251): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x4, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="7a0a00ff0000fcffffffffffffff0000a400000000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x80) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) add_key(&(0x7f0000000440)='encrypted\x00', 0x0, &(0x7f0000000300)="3963f8b3cdf250ff7f768dec28829b223024fa538ab40a493823", 0x1a, 0xfffffffffffffffc) r3 = socket$tipc(0x1e, 0x5, 0x0) syz_io_uring_setup(0x0, 0x0, 0x0, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x2d) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r9, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="200000006800e97800000000000000000a0000000000000008000500", @ANYRES32=r10, @ANYBLOB="7e4ec61e071000a82657372000b2"], 0x20}}, 0x0) sendmsg$nl_route(r5, &(0x7f0000004380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="240000001800090400000000000000000a000000000000000000000008001e00010000009c1937e4846b738738bd22ab52c7bb47a23a59cb91012320a47a00f0cc3f592f0503921871024a69ab145b23ec89077541b4860463e084e75a9e9aee0007000000000000004605367ced785489f52ae60eaeaa969e4a7c5b29e79a"], 0x24}}, 0x0) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000370400"/20, @ANYRES32=r10, @ANYBLOB="92"], 0x20}}, 0x0) bind$tipc(r3, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x2, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r3, &(0x7f0000000280)={&(0x7f0000000140), 0x10, 0x0}, 0x0) 42.495119776s ago: executing program 3 (id=2256): socket$inet6_tcp(0xa, 0x1, 0x0) unshare(0x0) syz_emit_ethernet(0x7e, &(0x7f00000010c0)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @redirect={0x4, 0x0, 0x0, @empty, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32, 0x0, @private, @empty, {[@timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x0, [{@remote}]}, @timestamp_addr={0x44, 0x34, 0x0, 0x1, 0x0, [{@private}, {@broadcast}, {@dev}, {@private}, {@empty}, {@broadcast}]}]}}}}}}}, 0x0) 42.485615567s ago: executing program 3 (id=2257): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800083}, 0x10}, 0x90) ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0x40047451, 0x2000000c) 41.559495523s ago: executing program 3 (id=2261): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, &(0x7f00000006c0), 0xfe, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") creat(&(0x7f0000000e00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = socket(0x1e, 0x805, 0x0) sendmsg$tipc(r4, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) mount$incfs(0x0, 0x0, &(0x7f0000000100), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x1) link(&(0x7f0000001240)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') rename(&(0x7f0000000600)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') mount(0x0, 0x0, 0x0, 0x1000, 0x0) 41.004728288s ago: executing program 3 (id=2266): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f00000010c0)=ANY=[@ANYBLOB="b702000001000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f756436303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a83116752ddb11cfafffa3837841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc40700a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e30df414b315f651c8412392191fa83ee830548f11e1036a8debd64c490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cd17b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0544c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e1700000000000000000000000000000832b99df00000000000000005205000000dc1c56d19f35d367632952a93466ae595c6a8cb5ee3a7c9ef89edbdf42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf80300cd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9874620e322d9348900000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9bc7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2bca0f4557869ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e53addddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a35df8574eb49e972f7976eafee43a6c17009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54aba40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be206af7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b6059b9ef90c2f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c33f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217bcfd1ef24284de8a0a9f068f297037d6478c2434a9a18dcc6c7c708e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d6356e4450d043ed20d313cd56a56d2e4cdf26f19af9a41695a58a9b6b45af1ca939b18d7b57791b99cfc6ec2a0848c29fea4eb8b82395a38e8aca5ab4bfc2ad8acf2e51b766f8ecd16194ad41ec097082f7fa32179ef99dafa6c2aa206a25ddc33e6f0a09169eeff428c71f54e1dfcfcd7cfc8f6e169f11c47d5040000000000000000000000000000074f21ec2b57bb2daf8fab7cd564d1e84c93af254ab029e6cd168007b9a10a6664d9d264aceede0183b2306c440b2c81c9e120ece36a61b0b015ea6716decf8783e0845fa975b6e5f7f4dd4abe2a95e764ae13288d4439ec29066d9bc9f26212615423c3d8d58901a6b51a93c8aacb19c416d5260662031a295f2b33295a60db77b5f082bdc48cd06c6cd01e7a40e456d829d277c77c2ca9159c82a391a24d5f6193228d93e2fd99cd0cdeefa9b7c5ea02c5454ef4c6631e6766ffcba3cce4ab13c69622675683ab1f05edbb09641c9dba535b319a21a00287645449a61eefc00a2a8f6955d6573023325bc00ca0facb69d67c8b95e29b36c4a5f84a959262c382de9a411be7b9b500ca329e5eefcd323490eed4bcbcba4764618bf51a0849"], 0x0}, 0x90) socketpair(0x11, 0x2, 0x300, &(0x7f0000000000)) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001ac0)=ANY=[@ANYBLOB="b70200001a000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946e0ebc622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7b148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b74cd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f50714600fb6241c6e955031795b2c2f56411e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeedd005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd52364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000a5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f3390343c12aa51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff17320adda5867947257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d65a927de6f4c09f4b742e037381c85d2ec7bb2a8152f0d6a99a0370e0cbd65744eb2efd7b65f04aa7e72588757b9612bb4253a63bb303c0c68a07f115d104f2007237a4f771416741bfd63fdfe3ae6f8bea755d8b7202c2bbae137dc1c3cf40db74a4c1c219d8ddec8f91dae2cdea1353fe062830fa1d233296ec9d8317872257e154665485e7f31cdbfbf435517faf93015b57417d84b8bc8662e097d5ba55d02d48e1"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_encap(r3, 0x11, 0x64, &(0x7f0000000080)=0x1, 0x4) bind$inet6(r3, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0xe, &(0x7f0000000380)={[{@init_itable}, {@commit}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x3, 0x434, &(0x7f0000001cc0)="$eJzs289vFFUcAPDvzLZFKNiK+IOCWkVj44+WFlQOXjSaeNDERA94rG0hlYUaWhMhjVZj8GhIvBuPJv4FnvRi1JOJV70bEmJ6AT2tmd2ZdrvdLW3ZdtH9fJKB92be5n2/O/N238zrBtC1hrN/koj9EfF7RAzUqmsbDNf+u7m8OPX38uJUEpXKW38l1XY3lheniqbF6/rzykgakX6WxJEm/c5funxuslyeuZjXxxbOvz82f+nys7PnJ8/OnJ25MHHq1MkT4y88P/FcW/LMYrox9NHc0cOvvXP1janTV9/9+dukyL8hjzYZ3ujgE5VKm7vrrAN15aSng4GwJaWIyE5Xb3X8D0QpVk/eQLz6aUeDA3ZUpVKp9Lc+vFQB/seS6HQEQGcUX/TZ/W+x7dLU445w/aXaDVCW9818qx3piTRv09twf9tOwxFxeumfr7ItduY5BADAGt9n859nms3/0ri/rt3d+drQYETcExEHI+LeiDgUEfdFVNs+EBEPbrH/xkWS9fOf9Nq2EtukbP73Yr62tXb+V8z+YrCU1w5U8+9NzsyWZ47n78lI9O7J6uMb9PHDK7990epY/fwv27L+i7lgHse1nj1rXzM9uTB5OznXu/5JxFBPs/yTlZWAJCIOR8TQNvuYfeqbo62O3Tr/DbRhnanydcSTtfO/FA35F5KN1yfH7oryzPGx4qpY75dfr7zZqv/byr8NsvO/r+n1v5L/YFK/Xju/9T6u/PF5y3ua7V7/fcnb1XJfvu/DyYWFi+MRfcnrtaDr90+svraoF+2z/EeONR//B2P1nTgSEdlF/FBEPBwRj+SxPxoRj0XEsQ3y/+nlx9/bfv47K8t/ekvnf7XQF417mhdK5378bk2ng1vJPzv/J6ulkXzPZj7/NhPX9q5mAAAA+O9JI2J/JOnoSjlNR0drfy9/KPal5bn5hafPzH1wYbr2G4HB6E2LJ10Ddc9Dx/Pb+qI+0VA/kT83/rK0t1ofnZorT3c6eehy/S3Gf+bPUqejA3ac32tB9zL+oXsZ/9C9jH/oXk3G/95OxAHsvmbf/x93IA5g9zWMf8t+0EXc/0P3Mv6hexn/0JXm98atfySvoLCuEOkdEYbCDhU6/ckEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQHv8GAAD//5LX5s8=") creat(&(0x7f0000000040)='./bus\x00', 0x0) truncate(&(0x7f0000000340)='./file2\x00', 0x0) syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000240)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r4, &(0x7f00000003c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={0xffffffffffffffff, 0x2000, 0x0}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000140)=0x80000000, 0x12) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) syz_emit_ethernet(0x3f, &(0x7f0000000400)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x9, 0x11, 0x0, @remote, @mcast2, {[], {0x0, 0xe22, 0x9, 0x0, @opaque='B'}}}}}}, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e999000000000000000000000000000000000000000000000000c81e000100000000000000000000000000000000000000000a000080"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x188}, 0x1, 0x0, 0x0, 0xc048884}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0x38, 0x60000000, &(0x7f0000000100)="b9ff03316844268cb89e14f086dd65e0ffff00121100631177fbac141416e000030a44079f03fc80000000000000845013f2325f1a3988050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) recvmmsg(0xffffffffffffffff, &(0x7f0000002c80)=[{{0x0, 0x0, &(0x7f00000006c0)=[{0x0}, {&(0x7f0000000140)=""/180, 0xb4}, {0x0}], 0x3}}], 0x1, 0x0, 0x0) write$binfmt_aout(r1, &(0x7f0000002f40)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100"/282], 0x120) 10.442049774s ago: executing program 2 (id=2378): bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYRES8=r2], 0x1, 0x217, &(0x7f00000004c0)="$eJzs3TFrE2EYB/CnttVSkGQQiiJ44uIUmop7ilQQA4qSQSeLTVGaWDAQ0KF180voV9DRVXAQV7+ACFIFF7t1ECL1YmNrYiM1OTG/35KH3Pu/e95LyEuGvLl1sr6ytNpY3tzciKmpsZgoRSm2xiIfh2I8Uo8CAPifbLVa8aWVyroXAGA4rP8AMHr6XP+vDrElAGDAfP8HgNFz/cbNy/Pl8sK1JJmKqD9uVpqV9DE9Pr8cd6MW1ZiNXHyNaO1I64uXyguzybaP+ajU19v59WZlfHe+GLnId88Xk9Tu/GRMt/PvpqMac5GLY93zc13zh+PsmZ+uX4hcvL0dq1GLpdjOdvJrxSS5cKW8J3/k+zgAAAAAAAAAAAAAAAAAAAAAABiEQrKj6/49hUKv42m+//2B9u7PMxEnJrKdOwAAAAAAAAAAAAAAAAAAAPwrGg8erizWatX7vyvuvXn2ar8xfRZj7ese9DwHL46e/vCk15jxP7s/f7d4eSrL29Jn8XrjzvFzjZnzmbUxGRG/PtPzrfU5FzGgfp5n+lr8mPW+g2eelhZfrL3/1O+Zh/5RBAAAAAAAAAAAAAAAAAAAI6/zo9+sOwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA7HT+/39wRdZzBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbwEAAP//uSidyw==") r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r3, @ANYBLOB, @ANYRES8=r0, @ANYRES8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r5 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket(0x10, 0x803, 0x0) getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffff00f687000000", @ANYRES32=r9, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=@newqdisc={0x6c, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x40, 0x2, [@TCA_TBF_PBURST={0x8, 0x7, 0x1cdf}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x81}}, @TCA_TBF_PRATE64={0xc, 0x5, 0xcb59372f370e8465}]}}]}, 0x6c}}, 0x0) 8.521159101s ago: executing program 0 (id=2382): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$FUSE(r0, 0x0, 0x0) 8.520621362s ago: executing program 1 (id=2383): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000013007b8af8ff00000000bfa200000000000007020000fbffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000540)='inet_sock_set_state\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000540)='inet_sock_set_state\x00', r2}, 0x10) r3 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) 8.519913981s ago: executing program 2 (id=2384): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_QUERY(0x9, &(0x7f0000000280)={@cgroup=r0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 8.519202361s ago: executing program 4 (id=2385): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000040)={[{@journal_ioprio={'journal_ioprio', 0x3d, 0x5}}, {@journal_dev={'journal_dev', 0x3d, 0x8000}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@minixdf}, {@resgid}, {@grpquota}, {@usrjquota}]}, 0x3, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r0, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0}) 8.502358263s ago: executing program 2 (id=2386): r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x1) recvmmsg(r2, &(0x7f0000000740)=[{{&(0x7f00000005c0)=@tipc, 0x80, &(0x7f0000000400)=[{&(0x7f0000001740)=""/4096, 0x1000}, {&(0x7f0000000640)=""/251, 0xfb}], 0x2}}], 0x40002db, 0x2, 0x0) ftruncate(0xffffffffffffffff, 0x800) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x19, &(0x7f0000000440)=0x808, 0x4) ioctl$int_in(r4, 0x5452, &(0x7f0000000040)=0x401) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r4, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$sock_int(r4, 0x1, 0x7, &(0x7f0000002180), 0x4) sendto$inet(r4, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(0xffffffffffffffff, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000c00)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00002cbd7000fbdbdf251b0000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00400000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00040000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b0002000000080001007063690011000200303030303a30303a31302e300000000008000b00000000000e0001006e657464657673696d0000000f0002006e657464657673696d30000008000b00ffffffff"], 0xd8}, 0x1, 0x0, 0x0, 0x20004000}, 0x40040) recvmsg(r4, &(0x7f00000033c0)={&(0x7f00000003c0)=@ethernet={0x0, @dev}, 0x80, &(0x7f0000002040)=[{&(0x7f0000000080)=""/49, 0x31}, {&(0x7f0000000f80)=""/4096, 0xffffffe1}, {0x0}, {&(0x7f0000000100)=""/102, 0x66}, {&(0x7f00000021c0)=""/4096, 0x1000}], 0x5, &(0x7f0000001f80)=""/178, 0xb2}, 0x120) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113140000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000160300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef134f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a08890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00'}, 0x48) 8.491331784s ago: executing program 0 (id=2395): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, 0x0}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x4, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0) openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) socket(0x1, 0x5, 0x0) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TCFLSH(r6, 0x400455c8, 0x0) bind$bt_hci(r5, &(0x7f0000000140), 0x6) ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000002c0)) ioctl$sock_bt_hci(r5, 0x800448d7, 0x0) 8.409522371s ago: executing program 1 (id=2387): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP") r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0) pwritev2(r0, &(0x7f0000022e80)=[{&(0x7f0000000240)="8a", 0x1}], 0x1, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0) r1 = creat(&(0x7f0000000000)='./bus\x00', 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r1, 0xf501, 0x0) r2 = creat(&(0x7f0000000300)='./bus\x00', 0x0) write$binfmt_elf64(r2, &(0x7f0000000000)=ANY=[], 0x7168) 5.408830806s ago: executing program 0 (id=2388): socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0) getsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000180)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x2}) ioctl$TUNSETLINK(r5, 0x400454cd, 0x30a) ioctl$TUNSETLINK(r5, 0x400454cd, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000020000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_emit_ethernet(0x66, &(0x7f0000000780)={@broadcast, @random="6487a2bed3d6", @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x6c, 0x0, @private}}}}}, 0x0) 5.407949616s ago: executing program 1 (id=2389): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004bc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=ANY=[@ANYBLOB="020a000002"], 0x10}}, 0x0) 5.407255146s ago: executing program 2 (id=2390): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, &(0x7f000000b000)={0x77359400}, &(0x7f0000048000), 0x0) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001a80)=[{{&(0x7f0000000000)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000240)=""/118, 0x76}}], 0x1, 0x2, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2265640, 0x0, 0x0, 0x0, &(0x7f0000000000)) bpf$MAP_CREATE(0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) 5.406697756s ago: executing program 4 (id=2391): syz_read_part_table(0x5fd, &(0x7f0000000d00)="$eJzs2z9olGccB/DvxVzOP9B0cHKpcegkFMXRDFWSU7EQTqUQHLS1iJgpQuCkhwc6tBkUM0jHLlK4ReNkzOBQFIXORRxahAwuBV2kdshbrvc2rfaPR8kNxc9n+T338rvn+/zgWZ/wvzaUarkqar+VDz751/5i9I91O8c6E5MHi6IojiaVHE81Y9++s5hkOK/umh1JRv60z/WvNy9/+fxAtfP4yIv3T9ybH1rbs5Z3k2wZeePRa/1PyaDcGL8/evHSbP1y90e9tbL6cXLz2URj6fD8wuKh6v5T3e8Xkgdlf+9ibMq5NHM+Z3Ny+L+kVl7Jb3fzm+NnHtVbK191nuxa3Vbv3D699+X25St3dydz3Yip1/6XN9+vvqzNX+bPjV2dXmjt23lr67U9zTsPG083/Fz0lJHV9ckFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAwbozfH714abZ+uTl+5lG9tfLF9999dPPZRGPp8PzC4qGR/afKvgdlHS7ruTRzPmdzMjOZyWeZ7T9yuvKP+b9sTp7sWt1W79w+vffl5PKVu7vLvqn1GPZvvD7/3NjV6YXWvp23tl7b07zzsPF0Q69vppZPU+2tawM6CwAAAAAAAAAAAAAAAAAAAG+vicmD26c+bBxNKjm+MclPnw91vxflI/ff3+rvKOsPtWRTkusbk/bzA9XO4yMvRk7cm/+x7G+nlnaSLd8sHUveW8u58JfkyqBHow+/BgAA//8hVpWc") sendmsg$unix(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000680)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000002000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r2 = open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0) preadv2(r2, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x0) 5.330373433s ago: executing program 1 (id=2392): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) 3.014103773s ago: executing program 0 (id=2393): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000080850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x10) quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0xffffffff80000200, 0x0, 0x0) 3.013521852s ago: executing program 1 (id=2394): r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x2b57ff64}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x58, &(0x7f00000002c0)=0x2) socket$nl_route(0x10, 0x3, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r4}, 0x10) mkdirat(0xffffffffffffff9c, 0x0, 0x0) r5 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000200)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x6128, '\x00', 0x0, 0xffffffffffffffff, 0x5}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x5, 0x2, 0x0, r5, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf84}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) r6 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$incfs(r6, &(0x7f0000000100)='.log\x00', 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_TDLS_MGMT(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x110, r0, 0xfeb, 0x0, 0x0, {{0x15}, {@val={0x8}, @void}}, [@NL80211_ATTR_TDLS_INITIATOR={0x4}, @NL80211_ATTR_IE={0xd7, 0x2a, [@random={0x0, 0x98, "58169718a740cbdabe7615915ba0ccdb32ffe5107e0c12216f7af1e47843e7e5d993539a050eb7f723579f3fd462161b1c958d0a1967b83f7a594d647d0ffafe093ea9ff0f7e66129a650deb12e9fc4f5273ccbd5d120deb29b6211510e15eff05283dec25963228e7f559f0e01e026569e4616aa6a1f358288125976d75cce76467a6bb610cbea04447bc843aa27548fdfc763368828c09"}, @mesh_config={0x71, 0x7}, @rann={0x7e, 0x15}, @channel_switch={0x25, 0x3}, @link_id={0x65, 0x12, {@initial, @device_a, @broadcast}}]}, @NL80211_ATTR_STATUS_CODE={0x6}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}, @NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8}]}, 0x110}}, 0x0) 3.013181283s ago: executing program 2 (id=2396): prlimit64(0x0, 0x0, &(0x7f0000000140)={0x0, 0x89}, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x4e, &(0x7f0000000040)=0x5) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000540)={[{@test_dummy_encryption}]}, 0x1, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=") socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000df0fcddd3f3067c300000000000000000000000000000000000000000000000000ffff6446070afff6000000000000200000000000000000000000000000000000000000000000000000050000"], 0xb8}}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000150001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000008000"/103], 0xb8}}, 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mmap(&(0x7f0000a82000/0x4000)=nil, 0x4000, 0x0, 0x8031, 0xffffffffffffffff, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'bridge_slave_1\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x40000, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="5400000010000104000000000200000000000000", @ANYRES32=r8, @ANYBLOB="0000faffffff000034001280110001006272696467655f736c617665000000001c000580050021000000000006001f0000000000080022"], 0x54}}, 0x0) 3.012640803s ago: executing program 4 (id=2403): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000010000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10) rt_sigpending(0x0, 0x0) 2.990659634s ago: executing program 0 (id=2397): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x3, &(0x7f0000000000)=ANY=[@ANYRES16], &(0x7f0000000480)='syzkaller\x00'}, 0x90) r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x40, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000540)='./file2\x00', 0x808d, &(0x7f00000000c0), 0xfe, 0x504, &(0x7f0000000a80)="$eJzs3c9vG1kdAPDvTOJukmZxFjgsK7Gs2EVJBHWSDd2NOCwgITitBCz3EhI3iuLEVeLsNtEKUvUPQEIIkLjAiQsSfwAI9cQZIVWCOwIEQtDCgUNhkO1xmho7cVX/QM7nI73OD9v5fl/ceZ733sQTwKX1SkQsRESWZdliRBTz/Wle4qRZ6s97+OD9jXpJIsve+VsSSXPfTOtnPZcvr+Yvm4qIr34p4hvJ/8Y9ODreWa9Uyvv59lJtN3mUZcfXtnfXt8pb5b3V1ZU31t5cu7623Jd6zkXEW1/40/e+/ZMvvvXLT733+xt/Wfhms4JN9Xr1JVCbZtULjd9Fy2RE7A8i2IhMNmrYdH3EuQAAcL76+f4HI+LjEbEYxZhonM0BAAAA4yT77Gw8SprzfwAAAMB4SiNiNpK01LyMM2YjTUul5jW8H46ZtFI9qH0yK56OF8xFIb25XSkv59cOzEUhqW+v5NfYtrZfb9tejYgXIuK7xenGdmmjWtkc5cAHAAAAXCJXH/f/G38O+89is/8PAAAAjJm5UScAAAAADJz+PwAAAIw//X8AAAAYa19+++16yVr3v9589+hwp/rutc3ywU5p93CjtFHdv1Xaqla3Gt/Zt3vRz6tUq7c+HXuHt5dq5YPa0sHR8Y3d6uFe7cb2E7fABgAAAIbohY/d+10SESefmU5b+67ky0JENnH2yZNDTw8YoLR9x3mjdH8cbC7AcE2MOgFgZJ76lP5XvxhMIsDQFUadADByF7UDXYcFft3/XAAAgMGY/8jp/H+jxJn5/2SkmQGDls//J451uHzM/8Pl1cv83+LdISQCDF3hvDMAnQIYe2kPh/qzz/9n2VMlBQAA9N1soyRpKe8HzEaalkoRzzduC1BIbm5XyssR8YGI+G2x8Fx9e6XxysTwAAAAAAAAAAAAAAAAAAAAAAAAAAD0KMuSyAAAAICxFpH+Ocnv/zVffG22fXzgSvKvYmMZEe/98J3v316v1fZX6vv/frq/9oN8/+ujGMEAAAAA2rX66a1+PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD008MH72+0yjDj/vXzETHXKf5kTDWWU1GIiJl/JDF55nVJREz0If7JnYh4sVP8pJ5WzOVZtMdPI2J6xPGv9iE+XGb36u3P5zodf2m80lh2Pv4m8/Ksurd/6Wn7N9Gl/Xu+xxgv3f/ZUtf4dyJemuzc/rTiJ13iv9pj/K9/7fi422PZjyPmO37+JE/EWqrt3lo6ODq+tr27vlXeKu+trq68sfbm2vW15aWb25Vy/m/HGN/56M//c179Z7rEn7ug/q/1WP9/37/94EPN1ULbQ4X4UZYtvNr5/X+x+RtqOBu/9dn3ifxzoL4931o/aa6f9fJPf/PyefXf7FL/i97/hR7rv/iVu3/o8akAwBAcHB3vrFcq5f1xW7ny/5GGlfrKdAwx6Hp0fijN/8sPre7fygMOI9ZU32ONqEECAAAG5vFJfz6BAAAAAAAAAAAAAAAAAAAAAAzdRV8DFn34OrH2mCejqSoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwLn+GwAA//+6zNbf") prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x2, 0x2004, 0x5}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r4, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe50, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) r7 = syz_open_procfs$namespace(0x0, 0x0) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000480)={@cgroup=r7, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="4c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0010000000000000240012800b000100697036"], 0x4c}}, 0x0) r9 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_GROUP_ADD(r9, 0xc0185879, &(0x7f0000000680)={0x3c9, 0x1000, 0x8b, 0x0, 0x0, 0xfff8, 0x2401}) ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000080)=0x81) prctl$PR_SCHED_CORE(0x3e, 0x4, 0x0, 0x3, &(0x7f0000000340)) openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x480, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'tunl0\x00', &(0x7f0000000100)={'syztnl0\x00', 0x0, 0x8000, 0x701, 0x5, 0x6, {{0x26, 0x4, 0x1, 0x3d, 0x98, 0x65, 0x0, 0x1, 0x4, 0x0, @multicast2, @broadcast, {[@ra={0x94, 0x4, 0x1}, @lsrr={0x83, 0x1b, 0xcc, [@rand_addr=0x64010100, @multicast1, @private=0xa010101, @remote, @empty, @local]}, @rr={0x7, 0x3, 0x78}, @lsrr={0x83, 0x7, 0xee, [@remote]}, @lsrr={0x83, 0x23, 0x2a, [@empty, @remote, @rand_addr=0x64010101, @initdev={0xac, 0x1e, 0x0, 0x0}, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @local, @local]}, @lsrr={0x83, 0xb, 0x9d, [@private=0xa010102, @private=0xa010100]}, @generic={0x94, 0x11, "b1a10cd6bc87b3693990d8a1b1dd29"}, @lsrr={0x83, 0x7, 0x9d, [@multicast2]}, @rr={0x7, 0xf, 0xfd, [@broadcast, @private=0xa010102, @remote]}, @ra={0x94, 0x4}]}}}}}) 2.990453705s ago: executing program 4 (id=2398): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) socket$inet_tcp(0x2, 0x1, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x2001, 0x0) clock_adjtime(0xffffffd3, &(0x7f0000000340)={0x6, 0x0, 0xfffffffffffffffd}) 2.960098877s ago: executing program 4 (id=2399): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000040)={0x3, 0x4}) 2.187654s ago: executing program 4 (id=2400): r0 = syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000001100)='./file1\x00', 0x3014490, &(0x7f0000000100), 0x45, 0x7ce, &(0x7f0000000500)="$eJzs3c9rHNcdAPDvrFY/7VYqlLYuFBYKrcF4Vbmq3UKhKj2UQg2G5JRDbLFaC0crrdGujCVEYhMCuQSSkFty8Tk/LyHX/IDkkvwfwcZJZBOHHILC7A9pJe/aK0faje3PB8Z6b+fNvPfdN/P2STOeDeCxlUv/yUQciYiXk4jxxutJRAzWUtmImXq5OxvrhXRJYnPzia+TWpnbG+uFaNkmdaiR+V1EfPxCxLHM3fVWVtcWZkul4vKObVfXjl9YnJ0vzheXTk5NT5849bdTJ/cv1m+/WDt845X//vmdme+f/+27L32SxEwcTuOr2Y5jv+Qi14hrMH0Ld/jPflfWN+8/20WhTMTmZj2ZPegGsQfpqTnQ6JUjMR4D9+qf0V62DAA4KM9FOjPrYKDjGgDgoZbUP///1e92AAC90vw7wO2N9UJz6e9fJHrr5r8jYqQef/P6Zn1NtnHNbqR2HXTsdrLjykgSERP7UH8uIt744Om30iV2XU8FOEhXrkbEuYncjvF/IGoj3O57FvbqL+1fnm/N5HatNP5B73yYzn/+3m7+l9ma/0Sb+c9wm3P3Qdz//M9c34dqOkrnf/9subftTkv8DRMDjdwvanO+weT8hVIxHdt+GRFHY3A4zU/Vy7a9Q+borR9udaq/df73zavPvJnWn/7cLpG5nh3euc3cbHX2p8bddPNqxO+z7eJPx//hWv8nHea/Z7qs43//ePH1TuvS+NN4m8vd8R+szWsRf2rb/8lWmTQ1WV28OFlpd3/iZO1wmGweFG28NxNjnerPZbf7P13S+pu/C/RC2v9j945/Imm9X7PS9a63zoXPr41/1KlQ6/HfPv72x/9Q8mQtPdR47fJstbo8FTGU/P/u109sb9vMN8un8R/9Y/vzvzn+tTn+n0r3f67LNyJ746u3Hzz+g5XGP7en/t9zIkbuLAx0qr+7/p/esU0341+3DXzQ9w0AAAAAAAAAAAAAAAAAAAAAAAAA9iITEYcjyeS30plMPl//Du9fx1imVK5Uj50vryzNpetqzz/NNB91Od7yPNSpxvPwm/kTu/J/jYhfRcRrw6O1fL5QLs31O3gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaDjU4fv/U18O7yo80I8WAgAHYsQHOwA8bpJstt9NAAB6baTrkrmIGD3QtgAAvdH95z8A8Kjo/PnvwgAAPKru8/v/7v8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHt15vTpdNn8bmO9kObnLq2uLJQvHZ8rVhbyiyuFfKG8fDE/Xy7Pl4r5Qnkxsh12dKX+o1QuX5yOpZXLk9VipTpZWV07u1heWaqevbA4O188WxzsYWwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0K3K6trC5nipuJwmZksSPU4sfFbvh59LeyT2logr9f7b1z1/evIPv0l32tcAY2h7lBjty9gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DD4MQAA//+KvR+l") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r2, 0x8004587d, &(0x7f0000000080)={0x0, r2, 0x9, 0xa, 0x10, 0x8}) sendfile(r0, r1, 0x0, 0x95) 1.21019ms ago: executing program 0 (id=2401): syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f00000003c0)='./bus\x00') mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000c40)=ANY=[], 0x1, 0x0, 0x0) rmdir(&(0x7f00000002c0)='./file1\x00') 709.17µs ago: executing program 1 (id=2402): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x58, 0x3, 0x1, 0x201, 0x0, 0x0, {0xa}, [@CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x500}, @CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x2}]}, @CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @multicast1}}, {0x14, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}]}]}, 0x58}}, 0x0) 0s ago: executing program 2 (id=2404): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x12, r0, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r1, 0x29, 0x41, &(0x7f0000000fc0)={'filter\x00', 0x2, [{}, {}]}, 0x48) kernel console output (not intermixed with test programs): nal xattr inode [ 374.821200][ T7167] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.2015: couldn't read orphan inode 12 (err -117) [ 374.835030][ T7167] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 374.934167][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 374.959050][ T6517] EXT4-fs (loop4): unmounting filesystem. [ 375.940186][ T6590] EXT4-fs (loop3): unmounting filesystem. [ 376.084343][ T24] usb 2-1: New USB device found, idVendor=1a0a, idProduct=0103, bcdDevice=ad.1d [ 376.093374][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 376.101444][ T24] usb 2-1: Product: syz [ 376.105693][ T24] usb 2-1: Manufacturer: syz [ 376.110131][ T24] usb 2-1: SerialNumber: syz [ 376.119303][ T24] usb 2-1: config 0 descriptor?? [ 376.161621][ T24] usb_ehset_test: probe of 2-1:0.0 failed with error -32 [ 376.233831][ T19] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 376.381767][ T24] usb 2-1: USB disconnect, device number 44 [ 377.521790][ T7202] loop3: detected capacity change from 0 to 2048 [ 377.531701][ T7202] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 63 [ 377.888175][ T28] kauditd_printk_skb: 83 callbacks suppressed [ 377.888191][ T28] audit: type=1400 audit(2000000120.051:2132): avc: denied { create } for pid=7203 comm="syz.2.2025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 377.952305][ T7211] syz.4.2029[7211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.952381][ T7211] syz.4.2029[7211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 377.977282][ T7211] syz.4.2029[7211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 378.000440][ T7206] mmap: syz.2.2025 (7206) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 378.004442][ T19] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 378.033523][ T7211] syz.4.2029[7211] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 378.058118][ T7215] loop4: detected capacity change from 0 to 512 [ 378.081729][ T19] usb 1-1: can't read configurations, error -71 [ 378.240881][ T7215] EXT4-fs (loop4): 1 orphan inode deleted [ 378.246519][ T7215] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 378.255477][ T7215] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038 (0x7fffffff) [ 378.360860][ T7225] device pim6reg1 entered promiscuous mode [ 378.387779][ T24] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 378.476481][ T28] audit: type=1400 audit(2000000120.603:2133): avc: denied { setopt } for pid=7203 comm="syz.2.2025" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 378.511535][ T6517] EXT4-fs (loop4): unmounting filesystem. [ 378.584468][ T28] audit: type=1400 audit(2000000120.697:2134): avc: denied { write } for pid=7230 comm="syz.4.2033" name="nf_conntrack" dev="proc" ino=4026533045 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 378.603545][ T7231] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 378.632152][ T7231] loop4: detected capacity change from 0 to 512 [ 378.656488][ T7231] Quota error (device loop4): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 378.666347][ T7231] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 378.676345][ T7231] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.2033: Failed to acquire dquot type 1 [ 378.692662][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 378.697802][ T7231] EXT4-fs (loop4): 1 truncate cleaned up [ 378.703629][ T7231] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 378.712389][ T7231] ext4 filesystem being mounted at /39/file0 supports timestamps until 2038 (0x7fffffff) [ 378.731068][ T7231] Quota error (device loop4): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 378.740928][ T7231] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 378.750922][ T7231] EXT4-fs error (device loop4): ext4_acquire_dquot:6764: comm syz.4.2033: Failed to acquire dquot type 1 [ 378.770011][ T6517] EXT4-fs (loop4): unmounting filesystem. [ 378.842469][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.865300][ T7237] loop4: detected capacity change from 0 to 1024 [ 378.880303][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.887694][ T7237] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 378.899501][ T24] usb 4-1: New USB device found, idVendor=17ef, idProduct=6009, bcdDevice= 0.00 [ 378.912937][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.971348][ T28] audit: type=1400 audit(2000000121.062:2135): avc: denied { map } for pid=7236 comm="syz.4.2034" path="/40/file1/bus" dev="loop4" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 378.984293][ T24] usb 4-1: config 0 descriptor?? [ 379.015673][ T6517] EXT4-fs (loop4): unmounting filesystem. [ 379.021531][ T28] audit: type=1400 audit(2000000121.062:2136): avc: denied { remove_name } for pid=7236 comm="syz.4.2034" name="file2" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 379.042438][ T7249] loop0: detected capacity change from 0 to 128 [ 379.057176][ T7251] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2040'. [ 379.065910][ T28] audit: type=1400 audit(2000000121.062:2137): avc: denied { rename } for pid=7236 comm="syz.4.2034" name="file2" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 379.348558][ T7255] loop4: detected capacity change from 0 to 16 [ 379.362068][ T7255] erofs: (device loop4): mounted with root inode @ nid 36. [ 379.408945][ T667] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 379.506314][ T24] lenovo 0003:17EF:6009.0050: item fetching failed at offset 1/5 [ 379.513984][ T24] lenovo 0003:17EF:6009.0050: hid_parse failed [ 379.519971][ T24] lenovo: probe of 0003:17EF:6009.0050 failed with error -22 [ 379.665496][ T667] usb 2-1: Using ep0 maxpacket: 8 [ 379.739765][ T19] usb 4-1: USB disconnect, device number 40 [ 379.793847][ T667] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 379.805260][ T667] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 379.816104][ T667] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 379.833293][ T667] usb 2-1: New USB device found, idVendor=1b96, idProduct=0010, bcdDevice= 0.00 [ 379.844255][ T667] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.874912][ T667] usb 2-1: config 0 descriptor?? [ 380.227556][ T7278] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2049'. [ 380.611149][ T667] ntrig 0003:1B96:0010.0051: item fetching failed at offset 5/7 [ 380.620616][ T667] ntrig 0003:1B96:0010.0051: parse failed [ 380.626221][ T667] ntrig: probe of 0003:1B96:0010.0051 failed with error -22 [ 380.663052][ T24] usb 2-1: USB disconnect, device number 45 [ 380.766650][ T19] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 380.910235][ T7294] loop0: detected capacity change from 0 to 256 [ 380.922743][ T7294] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 381.023216][ T19] usb 5-1: Using ep0 maxpacket: 16 [ 381.686081][ T19] usb 5-1: config 0 has no interfaces? [ 382.188541][ T24] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 382.399829][ T7314] loop0: detected capacity change from 0 to 1024 [ 382.434603][ T19] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 382.452933][ T19] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.461775][ T19] usb 5-1: Product: syz [ 382.462680][ T7314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 382.465978][ T19] usb 5-1: Manufacturer: syz [ 382.481162][ T19] usb 5-1: SerialNumber: syz [ 382.487850][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 382.588417][ T19] r8152-cfgselector 5-1: config 0 descriptor?? [ 382.638776][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 382.658998][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 382.673700][ T24] usb 4-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 382.688446][ T7320] device wireguard0 entered promiscuous mode [ 382.706243][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.721954][ T24] usb 4-1: config 0 descriptor?? [ 382.873659][ T8] usb 5-1: config 0 descriptor?? [ 382.900516][ T7329] xt_hashlimit: Unknown mode mask FF0, kernel too old? [ 382.917655][ T7107] EXT4-fs (loop0): unmounting filesystem. [ 383.002217][ T7335] loop0: detected capacity change from 0 to 16 [ 383.008691][ T7335] erofs: (device loop0): mounted with root inode @ nid 36. [ 383.017252][ T7335] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 383.026710][ T7335] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117] [ 383.035875][ T7335] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 383.045124][ T7335] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117] [ 383.053631][ T7335] erofs: (device loop0): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 383.054464][ T401] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 383.062953][ T7335] erofs: (device loop0): z_erofs_read_folio: failed to read, err [-117] [ 383.095866][ T667] usb 5-1: USB disconnect, device number 38 [ 383.101660][ T8] usb 5-1: can't set config #0, error -71 [ 383.193163][ T7341] loop1: detected capacity change from 0 to 512 [ 383.199835][ T7341] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 383.211316][ T7341] EXT4-fs (loop1): 1 truncate cleaned up [ 383.216964][ T7341] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 383.278481][ T24] saitek 0003:06A3:0CCD.0052: unknown main item tag 0x0 [ 383.285791][ T24] saitek 0003:06A3:0CCD.0052: unknown main item tag 0x0 [ 383.292734][ T24] saitek 0003:06A3:0CCD.0052: item fetching failed at offset 2/11 [ 383.301254][ T24] saitek 0003:06A3:0CCD.0052: parse failed [ 383.306942][ T24] saitek: probe of 0003:06A3:0CCD.0052 failed with error -22 [ 383.344364][ T401] usb 3-1: Using ep0 maxpacket: 16 [ 383.988114][ T28] kauditd_printk_skb: 36 callbacks suppressed [ 383.988149][ T28] audit: type=1400 audit(2000000125.757:2174): avc: denied { mounton } for pid=7340 comm="syz.1.2066" path="/106/file1/file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 384.093652][ T39] usb 4-1: USB disconnect, device number 41 [ 384.222520][ T28] audit: type=1400 audit(2000000125.813:2175): avc: denied { mounton } for pid=7340 comm="syz.1.2066" path="/106/file1/file0" dev="incremental-fs" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 384.225133][ T401] usb 3-1: config 0 has no interfaces? [ 384.246709][ T28] audit: type=1400 audit(2000000125.823:2176): avc: denied { write } for pid=7340 comm="syz.1.2066" path="/106/file1/file0/file0" dev="incremental-fs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 384.277342][ T5595] EXT4-fs (loop1): unmounting filesystem. [ 384.301137][ T7355] loop1: detected capacity change from 0 to 1024 [ 384.308642][ T7355] EXT4-fs: Ignoring removed orlov option [ 384.314367][ T7355] EXT4-fs (loop1): Test dummy encryption mode enabled [ 384.321251][ T28] audit: type=1400 audit(2000000125.832:2177): avc: denied { append } for pid=7340 comm="syz.1.2066" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 384.344788][ T28] audit: type=1400 audit(2000000126.010:2178): avc: denied { rmdir } for pid=7340 comm="syz.1.2066" name=".index" dev="loop1" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 384.346158][ T7355] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 384.402781][ T28] audit: type=1400 audit(2000000126.150:2179): avc: denied { unlink } for pid=7354 comm="syz.1.2069" name="file0" dev="loop1" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 384.449911][ T7357] loop0: detected capacity change from 0 to 40427 [ 384.460088][ T5595] EXT4-fs (loop1): unmounting filesystem. [ 384.465757][ T401] usb 3-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40 [ 384.474668][ T7357] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 384.480839][ T401] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.488663][ T7357] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 384.497046][ T401] usb 3-1: Product: syz [ 384.501314][ T401] usb 3-1: Manufacturer: syz [ 384.505714][ T401] usb 3-1: SerialNumber: syz [ 384.510799][ T401] usb 3-1: config 0 descriptor?? [ 384.519218][ T7357] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 384.549846][ T7357] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 384.556822][ T7357] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 384.828312][ T7370] syz.0.2070: attempt to access beyond end of device [ 384.828312][ T7370] loop0: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 384.858597][ T7370] syz.0.2070: attempt to access beyond end of device [ 384.858597][ T7370] loop0: rw=2049, sector=53256, nr_sectors = 64 limit=40427 [ 384.920600][ T28] audit: type=1400 audit(2000000126.627:2180): avc: denied { write } for pid=7364 comm="syz.1.2083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 384.943139][ T7371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2083'. [ 384.994332][ T28] audit: type=1400 audit(2000000126.646:2181): avc: denied { nlmsg_write } for pid=7364 comm="syz.1.2083" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 385.023585][ T7372] loop1: detected capacity change from 0 to 256 [ 385.289211][ T7107] syz-executor: attempt to access beyond end of device [ 385.289211][ T7107] loop0: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 385.405766][ T7378] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 386.198683][ T7383] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT [ 386.450247][ T28] audit: type=1400 audit(2000000128.058:2182): avc: denied { write } for pid=7359 comm="syz.4.2071" name="001" dev="devtmpfs" ino=165 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 386.510547][ T7367] netlink: 'syz.4.2071': attribute type 3 has an invalid length. [ 386.518213][ T7367] netlink: 'syz.4.2071': attribute type 3 has an invalid length. [ 386.752003][ T7390] loop4: detected capacity change from 0 to 2048 [ 386.797147][ T7390] loop4: p1 < > p4 [ 386.806950][ T7390] loop4: p4 size 8388608 extends beyond EOD, truncated [ 386.826881][ T28] audit: type=1400 audit(2000000128.414:2183): avc: denied { mounton } for pid=7389 comm="syz.4.2076" path="/47/bus" dev="tmpfs" ino=278 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 386.881861][ T6945] udevd[6945]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 386.882033][ T6944] udevd[6944]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 386.961116][ T7401] loop3: detected capacity change from 0 to 512 [ 386.971189][ T7401] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 386.984520][ T7401] EXT4-fs (loop3): 1 truncate cleaned up [ 386.998026][ T7401] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 387.033746][ T425] usb 3-1: USB disconnect, device number 38 [ 387.202509][ T312] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 388.211544][ T29] INFO: task syz.2.617:2523 blocked for more than 228 seconds. [ 388.220798][ T7420] incfs: Can't find or create .incomplete dir in ./file0 [ 388.231470][ T7420] incfs: mount failed -17 [ 388.250800][ T7427] loop1: detected capacity change from 0 to 128 [ 388.379449][ T29] Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 388.388074][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 388.396600][ T29] task:syz.2.617 state:D stack:24504 pid:2523 ppid:1862 flags:0x00004004 [ 388.405932][ T29] Call Trace: [ 388.409014][ T29] [ 388.411840][ T29] __schedule+0xca7/0x1550 [ 388.416092][ T29] ? release_firmware_map_entry+0x191/0x191 [ 388.421790][ T29] ? blk_check_plugged+0x260/0x260 [ 388.426728][ T29] ? __kasan_check_write+0x14/0x20 [ 388.431657][ T29] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 388.436622][ T29] schedule+0xc3/0x180 [ 388.440525][ T29] io_schedule+0x8f/0x120 [ 388.444682][ T29] folio_wait_bit_common+0x847/0xb80 [ 388.449793][ T29] ? folio_wait_bit+0x30/0x30 [ 388.454318][ T29] ? erofs_map_dev+0x6c4/0x7e0 [ 388.458907][ T29] ? migration_entry_wait_on_locked+0x860/0x860 [ 388.465139][ T29] ? __kasan_check_write+0x14/0x20 [ 388.470084][ T29] ? _raw_spin_lock+0xa4/0x1b0 [ 388.474708][ T29] ? _raw_spin_trylock_bh+0x190/0x190 [ 388.479892][ T29] __folio_lock+0x1e/0x30 [ 388.484055][ T29] z_erofs_runqueue+0xafa/0x1a40 [ 388.488877][ T29] ? __kasan_check_write+0x14/0x20 [ 388.493820][ T29] ? z_erofs_do_read_page+0x3b70/0x3b70 [ 388.499183][ T29] ? __mutex_lock_slowpath+0x10/0x10 [ 388.504282][ T29] z_erofs_readahead+0x8e2/0xbb0 [ 388.509068][ T29] ? z_erofs_read_folio+0x5f0/0x5f0 [ 388.514089][ T29] ? memset+0x35/0x40 [ 388.517926][ T29] ? blk_start_plug+0x9c/0x130 [ 388.522507][ T29] read_pages+0x1be/0xd40 [ 388.526670][ T29] ? workingset_activation+0x430/0x430 [ 388.531981][ T29] ? folio_add_lru+0x280/0x3f0 [ 388.536564][ T29] ? page_cache_ra_unbounded+0x690/0x690 [ 388.542046][ T29] ? filemap_add_folio+0x18f/0x200 [ 388.547068][ T29] ? __filemap_add_folio+0xd10/0xd10 [ 388.552212][ T29] page_cache_ra_unbounded+0x4c1/0x690 [ 388.557488][ T29] ? readahead_gfp_mask+0x190/0x190 [ 388.562533][ T29] force_page_cache_ra+0x2c2/0x330 [ 388.567467][ T29] generic_fadvise+0x501/0x790 [ 388.572076][ T29] ? __this_cpu_preempt_check+0x13/0x20 [ 388.577446][ T29] ? oom_evaluate_task+0x520/0x520 [ 388.582411][ T29] ? __fdget+0x1b7/0x240 [ 388.586473][ T29] __x64_sys_fadvise64+0x13f/0x180 [ 388.591428][ T29] x64_sys_call+0x5ca/0x9a0 [ 388.595776][ T29] do_syscall_64+0x3b/0xb0 [ 388.600009][ T29] ? clear_bhb_loop+0x55/0xb0 [ 388.604537][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 388.610250][ T29] RIP: 0033:0x7f55aff799f9 [ 388.614526][ T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 388.622756][ T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9 [ 388.630922][ T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005 [ 388.638736][ T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000 [ 388.646542][ T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 388.654342][ T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8 [ 388.662172][ T29] [ 388.667961][ T6590] EXT4-fs error (device loop3): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 388.681775][ T29] NMI backtrace for cpu 1 [ 388.685490][ T7432] loop1: detected capacity change from 0 to 1024 [ 388.685915][ T29] CPU: 1 PID: 29 Comm: khungtaskd Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 388.700686][ T7432] EXT4-fs: Ignoring removed nomblk_io_submit option [ 388.702926][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 388.710717][ T6590] EXT4-fs (loop3): Remounting filesystem read-only [ 388.719503][ T29] Call Trace: [ 388.719511][ T29] [ 388.719518][ T29] dump_stack_lvl+0x151/0x1b7 [ 388.719547][ T29] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 388.719572][ T29] dump_stack+0x15/0x1a [ 388.745545][ T29] nmi_cpu_backtrace+0x2e4/0x2f0 [ 388.750407][ T29] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 388.756390][ T29] ? sched_show_task+0x3d8/0x620 [ 388.761163][ T29] ? nmi_trigger_cpumask_backtrace+0x114/0x3c0 [ 388.767153][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 388.773054][ T29] nmi_trigger_cpumask_backtrace+0x19b/0x3c0 [ 388.778963][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 388.785011][ T29] arch_trigger_cpumask_backtrace+0x10/0x20 [ 388.790737][ T29] watchdog+0xdb0/0xf20 [ 388.794734][ T29] ? __kasan_check_write+0x14/0x20 [ 388.799679][ T29] ? hungtask_pm_notify+0x50/0x50 [ 388.804537][ T29] ? __kasan_check_read+0x11/0x20 [ 388.809396][ T29] ? __kthread_parkme+0x12d/0x180 [ 388.814257][ T29] kthread+0x26d/0x300 [ 388.818162][ T29] ? hungtask_pm_notify+0x50/0x50 [ 388.823021][ T29] ? kthread_blkcg+0xd0/0xd0 [ 388.827446][ T29] ret_from_fork+0x1f/0x30 [ 388.831702][ T29] [ 388.834712][ T29] Sending NMI from CPU 1 to CPUs 0: [ 388.839787][ C0] NMI backtrace for cpu 0 [ 388.839799][ C0] CPU: 0 PID: 32 Comm: kcompactd0 Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 388.839817][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 388.839827][ C0] RIP: 0010:__switch_to_asm+0x35/0x60 [ 388.839848][ C0] Code: 89 a7 d8 0e 00 00 48 8b a6 d8 0e 00 00 48 8b 9e f8 05 00 00 65 48 89 1c 25 28 00 00 00 49 c7 c4 10 00 00 00 e8 01 00 00 00 cc 01 00 00 00 cc 48 83 c4 10 49 ff cc 75 eb 0f ae e8 41 5f 41 5e [ 388.839862][ C0] RSP: 0018:ffffc900009579c0 EFLAGS: 00000002 [ 388.839877][ C0] RAX: 0000000000000000 RBX: c41cfa80a6e00f00 RCX: ffffffff87971003 [ 388.839889][ C0] RDX: 0000000000000000 RSI: ffff88810eb03cc0 RDI: ffff888100823cc0 [ 388.839900][ C0] RBP: ffffc9000021f9e0 R08: dffffc0000000000 R09: ffffed1021d12578 [ 388.839912][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000001 [ 388.839923][ C0] R13: dffffc0000000000 R14: ffff888100823cc0 R15: ffff888119765900 [ 388.839935][ C0] FS: 0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 388.839949][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 388.839961][ C0] CR2: 0000001b2fd1aff8 CR3: 000000010facd000 CR4: 00000000003526b0 [ 388.839975][ C0] Call Trace: [ 388.839981][ C0] [ 388.839987][ C0] ? show_regs+0x58/0x60 [ 388.840003][ C0] ? nmi_cpu_backtrace+0x285/0x2f0 [ 388.840021][ C0] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 388.840039][ C0] ? __switch_to_asm+0x35/0x60 [ 388.840055][ C0] ? __switch_to_asm+0x35/0x60 [ 388.840070][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 388.840087][ C0] ? nmi_handle+0xa7/0x280 [ 388.840103][ C0] ? __switch_to_asm+0x35/0x60 [ 388.840119][ C0] ? default_do_nmi+0x69/0x160 [ 388.840135][ C0] ? exc_nmi+0xad/0x100 [ 388.840149][ C0] ? end_repeat_nmi+0x16/0x31 [ 388.840168][ C0] ? __switch_to_asm+0x35/0x60 [ 388.840184][ C0] ? __switch_to_asm+0x35/0x60 [ 388.840200][ C0] ? __switch_to_asm+0x35/0x60 [ 388.840216][ C0] [ 388.841013][ T6590] EXT4-fs error (device loop3): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 388.869461][ T7432] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 388.955637][ T425] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 388.958956][ T7432] EXT4-fs (loop1): Test dummy encryption mode enabled [ 389.070392][ T7432] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 389.094605][ T312] usb 5-1: Using ep0 maxpacket: 32 [ 389.107340][ T6590] EXT4-fs (loop3): unmounting filesystem. [ 389.126859][ T5595] EXT4-fs (loop1): unmounting filesystem. [ 389.222973][ T312] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 389.283658][ T7446] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.290810][ T7446] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.298547][ T7446] device bridge_slave_0 entered promiscuous mode [ 389.307840][ T7446] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.339423][ T7446] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.403210][ T28] kauditd_printk_skb: 13 callbacks suppressed [ 389.403326][ T28] audit: type=1400 audit(2000000130.790:2197): avc: denied { map } for pid=7444 comm="syz.0.2097" path="socket:[53103]" dev="sockfs" ino=53103 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 389.458513][ T425] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 389.482266][ T7446] device bridge_slave_1 entered promiscuous mode [ 389.495496][ T425] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 389.512447][ T28] audit: type=1400 audit(2000000130.799:2198): avc: denied { read } for pid=7444 comm="syz.0.2097" path="socket:[53103]" dev="sockfs" ino=53103 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 389.574538][ T7446] bridge0: port 2(bridge_slave_1) entered blocking state [ 389.581497][ T7446] bridge0: port 2(bridge_slave_1) entered forwarding state [ 389.588592][ T7446] bridge0: port 1(bridge_slave_0) entered blocking state [ 389.595371][ T7446] bridge0: port 1(bridge_slave_0) entered forwarding state [ 389.596063][ T28] audit: type=1400 audit(2000000131.005:2199): avc: denied { bind } for pid=7456 comm="syz.1.2101" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 389.629303][ T425] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 389.638195][ T425] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 389.639894][ T312] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 389.646269][ T425] usb 3-1: SerialNumber: syz [ 389.662082][ T312] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.670123][ T312] usb 5-1: Product: syz [ 389.674716][ T312] usb 5-1: Manufacturer: syz [ 389.679553][ T312] usb 5-1: SerialNumber: syz [ 389.679814][ T28] audit: type=1326 audit(2000000131.080:2200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7456 comm="syz.1.2101" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd47ad799f9 code=0x0 [ 389.684575][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 389.713827][ T312] usb 5-1: config 0 descriptor?? [ 389.718979][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 389.727102][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 389.735825][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 389.743807][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 389.757695][ T312] hub 5-1:0.0: bad descriptor, ignoring hub [ 389.762290][ T7446] device veth0_vlan entered promiscuous mode [ 389.769313][ T312] hub: probe of 5-1:0.0 failed with error -5 [ 389.775195][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 389.785615][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 389.793825][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 389.801143][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 389.815864][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 389.824571][ T7446] device veth1_macvtap entered promiscuous mode [ 389.834462][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 389.844005][ T2901] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 389.939874][ T8] device bridge_slave_1 left promiscuous mode [ 389.945856][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 389.953358][ T8] device bridge_slave_0 left promiscuous mode [ 389.959341][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 389.967194][ T8] device veth1_macvtap left promiscuous mode [ 389.973116][ T8] device veth0_vlan left promiscuous mode [ 389.994730][ T425] usb 3-1: 0:2 : does not exist [ 389.995291][ T7399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.000324][ T425] usb 3-1: unit 255 not found! [ 390.008008][ T7399] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 390.029005][ T28] audit: type=1400 audit(2000000131.407:2201): avc: denied { mounton } for pid=7398 comm="syz.4.2081" path="/proc/131/task" dev="proc" ino=53585 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 390.089788][ T7464] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.098052][ T7464] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 390.174395][ T2903] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 390.363324][ T28] audit: type=1400 audit(2000000131.641:2202): avc: denied { write } for pid=7465 comm="syz.0.2102" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 390.382779][ T425] usb 3-1: 5:0: cannot get min/max values for control 2 (id 5) [ 390.401520][ T2901] usb 5-1: USB disconnect, device number 39 [ 390.417412][ T28] audit: type=1400 audit(2000000131.678:2203): avc: denied { ioctl } for pid=7465 comm="syz.0.2102" path="socket:[53248]" dev="sockfs" ino=53248 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 390.430645][ T425] usb 3-1: USB disconnect, device number 39 [ 390.442416][ T28] audit: type=1400 audit(2000000131.706:2204): avc: denied { bind } for pid=7465 comm="syz.0.2102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 390.467298][ T28] audit: type=1400 audit(2000000131.716:2205): avc: denied { write } for pid=7465 comm="syz.0.2102" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 390.488592][ T7470] loop1: detected capacity change from 0 to 512 [ 390.507630][ T7470] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 390.516619][ T7470] ext4 filesystem being mounted at /116/file1 supports timestamps until 2038 (0x7fffffff) [ 390.517622][ T28] audit: type=1400 audit(2000000131.875:2206): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 390.559249][ T2903] usb 4-1: Using ep0 maxpacket: 16 [ 390.708988][ T2903] usb 4-1: config 0 has no interfaces? [ 391.136953][ T2903] usb 4-1: New USB device found, idVendor=0525, idProduct=9ea1, bcdDevice= 0.40 [ 391.177607][ T2903] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.193080][ T2903] usb 4-1: Product: syz [ 391.201645][ T2903] usb 4-1: Manufacturer: syz [ 391.206108][ T2903] usb 4-1: SerialNumber: syz [ 391.211189][ T2903] usb 4-1: config 0 descriptor?? [ 391.307677][ T7483] EXT4-fs warning (device sda1): verify_group_input:151: Cannot add at group 925 (only 8 groups) [ 391.431347][ T5595] EXT4-fs (loop1): unmounting filesystem. [ 391.720572][ T7494] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 392.715877][ T7493] loop1: detected capacity change from 0 to 512 [ 392.760349][ T7493] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 392.769270][ T7493] ext4 filesystem being mounted at /118/bus/file1 supports timestamps until 2038 (0x7fffffff) [ 392.931128][ T5595] EXT4-fs (loop1): unmounting filesystem. [ 393.453013][ T7509] xt_l2tp: v2 doesn't support IP mode [ 393.877538][ T7509] xt_SECMARK: invalid mode: 0 [ 393.908067][ T7511] device batadv_slave_0 entered promiscuous mode [ 394.205472][ T312] usb 4-1: USB disconnect, device number 42 [ 394.276728][ T7516] loop3: detected capacity change from 0 to 512 [ 394.290900][ T7516] EXT4-fs (loop3): Test dummy encryption mode enabled [ 394.326191][ T7516] EXT4-fs error (device loop3): __ext4_iget:5046: inode #11: block 1: comm syz.3.2114: invalid block [ 394.342480][ T7516] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.2114: couldn't read orphan inode 11 (err -117) [ 394.381255][ T7516] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 394.411542][ T7518] loop4: detected capacity change from 0 to 40427 [ 394.419233][ T7518] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 394.426774][ T7518] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 394.446459][ T7518] F2FS-fs (loop4): invalid crc value [ 394.527693][ T7508] loop0: detected capacity change from 0 to 512 [ 394.562476][ T7508] EXT4-fs (loop0): failed to open journal device unknown-block(0,0) -6 [ 394.562998][ T7518] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 394.611180][ T425] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 395.104029][ T425] usb 3-1: Using ep0 maxpacket: 8 [ 395.146604][ T7518] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 395.155731][ T7518] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 395.195188][ T7446] EXT4-fs (loop3): unmounting filesystem. [ 395.252536][ T425] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 395.278953][ T425] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 395.292550][ T7539] loop3: detected capacity change from 0 to 512 [ 395.298862][ T425] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 395.315802][ T425] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 395.408386][ T425] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 395.419034][ T7539] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 395.432363][ T425] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 395.440740][ T7539] ext4 filesystem being mounted at /2/file1 supports timestamps until 2038 (0x7fffffff) [ 395.458472][ T425] usb 3-1: config 0 descriptor?? [ 395.510355][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 395.510371][ T28] audit: type=1400 audit(2000000136.542:2218): avc: denied { read write } for pid=7547 comm="syz.1.2121" name="fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 395.601735][ T28] audit: type=1400 audit(2000000136.571:2219): avc: denied { open } for pid=7547 comm="syz.1.2121" path="/dev/fuse" dev="devtmpfs" ino=93 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 395.737554][ T7548] loop1: detected capacity change from 0 to 256 [ 395.754460][ T7548] FAT-fs (loop1): bogus sectors per cluster 30 [ 395.773495][ T7548] FAT-fs (loop1): Can't find a valid FAT filesystem [ 395.993984][ T28] audit: type=1400 audit(2000000136.991:2220): avc: denied { mounton } for pid=7517 comm="syz.4.2115" path="/51/bus/bus" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 396.016549][ T28] audit: type=1400 audit(2000000136.991:2221): avc: denied { write } for pid=7517 comm="syz.4.2115" name="bus" dev="loop4" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 396.045128][ T28] audit: type=1400 audit(2000000136.991:2222): avc: denied { add_name } for pid=7517 comm="syz.4.2115" name="work" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 396.065329][ T28] audit: type=1400 audit(2000000137.001:2223): avc: denied { setattr } for pid=7517 comm="syz.4.2115" name="work" dev="loop4" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 396.087040][ T28] audit: type=1400 audit(2000000137.001:2224): avc: denied { remove_name } for pid=7517 comm="syz.4.2115" name="#7d" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 396.109000][ T28] audit: type=1400 audit(2000000137.001:2225): avc: denied { rename } for pid=7517 comm="syz.4.2115" name="#7d" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 396.501981][ T425] kye 0003:0458:5011.0053: unbalanced collection at end of report description [ 396.527890][ T7446] EXT4-fs (loop3): unmounting filesystem. [ 396.535303][ T28] audit: type=1400 audit(2000000137.001:2226): avc: denied { unlink } for pid=7517 comm="syz.4.2115" name="#7d" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=chr_file permissive=1 [ 396.542593][ T425] kye 0003:0458:5011.0053: parse failed [ 396.572487][ T7557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2132'. [ 396.585903][ T425] kye: probe of 0003:0458:5011.0053 failed with error -22 [ 396.586088][ T7560] loop0: detected capacity change from 0 to 256 [ 396.598472][ T28] audit: type=1400 audit(2000000137.534:2227): avc: denied { ioctl } for pid=7556 comm="syz.1.2132" path="socket:[54524]" dev="sockfs" ino=54524 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 396.599113][ T7557] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2132'. [ 396.624846][ T7560] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x00000000000000000x0000000000000000000000000000000000000xffffffffffffffffÿÿ' [ 396.674824][ T6944] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 396.772155][ T19] usb 3-1: USB disconnect, device number 40 [ 396.806525][ T7573] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2129'. [ 396.829553][ T7573] 9pnet_fd: Insufficient options for proto=fd [ 396.981173][ T7578] loop3: detected capacity change from 0 to 512 [ 397.022641][ T7578] EXT4-fs error (device loop3): ext4_quota_enable:6951: comm syz.3.2130: Bad quota inum: 131076, type: 1 [ 397.034829][ T7578] EXT4-fs warning (device loop3): ext4_enable_quotas:6999: Failed to enable quota tracking (type=1, err=-117, ino=131076). Please run e2fsck to fix. [ 397.052769][ T7578] EXT4-fs (loop3): mount failed [ 397.656690][ T7571] loop4: detected capacity change from 0 to 512 [ 397.677001][ T7571] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 397.685809][ T7571] ext4 filesystem being mounted at /52/bus/file1 supports timestamps until 2038 (0x7fffffff) [ 397.829824][ T6517] EXT4-fs (loop4): unmounting filesystem. [ 398.526044][ T7591] loop1: detected capacity change from 0 to 512 [ 398.546014][ T7591] EXT4-fs (loop1): failed to open journal device unknown-block(0,0) -6 [ 398.627019][ T7606] loop0: detected capacity change from 0 to 512 [ 398.781239][ T7606] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 398.794037][ T7606] ext4 filesystem being mounted at /37/file1 supports timestamps until 2038 (0x7fffffff) [ 399.449786][ T7610] loop4: detected capacity change from 0 to 40427 [ 399.477708][ T7610] F2FS-fs (loop4): Found nat_bits in checkpoint [ 399.616636][ T7610] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 399.782955][ T7635] fuse: Bad value for 'fd' [ 399.783509][ T7633] loop1: detected capacity change from 0 to 256 [ 399.791772][ T7635] loop4: detected capacity change from 0 to 1024 [ 399.802630][ T7635] EXT4-fs: Ignoring removed nomblk_io_submit option [ 399.804296][ T7633] exfat: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x00000000000000000x0000000000000000000000000000000000000xffffffffffffffffÿÿ' [ 399.821350][ T7635] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 399.831607][ T7635] EXT4-fs (loop4): couldn't mount RDWR because of unsupported optional features (20000) [ 399.929489][ T425] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 400.327859][ T7642] loop3: detected capacity change from 0 to 256 [ 400.476333][ T7642] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 400.497275][ T7107] EXT4-fs (loop0): unmounting filesystem. [ 400.513113][ T7646] loop0: detected capacity change from 0 to 512 [ 400.527018][ T7646] EXT4-fs (loop0): 1 truncate cleaned up [ 400.532569][ T7646] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 400.662539][ T425] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 400.742004][ T425] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 400.890798][ T425] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 400.961592][ T7107] EXT4-fs (loop0): unmounting filesystem. [ 400.981256][ T425] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 400.989525][ T425] usb 3-1: SerialNumber: syz [ 401.003985][ T2901] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 401.014486][ T7657] loop0: detected capacity change from 0 to 512 [ 401.021668][ T7657] EXT4-fs (loop0): Test dummy encryption mode enabled [ 401.029241][ T7657] EXT4-fs error (device loop0): __ext4_iget:5046: inode #11: block 1: comm syz.0.2151: invalid block [ 401.040301][ T7657] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.2151: couldn't read orphan inode 11 (err -117) [ 401.052533][ T7657] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 401.421717][ T425] usb 3-1: 0:2 : does not exist [ 401.429664][ T28] kauditd_printk_skb: 9 callbacks suppressed [ 401.429679][ T28] audit: type=1400 audit(2000000142.071:2237): avc: denied { name_bind } for pid=7664 comm="syz.3.2152" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 401.457204][ T28] audit: type=1400 audit(2000000142.071:2238): avc: denied { node_bind } for pid=7664 comm="syz.3.2152" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 401.550680][ T7667] fuse: Unknown parameter 'Yn0x0000000000000003ÿÿÿÿÿÿÿÿ00000000000000000000' [ 401.562178][ T7667] tap0: tun_chr_ioctl cmd 1074025677 [ 401.567410][ T7667] tap0: linktype set to 821 [ 401.570677][ T2901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 401.582514][ T2901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 401.592022][ T2901] usb 5-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 401.600848][ T2901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.609526][ T2901] usb 5-1: config 0 descriptor?? [ 401.862098][ T425] usb 3-1: USB disconnect, device number 41 [ 401.932212][ T7107] EXT4-fs (loop0): unmounting filesystem. [ 402.059246][ T7677] loop1: detected capacity change from 0 to 512 [ 402.241710][ T7677] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 402.251302][ T7677] ext4 filesystem being mounted at /131/file0 supports timestamps until 2038 (0x7fffffff) [ 402.277011][ T2901] cypress 0003:04B4:DE61.0054: item fetching failed at offset 5/7 [ 402.284927][ T2901] cypress 0003:04B4:DE61.0054: parse failed [ 402.290898][ T2901] cypress: probe of 0003:04B4:DE61.0054 failed with error -22 [ 402.609806][ T2901] usb 5-1: USB disconnect, device number 40 [ 402.623613][ T28] audit: type=1400 audit(2000000143.193:2239): avc: denied { read } for pid=7676 comm="syz.1.2156" name="file0" dev="overlay" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 402.646336][ T28] audit: type=1400 audit(2000000143.193:2240): avc: denied { open } for pid=7676 comm="syz.1.2156" path="/131/file0/bus/file0" dev="overlay" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 402.670046][ T28] audit: type=1400 audit(2000000143.193:2241): avc: denied { ioctl } for pid=7676 comm="syz.1.2156" path="/131/file0/bus/file0" dev="overlay" ino=13 ioctlcmd=0x5820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 402.695457][ T28] audit: type=1400 audit(2000000143.193:2242): avc: denied { write } for pid=7676 comm="syz.1.2156" path=2F202864656C6574656429 dev="loop1" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 402.718879][ T28] audit: type=1400 audit(2000000143.259:2243): avc: denied { setattr } for pid=7676 comm="syz.1.2156" name="#21" dev="loop1" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 402.741219][ T28] audit: type=1400 audit(2000000143.259:2244): avc: denied { link } for pid=7676 comm="syz.1.2156" name="#21" dev="loop1" ino=21 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 402.995453][ T28] audit: type=1400 audit(2000000143.539:2245): avc: denied { rmdir } for pid=5595 comm="syz-executor" name="lost+found" dev="loop1" ino=11 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 403.019164][ T28] audit: type=1400 audit(2000000143.539:2246): avc: denied { unlink } for pid=5595 comm="syz-executor" name="file1" dev="loop1" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 403.043372][ T5595] EXT4-fs (loop1): unmounting filesystem. [ 403.932720][ T7708] loop3: detected capacity change from 0 to 512 [ 403.953988][ T7708] EXT4-fs (loop3): Test dummy encryption mode enabled [ 406.798587][ T7718] xt_SECMARK: invalid mode: 0 [ 407.356705][ T7708] EXT4-fs: failed to create workqueue [ 407.429150][ T7708] EXT4-fs (loop3): mount failed [ 407.473053][ T7727] device syzkaller0 entered promiscuous mode [ 407.517233][ T7727] syzkaller0: tun_net_xmit 1280 [ 407.519553][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 407.519564][ T28] audit: type=1400 audit(2000000147.767:2249): avc: denied { relabelfrom } for pid=7725 comm="syz.2.2178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 407.522023][ T7727] syzkaller0: create flow: hash 2676349636 index 1 [ 407.539834][ T28] audit: type=1400 audit(2000000147.767:2250): avc: denied { relabelto } for pid=7725 comm="syz.2.2178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 407.574348][ T7725] syzkaller0: delete flow: hash 2676349636 index 1 [ 407.940994][ T7742] loop3: detected capacity change from 0 to 512 [ 408.029040][ T7742] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 408.201049][ T7742] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038 (0x7fffffff) [ 408.879508][ T7740] loop0: detected capacity change from 0 to 40427 [ 408.908930][ T7740] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 408.918543][ T7731] loop4: detected capacity change from 0 to 256 [ 408.925984][ T7740] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 408.935735][ T7731] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 408.966948][ T7740] F2FS-fs (loop0): Found nat_bits in checkpoint [ 409.054567][ T7740] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 409.075471][ T7740] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 409.164414][ T28] audit: type=1400 audit(2000000149.264:2251): avc: denied { write } for pid=7757 comm="syz.4.2176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 410.051998][ T28] audit: type=1400 audit(2000000150.125:2252): avc: denied { write } for pid=7772 comm="syz.4.2181" name="usbmon0" dev="devtmpfs" ino=139 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 410.077606][ T7446] EXT4-fs (loop3): unmounting filesystem. [ 410.158289][ T28] audit: type=1400 audit(2000000150.237:2253): avc: denied { bind } for pid=7781 comm="syz.1.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 410.518662][ T2901] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 410.594732][ T7778] loop3: detected capacity change from 0 to 40427 [ 410.626923][ T7778] F2FS-fs (loop3): invalid crc value [ 410.730602][ T7778] F2FS-fs (loop3): Found nat_bits in checkpoint [ 410.775699][ T29] INFO: task syz.2.617:2523 blocked for more than 249 seconds. [ 410.783161][ T29] Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 410.847447][ T7799] loop0: detected capacity change from 0 to 256 [ 410.866018][ T7799] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 410.989105][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 411.008566][ T7778] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 411.026503][ T29] task:syz.2.617 state:D stack:24504 pid:2523 ppid:1862 flags:0x00004004 [ 411.042453][ T29] Call Trace: [ 411.095981][ T2901] usb 2-1: New USB device found, idVendor=0403, idProduct=da73, bcdDevice=dc.8d [ 411.101684][ T29] [ 411.107776][ T29] __schedule+0xca7/0x1550 [ 411.112028][ T29] ? release_firmware_map_entry+0x191/0x191 [ 411.117794][ T29] ? blk_check_plugged+0x260/0x260 [ 411.123088][ T29] ? __kasan_check_write+0x14/0x20 [ 411.128580][ T2901] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 411.132623][ T29] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 411.146797][ T29] schedule+0xc3/0x180 [ 411.153272][ T2901] usb 2-1: config 0 descriptor?? [ 411.155687][ T29] io_schedule+0x8f/0x120 [ 411.166603][ T29] folio_wait_bit_common+0x847/0xb80 [ 411.176122][ T29] ? folio_wait_bit+0x30/0x30 [ 411.187332][ T29] ? erofs_map_dev+0x6c4/0x7e0 [ 411.206074][ T29] ? migration_entry_wait_on_locked+0x860/0x860 [ 411.233652][ T29] ? __kasan_check_write+0x14/0x20 [ 411.336529][ T29] ? _raw_spin_lock+0xa4/0x1b0 [ 411.341241][ T29] ? _raw_spin_trylock_bh+0x190/0x190 [ 411.346477][ T29] __folio_lock+0x1e/0x30 [ 411.350728][ T29] z_erofs_runqueue+0xafa/0x1a40 [ 411.355612][ T29] ? __kasan_check_write+0x14/0x20 [ 411.360694][ T29] ? z_erofs_do_read_page+0x3b70/0x3b70 [ 411.366228][ T29] ? __mutex_lock_slowpath+0x10/0x10 [ 411.371416][ T29] z_erofs_readahead+0x8e2/0xbb0 [ 411.376170][ T29] ? z_erofs_read_folio+0x5f0/0x5f0 [ 411.381195][ T29] ? memset+0x35/0x40 [ 411.384744][ T2901] usb 2-1: NDI device with a latency value of 1 [ 411.386120][ T28] audit: type=1400 audit(2000000151.322:2254): avc: denied { lock } for pid=7777 comm="syz.3.2182" path="/19/file0/file0" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 411.391168][ T29] ? blk_start_plug+0x9c/0x130 [ 411.415097][ T28] audit: type=1400 audit(2000000151.322:2255): avc: denied { link } for pid=7777 comm="syz.3.2182" name="file0" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 411.418172][ T29] read_pages+0x1be/0xd40 [ 411.439697][ T28] audit: type=1400 audit(2000000151.341:2256): avc: denied { setattr } for pid=7777 comm="syz.3.2182" path="/19/file0" dev="loop3" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 411.457052][ T29] ? workingset_activation+0x430/0x430 [ 411.471487][ T29] ? folio_add_lru+0x280/0x3f0 [ 411.476052][ T29] ? page_cache_ra_unbounded+0x690/0x690 [ 411.481561][ T29] ? filemap_add_folio+0x18f/0x200 [ 411.486457][ T29] ? __filemap_add_folio+0xd10/0xd10 [ 411.491606][ T29] page_cache_ra_unbounded+0x4c1/0x690 [ 411.496846][ T29] ? readahead_gfp_mask+0x190/0x190 [ 411.501889][ T29] force_page_cache_ra+0x2c2/0x330 [ 411.506869][ T29] generic_fadvise+0x501/0x790 [ 411.511421][ T29] ? __this_cpu_preempt_check+0x13/0x20 [ 411.516866][ T29] ? oom_evaluate_task+0x520/0x520 [ 411.521807][ T29] ? __fdget+0x1b7/0x240 [ 411.525861][ T29] __x64_sys_fadvise64+0x13f/0x180 [ 411.530783][ T29] x64_sys_call+0x5ca/0x9a0 [ 411.535154][ T29] do_syscall_64+0x3b/0xb0 [ 411.539370][ T29] ? clear_bhb_loop+0x55/0xb0 [ 411.543990][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 411.549975][ T29] RIP: 0033:0x7f55aff799f9 [ 411.554208][ T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 411.562502][ T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9 [ 411.570319][ T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005 [ 411.578101][ T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000 [ 411.585901][ T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 411.593714][ T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8 [ 411.601547][ T29] [ 411.609304][ T7446] syz-executor: attempt to access beyond end of device [ 411.609304][ T7446] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 411.619869][ T2901] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 411.642124][ T2901] ftdi_sio ttyUSB0: unknown device type: 0xdc8d [ 411.649026][ T29] NMI backtrace for cpu 0 [ 411.653172][ T29] CPU: 0 PID: 29 Comm: khungtaskd Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 411.664021][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 411.673910][ T29] Call Trace: [ 411.677032][ T29] [ 411.679809][ T29] dump_stack_lvl+0x151/0x1b7 [ 411.684325][ T29] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 411.689620][ T29] dump_stack+0x15/0x1a [ 411.693611][ T29] nmi_cpu_backtrace+0x2e4/0x2f0 [ 411.698384][ T29] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 411.704373][ T29] ? sched_show_task+0x3d8/0x620 [ 411.709146][ T29] ? nmi_trigger_cpumask_backtrace+0x114/0x3c0 [ 411.715135][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 411.721035][ T29] nmi_trigger_cpumask_backtrace+0x19b/0x3c0 [ 411.726851][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 411.732755][ T29] arch_trigger_cpumask_backtrace+0x10/0x20 [ 411.738481][ T29] watchdog+0xdb0/0xf20 [ 411.742473][ T29] ? __kasan_check_write+0x14/0x20 [ 411.747424][ T29] ? hungtask_pm_notify+0x50/0x50 [ 411.752282][ T29] ? __kasan_check_read+0x11/0x20 [ 411.757143][ T29] ? __kthread_parkme+0x12d/0x180 [ 411.762004][ T29] kthread+0x26d/0x300 [ 411.766082][ T29] ? hungtask_pm_notify+0x50/0x50 [ 411.770943][ T29] ? kthread_blkcg+0xd0/0xd0 [ 411.775369][ T29] ret_from_fork+0x1f/0x30 [ 411.779623][ T29] [ 411.782551][ T29] Sending NMI from CPU 0 to CPUs 1: [ 411.787539][ C1] NMI backtrace for cpu 1 [ 411.787554][ C1] CPU: 1 PID: 7781 Comm: syz.1.2183 Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 411.787573][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 411.787583][ C1] RIP: 0033:0x7fd47ac5121d [ 411.787599][ C1] Code: f2 73 17 66 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 48 39 c3 73 3e 48 89 33 48 83 c3 08 48 8b 70 f8 <48> 89 08 48 8b 0b 49 8b 14 24 eb bf 48 39 f2 72 97 48 39 f0 73 46 [ 411.787613][ C1] RSP: 002b:00007ffddd4c73c0 EFLAGS: 00000206 [ 411.787628][ C1] RAX: 00007fd47986dc18 RBX: 00007fd479865bd8 RCX: ffffffff815af9c7 [ 411.787640][ C1] RDX: ffffffff815af9c7 RSI: ffffffff815af9c7 RDI: 00007fd479872550 [ 411.787652][ C1] RBP: 00007fd4798612a0 R08: 00007fd479869bf0 R09: 00007fd47af02000 [ 411.787664][ C1] R10: 00000000833d69a2 R11: 00000000000000ff R12: 00007fd479861298 [ 411.787675][ C1] R13: 000000000000001c R14: 00007fd4797f9008 R15: ffffffffffffffff [ 411.787686][ C1] FS: 0000555557521500 GS: 0000000000000000 [ 411.795197][ T2901] usb 2-1: USB disconnect, device number 46 [ 411.998922][ T7816] loop0: detected capacity change from 0 to 512 [ 411.998957][ T2901] ftdi_sio 2-1:0.0: device disconnected [ 412.010723][ T7814] loop4: detected capacity change from 0 to 1024 [ 412.029027][ T7816] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 412.038416][ T7816] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038 (0x7fffffff) [ 412.038948][ T7814] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 413.407578][ T28] audit: type=1400 audit(2000000152.940:2257): avc: denied { create } for pid=7813 comm="syz.4.2192" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 413.547027][ T7837] loop3: detected capacity change from 0 to 512 [ 414.466767][ T7840] tmpfs: Unknown parameter 'hugealwa' [ 415.308375][ T7847] input: syz0 as /devices/virtual/input/input42 [ 415.323390][ T7837] EXT4-fs error (device loop3): __ext4_fill_super:5386: inode #2: comm syz.3.2197: iget: special inode unallocated [ 415.323940][ T6517] EXT4-fs (loop4): unmounting filesystem. [ 415.335941][ T28] audit: type=1400 audit(2000000155.082:2258): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=1581 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 415.362810][ T7837] EXT4-fs (loop3): get root inode failed [ 415.387339][ T7837] EXT4-fs (loop3): mount failed [ 415.393025][ T28] audit: type=1400 audit(2000000155.082:2259): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1581 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 415.434384][ T28] audit: type=1400 audit(2000000155.082:2260): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1581 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 415.481075][ T7107] EXT4-fs (loop0): unmounting filesystem. [ 415.815802][ T7858] loop1: detected capacity change from 0 to 256 [ 415.910038][ T7858] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 416.067678][ T28] audit: type=1400 audit(2000000155.774:2261): avc: denied { sqpoll } for pid=7833 comm="syz.3.2197" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 416.087155][ T7834] loop3: detected capacity change from 0 to 512 [ 416.093556][ T7834] EXT4-fs: Ignoring removed oldalloc option [ 416.100189][ T7834] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 416.112833][ T7834] EXT4-fs error (device loop3): __ext4_iget:5046: inode #11: block 1: comm syz.3.2197: invalid block [ 416.123818][ T7834] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz.3.2197: couldn't read orphan inode 11 (err -117) [ 416.131228][ T2901] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 416.135721][ T7834] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 416.190355][ T7446] EXT4-fs (loop3): unmounting filesystem. [ 416.612115][ T7871] loop1: detected capacity change from 0 to 2048 [ 416.655338][ T7871] loop1: p1 < > p4 [ 416.659439][ T7871] loop1: p4 size 8388608 extends beyond EOD, truncated [ 416.666400][ T6912] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 416.674681][ T102] loop1: p1 < > p4 [ 416.678833][ T102] loop1: p4 size 8388608 extends beyond EOD, truncated [ 416.708776][ T28] audit: type=1400 audit(2000000156.373:2262): avc: denied { write } for pid=7872 comm="syz.1.2205" path="socket:[55362]" dev="sockfs" ino=55362 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 416.711262][ T6944] udevd[6944]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 416.743728][ T6945] udevd[6945]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 416.750945][ T28] audit: type=1400 audit(2000000156.392:2263): avc: denied { nlmsg_read } for pid=7872 comm="syz.1.2205" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 416.774001][ T312] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 416.781784][ T2901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 416.792713][ T2901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 416.802405][ T2901] usb 5-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 416.811680][ T2901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.820275][ T2901] usb 5-1: config 0 descriptor?? [ 417.050632][ T6912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 417.061465][ T6912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 417.071125][ T6912] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 417.080850][ T6912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.089711][ T6912] usb 1-1: config 0 descriptor?? [ 417.168236][ T312] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 417.179157][ T312] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 417.188744][ T312] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 417.197715][ T312] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.218306][ T312] usb 4-1: config 0 descriptor?? [ 417.356251][ T28] audit: type=1400 audit(2000000156.962:2264): avc: denied { create } for pid=7879 comm="syz.2.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 417.376177][ T28] audit: type=1400 audit(2000000156.971:2265): avc: denied { setopt } for pid=7879 comm="syz.2.2207" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 417.436738][ T2901] hid (null): usage index exceeded [ 417.442557][ T2901] lg-g15 0003:046D:C222.0055: unknown main item tag 0x0 [ 417.450173][ T2901] lg-g15 0003:046D:C222.0055: ignoring exceeding usage max [ 417.457807][ T2901] lg-g15 0003:046D:C222.0055: usage index exceeded [ 417.464110][ T2901] lg-g15 0003:046D:C222.0055: item 0 0 2 0 parsing failed [ 417.471274][ T2901] lg-g15: probe of 0003:046D:C222.0055 failed with error -22 [ 417.670838][ T6912] hid (null): bogus close delimiter [ 417.681605][ T2901] usb 5-1: USB disconnect, device number 41 [ 417.736155][ T312] hid-steam 0003:28DE:1142.0057: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 417.748934][ T312] hid-steam 0003:28DE:1142.0058: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 417.831023][ T312] hid-steam 0003:28DE:1142.0057: Steam wireless receiver connected [ 417.905881][ T6912] usb 1-1: language id specifier not provided by device, defaulting to English [ 417.952875][ T2901] usb 4-1: USB disconnect, device number 43 [ 417.959709][ T2901] hid-steam 0003:28DE:1142.0057: Steam wireless receiver disconnected [ 418.077664][ T28] audit: type=1400 audit(2000000157.654:2266): avc: denied { read } for pid=7883 comm="syz.2.2208" name="rtc0" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 418.149993][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.157254][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.164451][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.171713][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.178943][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.186125][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.193318][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.200549][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.207783][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.215866][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.223081][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.230728][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.238108][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.245311][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.314606][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.321894][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.329736][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.337232][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.344539][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.351735][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.359134][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.366363][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.373551][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.380762][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.388071][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.395379][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.402695][ T1005] hid-generic 0000:0000:0000.0059: unknown main item tag 0x0 [ 418.421262][ T1005] hid-generic 0000:0000:0000.0059: hidraw0: HID v0.00 Device [syz0] on syz0 [ 418.448678][ T7900] loop1: detected capacity change from 0 to 256 [ 418.510670][ T7900] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 418.611458][ T6912] uclogic 0003:256C:006D.0056: interface is invalid, ignoring [ 418.652657][ T7906] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2215'. [ 418.680046][ T7906] loop4: detected capacity change from 0 to 256 [ 418.842484][ T401] usb 1-1: USB disconnect, device number 42 [ 419.751167][ T1005] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 420.022738][ T1005] usb 3-1: Using ep0 maxpacket: 16 [ 420.095978][ T7931] loop4: detected capacity change from 0 to 256 [ 420.182222][ T7933] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 420.199552][ T7933] loop0: detected capacity change from 0 to 512 [ 420.204489][ T1005] usb 3-1: config 0 has no interfaces? [ 420.227660][ T7933] __quota_error: 4 callbacks suppressed [ 420.227677][ T7933] Quota error (device loop0): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 420.243410][ T7933] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 420.253411][ T7933] EXT4-fs error (device loop0): ext4_acquire_dquot:6764: comm syz.0.2226: Failed to acquire dquot type 1 [ 420.266376][ T7933] EXT4-fs (loop0): 1 truncate cleaned up [ 420.272157][ T7933] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 420.281329][ T7933] ext4 filesystem being mounted at /51/file0 supports timestamps until 2038 (0x7fffffff) [ 420.300703][ T7933] Quota error (device loop0): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 420.310653][ T7933] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 420.320665][ T7933] EXT4-fs error (device loop0): ext4_acquire_dquot:6764: comm syz.0.2226: Failed to acquire dquot type 1 [ 420.339778][ T7107] EXT4-fs (loop0): unmounting filesystem. [ 420.386149][ T1005] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 420.395740][ T1005] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.403876][ T1005] usb 3-1: Product: syz [ 420.408395][ T1005] usb 3-1: Manufacturer: syz [ 420.412977][ T1005] usb 3-1: SerialNumber: syz [ 420.421581][ T1005] r8152-cfgselector 3-1: config 0 descriptor?? [ 420.981356][ T7949] loop3: detected capacity change from 0 to 128 [ 421.214533][ T24] usb 3-1: USB disconnect, device number 42 [ 421.296992][ T28] audit: type=1400 audit(2000000160.657:2271): avc: denied { map } for pid=7953 comm="syz.4.2233" path="/dev/bus/usb/005/001" dev="devtmpfs" ino=156 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 421.572725][ T312] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 421.844409][ T28] audit: type=1400 audit(2000000161.134:2272): avc: denied { setopt } for pid=7955 comm="syz.4.2236" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 421.876419][ T28] audit: type=1326 audit(2000000161.152:2273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7961 comm="syz.4.2237" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f246d9799f9 code=0x0 [ 422.049857][ T7967] device batadv_slave_0 left promiscuous mode [ 422.136615][ T312] usb 2-1: config 1 has an invalid descriptor of length 196, skipping remainder of the config [ 422.150145][ T24] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 422.310422][ T312] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 422.319386][ T312] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.327142][ T312] usb 2-1: Product: syz [ 422.331147][ T312] usb 2-1: Manufacturer: syz [ 422.335524][ T312] usb 2-1: SerialNumber: syz [ 422.374883][ T312] cdc_ether 2-1:1.0: skipping garbage [ 422.380091][ T312] usb 2-1: bad CDC descriptors [ 422.438721][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 422.577692][ T24] usb 1-1: config 0 has no interfaces? [ 422.589318][ T7952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.597672][ T7952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.780881][ T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 422.793342][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.809270][ T24] usb 1-1: Product: syz [ 422.824347][ T24] usb 1-1: Manufacturer: syz [ 422.834216][ T24] usb 1-1: SerialNumber: syz [ 422.848477][ T24] r8152-cfgselector 1-1: config 0 descriptor?? [ 422.936333][ T7988] loop3: detected capacity change from 0 to 512 [ 422.985935][ T7988] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 422.994969][ T7988] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038 (0x7fffffff) [ 423.832994][ T24] usb 1-1: USB disconnect, device number 43 [ 424.015425][ T7446] EXT4-fs (loop3): unmounting filesystem. [ 424.829502][ T8000] loop0: detected capacity change from 0 to 256 [ 424.836425][ T28] audit: type=1400 audit(2000000163.959:2274): avc: denied { setopt } for pid=7997 comm="syz.0.2244" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 424.857556][ T28] audit: type=1400 audit(2000000163.968:2275): avc: denied { remount } for pid=7997 comm="syz.0.2244" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 424.878991][ T28] audit: type=1400 audit(2000000164.015:2276): avc: denied { create } for pid=7997 comm="syz.0.2244" name="#87" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 425.744305][ T28] audit: type=1400 audit(2000000164.015:2277): avc: denied { link } for pid=7997 comm="syz.0.2244" name="#87" dev="tmpfs" ino=320 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 425.800716][ T28] audit: type=1400 audit(2000000164.015:2278): avc: denied { rename } for pid=7997 comm="syz.0.2244" name="#88" dev="tmpfs" ino=320 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 425.823389][ T401] usb 2-1: USB disconnect, device number 47 [ 425.823384][ T28] audit: type=1400 audit(2000000164.286:2279): avc: denied { map } for pid=8004 comm="syz.4.2245" path="/dev/ashmem" dev="devtmpfs" ino=177 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 425.823420][ T28] audit: type=1400 audit(2000000164.398:2280): avc: denied { bind } for pid=8001 comm="syz.3.2243" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 425.872217][ T28] audit: type=1400 audit(2000000164.398:2281): avc: denied { node_bind } for pid=8001 comm="syz.3.2243" saddr=fe80::bb scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1 [ 426.030741][ T301] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 426.415589][ T301] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.426309][ T301] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.435808][ T301] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 426.444699][ T301] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.452971][ T301] usb 5-1: config 0 descriptor?? [ 426.962177][ T301] hid-multitouch 0003:1FD2:6007.005A: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 427.175919][ T301] usb 5-1: USB disconnect, device number 42 [ 427.730159][ T8020] loop4: detected capacity change from 0 to 512 [ 427.743272][ T8014] loop0: detected capacity change from 0 to 128 [ 427.762278][ T8018] loop1: detected capacity change from 0 to 128 [ 427.793440][ T8020] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 427.809519][ T28] audit: type=1400 audit(2000000166.746:2282): avc: denied { mount } for pid=8012 comm="syz.0.2259" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 427.845587][ T28] audit: type=1400 audit(2000000166.784:2283): avc: denied { watch } for pid=8012 comm="syz.0.2259" path="/55/file0/bus" dev="sysfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 428.410809][ T28] audit: type=1400 audit(2000000167.092:2284): avc: denied { unmount } for pid=7107 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 428.436710][ T8020] EXT4-fs (loop4): 1 truncate cleaned up [ 428.442428][ T8020] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 428.519581][ T8035] fuse: Unknown parameter 'Yn0x0000000000000003ÿÿÿÿÿÿÿÿ00000000000000000000' [ 428.550704][ T8035] tap0: tun_chr_ioctl cmd 1074025677 [ 428.556051][ T8035] tap0: linktype set to 821 [ 430.030593][ T6517] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 430.361748][ T8054] loop3: detected capacity change from 0 to 128 [ 430.470895][ T8054] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 430.527949][ T8054] ext4 filesystem being mounted at /36/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 430.755125][ T6517] EXT4-fs (loop4): Remounting filesystem read-only [ 430.761816][ T6517] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor: iget: bad extra_isize 46 (inode size 256) [ 430.850694][ T8057] loop0: detected capacity change from 0 to 128 [ 430.885818][ T6517] EXT4-fs (loop4): unmounting filesystem. [ 431.283413][ T7446] EXT4-fs (loop3): unmounting filesystem. [ 431.486632][ T8072] xt_CT: You must specify a L4 protocol and not use inversions on it [ 431.597330][ T8073] loop3: detected capacity change from 0 to 512 [ 431.691200][ T8073] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 431.739266][ T8075] syz.0.2262: attempt to access beyond end of device [ 431.739266][ T8075] loop0: rw=0, sector=121, nr_sectors = 120 limit=128 [ 431.758696][ T8073] EXT4-fs (loop3): 1 truncate cleaned up [ 431.764276][ T8073] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 431.792932][ T28] audit: type=1400 audit(2000000170.469:2285): avc: denied { create } for pid=8065 comm="syz.3.2266" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 431.865752][ T8083] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=8083 comm=syz.1.2270 [ 431.922979][ T4033] device bridge_slave_1 left promiscuous mode [ 431.928945][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state [ 431.963271][ T4033] device bridge_slave_0 left promiscuous mode [ 431.985421][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.003854][ T4033] device veth1_macvtap left promiscuous mode [ 432.013757][ T4033] device veth0_vlan left promiscuous mode [ 432.135834][ T43] kworker/u4:2: attempt to access beyond end of device [ 432.135834][ T43] loop0: rw=1, sector=241, nr_sectors = 800 limit=128 [ 432.195501][ T8068] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.210660][ T8068] bridge0: port 1(bridge_slave_0) entered disabled state [ 432.221214][ T8068] device bridge_slave_0 entered promiscuous mode [ 432.232191][ T8068] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.247092][ T8068] bridge0: port 2(bridge_slave_1) entered disabled state [ 432.260519][ T8068] device bridge_slave_1 entered promiscuous mode [ 432.391590][ T8103] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 432.489273][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 432.501769][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 432.581219][ T425] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 432.589672][ T425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 432.597983][ T425] bridge0: port 1(bridge_slave_0) entered blocking state [ 432.604859][ T425] bridge0: port 1(bridge_slave_0) entered forwarding state [ 432.612867][ T425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 432.621182][ T425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 432.629556][ T425] bridge0: port 2(bridge_slave_1) entered blocking state [ 432.636411][ T425] bridge0: port 2(bridge_slave_1) entered forwarding state [ 432.651933][ T425] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 432.659623][ T425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 432.667440][ T425] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 432.683710][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 432.695419][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 432.703584][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 432.710894][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 432.718687][ T8068] device veth0_vlan entered promiscuous mode [ 432.732592][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 432.742184][ T8068] device veth1_macvtap entered promiscuous mode [ 432.753031][ T2903] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 432.769226][ T425] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 432.812403][ T8105] loop4: detected capacity change from 0 to 1024 [ 432.829944][ T8105] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 432.853030][ T8105] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 432.888286][ T8105] EXT4-fs error (device loop4): ext4_read_inline_dir:1589: inode #12: block 16: comm syz.4.2264: path /0/file0/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=301989902, rec_len=0, size=80 fake=0 [ 432.927283][ T8068] EXT4-fs (loop4): unmounting filesystem. [ 433.489862][ T8118] overlayfs: failed to resolve './file0': -2 [ 433.649888][ T29] INFO: task syz.2.617:2523 blocked for more than 270 seconds. [ 433.669637][ T29] Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 433.706536][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 433.725003][ T29] task:syz.2.617 state:D stack:24504 pid:2523 ppid:1862 flags:0x00004004 [ 433.744008][ T29] Call Trace: [ 433.750448][ T29] [ 433.755421][ T29] __schedule+0xca7/0x1550 [ 433.765199][ T29] ? release_firmware_map_entry+0x191/0x191 [ 433.776491][ T29] ? blk_check_plugged+0x260/0x260 [ 433.787027][ T29] ? __kasan_check_write+0x14/0x20 [ 433.797543][ T29] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 433.807983][ T29] schedule+0xc3/0x180 [ 433.816292][ T29] io_schedule+0x8f/0x120 [ 433.824254][ T29] folio_wait_bit_common+0x847/0xb80 [ 433.836141][ T29] ? folio_wait_bit+0x30/0x30 [ 433.845106][ T29] ? erofs_map_dev+0x6c4/0x7e0 [ 433.855256][ T29] ? migration_entry_wait_on_locked+0x860/0x860 [ 433.868275][ T29] ? __kasan_check_write+0x14/0x20 [ 433.878781][ T29] ? _raw_spin_lock+0xa4/0x1b0 [ 433.888433][ T29] ? _raw_spin_trylock_bh+0x190/0x190 [ 433.900343][ T29] __folio_lock+0x1e/0x30 [ 433.908988][ T29] z_erofs_runqueue+0xafa/0x1a40 [ 433.918219][ T29] ? __kasan_check_write+0x14/0x20 [ 433.928778][ T29] ? z_erofs_do_read_page+0x3b70/0x3b70 [ 433.940790][ T29] ? __mutex_lock_slowpath+0x10/0x10 [ 433.951446][ T29] z_erofs_readahead+0x8e2/0xbb0 [ 433.963126][ T29] ? z_erofs_read_folio+0x5f0/0x5f0 [ 433.973651][ T29] ? memset+0x35/0x40 [ 433.989478][ T29] ? blk_start_plug+0x9c/0x130 [ 434.123720][ T29] read_pages+0x1be/0xd40 [ 434.132273][ T29] ? workingset_activation+0x430/0x430 [ 434.144134][ T29] ? folio_add_lru+0x280/0x3f0 [ 434.154230][ T29] ? page_cache_ra_unbounded+0x690/0x690 [ 434.165174][ T29] ? filemap_add_folio+0x18f/0x200 [ 434.177121][ T29] ? __filemap_add_folio+0xd10/0xd10 [ 434.187856][ T29] page_cache_ra_unbounded+0x4c1/0x690 [ 434.193395][ T29] ? readahead_gfp_mask+0x190/0x190 [ 434.198629][ T29] force_page_cache_ra+0x2c2/0x330 [ 434.203764][ T29] generic_fadvise+0x501/0x790 [ 434.208499][ T29] ? __this_cpu_preempt_check+0x13/0x20 [ 434.214155][ T29] ? oom_evaluate_task+0x520/0x520 [ 434.219357][ T29] ? __fdget+0x1b7/0x240 [ 434.223590][ T29] __x64_sys_fadvise64+0x13f/0x180 [ 434.467310][ T29] x64_sys_call+0x5ca/0x9a0 [ 434.594673][ T29] do_syscall_64+0x3b/0xb0 [ 434.599302][ T29] ? clear_bhb_loop+0x55/0xb0 [ 434.603983][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 434.609753][ T29] RIP: 0033:0x7f55aff799f9 [ 434.614084][ T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 434.622364][ T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9 [ 434.630268][ T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005 [ 434.638074][ T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000 [ 434.645880][ T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 434.653707][ T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8 [ 434.661602][ T29] [ 434.666121][ T29] NMI backtrace for cpu 1 [ 434.670262][ T29] CPU: 1 PID: 29 Comm: khungtaskd Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 434.681106][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 434.691001][ T29] Call Trace: [ 434.694126][ T29] [ 434.696907][ T29] dump_stack_lvl+0x151/0x1b7 [ 434.701415][ T29] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 434.706711][ T29] dump_stack+0x15/0x1a [ 434.710705][ T29] nmi_cpu_backtrace+0x2e4/0x2f0 [ 434.715476][ T29] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 434.721464][ T29] ? sched_show_task+0x3d8/0x620 [ 434.726238][ T29] ? nmi_trigger_cpumask_backtrace+0x114/0x3c0 [ 434.732229][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 434.738130][ T29] nmi_trigger_cpumask_backtrace+0x19b/0x3c0 [ 434.743943][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 434.749847][ T29] arch_trigger_cpumask_backtrace+0x10/0x20 [ 434.755576][ T29] watchdog+0xdb0/0xf20 [ 434.759566][ T29] ? __kasan_check_write+0x14/0x20 [ 434.764516][ T29] ? hungtask_pm_notify+0x50/0x50 [ 434.769375][ T29] ? __kasan_check_read+0x11/0x20 [ 434.774233][ T29] ? __kthread_parkme+0x12d/0x180 [ 434.779101][ T29] kthread+0x26d/0x300 [ 434.783000][ T29] ? hungtask_pm_notify+0x50/0x50 [ 434.787861][ T29] ? kthread_blkcg+0xd0/0xd0 [ 434.792287][ T29] ret_from_fork+0x1f/0x30 [ 434.796543][ T29] [ 434.801185][ T29] Sending NMI from CPU 1 to CPUs 0: [ 434.806950][ C0] NMI backtrace for cpu 0 [ 434.806963][ C0] CPU: 0 PID: 8113 Comm: syz.4.2278 Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 434.806981][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 434.806991][ C0] RIP: 0010:update_stack_state+0x12b/0x460 [ 434.807014][ C0] Code: 89 85 60 ff ff ff 49 8d 5f 28 49 8d 47 20 48 89 85 68 ff ff ff 4c 89 e0 48 c1 e8 03 48 89 85 48 ff ff ff 48 89 95 70 ff ff ff <48> c1 ea 03 48 89 95 50 ff ff ff 4c 89 7d d0 48 89 5d b8 4c 89 a5 [ 434.807028][ C0] RSP: 0018:ffffc90000b76cf0 EFLAGS: 00000806 [ 434.807042][ C0] RAX: 1ffff9200016edc9 RBX: ffffc90000b76e68 RCX: ffffc90000b76fc0 [ 434.807054][ C0] RDX: ffffc90000b76e50 RSI: ffffc90000b76fb0 RDI: ffffc90000b76e98 [ 434.807066][ C0] RBP: ffffc90000b76da8 R08: ffffc90000b76f28 R09: 0000000000000000 [ 434.807078][ C0] R10: ffffc90000b76f30 R11: dffffc0000000001 R12: ffffc90000b76e48 [ 434.807090][ C0] R13: ffffc90000b76e90 R14: dffffc0000000000 R15: ffffc90000b76e40 [ 434.807102][ C0] FS: 00007ff8313846c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 434.807115][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 434.807127][ C0] CR2: 0000001b33f17ff8 CR3: 0000000113d34000 CR4: 00000000003506b0 [ 434.807141][ C0] Call Trace: [ 434.807146][ C0] [ 434.807152][ C0] ? show_regs+0x58/0x60 [ 434.807168][ C0] ? nmi_cpu_backtrace+0x285/0x2f0 [ 434.807186][ C0] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 434.807205][ C0] ? update_stack_state+0x12b/0x460 [ 434.807222][ C0] ? update_stack_state+0x12b/0x460 [ 434.807239][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 434.807256][ C0] ? nmi_handle+0xa7/0x280 [ 434.807272][ C0] ? update_stack_state+0x12b/0x460 [ 434.807289][ C0] ? default_do_nmi+0x69/0x160 [ 434.807305][ C0] ? exc_nmi+0xad/0x100 [ 434.807319][ C0] ? end_repeat_nmi+0x16/0x31 [ 434.807338][ C0] ? update_stack_state+0x12b/0x460 [ 434.807355][ C0] ? update_stack_state+0x12b/0x460 [ 434.807372][ C0] ? update_stack_state+0x12b/0x460 [ 434.807390][ C0] [ 434.807394][ C0] [ 434.807403][ C0] unwind_next_frame+0x3cb/0x700 [ 434.807422][ C0] ? stack_trace_save+0x1c0/0x1c0 [ 434.807438][ C0] arch_stack_walk+0x10d/0x140 [ 434.807458][ C0] ? stack_trace_save+0x113/0x1c0 [ 434.807474][ C0] stack_trace_save+0x113/0x1c0 [ 434.807489][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 434.807506][ C0] ? __stack_depot_save+0x36/0x480 [ 434.807526][ C0] kasan_save_stack+0x3b/0x60 [ 434.807557][ C0] __kasan_record_aux_stack+0xb4/0xc0 [ 434.807584][ C0] kasan_record_aux_stack_noalloc+0xb/0x10 [ 434.807605][ C0] irq_work_queue_on+0x103/0x230 [ 434.807627][ C0] tell_cpu_to_push+0x18e/0x1e0 [ 434.807641][ C0] balance_rt+0x2d3/0x4c0 [ 434.807660][ C0] ? set_next_task_rt+0x4d0/0x4d0 [ 434.807679][ C0] ? dequeue_task+0x17a/0xa30 [ 434.807697][ C0] __schedule+0x4de/0x1550 [ 434.807714][ C0] ? avc_denied+0x1b0/0x1b0 [ 434.807735][ C0] ? release_firmware_map_entry+0x191/0x191 [ 434.807755][ C0] schedule+0xc3/0x180 [ 434.807772][ C0] schedule_timeout+0xa9/0x380 [ 434.807791][ C0] ? console_conditional_schedule+0x10/0x10 [ 434.807812][ C0] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 434.807834][ C0] ? prepare_to_wait_exclusive+0x1ac/0x1f0 [ 434.807853][ C0] unix_wait_for_peer+0x24b/0x330 [ 434.807872][ C0] ? unix_find_other+0x8e0/0x8e0 [ 434.807888][ C0] ? wake_bit_function+0x230/0x230 [ 434.807905][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 434.807926][ C0] ? security_unix_may_send+0x7b/0xa0 [ 434.807943][ C0] unix_dgram_sendmsg+0x1348/0x2050 [ 434.807966][ C0] ? unix_dgram_poll+0x710/0x710 [ 434.807986][ C0] ? security_socket_sendmsg+0x82/0xb0 [ 434.808002][ C0] ? unix_dgram_poll+0x710/0x710 [ 434.808020][ C0] ____sys_sendmsg+0x5d3/0x9a0 [ 434.808039][ C0] ? __sys_sendmsg_sock+0x40/0x40 [ 434.808060][ C0] __sys_sendmmsg+0x3b9/0x6f0 [ 434.808080][ C0] ? __ia32_sys_sendmsg+0x90/0x90 [ 434.808101][ C0] ? futex_wait+0x4b7/0x7e0 [ 434.808129][ C0] ? _raw_spin_trylock_bh+0x190/0x190 [ 434.808149][ C0] ? do_futex+0x55a/0x9a0 [ 434.808169][ C0] ? xfd_validate_state+0x6f/0x170 [ 434.808191][ C0] ? fpregs_restore_userregs+0x130/0x290 [ 434.808208][ C0] __x64_sys_sendmmsg+0xa0/0xb0 [ 434.808227][ C0] x64_sys_call+0x81d/0x9a0 [ 434.808242][ C0] do_syscall_64+0x3b/0xb0 [ 434.808262][ C0] ? clear_bhb_loop+0x55/0xb0 [ 434.808277][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 434.808292][ C0] RIP: 0033:0x7ff8305799f9 [ 434.808305][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.808317][ C0] RSP: 002b:00007ff831384038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 434.808333][ C0] RAX: ffffffffffffffda RBX: 00007ff830715f80 RCX: 00007ff8305799f9 [ 434.808344][ C0] RDX: 0000000000000651 RSI: 0000000020000000 RDI: 0000000000000007 [ 434.808354][ C0] RBP: 00007ff8305e78ee R08: 0000000000000000 R09: 0000000000000000 [ 434.808364][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.808373][ C0] R13: 0000000000000000 R14: 00007ff830715f80 R15: 00007ffeffa6c5d8 [ 434.808387][ C0] [ 435.411785][ T8116] loop4: detected capacity change from 0 to 256 [ 435.469735][ T28] audit: type=1400 audit(2000000173.911:2286): avc: denied { watch } for pid=8127 comm="syz.2.2281" path="/329/file1" dev="tmpfs" ino=1861 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 435.529629][ T28] audit: type=1400 audit(2000000173.939:2287): avc: denied { execute_no_trans } for pid=8127 comm="syz.2.2281" path="/329/file1" dev="tmpfs" ino=1861 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 435.582048][ T8128] device syzkaller0 entered promiscuous mode [ 435.644135][ T8139] loop4: detected capacity change from 0 to 128 [ 435.776037][ T28] audit: type=1326 audit(2000000174.183:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000 [ 435.814241][ T28] audit: type=1326 audit(2000000174.183:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000 [ 435.871018][ T8145] ipt_REJECT: ECHOREPLY no longer supported. [ 435.882616][ T28] audit: type=1326 audit(2000000174.183:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000 [ 435.930233][ T28] audit: type=1326 audit(2000000174.183:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000 [ 435.953532][ T28] audit: type=1326 audit(2000000174.183:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000 [ 435.993761][ T28] audit: type=1326 audit(2000000174.183:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000 [ 436.065365][ T28] audit: type=1326 audit(2000000174.183:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8141 comm="syz.2.2284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f750a9799f9 code=0x7ffc0000 [ 436.128998][ T8147] syz.4.2282: attempt to access beyond end of device [ 436.128998][ T8147] loop4: rw=0, sector=121, nr_sectors = 120 limit=128 [ 436.937301][ T4033] kworker/u4:7: attempt to access beyond end of device [ 436.937301][ T4033] loop4: rw=1, sector=241, nr_sectors = 800 limit=128 [ 437.360508][ T28] kauditd_printk_skb: 35 callbacks suppressed [ 437.360528][ T28] audit: type=1400 audit(2000000175.483:2330): avc: denied { name_bind } for pid=8155 comm="syz.0.2299" src=20001 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 437.490042][ T8165] loop1: detected capacity change from 0 to 128 [ 437.567269][ T8171] loop4: detected capacity change from 0 to 512 [ 437.580187][ T8171] EXT4-fs: Ignoring removed mblk_io_submit option [ 437.600656][ T8171] EXT4-fs: Ignoring removed i_version option [ 437.616790][ T8171] EXT4-fs error (device loop4): __ext4_iget:5046: inode #11: block 1: comm syz.4.2294: invalid block [ 437.632063][ T8171] EXT4-fs (loop4): Remounting filesystem read-only [ 437.729365][ T8171] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.2294: couldn't read orphan inode 11 (err -117) [ 438.004329][ T8171] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 438.490981][ T8183] loop1: detected capacity change from 0 to 2048 [ 438.513548][ T8183] EXT4-fs (loop1): #clusters per group too big: 20480 [ 439.005709][ T8068] EXT4-fs (loop4): unmounting filesystem. [ 439.030072][ T8189] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.037115][ T8189] bridge0: port 1(bridge_slave_0) entered disabled state [ 439.541711][ T8204] loop4: detected capacity change from 0 to 256 [ 439.554420][ T401] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 439.563326][ T8204] exFAT-fs (loop4): Invalid boot checksum (boot checksum : 0x1119ac00, checksum : 0x1119c060) [ 439.575741][ T8204] exFAT-fs (loop4): invalid boot region [ 439.581102][ T8204] exFAT-fs (loop4): failed to recognize exfat type [ 439.810876][ T401] usb 2-1: Using ep0 maxpacket: 8 [ 439.939227][ T401] usb 2-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 439.948098][ T401] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.967465][ T401] usb 2-1: config 0 descriptor?? [ 439.992676][ T6912] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 440.014555][ T401] usb-storage 2-1:0.0: USB Mass Storage device detected [ 440.059687][ T401] usb-storage 2-1:0.0: Quirks match for vid 04e6 pid 000b: 4 [ 440.251271][ T425] usb 2-1: USB disconnect, device number 48 [ 440.281291][ T6912] usb 5-1: Using ep0 maxpacket: 32 [ 440.417695][ T6912] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 440.450043][ T6912] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 440.459874][ T6912] usb 5-1: config 7 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 440.735927][ T6912] usb 5-1: config 7 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 440.748914][ T6912] usb 5-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 440.757955][ T6912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.912424][ T28] audit: type=1400 audit(2000000179.009:2331): avc: denied { setattr } for pid=8208 comm="syz.0.2306" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 441.010632][ T8222] loop1: detected capacity change from 0 to 512 [ 441.140594][ T8222] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 441.153104][ T8222] ext4 filesystem being mounted at /163/file0 supports timestamps until 2038 (0x7fffffff) [ 441.425931][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0 [ 441.435877][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0 [ 441.442653][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0 [ 441.457264][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0 [ 441.472304][ T6912] ntrig 0003:1B96:000A.005B: unknown main item tag 0x0 [ 441.494036][ T6912] ntrig 0003:1B96:000A.005B: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.4-1/input0 [ 441.640564][ T6912] usb 5-1: USB disconnect, device number 43 [ 441.971559][ T8242] fuse: Bad value for 'fd' [ 441.983310][ T28] audit: type=1400 audit(2000000180.010:2332): avc: denied { watch } for pid=8241 comm="syz.2.2313" path="/334/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 442.027533][ T8242] device syzkaller0 entered promiscuous mode [ 442.097716][ T5595] EXT4-fs (loop1): unmounting filesystem. [ 442.879094][ T19] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 443.563339][ T19] usb 5-1: Using ep0 maxpacket: 32 [ 443.691624][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 443.712942][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 443.722527][ T19] usb 5-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 443.733281][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 443.757576][ T19] usb 5-1: config 0 descriptor?? [ 443.976924][ T8268] loop0: detected capacity change from 0 to 256 [ 444.004203][ T8268] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 444.141605][ T8278] device syzkaller0 entered promiscuous mode [ 444.462171][ T19] hkems 0003:2006:0118.005C: unbalanced delimiter at end of report description [ 444.481908][ T19] hkems 0003:2006:0118.005C: parse failed [ 444.487525][ T19] hkems: probe of 0003:2006:0118.005C failed with error -22 [ 444.679229][ T19] usb 5-1: USB disconnect, device number 44 [ 444.710582][ T8284] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2326'. [ 444.956654][ T8293] device wireguard0 entered promiscuous mode [ 447.981328][ T8331] raw_sendmsg: syz.4.2337 forgot to set AF_INET. Fix it! [ 448.094724][ T8334] netlink: 'syz.2.2335': attribute type 4 has an invalid length. [ 448.134405][ T8334] netlink: 'syz.2.2335': attribute type 4 has an invalid length. [ 448.200747][ T28] audit: type=1400 audit(2000000185.800:2333): avc: denied { mount } for pid=8321 comm="syz.2.2335" name="/" dev="ramfs" ino=57144 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 448.326577][ T28] audit: type=1400 audit(2000000185.810:2334): avc: denied { create } for pid=8321 comm="syz.2.2335" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_fib_lookup_socket permissive=1 [ 448.475081][ T8324] loop1: detected capacity change from 0 to 40427 [ 448.485798][ T8324] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 448.493501][ T8324] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 448.507602][ T8324] F2FS-fs (loop1): invalid crc value [ 448.526580][ T8324] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 448.536961][ T6912] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 448.573939][ T8324] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 448.584346][ T8324] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 449.240090][ T6912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 48, changing to 7 [ 449.260813][ T6912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 8240, setting to 1024 [ 449.278230][ T28] audit: type=1400 audit(2000000186.829:2335): avc: denied { bind } for pid=8350 comm="syz.2.2351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 449.299472][ T8351] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8351 comm=syz.2.2351 [ 449.354319][ T8352] loop0: detected capacity change from 0 to 8192 [ 449.443220][ T6912] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 449.467427][ T6912] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.487893][ T6912] usb 5-1: Product: syz [ 449.491900][ T6912] usb 5-1: Manufacturer: syz [ 449.511479][ T6912] usb 5-1: SerialNumber: syz [ 449.522460][ T6912] usb 5-1: config 0 descriptor?? [ 449.808040][ T6912] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 449.819726][ T6912] usb 5-1: USB disconnect, device number 45 [ 449.822695][ T6944] udevd[6944]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 450.870051][ T8369] EXT4-fs warning (device sda1): verify_group_input:151: Cannot add at group 925 (only 8 groups) [ 450.991018][ T8361] loop4: detected capacity change from 0 to 40427 [ 451.016887][ T8361] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 451.024444][ T8361] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 451.050721][ T8361] F2FS-fs (loop4): Found nat_bits in checkpoint [ 451.106908][ T8361] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 451.115097][ T8361] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 452.039288][ T28] audit: type=1400 audit(2000000189.411:2336): avc: denied { connect } for pid=8384 comm="syz.1.2349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 452.040841][ T8383] tipc: Started in network mode [ 452.094889][ T28] audit: type=1400 audit(2000000189.467:2337): avc: denied { accept } for pid=8384 comm="syz.1.2349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 452.130470][ T8383] tipc: Node identity fe8000000000000000000000000000aa, cluster identity 4711 [ 452.144972][ T8388] loop1: detected capacity change from 0 to 512 [ 452.155276][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 452.155298][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 452.169285][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 452.169864][ T8383] tipc: Enabled bearer , priority 0 [ 452.176884][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 452.176901][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 452.176910][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 452.176918][ T8068] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 452.215310][ T8388] EXT4-fs: Ignoring removed nobh option [ 452.266138][ T8388] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 452.308671][ T8388] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.2352: attempt to clear invalid blocks 2 len 1 [ 452.362085][ T8388] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 452.415245][ T8388] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2352: invalid indirect mapped block 1819239214 (level 0) [ 452.469050][ T8388] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2352: invalid indirect mapped block 1819239214 (level 1) [ 452.512413][ T8388] EXT4-fs (loop1): 1 truncate cleaned up [ 452.517895][ T8388] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 453.147725][ T5595] EXT4-fs error (device loop1): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 453.176333][ T5595] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 453.192413][ T5595] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 453.228704][ T6064] EXT4-fs (loop1): unmounting filesystem. [ 453.238360][ T401] tipc: Node number set to 4269801642 [ 453.687995][ T8409] bridge0: port 1(bridge_slave_0) entered blocking state [ 453.694854][ T8409] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.709306][ T8409] device bridge_slave_0 entered promiscuous mode [ 453.716126][ T8409] bridge0: port 2(bridge_slave_1) entered blocking state [ 453.730134][ T8409] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.737450][ T8409] device bridge_slave_1 entered promiscuous mode [ 453.841296][ T43] device bridge_slave_1 left promiscuous mode [ 453.847264][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 453.858848][ T43] device bridge_slave_0 left promiscuous mode [ 453.864785][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 453.880948][ T43] device veth1_macvtap left promiscuous mode [ 453.886791][ T43] device veth0_vlan left promiscuous mode [ 453.994677][ T8409] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.001564][ T8409] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.008673][ T8409] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.015424][ T8409] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.041554][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 454.049219][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 454.057391][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 454.074086][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 454.082099][ T667] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.088971][ T667] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.096596][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 454.104815][ T667] bridge0: port 2(bridge_slave_1) entered blocking state [ 454.111645][ T667] bridge0: port 2(bridge_slave_1) entered forwarding state [ 454.126407][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 454.134184][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 454.149648][ T8409] device veth0_vlan entered promiscuous mode [ 454.158383][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 454.166652][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 454.174856][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 454.182532][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 454.194542][ T8409] device veth1_macvtap entered promiscuous mode [ 454.202685][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 454.219221][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 454.227836][ T667] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 455.283198][ T8430] loop0: detected capacity change from 0 to 16 [ 455.357243][ T8430] erofs: (device loop0): erofs_read_inode: unsupported i_format 16 of nid 36 [ 456.390064][ T4033] Bluetooth: hci0: Frame reassembly failed (-84) [ 456.391568][ T28] audit: type=1400 audit(2000000193.480:2338): avc: denied { bind } for pid=8420 comm="syz.4.2361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 456.422949][ T28] audit: type=1400 audit(2000000193.480:2339): avc: denied { ioctl } for pid=8420 comm="syz.4.2361" path="socket:[57697]" dev="sockfs" ino=57697 ioctlcmd=0x48e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 457.205613][ T28] audit: type=1400 audit(2000000194.247:2340): avc: denied { mounton } for pid=8439 comm="syz.2.2367" path="/349/file0" dev="tmpfs" ino=1986 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=fifo_file permissive=1 [ 457.205980][ T401] kernel write not supported for file bpf-prog (pid: 401 comm: kworker/1:6) [ 457.354757][ T29] INFO: task syz.2.617:2523 blocked for more than 292 seconds. [ 457.399157][ T29] Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 457.509652][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 457.518212][ T29] task:syz.2.617 state:D stack:24504 pid:2523 ppid:1862 flags:0x00004004 [ 457.527237][ T29] Call Trace: [ 457.530422][ T29] [ 457.533202][ T29] __schedule+0xca7/0x1550 [ 457.538133][ T29] ? release_firmware_map_entry+0x191/0x191 [ 457.543855][ T29] ? blk_check_plugged+0x260/0x260 [ 457.548872][ T29] ? __kasan_check_write+0x14/0x20 [ 457.553792][ T29] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 457.560773][ T29] schedule+0xc3/0x180 [ 457.564681][ T29] io_schedule+0x8f/0x120 [ 457.568882][ T29] folio_wait_bit_common+0x847/0xb80 [ 457.574019][ T29] ? folio_wait_bit+0x30/0x30 [ 457.578493][ T29] ? erofs_map_dev+0x6c4/0x7e0 [ 457.583161][ T29] ? migration_entry_wait_on_locked+0x860/0x860 [ 457.589195][ T29] ? __kasan_check_write+0x14/0x20 [ 457.594282][ T29] ? _raw_spin_lock+0xa4/0x1b0 [ 457.598874][ T29] ? _raw_spin_trylock_bh+0x190/0x190 [ 457.604391][ T29] __folio_lock+0x1e/0x30 [ 457.608540][ T29] z_erofs_runqueue+0xafa/0x1a40 [ 457.613590][ T29] ? __kasan_check_write+0x14/0x20 [ 457.618564][ T29] ? z_erofs_do_read_page+0x3b70/0x3b70 [ 457.624292][ T29] ? __mutex_lock_slowpath+0x10/0x10 [ 457.629442][ T29] z_erofs_readahead+0x8e2/0xbb0 [ 457.634371][ T29] ? z_erofs_read_folio+0x5f0/0x5f0 [ 457.639389][ T29] ? memset+0x35/0x40 [ 457.643674][ T29] ? blk_start_plug+0x9c/0x130 [ 457.648262][ T29] read_pages+0x1be/0xd40 [ 457.652427][ T29] ? workingset_activation+0x430/0x430 [ 457.658356][ T29] ? folio_add_lru+0x280/0x3f0 [ 457.662944][ T29] ? page_cache_ra_unbounded+0x690/0x690 [ 457.668656][ T29] ? filemap_add_folio+0x18f/0x200 [ 457.673623][ T29] ? __filemap_add_folio+0xd10/0xd10 [ 457.678910][ T29] page_cache_ra_unbounded+0x4c1/0x690 [ 457.684193][ T29] ? readahead_gfp_mask+0x190/0x190 [ 457.689459][ T29] force_page_cache_ra+0x2c2/0x330 [ 457.694520][ T29] generic_fadvise+0x501/0x790 [ 457.699349][ T29] ? __this_cpu_preempt_check+0x13/0x20 [ 457.704748][ T29] ? oom_evaluate_task+0x520/0x520 [ 457.709879][ T29] ? __fdget+0x1b7/0x240 [ 457.713936][ T29] __x64_sys_fadvise64+0x13f/0x180 [ 457.719100][ T29] x64_sys_call+0x5ca/0x9a0 [ 457.723416][ T29] do_syscall_64+0x3b/0xb0 [ 457.727669][ T29] ? clear_bhb_loop+0x55/0xb0 [ 457.732566][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 457.738269][ T29] RIP: 0033:0x7f55aff799f9 [ 457.742709][ T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 457.751117][ T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9 [ 457.758905][ T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005 [ 457.767115][ T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000 [ 457.775063][ T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 457.783044][ T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8 [ 457.790831][ T29] [ 457.793962][ T29] NMI backtrace for cpu 0 [ 457.798095][ T29] CPU: 0 PID: 29 Comm: khungtaskd Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 457.808944][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 457.818841][ T29] Call Trace: [ 457.821962][ T29] [ 457.824740][ T29] dump_stack_lvl+0x151/0x1b7 [ 457.829256][ T29] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 457.834551][ T29] dump_stack+0x15/0x1a [ 457.838540][ T29] nmi_cpu_backtrace+0x2e4/0x2f0 [ 457.843316][ T29] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 457.849302][ T29] ? sched_show_task+0x3d8/0x620 [ 457.854076][ T29] ? nmi_trigger_cpumask_backtrace+0x114/0x3c0 [ 457.860068][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 457.865969][ T29] nmi_trigger_cpumask_backtrace+0x19b/0x3c0 [ 457.871783][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 457.877685][ T29] arch_trigger_cpumask_backtrace+0x10/0x20 [ 457.883420][ T29] watchdog+0xdb0/0xf20 [ 457.887406][ T29] ? __kasan_check_write+0x14/0x20 [ 457.892359][ T29] ? hungtask_pm_notify+0x50/0x50 [ 457.897215][ T29] ? __kasan_check_read+0x11/0x20 [ 457.902071][ T29] ? __kthread_parkme+0x12d/0x180 [ 457.906933][ T29] kthread+0x26d/0x300 [ 457.910837][ T29] ? hungtask_pm_notify+0x50/0x50 [ 457.915699][ T29] ? kthread_blkcg+0xd0/0xd0 [ 457.920128][ T29] ret_from_fork+0x1f/0x30 [ 457.924383][ T29] [ 457.927312][ T29] Sending NMI from CPU 0 to CPUs 1: [ 457.932303][ C1] NMI backtrace for cpu 1 [ 457.932315][ C1] CPU: 1 PID: 84 Comm: syslogd Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 457.932333][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 457.932342][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 457.932365][ C1] Code: 84 00 00 00 00 00 0f 1f 40 00 55 48 89 e5 53 48 89 fb e8 13 00 00 00 48 8b 3d 84 e0 fc 05 48 89 de e8 24 61 46 00 5b 5d c3 cc <55> 48 89 e5 48 8b 45 08 65 48 8b 0d 00 cb 8c 7e 65 8b 15 01 cb 8c [ 457.932378][ C1] RSP: 0018:ffffc900009d77f8 EFLAGS: 00000246 [ 457.932393][ C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc900009d7803 [ 457.932404][ C1] RDX: ffff88810eb02880 RSI: 0000000000000000 RDI: 0000000000000000 [ 457.932414][ C1] RBP: ffffc900009d7910 R08: ffffffff84064f0c R09: ffffc900009d7a20 [ 457.932426][ C1] R10: ffffffffffffffff R11: dffffc0000000001 R12: dffffc0000000000 [ 457.932437][ C1] R13: ffff88810e86eaec R14: ffffc900009d7a20 R15: 0000000000000000 [ 457.932449][ C1] FS: 00007f77f774e380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 457.932463][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 457.932474][ C1] CR2: 00007f55ad4e8178 CR3: 000000010ed58000 CR4: 00000000003506a0 [ 457.932488][ C1] Call Trace: [ 457.932493][ C1] [ 457.932498][ C1] ? show_regs+0x58/0x60 [ 457.932514][ C1] ? nmi_cpu_backtrace+0x285/0x2f0 [ 457.932532][ C1] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 457.932550][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 457.932566][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 457.932583][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 457.932600][ C1] ? nmi_handle+0xa7/0x280 [ 457.932616][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 457.932632][ C1] ? default_do_nmi+0x69/0x160 [ 457.932647][ C1] ? exc_nmi+0xad/0x100 [ 457.932661][ C1] ? end_repeat_nmi+0x16/0x31 [ 457.932679][ C1] ? __skb_try_recv_datagram+0x21c/0x6a0 [ 457.932695][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 457.932712][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 457.932728][ C1] ? audit_tree_destroy_watch+0x20/0x20 [ 457.932771][ C1] [ 457.932776][ C1] [ 457.932781][ C1] ? __skb_try_recv_datagram+0x4a4/0x6a0 [ 457.932797][ C1] ? sock_load_diag_module+0x130/0x130 [ 457.932816][ C1] ? __skb_try_recv_from_queue+0x750/0x750 [ 457.932830][ C1] ? avc_has_perm+0x16f/0x260 [ 457.932851][ C1] __unix_dgram_recvmsg+0x2a0/0x12b0 [ 457.932872][ C1] ? unix_unhash+0x10/0x10 [ 457.932886][ C1] ? avc_has_perm+0x16f/0x260 [ 457.932907][ C1] ? generic_perform_write+0x520/0x5c0 [ 457.932928][ C1] unix_dgram_recvmsg+0xb7/0xd0 [ 457.932945][ C1] ? unix_dgram_sendmsg+0x2050/0x2050 [ 457.932963][ C1] sock_read_iter+0x3b2/0x4b0 [ 457.932983][ C1] ? kernel_sock_ip_overhead+0x280/0x280 [ 457.933005][ C1] ? __kasan_check_read+0x11/0x20 [ 457.933019][ C1] ? fsnotify_perm+0x470/0x5d0 [ 457.933035][ C1] vfs_read+0x771/0xad0 [ 457.933056][ C1] ? kernel_read+0x1f0/0x1f0 [ 457.933074][ C1] ? finish_task_switch+0x167/0x7b0 [ 457.933097][ C1] ? __kasan_check_read+0x11/0x20 [ 457.933110][ C1] ? __fdget_pos+0x204/0x390 [ 457.933131][ C1] ksys_read+0x199/0x2c0 [ 457.933149][ C1] ? save_fpregs_to_fpstate+0x220/0x220 [ 457.933166][ C1] ? vfs_write+0xeb0/0xeb0 [ 457.933185][ C1] ? debug_smp_processor_id+0x17/0x20 [ 457.933204][ C1] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 457.933223][ C1] __x64_sys_read+0x7b/0x90 [ 457.933241][ C1] x64_sys_call+0x28/0x9a0 [ 457.933258][ C1] do_syscall_64+0x3b/0xb0 [ 457.933278][ C1] ? clear_bhb_loop+0x55/0xb0 [ 457.933294][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 457.933309][ C1] RIP: 0033:0x7f77f78a2b6a [ 457.933321][ C1] Code: 00 3d 00 00 41 00 75 0d 50 48 8d 3d 2d 08 0a 00 e8 ea 7d 01 00 31 c0 e9 07 ff ff ff 64 8b 04 25 18 00 00 00 85 c0 75 1b 0f 05 <48> 3d 00 f0 ff ff 76 6c 48 8b 15 8f a2 0d 00 f7 d8 64 89 02 48 83 [ 457.933334][ C1] RSP: 002b:00007ffe210a4328 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 457.933349][ C1] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007f77f78a2b6a [ 457.933360][ C1] RDX: 00000000000000ff RSI: 000056540e243300 RDI: 0000000000000000 [ 457.933370][ C1] RBP: 000056540e2432c0 R08: 0000000000000001 R09: 0000000000000000 [ 457.933380][ C1] R10: 00007f77f7a413a3 R11: 0000000000000246 R12: 000056540e24335b [ 457.933391][ C1] R13: 000056540e243300 R14: 0000000000000000 R15: 00007f77f7a7fa80 [ 457.933405][ C1] [ 458.583618][ T682] Bluetooth: hci0: command 0x1003 tx timeout [ 458.589520][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 459.092952][ T8450] loop4: detected capacity change from 0 to 512 [ 459.099545][ T28] audit: type=1400 audit(2000000196.024:2341): avc: denied { read } for pid=8452 comm="syz.1.2369" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 460.038655][ T28] audit: type=1400 audit(2000000196.024:2342): avc: denied { open } for pid=8452 comm="syz.1.2369" path="/dev/loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 460.089573][ T28] audit: type=1400 audit(2000000196.286:2343): avc: denied { ioctl } for pid=8452 comm="syz.1.2369" path="/dev/loop-control" dev="devtmpfs" ino=113 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 460.126225][ T8450] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz.4.2371: casefold flag without casefold feature [ 460.149526][ T8470] device veth0_vlan left promiscuous mode [ 460.156017][ T8450] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: inode #2: comm syz.4.2371: missing EA_INODE flag [ 460.160552][ T8470] device veth0_vlan entered promiscuous mode [ 460.180868][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 460.188560][ T8450] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.2371: error while reading EA inode 2 err=-117 [ 460.197213][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 460.208094][ T401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 460.216614][ T8473] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 460.252704][ T8450] EXT4-fs (loop4): 1 orphan inode deleted [ 460.258657][ T8450] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 460.572052][ T19] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 460.967650][ T19] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 460.975475][ T19] usb 5-1: config 0 has no interface number 0 [ 460.988999][ T19] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 461.010430][ T19] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 461.020026][ T19] usb 5-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 461.030814][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.052538][ T19] usb 5-1: config 0 descriptor?? [ 461.589095][ T19] input: HID 04d9:a055 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.1/0003:04D9:A055.005D/input/input44 [ 461.689388][ T19] holtek_kbd 0003:04D9:A055.005D: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.4-1/input1 [ 461.805406][ T19] usb 5-1: USB disconnect, device number 46 [ 462.129172][ T8489] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2378'. [ 462.356865][ T8068] EXT4-fs (loop4): unmounting filesystem. [ 463.801518][ T8497] loop4: detected capacity change from 0 to 512 [ 463.844459][ T8497] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.2385: inode #1: comm syz.4.2385: iget: illegal inode # [ 463.875720][ T8497] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.2385: error while reading EA inode 1 err=-117 [ 464.299573][ T8497] EXT4-fs error (device loop4): ext4_xattr_inode_iget:404: comm syz.4.2385: inode #1: comm syz.4.2385: iget: illegal inode # [ 464.369092][ T8497] EXT4-fs error (device loop4): ext4_xattr_inode_iget:409: comm syz.4.2385: error while reading EA inode 1 err=-117 [ 464.459357][ T8497] EXT4-fs (loop4): 1 orphan inode deleted [ 464.469320][ T8497] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 465.151040][ T8497] EXT4-fs (loop4): shut down requested (2) [ 465.281129][ T8511] loop1: detected capacity change from 0 to 40427 [ 465.306594][ T8511] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 465.325091][ T8511] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 465.369992][ T8068] EXT4-fs (loop4): unmounting filesystem. [ 465.376052][ T8511] F2FS-fs (loop1): invalid crc value [ 465.405532][ T8511] F2FS-fs (loop1): Found nat_bits in checkpoint [ 465.468599][ T8511] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 465.475585][ T8511] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 465.508864][ T28] audit: type=1400 audit(2000000202.011:2344): avc: denied { ioctl } for pid=8510 comm="syz.1.2387" path="/6/bus/file0" dev="loop1" ino=10 ioctlcmd=0xf501 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 465.543500][ T8511] syz.1.2387: attempt to access beyond end of device [ 465.543500][ T8511] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 466.916768][ T8526] loop4: detected capacity change from 0 to 2048 [ 467.009548][ T8526] loop4: p1 < > p4 [ 467.014859][ T8526] loop4: p4 size 8388608 extends beyond EOD, truncated [ 467.323685][ T102] loop4: p1 < > p4 [ 467.328128][ T102] loop4: p4 size 8388608 extends beyond EOD, truncated [ 467.364366][ T6944] udevd[6944]: inotify_add_watch(7, /dev/loop4p1, 10) failed: No such file or directory [ 467.380927][ T6945] udevd[6945]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 469.755554][ T28] audit: type=1400 audit(2000000205.603:2345): avc: denied { write } for pid=8551 comm="syz.4.2398" name="ptp0" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 469.893132][ T8560] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.160627][ T8565] loop4: detected capacity change from 0 to 2048 [ 470.271205][ T8565] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 470.319298][ T8569] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2397'. [ 470.365364][ T8570] EXT4-fs (loop4): shut down requested (0) [ 470.372449][ T8569] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2397'. [ 470.418586][ T28] audit: type=1400 audit(2000000206.613:2346): avc: denied { append } for pid=8550 comm="syz.0.2397" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 470.466397][ T8565] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.2400: bg 0: block 234: padding at end of block bitmap is not set [ 470.480791][ T8565] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 28 [ 470.493079][ T8565] EXT4-fs (loop4): This should not happen!! Data will be lost [ 470.493079][ T8565] [ 470.502506][ T8565] EXT4-fs (loop4): Total free blocks count 0 [ 470.514332][ T8565] EXT4-fs (loop4): Free/Dirty block details [ 470.520064][ T8565] EXT4-fs (loop4): free_blocks=0 [ 470.524919][ T8565] EXT4-fs (loop4): dirty_blocks=8192 [ 470.535725][ T8565] EXT4-fs (loop4): Block reservation details [ 470.541631][ T8565] EXT4-fs (loop4): i_reserved_data_blocks=512 SYZFAIL: proc stdout read failed (errno 61: No data available) [ 472.310690][ T28] audit: type=1400 audit(2000000208.381:2347): avc: denied { write } for pid=280 comm="syz-executor" path="pipe:[5878]" dev="pipefs" ino=5878 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 473.230582][ T4033] device bridge_slave_1 left promiscuous mode [ 473.236531][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state [ 473.251498][ T4033] device bridge_slave_0 left promiscuous mode [ 473.257423][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state [ 473.273442][ T4033] device veth1_macvtap left promiscuous mode [ 473.703581][ T4033] tipc: Disabling bearer [ 473.710887][ T4033] tipc: Left network mode [ 474.267756][ T4033] device bridge_slave_1 left promiscuous mode [ 474.273699][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.288491][ T4033] device bridge_slave_0 left promiscuous mode [ 474.294552][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.310708][ T4033] device bridge_slave_1 left promiscuous mode [ 474.316647][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.331214][ T4033] device bridge_slave_0 left promiscuous mode [ 474.337129][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.353422][ T4033] device bridge_slave_1 left promiscuous mode [ 474.359339][ T4033] bridge0: port 2(bridge_slave_1) entered disabled state [ 474.374031][ T4033] device bridge_slave_0 left promiscuous mode [ 474.379953][ T4033] bridge0: port 1(bridge_slave_0) entered disabled state [ 474.396436][ T4033] device veth1_macvtap left promiscuous mode [ 474.402260][ T4033] device veth0_vlan left promiscuous mode [ 474.416700][ T4033] device veth1_macvtap left promiscuous mode [ 474.422526][ T4033] device veth0_vlan left promiscuous mode [ 474.438037][ T4033] device veth1_macvtap left promiscuous mode [ 474.443862][ T4033] device veth0_vlan left promiscuous mode [ 479.879352][ T29] INFO: task syz.2.617:2523 blocked for more than 314 seconds. [ 479.886820][ T29] Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 479.900661][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 479.909131][ T29] task:syz.2.617 state:D stack:24504 pid:2523 ppid:1862 flags:0x00004004 [ 479.932731][ T29] Call Trace: [ 479.935826][ T29] [ 479.938598][ T29] __schedule+0xca7/0x1550 [ 479.942954][ T29] ? release_firmware_map_entry+0x191/0x191 [ 479.954111][ T29] ? blk_check_plugged+0x260/0x260 [ 479.959030][ T29] ? __kasan_check_write+0x14/0x20 [ 479.963979][ T29] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 479.969231][ T29] schedule+0xc3/0x180 [ 479.973127][ T29] io_schedule+0x8f/0x120 [ 479.977317][ T29] folio_wait_bit_common+0x847/0xb80 [ 479.982425][ T29] ? folio_wait_bit+0x30/0x30 [ 479.987059][ T29] ? erofs_map_dev+0x6c4/0x7e0 [ 479.991621][ T29] ? migration_entry_wait_on_locked+0x860/0x860 [ 479.997714][ T29] ? __kasan_check_write+0x14/0x20 [ 480.002645][ T29] ? _raw_spin_lock+0xa4/0x1b0 [ 480.007251][ T29] ? _raw_spin_trylock_bh+0x190/0x190 [ 480.012467][ T29] __folio_lock+0x1e/0x30 [ 480.016617][ T29] z_erofs_runqueue+0xafa/0x1a40 [ 480.021420][ T29] ? __kasan_check_write+0x14/0x20 [ 480.026461][ T29] ? z_erofs_do_read_page+0x3b70/0x3b70 [ 480.031874][ T29] ? __mutex_lock_slowpath+0x10/0x10 [ 480.036947][ T29] z_erofs_readahead+0x8e2/0xbb0 [ 480.041831][ T29] ? z_erofs_read_folio+0x5f0/0x5f0 [ 480.046846][ T29] ? memset+0x35/0x40 [ 480.050693][ T29] ? blk_start_plug+0x9c/0x130 [ 480.055258][ T29] read_pages+0x1be/0xd40 [ 480.059426][ T29] ? workingset_activation+0x430/0x430 [ 480.064747][ T29] ? folio_add_lru+0x280/0x3f0 [ 480.069419][ T29] ? page_cache_ra_unbounded+0x690/0x690 [ 480.074898][ T29] ? filemap_add_folio+0x18f/0x200 [ 480.079831][ T29] ? __filemap_add_folio+0xd10/0xd10 [ 480.085006][ T29] page_cache_ra_unbounded+0x4c1/0x690 [ 480.090249][ T29] ? readahead_gfp_mask+0x190/0x190 [ 480.095298][ T29] force_page_cache_ra+0x2c2/0x330 [ 480.100228][ T29] generic_fadvise+0x501/0x790 [ 480.104841][ T29] ? __this_cpu_preempt_check+0x13/0x20 [ 480.110210][ T29] ? oom_evaluate_task+0x520/0x520 [ 480.115185][ T29] ? __fdget+0x1b7/0x240 [ 480.119236][ T29] __x64_sys_fadvise64+0x13f/0x180 [ 480.124183][ T29] x64_sys_call+0x5ca/0x9a0 [ 480.128536][ T29] do_syscall_64+0x3b/0xb0 [ 480.132775][ T29] ? clear_bhb_loop+0x55/0xb0 [ 480.137298][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 480.143016][ T29] RIP: 0033:0x7f55aff799f9 [ 480.147298][ T29] RSP: 002b:00007f55b0d25038 EFLAGS: 00000246 ORIG_RAX: 00000000000000dd [ 480.155685][ T29] RAX: ffffffffffffffda RBX: 00007f55b0115f80 RCX: 00007f55aff799f9 [ 480.163540][ T29] RDX: 0000000000000000 RSI: 0000000000e0ffff RDI: 0000000000000005 [ 480.171331][ T29] RBP: 00007f55affe78ee R08: 0000000000000000 R09: 0000000000000000 [ 480.179160][ T29] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 480.186930][ T29] R13: 0000000000000000 R14: 00007f55b0115f80 R15: 00007ffec33215f8 [ 480.194766][ T29] [ 480.197623][ T29] NMI backtrace for cpu 0 [ 480.201778][ T29] CPU: 0 PID: 29 Comm: khungtaskd Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 480.212622][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 480.222517][ T29] Call Trace: [ 480.225650][ T29] [ 480.228426][ T29] dump_stack_lvl+0x151/0x1b7 [ 480.232942][ T29] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 480.238230][ T29] dump_stack+0x15/0x1a [ 480.242218][ T29] nmi_cpu_backtrace+0x2e4/0x2f0 [ 480.246992][ T29] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 480.252983][ T29] ? sched_show_task+0x3d8/0x620 [ 480.257754][ T29] ? nmi_trigger_cpumask_backtrace+0x114/0x3c0 [ 480.263747][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 480.269647][ T29] nmi_trigger_cpumask_backtrace+0x19b/0x3c0 [ 480.275459][ T29] ? arch_trigger_cpumask_backtrace+0x20/0x20 [ 480.281364][ T29] arch_trigger_cpumask_backtrace+0x10/0x20 [ 480.287093][ T29] watchdog+0xdb0/0xf20 [ 480.291083][ T29] ? __kasan_check_write+0x14/0x20 [ 480.296119][ T29] ? hungtask_pm_notify+0x50/0x50 [ 480.300978][ T29] ? __kasan_check_read+0x11/0x20 [ 480.305838][ T29] ? __kthread_parkme+0x12d/0x180 [ 480.310700][ T29] kthread+0x26d/0x300 [ 480.314603][ T29] ? hungtask_pm_notify+0x50/0x50 [ 480.319475][ T29] ? kthread_blkcg+0xd0/0xd0 [ 480.323894][ T29] ret_from_fork+0x1f/0x30 [ 480.328147][ T29] [ 480.331067][ T29] Sending NMI from CPU 0 to CPUs 1: [ 480.336052][ C1] NMI backtrace for cpu 1 [ 480.336064][ C1] CPU: 1 PID: 8085 Comm: syz.3.2266 Tainted: G W 6.1.90-syzkaller-00005-g8288de83062c #0 [ 480.336082][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 480.336092][ C1] RIP: 0010:kasan_check_range+0x1c6/0x2a0 [ 480.336117][ C1] Code: ed 49 0f 49 dd 48 83 e3 f8 49 29 dd 74 12 41 80 39 00 0f 85 a6 00 00 00 49 ff c1 49 ff cd 75 ee 5b 41 5c 41 5d 41 5e 41 5f 5d 45 84 f6 75 61 41 f7 c6 00 ff 00 00 75 5d 41 f7 c6 00 00 ff 00 [ 480.336131][ C1] RSP: 0018:ffffc900009beb28 EFLAGS: 00000256 [ 480.336146][ C1] RAX: ffffffff81f3ba01 RBX: 000000000000601b RCX: ffffffff81f3bb58 [ 480.336158][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff88811a1897e0 [ 480.336169][ C1] RBP: ffffc900009beb30 R08: dffffc0000000000 R09: ffffed10234312fd [ 480.336181][ C1] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88811a1897e0 [ 480.336192][ C1] R13: dffffc0000000000 R14: 000000000000000a R15: ffff88811a1897e0 [ 480.336203][ C1] FS: 00007f40529186c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 480.336218][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 480.336229][ C1] CR2: 00007efc9ad0f866 CR3: 00000001299f1000 CR4: 00000000003506a0 [ 480.336243][ C1] Call Trace: [ 480.336248][ C1] [ 480.336255][ C1] ? show_regs+0x58/0x60 [ 480.336271][ C1] ? nmi_cpu_backtrace+0x285/0x2f0 [ 480.336289][ C1] ? nmi_trigger_cpumask_backtrace+0x3c0/0x3c0 [ 480.336308][ C1] ? kasan_check_range+0x1c6/0x2a0 [ 480.336326][ C1] ? kasan_check_range+0x1c6/0x2a0 [ 480.336345][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 480.336363][ C1] ? nmi_handle+0xa7/0x280 [ 480.336379][ C1] ? kasan_check_range+0x1c6/0x2a0 [ 480.336398][ C1] ? default_do_nmi+0x69/0x160 [ 480.336414][ C1] ? exc_nmi+0xad/0x100 [ 480.336428][ C1] ? end_repeat_nmi+0x16/0x31 [ 480.336446][ C1] ? __ext4_get_inode_loc+0x4c1/0xe40 [ 480.336464][ C1] ? __ext4_get_inode_loc+0x618/0xe40 [ 480.336482][ C1] ? kasan_check_range+0x1c6/0x2a0 [ 480.336501][ C1] ? kasan_check_range+0x1c6/0x2a0 [ 480.336521][ C1] ? kasan_check_range+0x1c6/0x2a0 [ 480.336540][ C1] [ 480.336545][ C1] [ 480.336550][ C1] ? __kasan_check_read+0x11/0x20 [ 480.336563][ C1] __ext4_get_inode_loc+0x618/0xe40 [ 480.336584][ C1] ? __kasan_check_read+0x11/0x20 [ 480.336599][ C1] ? ext4_get_inode_loc+0x190/0x190 [ 480.336618][ C1] ? __kasan_check_write+0x14/0x20 [ 480.336633][ C1] ext4_reserve_inode_write+0x17e/0x360 [ 480.336653][ C1] ? ext4_mark_iloc_dirty+0x1970/0x1970 [ 480.336671][ C1] ? _raw_spin_trylock_bh+0x190/0x190 [ 480.336692][ C1] ? ext4_dirty_inode+0xbd/0x100 [ 480.336711][ C1] __ext4_mark_inode_dirty+0x12e/0x7d0 [ 480.336729][ C1] ? sb_end_intwrite+0x130/0x130 [ 480.336746][ C1] ? __dquot_alloc_space+0x267/0xc10 [ 480.336767][ C1] ? __kasan_check_read+0x11/0x20 [ 480.336780][ C1] ? __ext4_journal_start_sb+0x2f1/0x4b0 [ 480.336800][ C1] ext4_dirty_inode+0xbd/0x100 [ 480.336818][ C1] ? __ext4_expand_extra_isize+0x420/0x420 [ 480.336837][ C1] __mark_inode_dirty+0x200/0xa60 [ 480.336857][ C1] ext4_xattr_block_set+0x1f8e/0x3760 [ 480.336878][ C1] ? ext4_xattr_block_find+0x320/0x320 [ 480.336900][ C1] ? ext4_reserve_inode_write+0x2b3/0x360 [ 480.336920][ C1] ? ext4_mark_iloc_dirty+0x1970/0x1970 [ 480.336938][ C1] ? ext4_xattr_ibody_find+0x102/0x530 [ 480.336960][ C1] ext4_xattr_set_handle+0xdac/0x1560 [ 480.336984][ C1] ? ext4_xattr_set_entry+0x3ef0/0x3ef0 [ 480.337014][ C1] ? selinux_inode_free_security+0x210/0x210 [ 480.337037][ C1] ext4_initxattrs+0xa7/0x120 [ 480.337053][ C1] security_inode_init_security+0x252/0x390 [ 480.337074][ C1] ? ext4_init_security+0x40/0x40 [ 480.337091][ C1] ? security_dentry_create_files_as+0xc0/0xc0 [ 480.337113][ C1] ? __ext4_set_acl+0x5e0/0x5e0 [ 480.337129][ C1] ? _raw_spin_unlock+0x4c/0x70 [ 480.337149][ C1] ext4_init_security+0x34/0x40 [ 480.337165][ C1] __ext4_new_inode+0x31ef/0x40a0 [ 480.337185][ C1] ? ext4_has_group_desc_csum+0x1f0/0x1f0 [ 480.337200][ C1] ? dquot_initialize+0x20/0x20 [ 480.337221][ C1] ext4_create+0x275/0x550 [ 480.337239][ C1] ? ext4_lookup+0x740/0x740 [ 480.337256][ C1] ? selinux_inode_create+0x22/0x30 [ 480.337276][ C1] ? security_inode_create+0xbc/0x100 [ 480.337296][ C1] ? ext4_lookup+0x740/0x740 [ 480.337311][ C1] path_openat+0x12ee/0x2d60 [ 480.337332][ C1] ? do_filp_open+0x480/0x480 [ 480.337350][ C1] do_filp_open+0x230/0x480 [ 480.337365][ C1] ? vfs_tmpfile+0x480/0x480 [ 480.337383][ C1] ? alloc_fd+0x4fa/0x5a0 [ 480.337405][ C1] do_sys_openat2+0x151/0x890 [ 480.337423][ C1] ? __ia32_sys_get_robust_list+0x90/0x90 [ 480.337441][ C1] ? __sys_bpf+0x479/0x7f0 [ 480.337459][ C1] ? do_sys_open+0x220/0x220 [ 480.337478][ C1] ? __se_sys_futex+0x35e/0x3c0 [ 480.337497][ C1] __x64_sys_openat+0x243/0x290 [ 480.337515][ C1] ? __ia32_sys_open+0x270/0x270 [ 480.337534][ C1] ? switch_fpu_return+0xe/0x10 [ 480.337550][ C1] ? exit_to_user_mode_prepare+0x7e/0xa0 [ 480.337569][ C1] x64_sys_call+0x6bf/0x9a0 [ 480.337585][ C1] do_syscall_64+0x3b/0xb0 [ 480.337605][ C1] ? clear_bhb_loop+0x55/0xb0 [ 480.337620][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 480.337636][ C1] RIP: 0033:0x7f4051b799f9 [ 480.337724][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 480.337737][ C1] RSP: 002b:00007f4052918038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 480.337767][ C1] RAX: ffffffffffffffda RBX: 00007f4051d16130 RCX: 00007f4051b799f9 [ 480.337779][ C1] RDX: 00000000000026e1 RSI: 0000000020000280 RDI: ffffffffffffff9c [ 480.337790][ C1] RBP: 00007f4051be78ee R08: 0000000000000000 R09: 0000000000000000 [ 480.337800][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.337810][ C1] R13: 0000000000000000 R14: 00007f4051d16130 R15: 00007ffdff3981e8 [ 480.337824][ C1]