last executing test programs: 6.808961559s ago: executing program 3: process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)) r0 = getpid() r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) inotify_init1(0x0) syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x2008418, &(0x7f0000000b40)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45aca9836c319f437199ff24212c651baef614d442ae89412ad3dcd0b7586d02fe296d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1e73fa85bae63db763c51fc02936b3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c500000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2680b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2100931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000008886b313bd01a22d576e414011a4f0a897514329f86d4585fa0ea17068f8af349696da4a2b37828931cf6a369db22b556a8e24310ca52ec51bc23d8c73e6410eb41ca6748e0b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515e34ac8c454a30dd54a580abcf2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55a0016ff1ec9da9ccc1191c2116322020c66d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d58633d97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575e2449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4ab22052b9467d0da116ccc1652d861a420f08baf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cfe0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c863907079cbafe80d01f8a0000000000024589ec3f88e6e99bf1d4373f24d760da4d35e6658f54190e4ce3f5ae00b44b71e299d3f6c892d9abbafbc531d68a84b4688b282bf99dd29c2c037be31b0e7d320a941fb000000000000", @ANYRES32, @ANYRES32=0x0, @ANYRESDEC, @ANYRESHEX, @ANYRESHEX, @ANYRES64, @ANYRES16, @ANYRESOCT], 0x1, 0x5549, &(0x7f0000003d80)="$eJzs3EtvG9UXAPA7TpP++/xHiAW7jlQhJVJt1elDsAvQiodIFfFYsALHdiy3tieKHSeEDRIsEQu+CQKJFUs+AwvW7BALEDskkOeOKaE8WtmJk/b3k8Zn5s74zLkjK9GZsRyAJ9Zi+stPSbgYzoQQ5kII55OQryfFkluN4ZkQwqUQQulPS1KM/zGwEEI4G0K4OEoecybFrs+uDC/f+PG1n7/+9vSpc59/9d3sZg3M2rMhhO5WXN/txpi1YrxbjNeG7Tx2rw+LGHd07xXbWYy7zY08w25tfFwtj9da8fhsa6c/ipudWn0UW+3NfHyrF0/YH7bGefI33K1t59uN5kYe2/0sj639WNfefvzbtt8fxDyNIt/7efowGIxjHG/uNeN8tu7lsd4bFOMxb9Zo7o3isIjF6UI96zTyOjYmudLH2+vt3s5eOmxu99tZL71RqT5Xqd4sV7ezRnPQvF6udRs3r6dLrc7osPKgWeuutrKs1WlW6ll3OV1q1evlajVdutXcaNd6abVauVa5Wr6xXKxdSV++83baaaRLo/hiu7ez0O70081sO43vWE5XKteeX04vV9M319bT9Tdu315bf+vdW+/ceWHt1ZeKgx4oK11aubqyUq5eLa9Ul4/B/Ef/dx9y/oNJ5v9xUfQjzD+Z7PLAv3v0D9gHC4dSCMDJ8UD/H/T/wOE76f1/mGb/P2qp9P//3f+WJu//J+p/j2v/f4LnDxNxgwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4In1/fwXr+Qri3H7XDF+oRh6qthOQgilEMJvf2MuLBzIOVfkmf+H4+f/UsM3ScgzjM5xuljOhhBWi+XX/x/2VQAAAIDH15cfXvo0duvxZXHWBXGU4k2b0vn3ppQvCSHML/4wpWyl0cvTU0qWf75Phb0pZctvYP1vSsniLbdT08r2UObG4aML9wfzCSUxlI60HAAA4EjMHQhH24UAAABwlD6ZdQHMRhLGjzLHz4Lzb97ff7R55sA+AAAA4ARKZl0AAAAAcOjy/t/v/wEAAMDjLf7+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzt3cJg6EYQD+bDA/+6NFq71vK3uDMraEPe4xUECaoATSQhqgBnJLCRFE2CMkRyCBsGOBnkfymLHR6xnw5RtLBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2vRSrGZPD78fr83Z7q7TzGwAAACAYzbFalZ+mFT9r+n493ToZ+pnEZFHxLHavReDWmYv5RQnvl98GMNzRJmwv8YwbV8i4k/a3n60/SsAAADA/VovltOqWq+aSdcD4jNVizb5t78N5WURUUxeG0rL982vhsLK+7sf/xtKKxewRg2FVUtu/ePnBueGjC+6ZK+2SzMZzcs/sezlF8UBAAA3oV4JnKhCAAAAuAP/uh4A3cgOzeE547DapQeC41oPAAAAuEFZ1wMAAAAAWlfW/97/BwAAAPetev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbdoUq9l6sZyeOj8/M2e7u05zMwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Z3/ebQCEwRgMmjd0KPsPizwBZZq76tNvpQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwK81ydLYGm+SvdfG0fNIcnZqXJ0ad+fG0wdj9icAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC/63S//J6bGmWTutLF0PJKsXTW2rhp7DxpHD8bbvwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYuX/eOIooAODv9m4vfwBhDHJhQEGigIbYl5CQEgqQRcFHQLKcczBcCCQuSGSB3ECFXKdBUCKEBDJdvkPqWEoTuhQujEQN2r1dZ5MYfFjH7sX+/aTZeXsezbzZO1l+3rUBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABK2+/ES0kRt7PD1DAuX7uzs7aU9VuP9JlbG3dns5bFrf0W+ubt8Sc/2V6unpyaqZx8VX8yAAAAHA3tsr6PiHvp5kLWJ1N5/Z+WY7Ka//tnhnFZzz9a92/trB0vvjRb1v+//Xr/hd2FpobrZJMurwz684+n0vmftjjxnt13RCe/8vnvXtr5G5K8v/78dppfz9a3t2+/283DY3VkCwAcxOmyL4Ly56Gs7zWZGABHRqdSeJf1f3uq2ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6rC9Hk+VcSsiZjsP4szWztrSXv2tjbuzZTt/8+ZGdc5sijQillcG/bTGvUy6a9dvfLI4GPSvjhIk/2XwvsGpiBjrhAcJPhxhTMS/jyk+ntHcLv45aE1GGo0GSfH+TEo+4wzKz974Z27oGxIAAIdWWrSsrr+Xbi5kr7WmI/764eH6/7VKHCPW//c/On+nula1/u/VtsPJN7d6+bO5a9dvvLFyefFS/1L/0zfP9N7qnb1w7tyFuexazc8tR9KfbzpNAAAAnmDdolXr/2T68fv/JytxjFj/f/5d78vqWm31/54e3PRrOhMAAICjqLsbPffKn3+09hjR6nbji8XV1au94XH3/MzwWGu6B3SsaNX6vz3ddFYAAABAHbbXWw/d/79YiWPE+/9P//jiz9U52xFxIuJKRPRPL10ZXKxvOxOtjj9UzhfqNr1TAAAAmnKiaNX7/2n+/H+y+8hDEhGvvzqMy/91NUr9337v65+qa1Wf/z9b3xYnUjIzvB55PxPRmWk6IwAAAA6z40XLiv3f082Fj385+UHX8/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdfs7AAD//5X/Nho=") bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x2d) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 5.869056945s ago: executing program 4: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000003c0)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1802000000000000000000006f000000850000001700000095000000000000001b470500000000000000d83b4e7c6da6"], &(0x7f00000005c0)='GPL\x00'}, 0x80) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000180)={r2, r1, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x34e, &(0x7f0000000780)=ANY=[], 0x0) 5.285050564s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000002940)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000b0000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa035881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000004314d16d67ca160010c63a949e8b7955394ffa82b8e942c89112f4ab87430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a6de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fea1f1a629f4d44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a95a670f186a9d8027af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f570000000097004fa95eae87cacf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b74da42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1879879cbf1e7670968ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0f34d30dc94ef241875f3b44e0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc35f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf790842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc9da71c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8189bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd7040000000094235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced699b3e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c396b6ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920386f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54d232e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf974fcf36cbf6db49a47613808bad9832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f63af851c68f0fd05193cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604ffffffff3e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc5525876fb24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f478ee9d3cec994aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a20ffffffff682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005fdb2971dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359ca9daf3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae682acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da30000bce645451b851111dd98ac4d8da9317c2c082020e0b2d6340809000000000000008e053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456521cffdef93e29f10f4a11f0cfbfc0ff976b20fe"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x64000600) 5.192791769s ago: executing program 4: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 4.164257698s ago: executing program 0: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 4.161966648s ago: executing program 1: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 4.043493286s ago: executing program 4: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 2.978870701s ago: executing program 0: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000001000000000000000000850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000180)='sys_enter\x00', r0}, 0x10) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0) openat(r1, &(0x7f00000000c0)='./file0\x00', 0x601c2, 0x0) faccessat(r1, &(0x7f0000000000)='./file0\x00', 0x0) 2.977109261s ago: executing program 1: r0 = socket$inet6(0xa, 0x3, 0x6) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000100)={@loopback, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000040)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800, 0x0, 0x2, 0x3}, 0x20) 2.848976501s ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000014000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r0}, 0x10) ftruncate(0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000100), 0xb) splice(r4, 0x0, r5, 0x0, 0x8000f28, 0x0) splice(r1, 0x0, r5, 0x0, 0x80, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) write(r3, 0x0, 0x0) 2.760721564s ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000005000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='jbd2_handle_stats\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 2.728749879s ago: executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0) close(r3) bpf$MAP_CREATE(0x0, 0x0, 0x0) r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000f0cd00000000000004000000850000000700000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r4, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r2}, &(0x7f00000006c0), &(0x7f0000000700)=r1}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$inet(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x0) 2.715221521s ago: executing program 1: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 2.608749467s ago: executing program 2: syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x8a0088, 0x0, 0xfe, 0x0, &(0x7f0000000040)) rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000000000000000000000c850000006d00000095"], &(0x7f0000001800)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='9p_protocol_dump\x00', r0}, 0x10) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 2.554002466s ago: executing program 3: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 2.535550479s ago: executing program 0: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 2.355017407s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x63b6}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703002e774ae600b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='ext4_mballoc_alloc\x00', r1}, 0x10) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) 2.083642599s ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) syz_mount_image$fuse(0x0, &(0x7f0000000340)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) chdir(&(0x7f0000000180)='./file0\x00') mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c}) 1.354679561s ago: executing program 1: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 1.351437572s ago: executing program 4: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000600000000005e00221a850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="b8"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 1.220866842s ago: executing program 3: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000600000000005e00221a850000006d00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r3 = dup(r2) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) write$FUSE_DIRENTPLUS(r3, &(0x7f00000005c0)=ANY=[@ANYBLOB="b8"], 0xb8) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 1.203092655s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000002940)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000b0000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa035881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000004314d16d67ca160010c63a949e8b7955394ffa82b8e942c89112f4ab87430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a6de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fea1f1a629f4d44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a95a670f186a9d8027af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f570000000097004fa95eae87cacf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b74da42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1879879cbf1e7670968ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0f34d30dc94ef241875f3b44e0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc35f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf790842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc9da71c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8189bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd7040000000094235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced699b3e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c396b6ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920386f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54d232e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf974fcf36cbf6db49a47613808bad9832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f63af851c68f0fd05193cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604ffffffff3e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc5525876fb24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f478ee9d3cec994aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a20ffffffff682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005fdb2971dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359ca9daf3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae682acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da30000bce645451b851111dd98ac4d8da9317c2c082020e0b2d6340809000000000000008e053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456521cffdef93e29f10f4a11f0cfbfc0ff976b20fe"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x64000600) 1.175563539s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000002940)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000b0000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa035881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000004314d16d67ca160010c63a949e8b7955394ffa82b8e942c89112f4ab87430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a6de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fea1f1a629f4d44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a95a670f186a9d8027af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f570000000097004fa95eae87cacf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b74da42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1879879cbf1e7670968ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0f34d30dc94ef241875f3b44e0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc35f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf790842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc9da71c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8189bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd7040000000094235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced699b3e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c396b6ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920386f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54d232e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf974fcf36cbf6db49a47613808bad9832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f63af851c68f0fd05193cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604ffffffff3e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc5525876fb24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f478ee9d3cec994aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a20ffffffff682139c58ac1deb039a691ad640e12c12fe11d70fe495906f2d5d71778acbd4eee53a3996cb0de84bd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000040)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="1800000000000000000000000000000095000000000000005fdb2971dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359ca9daf3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae682acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da30000bce645451b851111dd98ac4d8da9317c2c082020e0b2d6340809000000000000008e053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456521cffdef93e29f10f4a11f0cfbfc0ff976b20fe"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d) r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r2, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) unshare(0x64000600) 1.150580033s ago: executing program 2: syz_mount_image$tmpfs(&(0x7f0000000180), &(0x7f0000000080)='./file0\x00', 0x8a0088, 0x0, 0xfe, 0x0, &(0x7f0000000040)) rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffffbfd]}, 0x0, 0x8) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c000000000000000000000c850000006d00000095"], &(0x7f0000001800)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='9p_protocol_dump\x00', r0}, 0x10) pipe2$9p(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) 838.283941ms ago: executing program 3: socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x3a, &(0x7f0000000240)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000004c0), 0x32d, 0x20008090) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000380)='./file0\x00', 0x10cb0, 0x0, 0xfc, 0x0, &(0x7f0000000000)) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000040)={'gre0\x00', &(0x7f0000000800)}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000540)={0x3, &(0x7f0000000500)=[{0x0, 0x0, 0x7, 0x1f}, {0x4, 0x0, 0x3, 0x3}, {0x20, 0x7, 0x7d}]}, 0x10) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010026bd760000000000fc010000000000000000000000080000ac1414bb0000000000000000000000000000000000000000020010"], 0xb8}}, 0x0) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[@ANYBLOB="8801000014"], 0x188}}, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x8923, &(0x7f0000000680)={'syztnl2\x00', &(0x7f00000002c0)}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) ptrace$cont(0x9, r5, 0x6, 0x80020) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000980)=ANY=[@ANYBLOB="180000000000000000000000000002009500000000000000de3a5c5b7db6d340ac7e76ab27be3478ab00003c4bfca8b68f0ef4c3305a511b19a76958e9b7e970ebb213f67df9083207c87e1c212cd64da2b6b8c070f60d744c0bfe81c753e78c00bcca761ad3e4d95a3cd12cd2531de1d789d33a94267c725acf2c32377781d5b032197a7924e79d3165c5f63aee1a6604610d59fa089234349d9c53008382c166482a1e561f73ad9c530fe0c29f9ab6faba5b0213e9653b93fdbfbec09511d102b3b42ccc4006445d395418a87288c7c0a181f8f9f892d9d4fc7d30db9e51afe8e6fd7863062ce3aac3404f02392e0d8772582b4ca007eb08f0c0f4e8b8770d8f2ed60f049cdad9fa2dc3adda1ea29f3c8f6ff2fc7477767f0c14ca4afa19494db0f499160bc332647a809d56711544eef166a9a089"], &(0x7f00000000c0)='GPL\x00', 0x6}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r6}, 0x10) r7 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder1\x00', 0x800, 0x0) r8 = dup3(0xffffffffffffffff, r7, 0x80000) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000004c0)={'gre0\x00', &(0x7f0000000580)}) ioctl$TUNSETIFINDEX(r8, 0x400454da, &(0x7f0000000400)) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)=@newlinkprop={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_NET_NS_PID={0x8}, @IFLA_OPERSTATE]}, 0x77}}, 0x0) 771.822371ms ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xc, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000000000008500000005000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000500)='jbd2_handle_stats\x00', r0}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) 731.065787ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) open(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000380)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600b35, 0x15) 332.617099ms ago: executing program 1: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 18.611287ms ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000003e5c0000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000340)={0xffffffffffffffff}) close(r0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_free_inode\x00', r3}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 0s ago: executing program 0: r0 = syz_usb_connect$uac1(0x0, 0xa4, &(0x7f00000000c0)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r2}, 0x10) syz_usb_control_io$uac1(r0, &(0x7f0000000680)={0x14, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="00032a0000002a03"]}, 0x0) kernel console output (not intermixed with test programs): T37] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 575.802343][ T37] usb 3-1: config 0 descriptor?? [ 575.920027][T24336] bridge0: port 1(bridge_slave_0) entered blocking state [ 575.926877][T24336] bridge0: port 1(bridge_slave_0) entered disabled state [ 575.934542][T24336] device bridge_slave_0 entered promiscuous mode [ 575.945041][T24336] bridge0: port 2(bridge_slave_1) entered blocking state [ 575.951988][T24336] bridge0: port 2(bridge_slave_1) entered disabled state [ 575.959199][T24336] device bridge_slave_1 entered promiscuous mode [ 576.025815][T24348] device bridge_slave_0 left promiscuous mode [ 576.032850][T24348] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.040796][T24348] device bridge_slave_1 left promiscuous mode [ 576.046725][T24348] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.062252][T24336] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.069089][T24336] bridge0: port 2(bridge_slave_1) entered forwarding state [ 576.076208][T24336] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.082996][T24336] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.091258][T24348] bridge0: port 1(syz_tun) entered blocking state [ 576.097489][T24348] bridge0: port 1(syz_tun) entered disabled state [ 576.104283][T24348] device syz_tun entered promiscuous mode [ 576.132343][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 576.140114][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.147236][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.164355][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 576.173167][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 576.180027][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 576.187703][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 576.195942][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 576.202880][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 576.213605][ T8] device bridge_slave_1 left promiscuous mode [ 576.220202][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 576.229817][T24351] loop4: detected capacity change from 0 to 256 [ 576.236844][ T8] device bridge_slave_0 left promiscuous mode [ 576.243173][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 576.250228][T24351] exfat: Deprecated parameter 'utf8' [ 576.258039][T24351] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 576.279972][ T37] microsoft 0003:045E:07DA.009E: unknown main item tag 0x0 [ 576.290287][ T37] microsoft 0003:045E:07DA.009E: unknown main item tag 0x1 [ 576.303885][ T37] microsoft 0003:045E:07DA.009E: unbalanced collection at end of report description [ 576.323315][ T37] microsoft 0003:045E:07DA.009E: parse failed [ 576.336565][ T37] microsoft: probe of 0003:045E:07DA.009E failed with error -22 [ 576.405380][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 576.415418][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 576.442611][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 576.460117][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 576.471580][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 576.491076][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 576.506878][T24336] device veth0_vlan entered promiscuous mode [ 576.513468][ T351] usb 3-1: USB disconnect, device number 49 [ 576.536950][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 576.548518][T24336] device veth1_macvtap entered promiscuous mode [ 576.570190][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 576.584476][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 576.592990][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 576.667689][T23099] device syz_tun left promiscuous mode [ 576.673085][T23099] bridge0: port 1(syz_tun) entered disabled state [ 577.051618][T24370] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.058658][T24370] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.065901][T24370] device bridge_slave_0 entered promiscuous mode [ 577.073028][T24370] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.080061][T24370] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.087308][T24370] device bridge_slave_1 entered promiscuous mode [ 577.150997][T24370] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.157858][T24370] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.164966][T24370] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.171763][T24370] bridge0: port 1(bridge_slave_0) entered forwarding state [ 577.203534][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 577.211576][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.218816][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.248298][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 577.256322][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 577.263179][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 577.270613][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 577.280156][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 577.286992][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 577.294161][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 577.301917][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 577.315562][T24370] device veth0_vlan entered promiscuous mode [ 577.323737][T24379] device bridge_slave_0 left promiscuous mode [ 577.329705][T24379] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.336990][T24379] device bridge_slave_1 left promiscuous mode [ 577.343077][T24379] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.351036][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 577.359311][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 577.367190][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 577.374551][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 577.382641][T24379] bridge0: port 1(syz_tun) entered blocking state [ 577.388906][T24379] bridge0: port 1(syz_tun) entered disabled state [ 577.395536][T24379] device syz_tun entered promiscuous mode [ 577.456993][T24370] device veth1_macvtap entered promiscuous mode [ 577.464131][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 577.478117][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 577.486356][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 577.491627][T24384] loop1: detected capacity change from 0 to 1024 [ 577.521331][T24384] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 577.550078][T24384] loop1: detected capacity change from 1024 to 64 [ 577.562659][T24384] syz-executor.1: attempt to access beyond end of device [ 577.562659][T24384] loop1: rw=2049, sector=224, nr_sectors = 2 limit=64 [ 577.576228][T24384] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 112) [ 577.587354][T24384] buffer_io_error: 17 callbacks suppressed [ 577.587367][T24384] Buffer I/O error on device loop1, logical block 112 [ 577.599824][T24384] syz-executor.1: attempt to access beyond end of device [ 577.599824][T24384] loop1: rw=2049, sector=228, nr_sectors = 124 limit=64 [ 577.613785][T24384] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 114) [ 577.625242][T24384] Buffer I/O error on device loop1, logical block 114 [ 577.631819][T24384] Buffer I/O error on device loop1, logical block 115 [ 577.638651][T24384] Buffer I/O error on device loop1, logical block 116 [ 577.645223][T24384] Buffer I/O error on device loop1, logical block 117 [ 577.651821][T24384] Buffer I/O error on device loop1, logical block 118 [ 577.658414][T24384] Buffer I/O error on device loop1, logical block 119 [ 577.665373][T24384] Buffer I/O error on device loop1, logical block 120 [ 577.671950][T24384] Buffer I/O error on device loop1, logical block 121 [ 577.671970][T24384] Buffer I/O error on device loop1, logical block 122 [ 577.672454][T24384] syz-executor.1: attempt to access beyond end of device [ 577.672454][T24384] loop1: rw=2049, sector=352, nr_sectors = 4 limit=64 [ 577.698825][T24384] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 15 starting block 176) [ 577.819102][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 577.833318][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 577.847372][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 577.861125][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 577.874843][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 577.888421][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 577.902645][T24057] EXT4-fs warning (device loop1): ext4_empty_dir:3093: inode #11: lblock 0: comm syz-executor.1: error -12 reading directory block [ 577.983942][T24057] EXT4-fs (loop1): unmounting filesystem. [ 577.990381][T24387] kmmpd-loop1: attempt to access beyond end of device [ 577.990381][T24387] loop1: rw=14337, sector=128, nr_sectors = 2 limit=64 [ 578.003772][T24387] buffer_io_error: 502 callbacks suppressed [ 578.003787][T24387] Buffer I/O error on dev loop1, logical block 64, lost sync page write [ 578.766810][T24417] bridge0: port 1(bridge_slave_0) entered blocking state [ 578.774092][T24417] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.781815][T24417] device bridge_slave_0 entered promiscuous mode [ 578.789987][T24417] bridge0: port 2(bridge_slave_1) entered blocking state [ 578.797336][T24417] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.805205][T24417] device bridge_slave_1 entered promiscuous mode [ 578.813743][ T8] device bridge_slave_1 left promiscuous mode [ 578.819923][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 578.827775][ T8] device bridge_slave_0 left promiscuous mode [ 578.834200][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 578.842822][ T8] device veth1_macvtap left promiscuous mode [ 578.848741][ T8] device veth0_vlan left promiscuous mode [ 579.109904][T24417] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.116792][T24417] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.123893][T24417] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.130671][T24417] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.163356][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 579.171229][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state [ 579.178764][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state [ 579.201286][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 579.209368][ T6401] bridge0: port 1(bridge_slave_0) entered blocking state [ 579.216215][ T6401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 579.223913][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 579.231963][ T6401] bridge0: port 2(bridge_slave_1) entered blocking state [ 579.238812][ T6401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 579.261376][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 579.269563][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 579.277426][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 579.289033][T24417] device veth0_vlan entered promiscuous mode [ 579.294900][T22485] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 579.308033][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 579.316322][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 579.323647][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 579.338868][T24417] device veth1_macvtap entered promiscuous mode [ 579.346000][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 579.363652][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 579.372335][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 579.577841][T24441] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.1'. [ 579.587577][T24441] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.1'. [ 579.597722][T24441] netlink: 'syz-executor.1': attribute type 5 has an invalid length. [ 579.606221][T24441] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.1'. [ 579.616807][T24441] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 579.659545][T22485] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 579.672934][T22485] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 579.688375][T22485] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 579.705465][T22485] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 580.097101][T22485] usb 1-1: string descriptor 0 read error: -71 [ 580.110934][T22485] usb 1-1: USB disconnect, device number 70 [ 580.237517][T24458] loop3: detected capacity change from 0 to 128 [ 580.253211][T24458] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 580.346108][ T8] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 581.123396][T24476] loop4: detected capacity change from 0 to 40427 [ 581.149309][T24476] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 581.156911][T24476] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 581.166664][T24476] F2FS-fs (loop4): invalid crc value [ 581.173469][T24476] F2FS-fs (loop4): Found nat_bits in checkpoint [ 581.202176][T24488] loop1: detected capacity change from 0 to 128 [ 581.228817][T24476] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 581.235783][T24476] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 581.260934][T24488] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 581.323399][T24370] syz-executor.4: attempt to access beyond end of device [ 581.323399][T24370] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 581.342215][ T8] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 582.753903][T24519] hub 6-0:1.0: USB hub found [ 582.758485][T24519] hub 6-0:1.0: 1 port detected [ 583.362814][T24547] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 583.373261][T24547] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 583.867241][T24567] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 583.912541][T24561] loop2: detected capacity change from 0 to 40427 [ 583.921008][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 583.928246][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 583.935487][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 583.942872][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 583.950118][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 583.957341][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 583.964517][ T351] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 583.965792][T24561] F2FS-fs (loop2): invalid crc value [ 583.977091][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 583.984465][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 583.992544][T24561] F2FS-fs (loop2): Found nat_bits in checkpoint [ 583.998659][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.005855][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.013281][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.021387][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.028738][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.035970][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.043227][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.045642][T24561] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 584.050507][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.064745][T24561] serio: Serial port pts0 [ 584.065014][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.076309][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.083507][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.090792][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.097895][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.105108][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.112329][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.119538][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.126716][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.133930][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.141162][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.148320][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.155540][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.162791][ T332] hid-generic 0000:0000:0000.009F: unknown main item tag 0x0 [ 584.173061][ T332] hid-generic 0000:0000:0000.009F: hidraw0: HID v0.00 Device [syz0] on syz0 [ 584.209231][ T351] usb 4-1: Using ep0 maxpacket: 16 [ 584.224751][T23398] syz-executor.2: attempt to access beyond end of device [ 584.224751][T23398] loop2: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 584.349250][ T351] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 584.357209][ T351] usb 4-1: config 0 has no interface number 0 [ 584.549259][ T351] usb 4-1: New USB device found, idVendor=22b7, idProduct=150d, bcdDevice=27.77 [ 584.558252][ T351] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.566103][ T351] usb 4-1: Product: syz [ 584.570137][ T351] usb 4-1: Manufacturer: syz [ 584.574476][ T351] usb 4-1: SerialNumber: syz [ 584.579532][ T351] usb 4-1: config 0 descriptor?? [ 584.629879][ T351] ftdi_sio 4-1:0.1: FTDI USB Serial Device converter detected [ 584.637792][ T351] ftdi_sio ttyUSB0: unknown device type: 0x2777 [ 584.835729][ T6] usb 4-1: USB disconnect, device number 58 [ 584.843063][ T6] ftdi_sio 4-1:0.1: device disconnected [ 585.043897][T24604] loop0: detected capacity change from 0 to 256 [ 585.139198][T24604] loop0: detected capacity change from 256 to 96 [ 585.170187][T24058] device syz_tun left promiscuous mode [ 585.182626][T24058] bridge0: port 1(syz_tun) entered disabled state [ 585.240090][ T8] kworker/u4:0: attempt to access beyond end of device [ 585.240090][ T8] loop0: rw=1, sector=136, nr_sectors = 16 limit=96 [ 585.260230][ T8] kworker/u4:0: attempt to access beyond end of device [ 585.260230][ T8] loop0: rw=1, sector=160, nr_sectors = 8 limit=96 [ 585.295416][ T8] kworker/u4:0: attempt to access beyond end of device [ 585.295416][ T8] loop0: rw=1, sector=240, nr_sectors = 16 limit=96 [ 585.670682][T24619] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.677590][T24619] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.684896][T24619] device bridge_slave_0 entered promiscuous mode [ 585.692581][T24619] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.699452][T24619] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.706706][T24619] device bridge_slave_1 entered promiscuous mode [ 585.712939][ T6] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 585.776714][T24619] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.783645][T24619] bridge0: port 2(bridge_slave_1) entered forwarding state [ 585.790762][T24619] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.797526][T24619] bridge0: port 1(bridge_slave_0) entered forwarding state [ 585.896697][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 585.904624][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 585.912263][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 585.927827][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 585.938246][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 585.945085][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 585.952306][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 585.960228][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 585.967053][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 585.979651][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 585.987485][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 585.995066][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 586.008187][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 586.019045][T24619] device veth0_vlan entered promiscuous mode [ 586.025370][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 586.042956][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 586.054722][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 586.063589][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 586.072358][T24619] device veth1_macvtap entered promiscuous mode [ 586.082074][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 586.094254][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 586.142491][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 586.153837][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 586.163635][ T6] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 586.176422][ T6] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 586.192628][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.201245][ T6] usb 4-1: config 0 descriptor?? [ 586.371050][T24646] loop0: detected capacity change from 0 to 256 [ 586.419313][T24646] loop0: detected capacity change from 256 to 96 [ 586.426936][T24646] exFAT-fs (loop0): error, failed to bmap (inode : ffff888136b0ddb0 iblock : 16, err : -5) [ 586.437182][T24646] exFAT-fs (loop0): Filesystem has been set read-only [ 586.447246][T24646] exFAT-fs (loop0): error, failed to access to FAT (entry 0x00000005, err:-5) [ 586.467475][T24619] exFAT-fs (loop0): error, failed to access to FAT (entry 0x00000005, err:-5) [ 586.479236][ T351] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 586.679883][ T6] microsoft 0003:045E:07DA.00A0: unknown main item tag 0x0 [ 586.686923][ T6] microsoft 0003:045E:07DA.00A0: unknown main item tag 0x1 [ 586.694045][ T6] microsoft 0003:045E:07DA.00A0: unbalanced collection at end of report description [ 586.703433][ T6] microsoft 0003:045E:07DA.00A0: parse failed [ 586.709487][ T6] microsoft: probe of 0003:045E:07DA.00A0 failed with error -22 [ 586.739219][ T351] usb 3-1: Using ep0 maxpacket: 16 [ 586.830392][T24652] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.837243][T24652] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.844541][T24652] device bridge_slave_0 entered promiscuous mode [ 586.852985][T24652] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.859912][T24652] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.867097][T24652] device bridge_slave_1 entered promiscuous mode [ 586.879230][ T351] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 586.883642][T22485] usb 4-1: USB disconnect, device number 59 [ 586.887883][ T351] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 586.907049][ T351] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 586.917558][ T351] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 586.966918][T24652] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.973788][T24652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 586.980853][T24652] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.987647][T24652] bridge0: port 1(bridge_slave_0) entered forwarding state [ 586.999314][ T332] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 587.015971][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 587.023589][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.030678][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.043153][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 587.051356][ T6384] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.058191][ T6384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 587.068290][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 587.076458][ T664] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.083314][ T664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 587.089260][ T351] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 587.099454][ T351] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.107375][ T351] usb 3-1: Product: syz [ 587.111505][ T351] usb 3-1: Manufacturer: syz [ 587.116008][ T351] usb 3-1: SerialNumber: syz [ 587.120861][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 587.128776][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 587.137000][ T419] device bridge_slave_1 left promiscuous mode [ 587.143073][ T419] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.150410][ T419] device bridge_slave_0 left promiscuous mode [ 587.156406][ T419] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.164134][ T419] device veth1_macvtap left promiscuous mode [ 587.169985][ T419] device veth0_vlan left promiscuous mode [ 587.229430][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 587.238859][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 587.246568][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 587.254785][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 587.262648][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 587.271162][T24652] device veth0_vlan entered promiscuous mode [ 587.281923][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 587.290514][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 587.299572][T24652] device veth1_macvtap entered promiscuous mode [ 587.308218][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 587.315785][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 587.324003][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 587.333626][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 587.341760][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 587.409798][ T332] usb 5-1: config index 0 descriptor too short (expected 68, got 36) [ 587.410076][T24661] device pim6reg1 entered promiscuous mode [ 587.417722][ T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 587.417750][ T332] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 587.417776][ T332] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 587.417798][ T332] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.429988][ T332] usb 5-1: config 0 descriptor?? [ 587.529407][ T351] usb 3-1: found format II with max.bitrate = 0, frame size=0 [ 587.536809][ T351] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 587.561780][ T351] usb 3-1: USB disconnect, device number 50 [ 587.683441][ T28] kauditd_printk_skb: 3788 callbacks suppressed [ 587.683457][ T28] audit: type=1326 audit(2000000106.960:34373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000 [ 587.713894][ T28] audit: type=1326 audit(2000000106.960:34374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000 [ 587.738066][ T28] audit: type=1326 audit(2000000106.960:34375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000 [ 587.762163][ T28] audit: type=1326 audit(2000000106.960:34376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000 [ 587.786491][ T28] audit: type=1326 audit(2000000106.960:34377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000 [ 587.810420][ T28] audit: type=1326 audit(2000000106.960:34378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000 [ 587.834553][ T28] audit: type=1326 audit(2000000106.960:34379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faa0047cee9 code=0x7ffc0000 [ 587.858583][ T28] audit: type=1326 audit(2000000106.960:34380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa0047a667 code=0x7ffc0000 [ 587.882448][ T28] audit: type=1326 audit(2000000106.980:34381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7faa00440329 code=0x7ffc0000 [ 587.906765][ T28] audit: type=1326 audit(2000000106.980:34382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=24668 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7faa0047a667 code=0x7ffc0000 [ 587.935697][T24676] loop3: detected capacity change from 0 to 256 [ 587.939272][ T6384] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 587.960486][ T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0 [ 587.967368][ T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0 [ 587.977197][ T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0 [ 587.986006][ T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0 [ 587.993014][ T332] hid-rmi 0003:06CB:81A7.00A1: unknown main item tag 0x0 [ 588.001700][ T332] hid-rmi 0003:06CB:81A7.00A1: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.4-1/input0 [ 588.161825][T22485] usb 5-1: USB disconnect, device number 67 [ 588.189248][ T6384] usb 1-1: Using ep0 maxpacket: 16 [ 588.309243][ T6384] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.322887][ T6384] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 588.334655][ T6384] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 588.349832][ T6384] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 588.358764][ T6384] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.372521][ T6384] usb 1-1: config 0 descriptor?? [ 588.439173][ T664] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 588.773900][T24694] device pim6reg1 entered promiscuous mode [ 588.799229][ T664] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 588.810088][ T664] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 588.823081][ T664] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 588.832728][ T6384] microsoft 0003:045E:07DA.00A2: unknown main item tag 0x0 [ 588.840061][ T664] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 588.848314][ T6384] microsoft 0003:045E:07DA.00A2: unknown main item tag 0x1 [ 588.855608][ T664] usb 4-1: config 0 descriptor?? [ 588.860472][ T6384] microsoft 0003:045E:07DA.00A2: unbalanced collection at end of report description [ 588.870018][ T6384] microsoft 0003:045E:07DA.00A2: parse failed [ 588.875914][ T6384] microsoft: probe of 0003:045E:07DA.00A2 failed with error -22 [ 589.035305][ T6405] usb 1-1: USB disconnect, device number 71 [ 589.349847][ T664] plantronics 0003:047F:FFFF.00A3: unknown main item tag 0x0 [ 589.357228][ T664] plantronics 0003:047F:FFFF.00A3: No inputs registered, leaving [ 589.365688][ T664] plantronics 0003:047F:FFFF.00A3: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 589.409186][ T332] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 589.607133][T24712] SELinux: Context d is not valid (left unmapped). [ 589.669223][ T332] usb 5-1: Using ep0 maxpacket: 16 [ 589.799281][ T332] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 589.807197][ T332] usb 5-1: config 0 has no interface number 0 [ 589.989263][ T332] usb 5-1: New USB device found, idVendor=22b7, idProduct=150d, bcdDevice=27.77 [ 589.998224][ T332] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.006076][ T332] usb 5-1: Product: syz [ 590.010082][ T332] usb 5-1: Manufacturer: syz [ 590.014469][ T332] usb 5-1: SerialNumber: syz [ 590.019732][ T332] usb 5-1: config 0 descriptor?? [ 590.060829][ T332] ftdi_sio 5-1:0.1: FTDI USB Serial Device converter detected [ 590.068279][ T332] ftdi_sio ttyUSB0: unknown device type: 0x2777 [ 590.107893][T24731] syz-executor.0[24731] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 590.107944][T24731] syz-executor.0[24731] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 590.263375][T22485] usb 5-1: USB disconnect, device number 68 [ 590.281132][T22485] ftdi_sio 5-1:0.1: device disconnected [ 590.313353][T24736] device ip6_vti0 entered promiscuous mode [ 590.318991][T24736] device vlan2 entered promiscuous mode [ 590.324853][T24736] device ip6_vti0 left promiscuous mode [ 590.862955][T24751] loop0: detected capacity change from 0 to 40427 [ 590.878528][T24751] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 590.880073][T24755] input: syz1 as /devices/virtual/input/input133 [ 590.886148][T24751] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 590.902735][T24751] F2FS-fs (loop0): Found nat_bits in checkpoint [ 590.937857][T24751] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 590.944780][T24751] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 590.955632][T24751] syz-executor.0: attempt to access beyond end of device [ 590.955632][T24751] loop0: rw=2049, sector=45096, nr_sectors = 120 limit=40427 [ 590.973793][T24761] input: syz1 as /devices/virtual/input/input134 [ 591.118069][T24766] syz-executor.4[24766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 591.118141][T24766] syz-executor.4[24766] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 591.160219][ T332] usb 4-1: USB disconnect, device number 60 [ 591.188067][T24768] loop1: detected capacity change from 0 to 256 [ 591.403565][T24774] loop3: detected capacity change from 0 to 512 [ 591.422034][T24774] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 591.431744][T24774] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 591.441358][T24774] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 591.452397][T24774] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 591.454601][T24776] loop2: detected capacity change from 0 to 512 [ 591.460250][T24774] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 591.474178][T24774] EXT4-fs (loop3): orphan cleanup on readonly fs [ 591.480962][T24774] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 34: padding at end of block bitmap is not set [ 591.484352][T24776] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 591.507016][T24776] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 591.507354][T24774] EXT4-fs (loop3): 1 truncate cleaned up [ 591.519332][T24776] EXT4-fs (loop2): 1 orphan inode deleted [ 591.527982][T24776] EXT4-fs (loop2): 1 truncate cleaned up [ 591.533824][T24776] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 591.548437][T24774] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 591.548875][T24776] EXT4-fs error (device loop2): ext4_lookup:1855: inode #15: comm syz-executor.2: iget: bad extra_isize 46 (inode size 256) [ 591.570169][T24776] EXT4-fs (loop2): Remounting filesystem read-only [ 591.591564][T23398] EXT4-fs (loop2): unmounting filesystem. [ 591.651727][T24336] EXT4-fs (loop3): unmounting filesystem. [ 591.820433][T24789] input: syz1 as /devices/virtual/input/input135 [ 591.941210][T24798] input: syz1 as /devices/virtual/input/input136 [ 592.013581][T24801] loop1: detected capacity change from 0 to 256 [ 592.120117][T24806] overlayfs: upper fs does not support tmpfile. [ 592.359505][T24816] loop4: detected capacity change from 0 to 512 [ 592.376463][T24816] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 592.386194][T24816] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 592.395779][T24816] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 592.405877][T24816] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 592.413695][T24816] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 592.421766][T24816] EXT4-fs (loop4): orphan cleanup on readonly fs [ 592.428638][T24816] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 34: padding at end of block bitmap is not set [ 592.443569][T24816] EXT4-fs (loop4): 1 truncate cleaned up [ 592.452723][T24816] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 592.494195][T24370] EXT4-fs (loop4): unmounting filesystem. [ 592.608835][T24828] input: syz1 as /devices/virtual/input/input137 [ 592.820107][T24841] loop2: detected capacity change from 0 to 256 [ 593.032615][T24852] serio: Serial port pts0 [ 593.049282][T24851] loop1: detected capacity change from 0 to 256 [ 593.372366][T24861] loop4: detected capacity change from 0 to 256 [ 593.397005][T24861] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 593.511037][T24865] loop1: detected capacity change from 0 to 512 [ 593.526742][T24865] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 593.541260][T24865] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 248: padding at end of block bitmap is not set [ 593.555980][T24865] __quota_error: 4065 callbacks suppressed [ 593.555995][T24865] Quota error (device loop1): write_blk: dquota write failed [ 593.568818][T24865] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 593.578828][T24865] EXT4-fs (loop1): 1 truncate cleaned up [ 593.584448][T24865] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 593.593221][T24865] ext4 filesystem being mounted at /root/syzkaller-testdir1778662047/syzkaller.npLieg/44/bus supports timestamps until 2038 (0x7fffffff) [ 593.609638][T24865] EXT4-fs: Cannot change quota options when quota turned on [ 593.639507][T24417] EXT4-fs (loop1): unmounting filesystem. [ 593.651962][T24873] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 593.864025][T24883] loop0: detected capacity change from 0 to 512 [ 593.911053][T24883] loop0: detected capacity change from 0 to 128 [ 594.029183][ T332] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 594.198490][T24895] loop4: detected capacity change from 0 to 512 [ 594.199232][ T6384] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 594.218473][T24895] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 594.231010][T24895] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 248: padding at end of block bitmap is not set [ 594.245823][T24895] Quota error (device loop4): write_blk: dquota write failed [ 594.253249][T24895] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 594.263215][T24895] EXT4-fs (loop4): 1 truncate cleaned up [ 594.268676][T24895] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 594.277540][T24895] ext4 filesystem being mounted at /root/syzkaller-testdir3400509090/syzkaller.tS9J4z/45/bus supports timestamps until 2038 (0x7fffffff) [ 594.291426][ T332] usb 2-1: Using ep0 maxpacket: 8 [ 594.295471][T24895] EXT4-fs: Cannot change quota options when quota turned on [ 594.307412][T24894] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.314619][T24894] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.321972][T24894] device bridge_slave_0 entered promiscuous mode [ 594.328734][T24894] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.335767][T24894] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.343089][T24894] device bridge_slave_1 entered promiscuous mode [ 594.343499][T24370] EXT4-fs (loop4): unmounting filesystem. [ 594.398960][T24894] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.405950][T24894] bridge0: port 2(bridge_slave_1) entered forwarding state [ 594.413011][T24894] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.419202][ T332] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 594.419823][T24894] bridge0: port 1(bridge_slave_0) entered forwarding state [ 594.427788][ T332] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 594.445380][ T332] usb 2-1: config 0 has no interface number 0 [ 594.451518][ T332] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 594.455421][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 594.461829][ T332] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 594.479206][ T6384] usb 4-1: Using ep0 maxpacket: 32 [ 594.481405][ T332] usb 2-1: config 0 interface 52 has no altsetting 0 [ 594.486665][T22485] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.500747][T22485] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.520173][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 594.528090][ T6405] bridge0: port 1(bridge_slave_0) entered blocking state [ 594.534926][ T6405] bridge0: port 1(bridge_slave_0) entered forwarding state [ 594.542543][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 594.551194][ T6405] bridge0: port 2(bridge_slave_1) entered blocking state [ 594.558039][ T6405] bridge0: port 2(bridge_slave_1) entered forwarding state [ 594.565231][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 594.572929][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 594.587062][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 594.598926][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 594.599289][ T6384] usb 4-1: config 0 has no interfaces? [ 594.606827][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 594.612198][ T6384] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 594.619604][ T6405] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 594.627759][ T6384] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 594.643161][ T6384] usb 4-1: config 0 descriptor?? [ 594.649230][T24894] device veth0_vlan entered promiscuous mode [ 594.659875][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 594.668895][T24894] device veth1_macvtap entered promiscuous mode [ 594.679333][ T332] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 594.680922][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 594.688480][ T332] usb 2-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 594.704294][ T332] usb 2-1: Product: syz [ 594.708259][ T332] usb 2-1: Manufacturer: syz [ 594.712815][ T332] usb 2-1: SerialNumber: syz [ 594.713045][ T419] device bridge_slave_1 left promiscuous mode [ 594.723556][ T332] usb 2-1: config 0 descriptor?? [ 594.724407][ T419] bridge0: port 2(bridge_slave_1) entered disabled state [ 594.735733][ T419] device bridge_slave_0 left promiscuous mode [ 594.741743][ T419] bridge0: port 1(bridge_slave_0) entered disabled state [ 594.749674][ T419] device veth1_macvtap left promiscuous mode [ 594.755487][ T419] device veth0_vlan left promiscuous mode [ 594.868654][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 594.986575][T24880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 594.995092][T24880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.004151][T24880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.012458][T24880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.026050][ T6384] usb 2-1: USB disconnect, device number 79 [ 595.090035][T24885] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 595.098241][T24885] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 595.106686][T22485] usb 4-1: USB disconnect, device number 61 [ 595.659224][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 595.659897][T23583] Bluetooth: hci0: command 0x1003 tx timeout [ 596.009778][T24949] loop4: detected capacity change from 0 to 1024 [ 596.030913][T24949] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 596.071779][T24370] EXT4-fs (loop4): unmounting filesystem. [ 596.309235][T22485] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 596.377504][T24965] syz-executor.4[24965] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 596.377560][T24965] syz-executor.4[24965] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 596.549218][T22485] usb 1-1: Using ep0 maxpacket: 16 [ 596.659611][T24975] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 596.679328][T22485] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.690316][T22485] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 596.699912][T22485] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 596.712682][T22485] usb 1-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 596.721566][T22485] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.729772][T22485] usb 1-1: config 0 descriptor?? [ 597.240235][T24993] loop1: detected capacity change from 0 to 2048 [ 597.260605][T24993] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 597.269388][T22485] usbhid 1-1:0.0: can't add hid device: -71 [ 597.275237][T22485] usbhid: probe of 1-1:0.0 failed with error -71 [ 597.286200][T24993] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 597.289909][T22485] usb 1-1: USB disconnect, device number 72 [ 597.375743][T24417] EXT4-fs (loop1): unmounting filesystem. [ 597.458433][T25004] loop2: detected capacity change from 0 to 256 [ 597.610732][T25011] syz-executor.1[25011] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 597.610795][T25011] syz-executor.1[25011] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 598.099173][T22485] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 598.363318][T25046] loop2: detected capacity change from 0 to 256 [ 598.381649][T25046] FAT-fs (loop2): Directory bread(block 64) failed [ 598.388204][T25046] FAT-fs (loop2): Directory bread(block 65) failed [ 598.394757][T25046] FAT-fs (loop2): Directory bread(block 66) failed [ 598.401197][T25046] FAT-fs (loop2): Directory bread(block 67) failed [ 598.407620][T25046] FAT-fs (loop2): Directory bread(block 68) failed [ 598.413940][T25046] FAT-fs (loop2): Directory bread(block 69) failed [ 598.420266][T25046] FAT-fs (loop2): Directory bread(block 70) failed [ 598.426627][T25046] FAT-fs (loop2): Directory bread(block 71) failed [ 598.433017][ T664] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 598.433128][T25046] FAT-fs (loop2): Directory bread(block 72) failed [ 598.446722][T25046] FAT-fs (loop2): Directory bread(block 73) failed [ 598.479298][T22485] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.490149][T22485] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.499782][T22485] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 598.508577][T22485] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.516930][T22485] usb 5-1: config 0 descriptor?? [ 598.539218][ T6384] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 598.666719][T25052] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 598.779432][ T6384] usb 2-1: Using ep0 maxpacket: 16 [ 598.809257][ T664] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.820234][ T664] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.829869][ T664] usb 4-1: New USB device found, idVendor=12ba, idProduct=0100, bcdDevice= 0.00 [ 598.838666][ T664] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.847142][ T664] usb 4-1: config 0 descriptor?? [ 598.899278][ T6384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 598.910149][ T6384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 598.919766][ T6384] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 598.932411][ T6384] usb 2-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 598.941393][ T6384] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 598.949851][ T6384] usb 2-1: config 0 descriptor?? [ 599.259182][ T6405] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 599.328366][T25062] device wireguard0 entered promiscuous mode [ 599.556293][ T664] sony 0003:12BA:0100.00A5: unknown main item tag 0x0 [ 599.563286][ T664] sony 0003:12BA:0100.00A5: unknown main item tag 0x0 [ 599.569931][ T664] sony 0003:12BA:0100.00A5: item fetching failed at offset 2/5 [ 599.577423][ T664] sony 0003:12BA:0100.00A5: parse failed [ 599.582895][ T664] sony: probe of 0003:12BA:0100.00A5 failed with error -22 [ 599.590675][ T664] usb 4-1: USB disconnect, device number 62 [ 599.649206][ T6384] usbhid 2-1:0.0: can't add hid device: -71 [ 599.649224][ T6405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 599.655073][ T6384] usbhid: probe of 2-1:0.0 failed with error -71 [ 599.666055][T25021] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 599.673264][ T6384] usb 2-1: USB disconnect, device number 80 [ 599.687546][T25021] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 599.689885][ T6405] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 599.704675][ T6405] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 599.713564][T22485] uclogic 0003:256C:006D.00A4: failed retrieving string descriptor #100: -71 [ 599.713745][ T6405] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.722227][T22485] uclogic 0003:256C:006D.00A4: failed retrieving pen parameters: -71 [ 599.731070][ T6405] usb 3-1: config 0 descriptor?? [ 599.737845][T22485] uclogic 0003:256C:006D.00A4: failed probing pen v1 parameters: -71 [ 599.750544][T22485] uclogic 0003:256C:006D.00A4: failed probing parameters: -71 [ 599.757750][T22485] uclogic: probe of 0003:256C:006D.00A4 failed with error -71 [ 599.765958][T22485] usb 5-1: USB disconnect, device number 69 [ 600.239421][ T6405] hid (null): bogus close delimiter [ 600.769243][ T6405] usb 3-1: string descriptor 0 read error: -71 [ 600.789261][ T6405] uclogic 0003:256C:006D.00A6: failed retrieving string descriptor #200: -71 [ 600.798051][ T6405] uclogic 0003:256C:006D.00A6: failed retrieving pen parameters: -71 [ 600.806084][ T6405] uclogic 0003:256C:006D.00A6: failed probing pen v2 parameters: -71 [ 600.814093][ T6405] uclogic 0003:256C:006D.00A6: failed probing parameters: -71 [ 600.821517][ T6405] uclogic: probe of 0003:256C:006D.00A6 failed with error -71 [ 600.830219][ T6405] usb 3-1: USB disconnect, device number 51 [ 600.833897][T25094] incfs: Options parsing error. -22 [ 600.841099][T25094] incfs: mount failed -22 [ 601.279237][ T6384] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 601.639242][ T6384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 601.650229][ T6384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 601.660034][ T6384] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 601.668931][ T6384] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 601.677490][ T6384] usb 4-1: config 0 descriptor?? [ 602.429175][T22485] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 602.479189][ T6405] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 602.524313][T25144] loop2: detected capacity change from 0 to 512 [ 602.539472][T25144] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode # [ 602.553826][T25144] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117 [ 602.566445][T25144] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: comm syz-executor.2: inode #1: comm syz-executor.2: iget: illegal inode # [ 602.580160][T25144] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz-executor.2: error while reading EA inode 1 err=-117 [ 602.593803][T25144] EXT4-fs (loop2): 1 orphan inode deleted [ 602.599882][T25144] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 602.694207][T23398] EXT4-fs (loop2): unmounting filesystem. [ 602.752264][T25148] loop0: detected capacity change from 0 to 1024 [ 602.770996][T25148] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 602.799836][T25103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 602.801897][T22485] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 602.808427][T25103] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 602.830330][T22485] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 602.839990][T22485] usb 5-1: New USB device found, idVendor=172f, idProduct=0502, bcdDevice= 0.00 [ 602.848881][T22485] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.856761][ T6384] uclogic 0003:256C:006D.00A7: failed retrieving string descriptor #100: -71 [ 602.865339][ T6384] uclogic 0003:256C:006D.00A7: failed retrieving pen parameters: -71 [ 602.873777][T22485] usb 5-1: config 0 descriptor?? [ 602.878637][ T6384] uclogic 0003:256C:006D.00A7: failed probing pen v1 parameters: -71 [ 602.886551][ T6384] uclogic 0003:256C:006D.00A7: failed probing parameters: -71 [ 602.893925][ T6384] uclogic: probe of 0003:256C:006D.00A7 failed with error -71 [ 602.901206][ T6405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 602.902354][ T6384] usb 4-1: USB disconnect, device number 63 [ 602.917549][ T6405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 602.918724][T24894] EXT4-fs (loop0): unmounting filesystem. [ 602.934525][ T6405] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 602.944119][ T6405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 602.953601][ T6405] usb 2-1: config 0 descriptor?? [ 603.350911][T22485] waltop 0003:172F:0502.00A8: hidraw0: USB HID v0.00 Device [HID 172f:0502] on usb-dummy_hcd.4-1/input0 [ 603.429411][ T351] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 603.459478][ T6405] hid (null): bogus close delimiter [ 603.551022][T22485] usb 5-1: USB disconnect, device number 70 [ 603.839214][ T351] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 603.856479][ T351] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 603.875873][ T351] usb 3-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 603.893437][ T351] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 603.910217][ T351] usb 3-1: config 0 descriptor?? [ 604.009200][ T6405] usb 2-1: string descriptor 0 read error: -71 [ 604.029192][ T6405] uclogic 0003:256C:006D.00A9: failed retrieving string descriptor #200: -71 [ 604.037859][ T6405] uclogic 0003:256C:006D.00A9: failed retrieving pen parameters: -71 [ 604.058173][ T6405] uclogic 0003:256C:006D.00A9: failed probing pen v2 parameters: -71 [ 604.073783][ T6405] uclogic 0003:256C:006D.00A9: failed probing parameters: -71 [ 604.087646][ T6405] uclogic: probe of 0003:256C:006D.00A9 failed with error -71 [ 604.103119][ T6405] usb 2-1: USB disconnect, device number 81 [ 604.245609][T25180] loop4: detected capacity change from 0 to 1024 [ 604.290171][T25180] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 604.355527][T24370] EXT4-fs (loop4): unmounting filesystem. [ 604.390627][ T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0 [ 604.398203][ T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0 [ 604.406238][ T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0 [ 604.413986][ T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0 [ 604.421513][ T351] hid-multitouch 0003:0EEF:72D0.00AA: unknown main item tag 0x0 [ 604.429503][ T351] hid-multitouch 0003:0EEF:72D0.00AA: hidraw0: USB HID v0.00 Device [HID 0eef:72d0] on usb-dummy_hcd.2-1/input0 [ 604.593657][T22485] usb 3-1: USB disconnect, device number 52 [ 605.137517][T25205] device wireguard0 entered promiscuous mode [ 605.381229][T25211] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 605.918321][T25235] loop2: detected capacity change from 0 to 1024 [ 605.952343][T25235] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 606.032583][T23398] EXT4-fs (loop2): unmounting filesystem. [ 606.374566][T25253] loop2: detected capacity change from 0 to 256 [ 606.401986][T25253] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011a39, chksum : 0xd82bb37b, utbl_chksum : 0xe619d30d) [ 606.535371][T25259] loop4: detected capacity change from 0 to 128 [ 606.550126][T25259] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 606.569929][T25259] syz-executor.4: attempt to access beyond end of device [ 606.569929][T25259] loop4: rw=3, sector=6950, nr_sectors = 2 limit=128 [ 606.583755][T25259] syz-executor.4: attempt to access beyond end of device [ 606.583755][T25259] loop4: rw=2051, sector=6952, nr_sectors = 942 limit=128 [ 606.764780][T25267] device wireguard0 entered promiscuous mode [ 607.748539][T25285] incfs: Can't find or create .index dir in ./file0 [ 607.759189][T25285] incfs: mount failed -14 [ 608.585226][T25315] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 612.339483][T25333] loop4: detected capacity change from 0 to 128 [ 612.375381][T25333] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 612.400906][T25333] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 612.411089][T25333] EXT4-fs error (device loop4): htree_dirblock_to_tree:1082: inode #2: comm syz-executor.4: Directory block failed checksum [ 612.427990][T24370] EXT4-fs (loop4): unmounting filesystem. [ 613.125804][T25360] loop3: detected capacity change from 0 to 256 [ 615.697356][T25389] loop4: detected capacity change from 0 to 256 [ 616.243263][T25415] loop4: detected capacity change from 0 to 512 [ 616.259185][T22485] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 616.278832][T25415] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 616.311525][T25415] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756 [ 616.325115][T25415] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 17 (err -117) [ 616.337557][T25415] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 616.360773][T25415] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 65: padding at end of block bitmap is not set [ 616.377557][T25415] Quota error (device loop4): write_blk: dquota write failed [ 616.385337][T25415] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 616.395814][T25415] Quota error (device loop4): do_check_range: Getting block 144 out of range 0-5 [ 616.499150][T22485] usb 2-1: Using ep0 maxpacket: 32 [ 616.523778][T24370] EXT4-fs (loop4): unmounting filesystem. [ 616.589264][T25383] loop2: detected capacity change from 0 to 262144 [ 616.619258][T22485] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 616.630065][T22485] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 616.643820][T25383] F2FS-fs (loop2): Found nat_bits in checkpoint [ 616.676776][T25383] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 616.759227][T22485] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 616.768283][T22485] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 616.776600][T22485] usb 2-1: Product: syz [ 616.780620][T22485] usb 2-1: Manufacturer: syz [ 616.819649][T22485] hub 2-1:4.0: USB hub found [ 616.829188][ T664] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 617.004900][T25427] loop4: detected capacity change from 0 to 40427 [ 617.026958][T25427] F2FS-fs (loop4): Unrecognized mount option "nouser_xattr heap" or missing value [ 617.036010][T22485] hub 2-1:4.0: 2 ports detected [ 617.069240][ T664] usb 1-1: Using ep0 maxpacket: 32 [ 617.239196][ T664] usb 1-1: unable to get BOS descriptor or descriptor too short [ 617.249244][T22485] hub 2-1:4.0: hub_hub_status failed (err = -71) [ 617.255527][T22485] hub 2-1:4.0: config failed, can't get hub status (err -71) [ 617.289438][T22485] usb 2-1: USB disconnect, device number 82 [ 617.319265][ T664] usb 1-1: config 0 has no interfaces? [ 617.399170][ T203] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 617.406780][T25439] loop2: detected capacity change from 0 to 2048 [ 617.430753][T25439] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 617.439025][T25439] ext4 filesystem being mounted at /root/syzkaller-testdir3844091992/syzkaller.9Do77P/173/bus supports timestamps until 2038 (0x7fffffff) [ 617.471244][T23398] EXT4-fs (loop2): unmounting filesystem. [ 617.559224][ T664] usb 1-1: language id specifier not provided by device, defaulting to English [ 617.659162][ T203] usb 5-1: Using ep0 maxpacket: 16 [ 617.679307][ T664] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 617.688330][ T664] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.696173][ T664] usb 1-1: Product: syz [ 617.700273][ T664] usb 1-1: Manufacturer: syz [ 617.704674][ T664] usb 1-1: SerialNumber: syz [ 617.709790][ T664] usb 1-1: config 0 descriptor?? [ 617.799229][ T203] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 617.810289][ T203] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 617.820139][ T203] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 617.828998][ T203] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 617.837369][ T203] usb 5-1: config 0 descriptor?? [ 617.885128][T25450] loop2: detected capacity change from 0 to 512 [ 617.910073][T25450] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 617.940996][T25450] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756 [ 617.958032][ T664] usb 1-1: USB disconnect, device number 73 [ 617.964816][T25450] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 17 (err -117) [ 617.977650][T25450] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 617.996579][T25450] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 65: padding at end of block bitmap is not set [ 618.011318][T25450] Quota error (device loop2): write_blk: dquota write failed [ 618.018585][T25450] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 618.028953][T25450] Quota error (device loop2): do_check_range: Getting block 144 out of range 0-5 [ 618.124435][T23398] EXT4-fs (loop2): unmounting filesystem. [ 618.188110][T25461] loop3: detected capacity change from 0 to 128 [ 618.204434][T25461] FAT-fs (loop3): bogus number of FAT structure [ 618.210881][T25461] FAT-fs (loop3): Can't find a valid FAT filesystem [ 618.319967][ T203] kovaplus 0003:1E7D:2D50.00AB: nested delimiters [ 618.329772][ T203] kovaplus 0003:1E7D:2D50.00AB: item 0 1 2 10 parsing failed [ 618.337225][ T203] kovaplus 0003:1E7D:2D50.00AB: parse failed [ 618.343370][ T203] kovaplus: probe of 0003:1E7D:2D50.00AB failed with error -22 [ 618.366728][ T28] audit: type=1400 audit(2000000649.636:38444): avc: denied { watch } for pid=25468 comm="syz-executor.3" path="/root/syzkaller-testdir3571981234/syzkaller.3rVuOI/75/file0/bus" dev="tmpfs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 618.401867][T25462] kvm_set_msr_common: 8 callbacks suppressed [ 618.401891][T25462] kvm [25460]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc1 data 0x800 [ 618.418128][T25462] kvm [25460]: vcpu0, guest rIP: 0x20e ignored wrmsr: 0x11e data 0x800 [ 618.480221][T25471] loop2: detected capacity change from 0 to 512 [ 618.491123][T25471] EXT4-fs (loop2): filesystem is read-only [ 618.497341][T25471] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 618.509691][T25471] EXT4-fs (loop2): filesystem is read-only [ 618.515437][T25471] EXT4-fs (loop2): orphan cleanup on readonly fs [ 618.523431][ T203] usb 5-1: USB disconnect, device number 71 [ 618.533356][T25471] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 64: padding at end of block bitmap is not set [ 618.548494][T25471] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 618.557878][T25471] EXT4-fs (loop2): 1 orphan inode deleted [ 618.563839][T25471] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 618.576321][T25471] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'. [ 618.629715][T25474] device pim6reg1 entered promiscuous mode [ 618.658517][T23398] EXT4-fs (loop2): unmounting filesystem. [ 619.000547][T25493] loop2: detected capacity change from 0 to 512 [ 619.022403][T25493] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 619.059295][T25493] EXT4-fs error (device loop2): ext4_orphan_get:1396: inode #17: comm syz-executor.2: iget: bad i_size value: -6917529027641081756 [ 619.086969][T25493] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 17 (err -117) [ 619.105996][T25493] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 619.123993][T25493] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 65: padding at end of block bitmap is not set [ 619.140374][T25493] Quota error (device loop2): write_blk: dquota write failed [ 619.147978][T25493] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 619.158574][T25493] Quota error (device loop2): do_check_range: Getting block 144 out of range 0-5 [ 619.206834][T25500] overlayfs: statfs failed on './file0' [ 619.253295][T23398] EXT4-fs (loop2): unmounting filesystem. [ 619.342096][T25502] netlink: 'syz-executor.1': attribute type 23 has an invalid length. [ 619.350393][T25502] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 619.359603][T25502] bridge0: port 2(bridge_slave_1) entered disabled state [ 619.366615][T25502] bridge0: port 1(bridge_slave_0) entered disabled state [ 619.373676][T25502] device bridge0 entered promiscuous mode [ 619.439587][T25505] loop2: detected capacity change from 0 to 2048 [ 619.460354][T25505] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 619.468657][T25505] ext4 filesystem being mounted at /root/syzkaller-testdir3844091992/syzkaller.9Do77P/181/bus supports timestamps until 2038 (0x7fffffff) [ 619.472733][T25510] loop4: detected capacity change from 0 to 512 [ 619.501191][T25510] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 619.520630][T25510] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #17: comm syz-executor.4: iget: bad i_size value: -6917529027641081756 [ 619.534150][T25510] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 17 (err -117) [ 619.546415][T25510] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 619.546718][T23398] EXT4-fs (loop2): unmounting filesystem. [ 619.566100][T25510] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 65: padding at end of block bitmap is not set [ 619.660688][T24370] EXT4-fs (loop4): unmounting filesystem. [ 620.057152][T25535] loop0: detected capacity change from 0 to 512 [ 620.078603][T25535] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 620.109217][ T351] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 620.117968][T25535] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #17: comm syz-executor.0: iget: bad i_size value: -6917529027641081756 [ 620.139602][T25535] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 17 (err -117) [ 620.155871][T25535] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 620.193417][T25535] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 65: padding at end of block bitmap is not set [ 620.358227][T24894] EXT4-fs (loop0): unmounting filesystem. [ 620.431254][T25543] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 620.509303][ T351] usb 3-1: config 0 has no interfaces? [ 620.589261][ T351] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 620.598285][ T351] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 620.627484][T25547] device syzkaller0 entered promiscuous mode [ 620.627773][ T351] usb 3-1: SerialNumber: syz [ 620.654080][ T351] usb 3-1: config 0 descriptor?? [ 620.902848][ T6405] usb 3-1: USB disconnect, device number 53 [ 620.962933][T25553] 9pnet_fd: Insufficient options for proto=fd [ 621.592319][T25575] device syzkaller0 entered promiscuous mode [ 621.800116][T25580] device veth0_vlan left promiscuous mode [ 621.806195][T25580] device veth0_vlan entered promiscuous mode [ 622.079414][T25587] bridge0: port 3(veth1_macvtap) entered blocking state [ 622.086192][T25587] bridge0: port 3(veth1_macvtap) entered disabled state [ 624.030807][T24928] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 624.031091][T23582] Bluetooth: hci0: command 0x1003 tx timeout [ 625.387405][T25594] loop4: detected capacity change from 0 to 256 [ 625.418800][T25597] x_tables: duplicate underflow at hook 4 [ 625.439246][ T664] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 625.679164][ T664] usb 3-1: Using ep0 maxpacket: 32 [ 625.775704][T25616] loop1: detected capacity change from 0 to 512 [ 625.799254][ T664] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 625.810432][ T664] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 625.820230][ T664] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 625.820296][T25616] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 625.837180][ T664] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 625.839299][T25616] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #15: comm syz-executor.1: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 625.845744][ T664] usb 3-1: config 0 descriptor?? [ 625.868156][T25616] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 625.880500][T25616] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 625.888872][T25616] ext2 filesystem being mounted at /root/syzkaller-testdir1778662047/syzkaller.npLieg/91/file0 supports timestamps until 2038 (0x7fffffff) [ 625.903355][ T664] hub 3-1:0.0: USB hub found [ 625.965194][T24417] EXT4-fs (loop1): unmounting filesystem. [ 626.069252][ T332] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 626.180726][ T664] hub 3-1:0.0: config failed, can't read hub descriptor (err -22) [ 626.192933][T25622] loop0: detected capacity change from 0 to 40427 [ 626.209601][T25622] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 626.217254][T25622] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 626.226037][T25622] F2FS-fs (loop0): invalid crc value [ 626.232824][T25622] F2FS-fs (loop0): Found nat_bits in checkpoint [ 626.272051][T25622] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 626.278984][T25622] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 626.289199][ T664] usbhid 3-1:0.0: can't add hid device: -71 [ 626.295042][ T664] usbhid: probe of 3-1:0.0 failed with error -71 [ 626.379683][ T664] usb 3-1: USB disconnect, device number 54 [ 626.768563][ T332] usb 4-1: config 0 has no interfaces? [ 626.849228][ T332] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 626.858169][ T332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 626.866030][ T332] usb 4-1: SerialNumber: syz [ 626.871321][ T332] usb 4-1: config 0 descriptor?? [ 627.017821][ T419] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 627.026942][ T419] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 627.122102][ T419] Bluetooth: hci0: Frame reassembly failed (-84) [ 627.128983][ T203] usb 4-1: USB disconnect, device number 64 [ 627.186624][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 627.186642][ T28] audit: type=1326 audit(2000000658.456:38445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.206282][T25638] overlayfs: missing 'lowerdir' [ 627.217923][ T28] audit: type=1326 audit(2000000658.456:38446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.245026][ T28] audit: type=1326 audit(2000000658.456:38447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.268938][ T28] audit: type=1326 audit(2000000658.456:38448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.292911][ T28] audit: type=1326 audit(2000000658.456:38449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.316905][ T28] audit: type=1326 audit(2000000658.456:38450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.340898][ T28] audit: type=1326 audit(2000000658.456:38451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.364916][ T28] audit: type=1326 audit(2000000658.456:38452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.389181][ T28] audit: type=1326 audit(2000000658.456:38453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.413159][ T28] audit: type=1326 audit(2000000658.456:38454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25635 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa875e7cee9 code=0x7fc00000 [ 627.455708][T25643] overlayfs: missing 'lowerdir' [ 628.339215][ T203] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 628.599142][ T203] usb 2-1: Using ep0 maxpacket: 32 [ 628.623718][T25686] serio: Serial port pts1 [ 628.719250][ T203] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 628.730054][ T203] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 628.739819][ T203] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 628.748746][ T203] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.769322][ T203] usb 2-1: config 0 descriptor?? [ 628.809553][ T203] hub 2-1:0.0: USB hub found [ 629.069187][ T203] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 629.179156][ T45] Bluetooth: hci0: command 0x1003 tx timeout [ 629.179177][T24928] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 629.190945][ T203] usbhid 2-1:0.0: can't add hid device: -71 [ 629.205649][ T203] usbhid: probe of 2-1:0.0 failed with error -71 [ 629.239356][ T203] usb 2-1: USB disconnect, device number 83 [ 629.684151][T25711] loop0: detected capacity change from 0 to 40427 [ 629.701486][T25711] F2FS-fs (loop0): Found nat_bits in checkpoint [ 629.737474][T25711] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 629.819616][T24894] syz-executor.0: attempt to access beyond end of device [ 629.819616][T24894] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 629.874326][T25723] overlayfs: missing 'lowerdir' [ 630.892257][T25762] bridge0: port 1(bridge_slave_0) entered blocking state [ 630.899205][T25762] bridge0: port 1(bridge_slave_0) entered disabled state [ 630.906596][T25762] device bridge_slave_0 entered promiscuous mode [ 630.913480][T25762] bridge0: port 2(bridge_slave_1) entered blocking state [ 630.920395][T25762] bridge0: port 2(bridge_slave_1) entered disabled state [ 630.927684][T25762] device bridge_slave_1 entered promiscuous mode [ 630.959604][T25769] loop1: detected capacity change from 0 to 256 [ 631.046297][T25773] serio: Serial port pts0 [ 631.072963][T25762] bridge0: port 2(bridge_slave_1) entered blocking state [ 631.079854][T25762] bridge0: port 2(bridge_slave_1) entered forwarding state [ 631.086935][T25762] bridge0: port 1(bridge_slave_0) entered blocking state [ 631.093720][T25762] bridge0: port 1(bridge_slave_0) entered forwarding state [ 631.121063][ T638] device bridge_slave_1 left promiscuous mode [ 631.127167][ T638] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.135149][ T638] device bridge_slave_0 left promiscuous mode [ 631.141447][ T638] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.149492][ T638] device veth1_macvtap left promiscuous mode [ 631.155459][ T638] device veth0_vlan left promiscuous mode [ 631.320306][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 631.332715][T22485] bridge0: port 1(bridge_slave_0) entered disabled state [ 631.341251][T22485] bridge0: port 2(bridge_slave_1) entered disabled state [ 631.364867][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 631.373410][ T6401] bridge0: port 1(bridge_slave_0) entered blocking state [ 631.380272][ T6401] bridge0: port 1(bridge_slave_0) entered forwarding state [ 631.388333][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 631.396784][ T6401] bridge0: port 2(bridge_slave_1) entered blocking state [ 631.403627][ T6401] bridge0: port 2(bridge_slave_1) entered forwarding state [ 631.411162][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 631.419062][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 631.449920][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 631.458740][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 631.466950][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 631.474179][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 631.482907][T25762] device veth0_vlan entered promiscuous mode [ 631.498535][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 631.508470][T25762] device veth1_macvtap entered promiscuous mode [ 631.520238][ T6401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 631.551042][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 631.559262][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 632.149049][T25800] loop2: detected capacity change from 0 to 40427 [ 632.160562][T25807] syz-executor.1[25807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 632.160708][T25807] syz-executor.1[25807] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 632.162421][T25800] F2FS-fs (loop2): Found nat_bits in checkpoint [ 632.207525][T25807] incfs: Can't find or create .index dir in ./file0 [ 632.218290][T25807] incfs: mount failed -14 [ 632.232769][T25800] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 632.300255][T23398] syz-executor.2: attempt to access beyond end of device [ 632.300255][T23398] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 632.359031][ T28] kauditd_printk_skb: 64 callbacks suppressed [ 632.359048][ T28] audit: type=1326 audit(2000000663.626:38519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f812907cee9 code=0x7ffc0000 [ 632.392313][ T28] audit: type=1326 audit(2000000663.626:38520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f812907cee9 code=0x7ffc0000 [ 632.416409][ T351] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 632.424002][ T28] audit: type=1326 audit(2000000663.666:38521): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=166 compat=0 ip=0x7f812907cee9 code=0x7ffc0000 [ 632.448866][ T28] audit: type=1326 audit(2000000663.666:38522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f812907cee9 code=0x7ffc0000 [ 632.473024][ T28] audit: type=1326 audit(2000000663.666:38523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25815 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f812907cee9 code=0x7ffc0000 [ 632.552238][T25823] loop2: detected capacity change from 0 to 2048 [ 632.590539][T25823] loop2: p1 p2 p3 [ 632.755924][T25833] loop1: detected capacity change from 0 to 2048 [ 632.781590][T25833] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 632.784186][T25829] loop3: detected capacity change from 0 to 40427 [ 632.803897][T25829] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 632.811606][T25829] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 632.821946][T25829] F2FS-fs (loop3): Found nat_bits in checkpoint [ 632.852121][T25829] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 632.864408][T25829] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 632.871294][T25829] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 632.879838][T24417] EXT4-fs (loop1): unmounting filesystem. [ 632.909254][ T351] usb 1-1: config 0 has no interfaces? [ 632.914679][ T351] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 632.923649][ T351] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 632.932246][ T351] usb 1-1: config 0 descriptor?? [ 633.010638][T25844] overlayfs: failed to resolve './file0': -2 [ 633.173466][T25806] loop0: detected capacity change from 0 to 256 [ 633.183648][T25806] exfat: Bad value for 'uid' [ 633.236377][ T351] usb 1-1: USB disconnect, device number 74 [ 633.903370][T25869] syz-executor.3[25869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 633.903495][T25869] syz-executor.3[25869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 634.229336][T22485] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 634.309157][ T664] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 634.316695][ T6401] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 634.517649][T25897] syz-executor.4[25897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 634.517706][T25897] syz-executor.4[25897] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 634.589193][ T664] usb 3-1: Using ep0 maxpacket: 32 [ 634.669223][T22485] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 634.680134][T22485] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 634.689882][T22485] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 634.698739][T22485] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.707056][T22485] usb 2-1: config 0 descriptor?? [ 634.729266][ T6401] usb 4-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 634.738355][ T6401] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.747109][ T6401] usb 4-1: config 0 descriptor?? [ 634.789799][ T6401] usb 4-1: selecting invalid altsetting 1 [ 634.796941][ T6401] snd-usb-audio: probe of 4-1:0.0 failed with error -22 [ 634.829741][T25903] syz-executor.4[25903] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 634.829795][T25903] syz-executor.4[25903] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 634.919288][ T664] usb 3-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 634.940282][ T664] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.948129][ T664] usb 3-1: Product: syz [ 634.952211][ T664] usb 3-1: Manufacturer: syz [ 634.956764][ T664] usb 3-1: SerialNumber: syz [ 634.964182][ T664] usb 3-1: config 0 descriptor?? [ 634.991983][ T203] usb 4-1: USB disconnect, device number 65 [ 635.462897][T25918] loop4: detected capacity change from 0 to 40427 [ 635.501289][T25918] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 635.508852][T25918] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 635.517802][T25918] F2FS-fs (loop4): invalid crc value [ 635.524711][T25918] F2FS-fs (loop4): Found nat_bits in checkpoint [ 635.563129][T25927] syz-executor.3[25927] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 635.563201][T25927] syz-executor.3[25927] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 635.584408][T25918] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 635.603313][T25918] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 635.859893][T22485] uclogic 0003:256C:006D.00AC: interface is invalid, ignoring [ 636.009192][ T6384] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 636.081278][T22485] usb 2-1: USB disconnect, device number 84 [ 636.199701][ T638] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 636.208869][ T638] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 636.289243][ T6384] usb 4-1: Using ep0 maxpacket: 32 [ 636.438605][T25943] loop4: detected capacity change from 0 to 512 [ 636.453076][T25943] EXT4-fs (loop4): 1 truncate cleaned up [ 636.458601][T25943] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 636.543477][T24370] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 13: comm syz-executor.4: path /root/syzkaller-testdir3400509090/syzkaller.tS9J4z/141/file0: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0 [ 636.569230][T24370] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor.4: iget: Dir with htree data on filesystem without dir_index feature. [ 636.584528][T24370] EXT4-fs error (device loop4): ext4_lookup:1855: inode #11: comm syz-executor.4: iget: Dir with htree data on filesystem without dir_index feature. [ 636.589410][ T6384] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 636.608423][ T6384] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.616331][ T6384] usb 4-1: Product: syz [ 636.620459][ T6384] usb 4-1: Manufacturer: syz [ 636.624916][ T6384] usb 4-1: SerialNumber: syz [ 636.629982][ T6384] usb 4-1: config 0 descriptor?? [ 636.671282][T24370] EXT4-fs (loop4): unmounting filesystem. [ 636.808117][T25954] loop1: detected capacity change from 0 to 512 [ 636.856206][T25954] EXT4-fs error (device loop1): ext4_orphan_get:1396: inode #15: comm syz-executor.1: casefold flag without casefold feature [ 636.870397][T25954] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #2: comm syz-executor.1: missing EA_INODE flag [ 636.882259][T25954] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 2 err=-117 [ 636.894784][T25954] EXT4-fs (loop1): 1 orphan inode deleted [ 636.900442][T25954] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 637.061543][T25960] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.068436][T25960] bridge0: port 1(bridge_slave_0) entered disabled state [ 637.075843][T25960] device bridge_slave_0 entered promiscuous mode [ 637.082628][T25960] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.089517][T25960] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.096721][T25960] device bridge_slave_1 entered promiscuous mode [ 637.143492][ T638] device bridge_slave_1 left promiscuous mode [ 637.149913][ T638] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.157386][ T638] device bridge_slave_0 left promiscuous mode [ 637.163690][ T638] bridge0: port 1(bridge_slave_0) entered disabled state [ 637.171882][ T638] device veth1_macvtap left promiscuous mode [ 637.178220][ T638] device veth0_vlan left promiscuous mode [ 637.309011][T25960] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.316012][T25960] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.323093][T25960] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.329895][T25960] bridge0: port 1(bridge_slave_0) entered forwarding state [ 637.363408][ T6384] rtl8150 4-1:0.0: eth1: rtl8150 is detected [ 637.375176][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 637.383428][ T6384] bridge0: port 1(bridge_slave_0) entered disabled state [ 637.391180][ T6384] bridge0: port 2(bridge_slave_1) entered disabled state [ 637.402248][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 637.410322][ T203] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.417175][ T203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 637.435854][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 637.444139][ T351] bridge0: port 2(bridge_slave_1) entered blocking state [ 637.451000][ T351] bridge0: port 2(bridge_slave_1) entered forwarding state [ 637.458491][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 637.470110][T25972] loop0: detected capacity change from 0 to 512 [ 637.474622][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 637.491503][T25960] device veth0_vlan entered promiscuous mode [ 637.498122][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 637.498562][T25972] EXT4-fs (loop0): 1 truncate cleaned up [ 637.506454][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 637.520892][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 637.525688][T25972] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 637.528193][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 637.549318][ T6384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 637.569819][T25960] device veth1_macvtap entered promiscuous mode [ 637.583334][T22485] usb 4-1: USB disconnect, device number 66 [ 637.593988][T24894] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor.0: path /root/syzkaller-testdir4115751966/syzkaller.ev5HID/86/file0: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=196608, rec_len=0, size=1024 fake=0 [ 637.625578][T24894] EXT4-fs error (device loop0): ext4_lookup:1855: inode #11: comm syz-executor.0: iget: Dir with htree data on filesystem without dir_index feature. [ 637.627033][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 637.648364][ T664] rtl8150 3-1:0.0: couldn't reset the device [ 637.654580][T24894] EXT4-fs error (device loop0): ext4_lookup:1855: inode #11: comm syz-executor.0: iget: Dir with htree data on filesystem without dir_index feature. [ 637.670107][ T664] rtl8150: probe of 3-1:0.0 failed with error -5 [ 637.676955][ T664] usb 3-1: USB disconnect, device number 55 [ 637.683093][ T37] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 637.751156][T24894] EXT4-fs (loop0): unmounting filesystem. [ 637.757444][T24417] EXT4-fs (loop1): unmounting filesystem. [ 637.856736][T25977] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.1'. [ 638.027495][T25982] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.034508][T25982] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.042494][T25982] device bridge_slave_0 entered promiscuous mode [ 638.049382][T25982] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.056214][T25982] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.060586][T25980] overlayfs: failed to resolve './file0': -2 [ 638.063908][T25982] device bridge_slave_1 entered promiscuous mode [ 638.125171][T25982] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.132063][T25982] bridge0: port 2(bridge_slave_1) entered forwarding state [ 638.139129][T25982] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.145910][T25982] bridge0: port 1(bridge_slave_0) entered forwarding state [ 638.170385][T22485] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 638.178166][T22485] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.185938][T22485] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.197691][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 638.205731][ T203] bridge0: port 1(bridge_slave_0) entered blocking state [ 638.212577][ T203] bridge0: port 1(bridge_slave_0) entered forwarding state [ 638.230396][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 638.238428][ T203] bridge0: port 2(bridge_slave_1) entered blocking state [ 638.245268][ T203] bridge0: port 2(bridge_slave_1) entered forwarding state [ 638.252443][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 638.260749][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 638.275231][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 638.287500][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 638.295683][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 638.303117][ T664] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 638.311593][T25982] device veth0_vlan entered promiscuous mode [ 638.323343][T25982] device veth1_macvtap entered promiscuous mode [ 638.330467][ T638] device bridge_slave_1 left promiscuous mode [ 638.336394][ T638] bridge0: port 2(bridge_slave_1) entered disabled state [ 638.343707][ T638] device bridge_slave_0 left promiscuous mode [ 638.350030][ T638] bridge0: port 1(bridge_slave_0) entered disabled state [ 638.357677][ T638] device veth1_macvtap left promiscuous mode [ 638.363583][ T638] device veth0_vlan left promiscuous mode [ 638.435952][ T351] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 638.452102][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 638.460328][ T203] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 638.539432][ T332] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 638.564448][T26002] loop3: detected capacity change from 0 to 512 [ 638.576989][T26004] 9pnet_fd: Insufficient options for proto=fd [ 638.581287][T26002] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 638.591945][T26002] ext4 filesystem being mounted at /root/syzkaller-testdir871882328/syzkaller.qYYHFt/10/file0 supports timestamps until 2038 (0x7fffffff) [ 638.613189][T26002] EXT4-fs: Cannot change journaled quota options when quota turned on [ 638.657308][T25762] EXT4-fs (loop3): unmounting filesystem. [ 638.779245][ T664] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 638.899229][ T332] usb 3-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 638.908826][ T332] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 638.909156][T22485] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 638.917717][ T332] usb 3-1: config 0 descriptor?? [ 638.969834][ T332] usb 3-1: selecting invalid altsetting 1 [ 638.976974][ T332] snd-usb-audio: probe of 3-1:0.0 failed with error -22 [ 639.069223][ T664] usb 1-1: Using ep0 maxpacket: 8 [ 639.189656][ T37] usb 3-1: USB disconnect, device number 56 [ 639.199280][ T664] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 639.210185][ T664] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 639.219880][ T664] usb 1-1: New USB device found, idVendor=056a, idProduct=0035, bcdDevice= 0.00 [ 639.228817][ T664] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.238584][ T664] usb 1-1: config 0 descriptor?? [ 639.299198][T22485] usb 2-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 639.308218][T22485] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 639.317879][T22485] usb 2-1: config 0 descriptor?? [ 639.359671][T22485] usb 2-1: selecting invalid altsetting 1 [ 639.369514][T22485] snd-usb-audio: probe of 2-1:0.0 failed with error -22 [ 639.564109][ T332] usb 2-1: USB disconnect, device number 85 [ 639.710579][ T664] wacom 0003:056A:0035.00AD: unknown main item tag 0x0 [ 639.729259][ T664] wacom 0003:056A:0035.00AD: hidraw0: USB HID v0.00 Device [HID 056a:0035] on usb-dummy_hcd.0-1/input0 [ 639.911666][ T664] usb 1-1: USB disconnect, device number 75 [ 640.295453][T26034] loop1: detected capacity change from 0 to 512 [ 640.321439][T26034] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 640.330249][T26034] ext4 filesystem being mounted at /root/syzkaller-testdir1778662047/syzkaller.npLieg/116/file0 supports timestamps until 2038 (0x7fffffff) [ 640.348346][T26034] EXT4-fs: Cannot change journaled quota options when quota turned on [ 640.401249][T24417] EXT4-fs (loop1): unmounting filesystem. [ 640.601661][T26042] overlayfs: statfs failed on './file0' [ 640.752729][T26049] 9pnet_fd: Insufficient options for proto=fd [ 640.976995][T26064] device batadv_slave_0 entered promiscuous mode [ 640.983531][T26062] device batadv_slave_0 left promiscuous mode [ 641.004397][T26066] loop0: detected capacity change from 0 to 512 [ 641.039230][ T332] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 641.062575][T26066] EXT4-fs error (device loop0): __ext4_fill_super:5386: inode #2: comm syz-executor.0: iget: special inode unallocated [ 641.075113][T26066] EXT4-fs (loop0): get root inode failed [ 641.080073][T26068] loop2: detected capacity change from 0 to 512 [ 641.080821][T26066] EXT4-fs (loop0): mount failed [ 641.120889][T26068] Quota error (device loop2): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 641.130963][T26068] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 641.138908][T26066] loop0: detected capacity change from 0 to 256 [ 641.141454][T26068] EXT4-fs (loop2): 1 truncate cleaned up [ 641.147645][T26066] exFAT-fs (loop0): invalid boot record signature [ 641.152436][T26068] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 641.158650][T26066] exFAT-fs (loop0): failed to read boot sector [ 641.167334][T26068] ext4 filesystem being mounted at /root/syzkaller-testdir3844091992/syzkaller.9Do77P/216/file0 supports timestamps until 2038 (0x7fffffff) [ 641.173758][T26066] exFAT-fs (loop0): failed to recognize exfat type [ 641.193737][T26068] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 248: padding at end of block bitmap is not set [ 641.209168][T26068] Quota error (device loop2): do_check_range: Getting dqdh_entries 1536 out of range 0-14 [ 641.219243][T26068] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 641.229358][T26068] EXT4-fs error (device loop2): ext4_lookup:1859: inode #2: comm syz-executor.2: deleted inode referenced: 12 [ 641.241627][T26068] EXT4-fs error (device loop2): ext4_lookup:1859: inode #2: comm syz-executor.2: deleted inode referenced: 12 [ 641.253863][T26068] EXT4-fs error (device loop2): ext4_lookup:1859: inode #2: comm syz-executor.2: deleted inode referenced: 12 [ 641.350364][ T28] audit: type=1326 audit(2000000672.626:38524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f207167cee9 code=0x7ffc0000 [ 641.374955][ T28] audit: type=1326 audit(2000000672.626:38525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f207167cee9 code=0x7ffc0000 [ 641.398964][ T28] audit: type=1326 audit(2000000672.626:38526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f207167cee9 code=0x7ffc0000 [ 641.423031][ T332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 641.430979][ T28] audit: type=1326 audit(2000000672.626:38527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f207167cee9 code=0x7ffc0000 [ 641.457636][ T332] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 641.467222][ T332] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 641.473092][ T28] audit: type=1326 audit(2000000672.626:38528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f207167cee9 code=0x7ffc0000 [ 641.476045][ T332] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.476696][ T332] usb 4-1: config 0 descriptor?? [ 641.501568][ T28] audit: type=1326 audit(2000000672.646:38529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26072 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f207167cee9 code=0x7ffc0000 [ 641.829795][T26087] overlayfs: statfs failed on './file0' [ 641.946407][T23398] EXT4-fs (loop2): unmounting filesystem. [ 642.179244][ T203] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 642.419169][ T203] usb 1-1: Using ep0 maxpacket: 32 [ 642.437083][ T664] hid-generic 0000:0000:0000.00AF: unknown main item tag 0x0 [ 642.444787][ T664] hid-generic 0000:0000:0000.00AF: hidraw0: HID v0.00 Device [syz1] on syz0 [ 642.689228][ T332] uclogic 0003:256C:006D.00AE: interface is invalid, ignoring [ 642.699342][ T203] usb 1-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 642.708763][ T203] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.719174][ T203] usb 1-1: Product: syz [ 642.723185][ T203] usb 1-1: Manufacturer: syz [ 642.727623][ T203] usb 1-1: SerialNumber: syz [ 642.732565][ T203] usb 1-1: config 0 descriptor?? [ 642.895593][ T6405] usb 4-1: USB disconnect, device number 67 [ 643.388399][T26124] loop2: detected capacity change from 0 to 40427 [ 643.431140][ T203] rtl8150 1-1:0.0: eth1: rtl8150 is detected [ 643.465309][T26124] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 643.473331][T26124] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 643.482597][T26124] F2FS-fs (loop2): invalid crc value [ 643.489288][T26124] F2FS-fs (loop2): Found nat_bits in checkpoint [ 643.537841][T26124] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 643.544785][T26124] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 643.640439][ T664] usb 1-1: USB disconnect, device number 76 [ 643.803377][T26143] syz-executor.3[26143] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 643.803741][T26143] syz-executor.3[26143] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 643.926753][T26145] loop4: detected capacity change from 0 to 8192 [ 644.054099][ T419] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 644.066842][ T419] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 644.139788][T26150] loop3: detected capacity change from 0 to 8192 [ 644.432772][T26153] loop0: detected capacity change from 0 to 40427 [ 644.450996][T26153] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 644.463670][T26153] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 644.464029][T26157] loop2: detected capacity change from 0 to 8192 [ 644.473068][T26153] F2FS-fs (loop0): invalid crc value [ 644.484408][T26153] F2FS-fs (loop0): Found nat_bits in checkpoint [ 644.579629][T26153] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 644.586576][T26153] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 644.641419][ T357] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 644.658738][ T357] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 644.710797][T26153] F2FS-fs (loop0): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint [ 644.829225][ T6405] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 644.838763][T26162] loop3: detected capacity change from 0 to 40427 [ 644.855791][T26162] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 644.873534][T26162] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 644.893421][T26162] F2FS-fs (loop3): invalid crc value [ 644.913487][T26162] F2FS-fs (loop3): Found nat_bits in checkpoint [ 645.002092][T26162] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 645.009381][T26162] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 645.060655][ T638] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 645.069446][ T6405] usb 2-1: Using ep0 maxpacket: 8 [ 645.074911][ T638] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 645.114545][T26162] F2FS-fs (loop3): skip recovering inline_dots inode (ino:3, pino:3) in readonly mountpoint [ 645.189323][ T6405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 645.210285][ T6405] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 645.240873][ T6405] usb 2-1: New USB device found, idVendor=056a, idProduct=0035, bcdDevice= 0.00 [ 645.262883][ T6405] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 645.282165][ T6405] usb 2-1: config 0 descriptor?? [ 645.699268][ T203] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 645.733480][T26196] futex_wake_op: syz-executor.4 tries to shift op by -1; fix this program [ 645.743412][ T6405] wacom 0003:056A:0035.00B0: unknown main item tag 0x0 [ 645.750955][ T6405] wacom 0003:056A:0035.00B0: hidraw0: USB HID v0.00 Device [HID 056a:0035] on usb-dummy_hcd.1-1/input0 [ 645.841644][T26200] loop4: detected capacity change from 0 to 512 [ 645.860976][T26200] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 645.869988][T26200] ext4 filesystem being mounted at /root/syzkaller-testdir4134462799/syzkaller.AqvWP1/26/bus supports timestamps until 2038 (0x7fffffff) [ 645.910214][T25960] EXT4-fs (loop4): unmounting filesystem. [ 645.944837][ T37] usb 2-1: USB disconnect, device number 86 [ 645.949219][ T203] usb 3-1: Using ep0 maxpacket: 32 [ 646.077754][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc1 data 0x800 [ 646.086711][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc2 data 0x800 [ 646.092963][T26214] loop4: detected capacity change from 0 to 2048 [ 646.099890][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e ignored wrmsr: 0x11e data 0x800 [ 646.114079][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0x186 data 0x800 [ 646.123096][T26205] kvm [26204]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0x187 data 0x800 [ 646.152278][T26214] loop4: p1 p2 p3 [ 646.229420][ T203] usb 3-1: New USB device found, idVendor=0499, idProduct=1006, bcdDevice=15.0a [ 646.238587][ T203] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.247123][ T203] usb 3-1: Product: syz [ 646.251350][ T203] usb 3-1: Manufacturer: syz [ 646.255892][ T203] usb 3-1: SerialNumber: syz [ 646.264652][ T203] usb 3-1: config 0 descriptor?? [ 646.312301][ T203] snd-usb-audio: probe of 3-1:0.0 failed with error -2 [ 646.519379][T22485] usb 3-1: USB disconnect, device number 57 [ 646.831383][T26228] loop1: detected capacity change from 0 to 40427 [ 646.847726][T26228] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 646.855450][T26228] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 646.864218][T26228] F2FS-fs (loop1): invalid crc value [ 646.871689][T26228] F2FS-fs (loop1): Found nat_bits in checkpoint [ 646.911355][T26228] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 646.918296][T26228] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 647.423544][ T638] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 647.432644][ T638] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 647.569163][T22485] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 647.714693][T26265] syz-executor.4[26265] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 647.714776][T26265] syz-executor.4[26265] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 647.749204][ T37] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 647.858672][T26267] loop4: detected capacity change from 0 to 256 [ 647.979311][T22485] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 647.992566][T22485] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x94, skipping [ 648.042979][T22485] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 648.189382][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 41811, setting to 64 [ 648.203540][ T37] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 648.299319][T22485] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 648.308277][T22485] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.316302][T22485] usb 4-1: Product: syz [ 648.320411][T22485] usb 4-1: Manufacturer: syz [ 648.324814][T22485] usb 4-1: SerialNumber: syz [ 648.409218][ T37] usb 1-1: New USB device found, idVendor=1b3d, idProduct=9310, bcdDevice= 0.c8 [ 648.418105][ T37] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 648.426002][ T37] usb 1-1: Product: syz [ 648.430059][ T37] usb 1-1: Manufacturer: syz [ 648.434439][ T37] usb 1-1: SerialNumber: syz [ 648.439470][ T37] usb 1-1: config 0 descriptor?? [ 648.489645][ T37] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 648.497212][ T37] usb 1-1: Detected SIO [ 648.501293][ T37] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 11 [ 648.508907][ T37] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 649.197244][ T6384] usb 1-1: USB disconnect, device number 77 [ 649.206970][ T6384] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 649.216740][ T6384] ftdi_sio 1-1:0.0: device disconnected [ 649.328733][T26302] loop0: detected capacity change from 0 to 512 [ 649.342531][T26302] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 649.350972][T26302] EXT4-fs (loop0): orphan cleanup on readonly fs [ 649.357528][T26302] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 649.389202][T26302] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 649.395876][T26302] EXT4-fs error (device loop0): ext4_ext_check_inode:520: inode #13: comm syz-executor.0: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 649.414192][T26302] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 13 (err -117) [ 649.426468][T26302] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 649.437765][T26302] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 649.447426][T26302] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 649.459219][T22485] cdc_ncm 4-1:1.0: bind() failure [ 649.465533][T26302] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 649.480096][T22485] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 649.509185][T22485] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 649.516799][T22485] usb 4-1: USB disconnect, device number 68 [ 649.524391][T26305] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 649.533587][T26305] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 649.551369][T26305] EXT4-fs warning (device loop0): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 649.568082][T26295] loop4: detected capacity change from 0 to 131072 [ 649.620894][T26295] F2FS-fs (loop4): invalid crc value [ 649.627519][T26295] F2FS-fs (loop4): Found nat_bits in checkpoint [ 649.659754][T26295] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 649.670660][T25982] EXT4-fs (loop0): unmounting filesystem. [ 649.677476][T26295] F2FS-fs (loop4): sanity_check_inode: corrupted inode footer i_ino=7, ino,nid: [2097159, 7] run fsck to fix. [ 649.923656][T26320] loop2: detected capacity change from 0 to 256 [ 649.964947][T26323] device syzkaller0 entered promiscuous mode [ 650.118746][T26329] loop1: detected capacity change from 0 to 256 [ 650.669175][T26343] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.4'. [ 650.816570][T26339] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.0'. [ 650.843922][T26343] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 650.864885][T26339] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 650.941597][T26347] loop1: detected capacity change from 0 to 512 [ 650.957204][T26347] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 650.965570][T26347] EXT4-fs (loop1): orphan cleanup on readonly fs [ 650.972369][T26347] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 650.987253][T26347] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 650.993900][T26347] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #13: comm syz-executor.1: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 651.012258][T26347] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 13 (err -117) [ 651.024618][T26347] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 651.036034][T26347] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 651.046028][T26347] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 651.079677][T26347] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 651.095471][T26352] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 651.104785][T26352] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 651.119433][T26352] EXT4-fs warning (device loop1): ext4_enable_quotas:6987: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 651.198982][T24417] EXT4-fs (loop1): unmounting filesystem. [ 651.619196][T26359] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.2'. [ 651.634914][T26356] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.3'. [ 651.670804][T26359] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 651.693150][T26356] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 652.027051][T26363] loop4: detected capacity change from 0 to 40427 [ 652.038938][T26366] loop0: detected capacity change from 0 to 256 [ 652.048849][T26363] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 652.057017][T26363] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 652.075587][T26363] F2FS-fs (loop4): Found nat_bits in checkpoint [ 652.118286][T26363] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 652.130730][T26363] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 652.137623][T26363] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 652.238930][T26367] loop1: detected capacity change from 0 to 40427 [ 652.269223][T26367] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 652.278996][T26367] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 652.324609][T26367] F2FS-fs (loop1): Found nat_bits in checkpoint [ 652.388167][T26367] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 652.411849][T26385] overlayfs: failed to resolve './file0': -2 [ 652.446752][T26367] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 652.462566][T26367] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 652.573364][T26375] loop3: detected capacity change from 0 to 40427 [ 652.663106][T26390] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.2'. [ 652.684204][T26390] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 652.751185][T26375] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 652.854024][T26375] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 652.937700][T26375] F2FS-fs (loop3): Found nat_bits in checkpoint [ 652.982923][T26375] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 653.050916][T26397] overlayfs: failed to resolve './file0': -2 [ 653.095234][T26375] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 653.105494][T26375] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 653.400307][T26399] overlayfs: failed to resolve './file0': -2 [ 655.865693][T26431] __nla_validate_parse: 10 callbacks suppressed [ 655.865712][T26431] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.4'. [ 655.882731][T26431] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 656.538585][T26451] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.1'. [ 656.557912][T26451] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 657.322485][T26463] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.0'. [ 657.440206][T26460] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.3'. [ 657.451006][T26460] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 657.464565][T26461] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 657.654638][T26468] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only [ 657.763518][T26472] netlink: 312 bytes leftover after parsing attributes in process `syz-executor.1'. [ 657.782689][T26472] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 658.554384][T26489] loop1: detected capacity change from 0 to 1024 [ 658.579027][T26489] EXT4-fs: Ignoring removed orlov option [ 658.587672][T26489] EXT4-fs: Ignoring removed nomblk_io_submit option [ 658.626160][T26489] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 658.635138][ T357] device bridge_slave_1 left promiscuous mode [ 658.641498][ T357] bridge0: port 2(bridge_slave_1) entered disabled state [ 658.652712][ T357] device bridge_slave_0 left promiscuous mode [ 658.667096][T26489] EXT4-fs error (device loop1): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.1: corrupt xattr in inline inode [ 658.680491][ T357] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.719969][T26489] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.1: corrupted in-inode xattr [ 658.822054][T24417] ================================================================== [ 658.829954][T24417] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 658.837762][T24417] Read of size 4 at addr ffff88813f3e0000 by task syz-executor.1/24417 [ 658.845837][T24417] [ 658.848005][T24417] CPU: 1 PID: 24417 Comm: syz-executor.1 Tainted: G W 6.1.78-syzkaller-00134-g997e6b3f6a21 #0 [ 658.859461][T24417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 658.869357][T24417] Call Trace: [ 658.872490][T24417] [ 658.875259][T24417] dump_stack_lvl+0x151/0x1b7 [ 658.879771][T24417] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 658.885065][T24417] ? _printk+0xd1/0x111 [ 658.889058][T24417] ? __virt_addr_valid+0x242/0x2f0 [ 658.894008][T24417] print_report+0x158/0x4e0 [ 658.898347][T24417] ? __virt_addr_valid+0x242/0x2f0 [ 658.903292][T24417] ? kasan_addr_to_slab+0xd/0x80 [ 658.908068][T24417] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 658.913534][T24417] kasan_report+0x13c/0x170 [ 658.917875][T24417] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 658.923342][T24417] __asan_report_load4_noabort+0x14/0x20 [ 658.928809][T24417] ext4_xattr_delete_inode+0xcd0/0xce0 [ 658.934100][T24417] ? sb_end_intwrite+0x130/0x130 [ 658.938879][T24417] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 658.944779][T24417] ? __kasan_check_read+0x11/0x20 [ 658.949640][T24417] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 658.955362][T24417] ? ext4_evict_inode+0xbc2/0x1550 [ 658.960310][T24417] ext4_evict_inode+0xef9/0x1550 [ 658.965087][T24417] ? _raw_spin_unlock+0x4c/0x70 [ 658.969773][T24417] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 658.975499][T24417] ? _raw_spin_unlock+0x4c/0x70 [ 658.980185][T24417] ? inode_io_list_del+0x18b/0x1a0 [ 658.985131][T24417] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 658.990868][T24417] evict+0x2a3/0x630 [ 658.994598][T24417] iput+0x642/0x870 [ 658.998241][T24417] vfs_rmdir+0x3c2/0x500 [ 659.002325][T24417] do_rmdir+0x3ab/0x630 [ 659.006313][T24417] ? d_delete_notify+0x160/0x160 [ 659.011117][T24417] __x64_sys_unlinkat+0xdf/0xf0 [ 659.015778][T24417] do_syscall_64+0x3d/0xb0 [ 659.020022][T24417] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 659.025753][T24417] RIP: 0033:0x7faa0047c6c7 [ 659.030004][T24417] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 659.049444][T24417] RSP: 002b:00007fff42cb85a8 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 659.057688][T24417] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007faa0047c6c7 [ 659.065508][T24417] RDX: 0000000000000200 RSI: 00007fff42cb9750 RDI: 00000000ffffff9c [ 659.073312][T24417] RBP: 00007faa004c8336 R08: 0000000000000000 R09: 0000000000000000 [ 659.081126][T24417] R10: 0000000000000100 R11: 0000000000000207 R12: 00007fff42cb9750 [ 659.088935][T24417] R13: 00007faa004c8336 R14: 00000000000a0c4e R15: 0000000000000009 [ 659.096756][T24417] [ 659.099609][T24417] [ 659.101783][T24417] The buggy address belongs to the physical page: [ 659.108039][T24417] page:ffffea0004fcf800 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x1 pfn:0x13f3e0 [ 659.118356][T24417] flags: 0x4000000000000000(zone=1) [ 659.123395][T24417] raw: 4000000000000000 ffffea0004d82808 ffffea0004edf008 0000000000000000 [ 659.131819][T24417] raw: 0000000000000001 0000000000000004 00000000ffffff7f 0000000000000000 [ 659.140227][T24417] page dumped because: kasan: bad access detected [ 659.146485][T24417] page_owner tracks the page as freed [ 659.151687][T24417] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 26363, tgid 26361 (syz-executor.4), ts 652175099599, free_ts 652854095726 [ 659.169739][T24417] post_alloc_hook+0x213/0x220 [ 659.174337][T24417] prep_new_page+0x1b/0x110 [ 659.178676][T24417] get_page_from_freelist+0x27ea/0x2870 [ 659.184075][T24417] __alloc_pages+0x3a1/0x780 [ 659.188483][T24417] __folio_alloc+0x15/0x40 [ 659.192736][T24417] shmem_alloc_and_acct_folio+0x78c/0xa50 [ 659.198292][T24417] shmem_get_folio_gfp+0x12d4/0x24b0 [ 659.203411][T24417] shmem_fault+0x1f7/0x840 [ 659.207664][T24417] do_fault+0xdb6/0x1cd0 [ 659.211753][T24417] handle_mm_fault+0x184a/0x2f40 [ 659.216519][T24417] __get_user_pages+0x377/0xf20 [ 659.221207][T24417] __mm_populate+0x375/0x570 [ 659.225631][T24417] vm_mmap_pgoff+0x290/0x430 [ 659.230059][T24417] ksys_mmap_pgoff+0xed/0x1e0 [ 659.234568][T24417] __x64_sys_mmap+0x103/0x120 [ 659.239083][T24417] do_syscall_64+0x3d/0xb0 [ 659.243336][T24417] page last free stack trace: [ 659.247850][T24417] free_unref_page_prepare+0x83d/0x850 [ 659.253143][T24417] free_unref_page_list+0xf1/0x7b0 [ 659.258090][T24417] release_pages+0xf7f/0xfe0 [ 659.262602][T24417] __pagevec_release+0x84/0x100 [ 659.267289][T24417] shmem_undo_range+0x5fc/0x1660 [ 659.272068][T24417] shmem_evict_inode+0x25f/0xa30 [ 659.276837][T24417] evict+0x2a3/0x630 [ 659.280569][T24417] iput+0x642/0x870 [ 659.284215][T24417] dentry_unlink_inode+0x34f/0x440 [ 659.289161][T24417] __dentry_kill+0x447/0x650 [ 659.293588][T24417] dentry_kill+0xc0/0x2a0 [ 659.297754][T24417] dput+0x40/0x80 [ 659.301228][T24417] __fput+0x5f0/0x870 [ 659.305047][T24417] ____fput+0x15/0x20 [ 659.308862][T24417] task_work_run+0x24d/0x2e0 [ 659.313289][T24417] do_exit+0xbd5/0x2b80 [ 659.317283][T24417] [ 659.319452][T24417] Memory state around the buggy address: [ 659.324924][T24417] ffff88813f3dff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 659.332822][T24417] ffff88813f3dff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 659.340718][T24417] >ffff88813f3e0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 659.348613][T24417] ^ [ 659.352521][T24417] ffff88813f3e0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 659.360420][T24417] ffff88813f3e0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2033/05/18 03:44:50 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 659.368316][T24417] ================================================================== [ 659.376805][T24417] Disabling lock debugging due to kernel taint