last executing test programs: 3.562450454s ago: executing program 4 (id=2700): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3}, {0x61}, {}, {}, {0x6}]}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) 3.450599068s ago: executing program 4 (id=2703): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000280), &(0x7f00000002c0)=r1}, 0x20) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000380), 0x12) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r4}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r5, &(0x7f0000000200), 0x43451) 2.804228705s ago: executing program 4 (id=2706): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) mincore(&(0x7f0000f0c000/0x3000)=nil, 0x0, &(0x7f0000afaf0a)=""/246) 2.782269416s ago: executing program 4 (id=2708): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x180001d, &(0x7f0000000c80)=ANY=[@ANYRESHEX], 0x5, 0x558b, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64auumCJWPBPEEisWPIbWMASdogFiB1SkWcmULdJC63jQPs80vjMHL8+874jK9KZiRzAU2sp/e2XJI7FoYhYiIijSeT7SblF3I44X4x9LiKOR0Tlri0p838m9kfE4Yg4Nile1EzKtz47OT5x9uc3f/362wP7jnz+1Xd7unBgTz0fEf31Yv9mv4hZJw93Fsp8Y9zNY//MuIzrUzX6WZG/2V7LK9xsbI1r5PF0pxifrd8YTuLVXqM5iZ3u1Ty/PihOOBx3tupMPpBea2zkx632Wh67wyyPnVvFeTdvFX/bbg1HRZ1WWe+jvHyMRluxyLc328V61q/nsTkYlfmibtZqb07iuIzl6aKZ9Vr5PNYe9Sr/+73VHdzYTMftjWE3G6Rna/UXavVz1fpG1mqP2meqjX7r3Jl0udObDKuO2o3++U6WdXrtWjPrr6TLnWazWq+nyxfaa93GIK3Xa6drp6pnV8q9k+lrl99Le610eRJf6Q5ujLq9YXo120iLT6ykq7XTL66kJ+rpO5eupFfevnjx0pV3P7jw/uWXL73xajnovmmly6unVler9VPV1frKU7T+j8tJ/4P1J9unf/j+8S4bFHb4ggGws/v6/7i3/w/9PzBzD+j/49pD+v/+9fJ4d/r/2Lb/r0z3/zHL/n/SUun/H97/Vvag/10M/f8urh8ey6P1//tnPg8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAObux8UvXs93lorjI2X+f2XqmfI4iYhKRNzZxkLsn6q5UNZZ3GH84j1z+CaJvMLkHAfK7XBEnC+33/+/21cBAAAAnlxf3j7+adGtFy9Lez0h5qm4aVM5+uGM6iURsbj004yqVSYvz86oWP793hebM6qW38A6OKNixS23fbOq9rcsTIWDd4WkCJW5TgcAAJiL6U5gvl0IAAAA8/TJA999aW7zYM6S2HqUufUsOP/P+78eCB6aeg8AAAD4D0r2egIAAADArsv7f7//BwAAAE+24vf/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YOd+ctMGojgAPxsM/auiqvtepTs4Ro/QZZeFA/QSHIGeoFIvwBmolEWOkIQIe4LkBKRIjHGCvk+ynRlHP88AmzeWBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu/a9Wsz+/vv4+Mebv7fY0maYDAAAAHLCpVrP6j0nTfp/6P6auz6ldREQZEYdq90GMWpmDlFMd+f/q0Rj+RdQJu/5xOt5FxLd03Hzq+lMAAACAy7VeLKdNtd6c0hLAVb+j4kyaRZvyw/dMeUVEVJPrTGnl7vQlU1j9+x7Gz0xp9QLWm0xhzZLb8PC9Ua6HtA1al4eZzOsvsW6V3TwXAADoU7sSOFKFAAAAcAF+9D0AzuFpaV/sT/v3jOPmkl4Ivm21AAAAgFeo6HsAAAAAQOfq+v8l7f9X2P8PAAAAsmv2/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2o1Wy+W02P358/MudueJt+MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB79ucdBUIgDMJg7/rOZO5/WGnQ0NikCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN787i//J6bGmWTutbH0PJKsnRpbp8beuXH0h/H1awAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn5cUCIEgiII5438nff/DSoKeQYQIaHhUUYsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAL/rdL/8npsaZZO60sXQ8kqxdNbauGnsPGkcPxtu/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYt2PfNqowAOCffbbbFBAhoEgEUJE6wEJTt7R0RQgUMfAnIEWpUwIuhTYDrSJKFjaUuQuCESEkUNjyP3RupC5l65AhSEwMQXe+S8+JoVFp79zm95Oe3+fz9b3vna0qn98ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKCw9W682szjJH2YHMTFsdvbKwtpv7mnT22s3ZlJWxo3Ks77CfBa+cnx6foSAQAA4PBIivo+Iu621+fSvjmZ1f/t4py05v/huUFc1PN76/7N7ZWj+UszRf3/+2/3XtqdaDLJ5kkHXVzq907tT6X1mJY49p5/4Bmt7Mpn370k2RvS/HD1xa12dj0b39269X4nC49UkS0A8DBOFn0eFH8PpX23zsQAODRapcK7qP+TyXpzAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKjC1mo8U8SNiJhp3Y9Tm9srC6P6b9buzGzk7dzNm2vlMdMh2hGxuNTvnapwLeOruJrXP5vv93tXrl6rOjgeESNeunGwf57k6f/rOZ2IGDpy4uUR43x8gLn2jLMvyD+eUe01nEjX98CTG0NHGvsu+Hs7A3V8AKoKmvn7My75PMqg+Ow9+pEr/u8IAICnXjtvaSV6t70+lx5rTEXs/Dhc/79RimOo7t+5MTgyeL5Rqv/vfXLudnmucv3frWh9T4LZ5UtfzF69dv2tpUvzF3sXe5+/fbr7TvfM+bNnz89m35XMLkbTNyYAAAD8D528lev/5tT+/f9jpTj+Y/+/XP9/+X336/Jcifp/pPubfnVnAgAAcBh1dqMXXv/rz8aIMxqdTnw1v7x8pTt43H1+evBYaboP6UjeyvV/MlV3VgAAAEAVtlYbQ/v/F0pxHHD//9mfXvmlPGYSERMRlyOid3Lhcv9CdcsZa1X8UDmbqFP3SgEAAKjLRN7K+//t7P7/5u4tD82IePNExN/5b/jjgPV/8sG3P5fnKt//f6bSVY6f5vTgemT9dERruu6MAAAAeJodzVta7P/RXp/79NdjH3Xc/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQtX8CAAD//4ztMoY=") syz_mount_image$fuse(0x0, &(0x7f0000000640)='./file0/../file0/file0/file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c}) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) renameat2(r4, &(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', r5, &(0x7f0000000040)='./file1\x00', 0x0) 2.365289353s ago: executing program 1 (id=2712): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000000)) 2.119037363s ago: executing program 1 (id=2716): ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'syztnl1\x00', 0x0}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x0, @loopback}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000540)={'vcan0\x00', {0x2, 0x0, @loopback}}) r1 = socket$can_raw(0x1d, 0x3, 0x1) gettid() getsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0xffffffffffffffff, &(0x7f0000000140)=0x37) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000000340)={0x252e4ce1, 0x80000000, 0x0, 0x87, 0x3, [0x7f, 0x9, 0x9f2, 0x515]}) setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000380)=0x6, 0x4) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0) vmsplice(r3, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wg1\x00'}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r4, &(0x7f0000000040)=ANY=[], 0xff2e) ioctl$TCXONC(r4, 0x540a, 0x2) 1.048588377s ago: executing program 1 (id=2724): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0xc, &(0x7f00000000c0)="e0", 0x1) setsockopt$inet_opts(r0, 0x0, 0xd, &(0x7f0000000140)="f8", 0x1) getsockopt$inet_opts(r0, 0x0, 0x400000000000009, &(0x7f0000937fed)=""/16, &(0x7f0000000080)=0x2b) 1.038083837s ago: executing program 1 (id=2726): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='global_dirty_state\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='global_dirty_state\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40001) 642.910943ms ago: executing program 1 (id=2732): r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000100)="fc0000004800071fab092504090007000aab6000000000000008e293210001c0000000000000000001000000c0fe00ea05001ec28656aaa79bb94b46fe000000bc000200000300f12fbe780196370d1151ffd633d450000000e5d18064b1ed548d59c40a366c57c6a55e00008934d07302ade41720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cce190a60aa47e988399ddef2fe082038f4f8b29d97f391064e763b6f380f5bd92c83170e5bba4a463a1e00d66ff5b22a95792e2891cfded815b6ccd243f295ed94e0ad91bd0734babc7c737d670133750800000000000000000000000000a6b567b4d5715587e6d8a1ad0a4f0108", 0xfc) 642.330404ms ago: executing program 4 (id=2733): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000200), &(0x7f0000000280)='%+9llu \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r3, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0xfdef, &(0x7f0000000280)=ANY=[], 0x0) 582.941246ms ago: executing program 3 (id=2734): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x3, [@fwd={0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}]}, @typedef={0x1, 0x0, 0x0, 0x8, 0x1}]}, {0x0, [0x5f]}}, &(0x7f0000000300)=""/209, 0x4b, 0xd1, 0x2}, 0x20) 572.749606ms ago: executing program 1 (id=2735): ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'syztnl1\x00', 0x0}) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={'batadv_slave_1\x00', {0x2, 0x0, @loopback}}) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000540)={'vcan0\x00', {0x2, 0x0, @loopback}}) r1 = socket$can_raw(0x1d, 0x3, 0x1) gettid() getsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, 0xffffffffffffffff, &(0x7f0000000140)=0x37) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000000340)={0x252e4ce1, 0x80000000, 0x0, 0x87, 0x3, [0x7f, 0x9, 0x9f2, 0x515]}) setsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000380)=0x6, 0x4) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r3, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000080)="a1", 0x20000081}], 0x2, 0x0) vmsplice(r3, &(0x7f0000000040)=[{&(0x7f00000000c0)='c', 0x1}], 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wg1\x00'}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$binfmt_aout(r4, &(0x7f0000000040)=ANY=[], 0xff2e) ioctl$TCXONC(r4, 0x540a, 0x2) 559.244547ms ago: executing program 3 (id=2736): syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x22004002, &(0x7f0000000080), 0x0, 0x47e, &(0x7f0000000b80)="$eJzs3MtvG8UfAPDvrpP09cvjV8qjD6ihICIKSZMW6IELCKRekJDgAMeQhqrUbVETJFpVtCBUjgj+AeCIxF/ACS4IOIG4wh0hVdALhQNatPZu68RO6rh13dafj2RnZnfWM7OzE8/u7DqAgVXN35KILCJ+iYjxRnR5gmrjz+VLZ+f/vnR2Pokse/mPpJ7ur0tn58uk5XZbishkGpF+kMTONvkunj5zbK5WWzhVxKeXjr81vXj6zBNHj88dWTiycGL24MED+2eefmr2yRtSz9G8rDvePblr+6HXPn5xPovXv/8yL+//ivXN9WiYqL//mWVd51mN6vJ9WTdSf3+k60+9NY02hZOhPhaEdalERN5cw/X+Px6VuNp44/HC+30tHNBTWZZlG1qWVsrA+Qy4gyXR7xIA/VF+0efnv+XrJg4/+u7is40ToLzel4tXY81QpPmfjY0z9tEe5V+NiFfP//Np/oq21yEAAG6sr/Pxz+Ptxn9jyT1N6caKuaGJiNgbEVsj4q6I2BYRd0dEnvbeiLhvnflXV8Rbxz8/beqqYh3Kx3/PFHNby8d/aZlkolLERuv1H07eOFpb2Ffsk8kY3pDHZ9bI45vnf/5otXXN47/8ledfjgWLcvw+tOIC3eG5pbnrqXOzi+9F7BhqV//kykxAEhHbI2JHF5+f77Ojj32xKw+PbWldv+ua9V/DDZhnyj6PeLTR/udjRf3jkyuhPKfV5ienN0ZtYd90eVS0+uHHCy81x4ebwtdu/97K239z2+O/mLksu0E5X7u4/jwu/Prhquc03R7/I8kr9fBIseyduaWlUzMRI8WCZctnr25bxsv0ef0n97Sr/1iyNeLfz4rtdhbH6v0R8UBE7C7K/mBEPBQRe9ao/3fPPfzm2nuov+1/eK32j5hImufruwhUjn371Wr5d9b+B+qhyWJJJ///Oi3g9ew7AAAAuF2k9Xvgk3TqSjhNp6Ya9/Bvi81p7eTi0t5qvH3icONe+YkYTssrXeNN10NnimvDZXx2RXx/RPy/fqfRpnp8av5krVdz6kBntqzS/3O/VfpdOqDn1jWP1vpEG3Ab87wmDK7u+r+BANwJfP/D4NL/YXC16//nIi73oSjATeb7HwaX/g+DS/+HwaX/w0BqfSS+/LmVbp70vxrYeui6Nh+gQKVHnxzNP9rRg0Cky5dsiltgZ3YaSG+FYuwuAhsiotOtzvW0TVcePwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALe//wIAAP//9zrjrw==") r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x18) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000440)=0x40084040) 530.401508ms ago: executing program 4 (id=2738): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000004c0)="01", &(0x7f0000000380), 0x7}, 0x38) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x3, 0x4, 0x2}, 0x48) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000b40), 0x2b842ac, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001d00)=ANY=[@ANYBLOB="b700000012edfffebfa30000000000007603000028feffff7a0af0fff8ffffff61a4f0ff000000005d040000000000007f000000000000002704000001ed0a002500000017ffffffce040000000000007b0300fe000000002d04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be361917adef6ee1c8a2b4f8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532e2df58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d85827513acd02b5a655a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f08050e46850600000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29faf75ddd1aa96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fcd7071b53ac29df826f8ae6d6e18c52a2fc1eacf5bf870768d5217e9bb5a05d9e22ce67f1231bd236ed200073826593c4e1a0f50a74bb482e486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c6133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc1caa80e64461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cabdfe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f8089322d84ac523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f6260a483632a2ab447f88dd6efec73a0271a19ca3aa860aa4dcaeebe3d53040b853a7c02a5fcc08b3a572969bbe91c921ac1476027772c87d172ab29967e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f522df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb000400000000000088d22230592a79000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb520400000000000000c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399fa5ee0b41e14a6fe6894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014fa841061e63d40f4e536314beda5738fee012365f963b2a85e7d8075c333475b9f0284405e30700000041285fbe0bdd37220e31d4731614a50c16c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe8c350a5c554a387de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c7963c2ba910969f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21da4fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d68ad9fa2b2528798df1c36fc438d9c98f168490b41e158bb2e2d8ed19d44b9cce67c79f9f7bfae7ebe09e441745c592ce69c522b5136be09ed1b97ea3d5b317508df23e92c56fc2eb74d27d3861d91745b8fb9f6cc20e9f8b174000c62c4a2b212332a073fc5d0be7347e41454cb27e081c43e92ae7f9f046600db85d945a4666b588629ce0809d5c8506308688db21ec04d365497bf90060000000000000020726298dec1ae960e3d26cdaaa527ab9e2c41d177fdbaf462c2e45f6c261df0fa4934f81278477e00fd2eba63cf8dcbdec85fc3c6f146c53b701e446c218f02ca678b3e0bc4b5253ae32bace19fb0a10e3ff4bf0b870f399842f6966da779be2a481cac5f4f9cfa338df7640267c8c4dce6f6c41777f2606ae31230430052967bc0e3f69351c9f69363abf5bd30b875732a43413d9927435723577bdf74eb6f467dff089c14a4cae6ca551577a289d822aad77ec4701f57049e1222b692f7d8e299591925065907a6e16e962f7a886aa555b4674fdd575efcd14c8cc6edc971053695debde1bd37eb4cda"], &(0x7f00000001c0)='GPL\x00'}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_free_inode\x00', r3}, 0x10) syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000140)='./file0\x00', 0x800000, &(0x7f0000000440)={[{@shortname_lower}, {@shortname_winnt}, {@shortname_win95}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}, {@shortname_mixed}, {@fat=@codepage={'codepage', 0x3d, '1255'}}, {@fat=@nocase}, {@fat=@fmask={'fmask', 0x3d, 0x1}}, {@rodir}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'maciceland'}}], [{@uid_eq}, {@uid_eq}]}, 0x1, 0x29f, &(0x7f0000000180)="$eJzs3U1rK1UcB+B/bnNvkguSLITLFaEjLnQV2oq4TZEKYkBRstCVxaYoTS20UNBF213xO+g3EF0KrgQX4lZwLYJUwY111UVlJE5aZ5oXW20a6X2eTU/POb+cc+YMM3TRk7ef3NxY29pZPz4+imq1FOVWtEonpWjEnZiLzEEAALfJSZrGb2lm1nMBAG6G9z8APHomvf9LB+d1r938zACAaflPf//fmcqUAIApe+PNt15ZbrdXXk+SasTm4W5nt5P9zNqX1+O96EU3FqIepxHpuYj9NE1ferm9spD0/dyI6ub+IL+/25kr5hejHo18/st6/7d+fjHJRCefvxv3B/kf7kc3lqIejxfHTwfjL43M34tnn86N34x6fPdObEUv1qKfzfKViNhbTJIXX21fyFf+6jfs+5vcHgAAAAAAAAAAAAAAAAAAAAAAbqlmcq5RPP8mO7+n2RzXnuXz5wPVTkefz7Mw8nyecjxRnu3aAQAAAAAAAAAAAAAAAAAA4P9i54MPN1Z7ve72pML733729VElC/xj58mF0mDcq6UOCzUvPFOcRu1yq7hQeOypnz4e1VSJylWvz78r3I2IfE0yGPKr+SkOel2Fb47effjczoPnx/WJcr7mo/5SC32yHXw4qPn0rKl8uQt+b/T988fg6IkRTb/WI8Z+YHXUDVkb7pzWsx0qxj8/K7R+H/rks1upu10bGr06/W2az9U8+KS1+sXej79cNj7hoZHOXftzCAAAAAAAAAAAAAAAAAAAyP9/+6xnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACz8/f3/1+1UIlCTXVs54NZrxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP4MAAD//wuTkgI=") 417.119623ms ago: executing program 2 (id=2739): pipe(&(0x7f0000000180)={0xffffffffffffffff}) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x8c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='ext4_forget\x00', r0}, 0x10) mkdir(&(0x7f0000000140)='./control\x00', 0x0) rmdir(&(0x7f0000000100)='./control\x00') 184.469692ms ago: executing program 3 (id=2742): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x71}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x4d, 0x1, 0x3}, {0x61}, {}, {}, {0x6}]}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000080)={'pimreg0\x00', 0x7c2}) 175.839363ms ago: executing program 2 (id=2743): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x6, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000020"], 0xfe44, 0x0) 151.501373ms ago: executing program 2 (id=2744): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b7040000000000008500000057"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='global_dirty_state\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='global_dirty_state\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r3, &(0x7f0000000180), 0x40001) 151.176374ms ago: executing program 0 (id=2745): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000280), &(0x7f00000002c0)=r1}, 0x20) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r3 = openat$cgroup_procs(r2, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r3, &(0x7f0000000380), 0x12) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r4}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r5, &(0x7f0000000200), 0x43451) 116.063275ms ago: executing program 2 (id=2746): r0 = socket(0x10, 0x802, 0x0) write(r0, &(0x7f0000000100)="fc0000004800071fab092504090007000aab6000000000000008e293210001c0000000000000000001000000c0fe00ea05001ec28656aaa79bb94b46fe000000bc000200000300f12fbe780196370d1151ffd633d450000000e5d18064b1ed548d59c40a366c57c6a55e00008934d07302ade41720d7d5bbc91a3e2e80772c05defd5a32e280fc83ab82f605f70cce190a60aa47e988399ddef2fe082038f4f8b29d97f391064e763b6f380f5bd92c83170e5bba4a463a1e00d66ff5b22a95792e2891cfded815b6ccd243f295ed94e0ad91bd0734babc7c737d670133750800000000000000000000000000a6b567b4d5715587e6d8a1ad0a4f0108", 0xfc) 105.246396ms ago: executing program 0 (id=2747): bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000580)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x3, [@fwd={0x1}, @struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x0, [{0x0, 0x3}]}, @typedef={0x1, 0x0, 0x0, 0x8, 0x1}]}, {0x0, [0x5f]}}, &(0x7f0000000300)=""/209, 0x4b, 0xd1, 0x2}, 0x20) 100.998866ms ago: executing program 2 (id=2748): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000002c0)={{r1}, &(0x7f0000000200), &(0x7f0000000280)='%+9llu \x00'}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f00000010c0)=0x5, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r3 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0x7, &(0x7f0000000180)=0x8, 0x4) setsockopt$packet_int(r3, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r3, &(0x7f00000000c0)="3f03fe7f0300120006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14) syz_emit_ethernet(0xfdef, &(0x7f0000000280)=ANY=[], 0x0) 82.201887ms ago: executing program 3 (id=2749): seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) sync() 80.036187ms ago: executing program 2 (id=2750): getpid() process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d13"], 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) write$binfmt_aout(r0, &(0x7f0000000140)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)) r1 = syz_open_pts(r0, 0x0) r2 = epoll_create(0x1) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000040)) r3 = dup3(r1, r0, 0x0) ioctl$TCXONC(r3, 0x540a, 0x3) 74.842757ms ago: executing program 0 (id=2751): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x10}, [@ldst={0x6, 0x0, 0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48) 45.739138ms ago: executing program 0 (id=2752): syz_emit_ethernet(0x46, &(0x7f00000000c0)={@local, @random="7f0a000c4011", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010102, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x12, 0x0, 0x2802, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @private}, "000086ddffff0000"}}}}}, 0x0) 45.356818ms ago: executing program 3 (id=2753): pipe(&(0x7f0000000180)={0xffffffffffffffff}) close(r0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x8c) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='ext4_forget\x00', r0}, 0x10) mkdir(&(0x7f0000000140)='./control\x00', 0x0) rmdir(&(0x7f0000000100)='./control\x00') 38.314288ms ago: executing program 0 (id=2754): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff000000850000000e000000c500000001f0ffff95"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='kmem_cache_free\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r1, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000001fd8)=ANY=[@ANYBLOB="850000002a00000084000000000000009500000000000000"], &(0x7f0000000180)='GPL\x00'}, 0x48) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) write$binfmt_misc(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="72b9800007"], 0xd) 31.987559ms ago: executing program 3 (id=2755): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) 0s ago: executing program 0 (id=2756): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000000000000000000000000000bb", @ANYRES32=0x41424344], 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$sock_inet_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000280)={0x0, {0x2, 0x0, @empty}, {0x2, 0x0, @broadcast}, {0x2, 0x0, @dev}, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)='gretap0\x00'}) recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002540)=""/216, 0xd8}}], 0x1, 0x0, 0x0) ioctl$KVM_X86_SETUP_MCE(r3, 0x4008ae9c, &(0x7f0000000240)={0xe}) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@txtime={{0x18}}], 0x18}, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) kernel console output (not intermixed with test programs): fff) [ 170.932415][ T6102] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=12 [ 170.949640][ T6102] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.2036: invalid indirect mapped block 234881024 (level 0) [ 171.018700][ T30] audit: type=1400 audit(1719844114.208:740): avc: denied { read } for pid=6119 comm="syz.1.2042" path="socket:[40180]" dev="sockfs" ino=40180 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 171.279097][ T6149] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2053'. [ 171.293479][ T6149] loop4: detected capacity change from 0 to 512 [ 171.314882][ T6151] loop3: detected capacity change from 0 to 512 [ 171.347823][ T6151] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 171.355617][ T6151] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 171.363036][ T6149] EXT4-fs (loop4): Test dummy encryption mode enabled [ 171.364649][ T6151] System zones: 0-1, 15-15, 18-18, 34-34 [ 171.376225][ T6151] EXT4-fs (loop3): orphan cleanup on readonly fs [ 171.377210][ T6149] EXT4-fs error (device loop4): __ext4_iget:4892: inode #11: block 1: comm syz.4.2053: invalid block [ 171.382687][ T6151] Quota error (device loop3): v2_read_header: Failed header read: expected=8 got=0 [ 171.393744][ T6149] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.2053: couldn't read orphan inode 11 (err -117) [ 171.402399][ T6151] EXT4-fs warning (device loop3): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 171.414594][ T6149] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 171.428496][ T6151] EXT4-fs (loop3): Cannot turn on quotas: error -22 [ 171.463424][ T6151] EXT4-fs error (device loop3): ext4_orphan_get:1423: comm syz.3.2054: bad orphan inode 16 [ 171.474129][ T6151] ext4_test_bit(bit=15, block=18) = 1 [ 171.479442][ T6151] is_bad_inode(inode)=0 [ 171.483312][ T6151] NEXT_ORPHAN(inode)=0 [ 171.487267][ T6151] max_ino=32 [ 171.490376][ T6151] i_nlink=2 [ 171.493248][ T6151] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 171.525699][ T6151] fscrypt (loop3, inode 16): Error -61 getting encryption context [ 171.565396][ T6157] loop3: detected capacity change from 0 to 128 [ 172.003790][ T6170] loop0: detected capacity change from 0 to 256 [ 172.139101][ T6183] loop4: detected capacity change from 0 to 512 [ 172.218455][ T6183] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 172.226232][ T6183] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 172.234313][ T6183] System zones: 0-1, 15-15, 18-18, 34-34 [ 172.240687][ T6183] EXT4-fs (loop4): orphan cleanup on readonly fs [ 172.247498][ T6183] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 172.256672][ T6183] EXT4-fs warning (device loop4): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 172.271270][ T6183] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 172.278098][ T6183] EXT4-fs error (device loop4): ext4_orphan_get:1423: comm syz.4.2065: bad orphan inode 16 [ 172.288269][ T6183] ext4_test_bit(bit=15, block=18) = 1 [ 172.293456][ T6183] is_bad_inode(inode)=0 [ 172.297712][ T6183] NEXT_ORPHAN(inode)=0 [ 172.301627][ T6183] max_ino=32 [ 172.304620][ T6183] i_nlink=2 [ 172.307892][ T6183] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 172.324817][ T6183] fscrypt (loop4, inode 16): Error -61 getting encryption context [ 172.366938][ T311] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 172.506395][ T6208] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2072'. [ 172.622365][ T6208] loop3: detected capacity change from 0 to 512 [ 172.792569][ T6208] EXT4-fs (loop3): Test dummy encryption mode enabled [ 172.808626][ T311] usb 3-1: Using ep0 maxpacket: 16 [ 172.815483][ T6208] EXT4-fs error (device loop3): __ext4_iget:4892: inode #11: block 1: comm syz.3.2072: invalid block [ 172.842483][ T6208] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.2072: couldn't read orphan inode 11 (err -117) [ 172.859912][ T6208] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 172.896565][ T30] audit: type=1326 audit(1719844116.078:741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6219 comm="syz.4.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2911a8ab99 code=0x7ffc0000 [ 172.922880][ T30] audit: type=1326 audit(1719844116.078:742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6219 comm="syz.4.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=132 compat=0 ip=0x7f2911a8ab99 code=0x7ffc0000 [ 172.946361][ T30] audit: type=1326 audit(1719844116.078:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6219 comm="syz.4.2079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2911a8ab99 code=0x7ffc0000 [ 172.987026][ T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 172.998157][ T311] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 173.009060][ T311] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 173.018352][ T311] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.027127][ T311] usb 3-1: config 0 descriptor?? [ 173.036446][ T6233] loop4: detected capacity change from 0 to 128 [ 173.042727][ T6] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 173.234476][ T30] audit: type=1326 audit(1719844116.418:744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6234 comm="syz.0.2085" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d58fb5b99 code=0x0 [ 173.653664][ T6] usb 2-1: Using ep0 maxpacket: 8 [ 174.263385][ T311] savu 0003:1E7D:2D5A.0018: item fetching failed at offset 2/5 [ 174.274432][ T311] savu 0003:1E7D:2D5A.0018: parse failed [ 174.275907][ T6247] loop0: detected capacity change from 0 to 512 [ 174.280119][ T311] savu: probe of 0003:1E7D:2D5A.0018 failed with error -22 [ 174.328673][ T6247] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 47 vs 41 free clusters [ 174.343685][ T6247] EXT4-fs (loop0): Remounting filesystem read-only [ 174.352992][ T6247] EXT4-fs (loop0): 1 orphan inode deleted [ 174.356903][ T6] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 174.358682][ T6247] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,noblock_validity,grpid,. Quota mode: writeback. [ 174.370034][ T6257] loop3: detected capacity change from 0 to 256 [ 174.381844][ T6247] ext4 filesystem being mounted at /root/syzkaller.MhVFh1/202/file1 supports timestamps until 2038 (0x7fffffff) [ 174.388009][ T6] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 174.403274][ T6247] EXT4-fs error (device loop0): ext4_remount:5845: comm syz.0.2088: Abort forced by user [ 174.422036][ T6] usb 2-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00 [ 174.433479][ T6247] EXT4-fs (loop0): Remounting filesystem read-only [ 174.440809][ T6247] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback. [ 174.448750][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.459680][ T2409] usb 3-1: USB disconnect, device number 16 [ 174.460459][ T6257] FAT-fs (loop3): Directory bread(block 64) failed [ 174.479518][ T6] usb 2-1: config 0 descriptor?? [ 174.481737][ T6257] FAT-fs (loop3): Directory bread(block 65) failed [ 174.484431][ T510] Quota error (device loop0): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync! [ 174.490754][ T6257] FAT-fs (loop3): Directory bread(block 66) failed [ 174.503383][ T510] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 174.519745][ T6257] FAT-fs (loop3): Directory bread(block 67) failed [ 174.524802][ T6] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 174.526095][ T6257] FAT-fs (loop3): Directory bread(block 68) failed [ 174.540249][ T6257] FAT-fs (loop3): Directory bread(block 69) failed [ 174.540310][ T510] Quota error (device loop0): write_blk: dquota write failed [ 174.546591][ T6257] FAT-fs (loop3): Directory bread(block 70) failed [ 174.554067][ T510] Quota error (device loop0): free_dqentry: Can't write quota data block 5 [ 174.560196][ T6257] FAT-fs (loop3): Directory bread(block 71) failed [ 174.575051][ T6257] FAT-fs (loop3): Directory bread(block 72) failed [ 174.581475][ T6257] FAT-fs (loop3): Directory bread(block 73) failed [ 174.586904][ T291] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 174.674497][ T6263] loop3: detected capacity change from 0 to 256 [ 174.856996][ T30] audit: type=1400 audit(1719844117.998:745): avc: denied { create } for pid=6260 comm="syz.0.2092" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_scsitransport_socket permissive=1 [ 174.885783][ T6263] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 174.946968][ T291] usb 5-1: Using ep0 maxpacket: 32 [ 175.100783][ T291] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 175.111590][ T291] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 175.121525][ T291] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 175.131155][ T291] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 175.140828][ T291] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 175.150296][ T291] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 175.246160][ T6274] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc [ 175.337159][ T291] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 175.346234][ T291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.368280][ T291] usb 5-1: Product: syz [ 175.372277][ T291] usb 5-1: Manufacturer: syz [ 175.376701][ T291] usb 5-1: SerialNumber: syz [ 175.651280][ T6280] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2097'. [ 175.702596][ T291] cdc_ncm 5-1:1.0: bind() failure [ 175.708855][ T291] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 175.715484][ T291] cdc_ncm 5-1:1.1: bind() failure [ 175.721259][ T291] usb 5-1: USB disconnect, device number 17 [ 175.748834][ T6285] loop0: detected capacity change from 0 to 8192 [ 175.998238][ T6] usb 2-1: USB disconnect, device number 14 [ 176.043592][ T6291] loop3: detected capacity change from 0 to 256 [ 176.072298][ T6291] FAT-fs (loop3): Directory bread(block 64) failed [ 176.078702][ T6291] FAT-fs (loop3): Directory bread(block 65) failed [ 176.095253][ T6291] FAT-fs (loop3): Directory bread(block 66) failed [ 176.101693][ T30] audit: type=1400 audit(1719844119.298:746): avc: denied { unlink } for pid=6293 comm="syz.1.2104" name="#4a" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 176.102646][ T6291] FAT-fs (loop3): Directory bread(block 67) failed [ 176.130246][ T6294] overlayfs: invalid origin (000000790066696c6530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 176.146493][ T6291] FAT-fs (loop3): Directory bread(block 68) failed [ 176.153500][ T6291] FAT-fs (loop3): Directory bread(block 69) failed [ 176.160148][ T6291] FAT-fs (loop3): Directory bread(block 70) failed [ 176.166500][ T6291] FAT-fs (loop3): Directory bread(block 71) failed [ 176.183910][ T6291] FAT-fs (loop3): Directory bread(block 72) failed [ 176.192077][ T6291] FAT-fs (loop3): Directory bread(block 73) failed [ 176.201440][ T6298] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2105'. [ 176.221461][ T6298] loop0: detected capacity change from 0 to 512 [ 176.264091][ T6298] EXT4-fs (loop0): Test dummy encryption mode enabled [ 176.272006][ T6298] EXT4-fs error (device loop0): __ext4_iget:4892: inode #11: block 1: comm syz.0.2105: invalid block [ 176.283249][ T6298] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.2105: couldn't read orphan inode 11 (err -117) [ 176.295324][ T6298] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 177.245527][ T6] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 177.407235][ T291] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 177.437434][ T6325] loop3: detected capacity change from 0 to 8192 [ 177.506914][ T6] usb 2-1: Using ep0 maxpacket: 32 [ 177.706910][ T291] usb 5-1: Using ep0 maxpacket: 8 [ 177.842231][ T291] usb 5-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 177.854918][ T291] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 177.905882][ T291] usb 5-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00 [ 177.928966][ T291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.937725][ T291] usb 5-1: config 0 descriptor?? [ 177.977372][ T291] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 178.306410][ T6] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 178.315987][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.324822][ T6] usb 2-1: Product: syz [ 178.329038][ T6] usb 2-1: Manufacturer: syz [ 178.333477][ T6] usb 2-1: SerialNumber: syz [ 178.342385][ T6] usb 2-1: config 0 descriptor?? [ 178.362424][ T6359] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2127'. [ 178.373650][ T6359] loop0: detected capacity change from 0 to 512 [ 178.417677][ T6] snd-usb-audio: probe of 2-1:0.0 failed with error -2 [ 178.650140][ T6359] EXT4-fs (loop0): Test dummy encryption mode enabled [ 178.673918][ T6359] EXT4-fs error (device loop0): __ext4_iget:4892: inode #11: block 1: comm syz.0.2127: invalid block [ 178.678721][ T6] usb 2-1: USB disconnect, device number 15 [ 178.697212][ T6359] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.2127: couldn't read orphan inode 11 (err -117) [ 178.709512][ T6359] EXT4-fs (loop0): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 179.013644][ T6373] syz.2.2130[6373] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 179.013982][ T6373] syz.2.2130[6373] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 179.364518][ T30] audit: type=1400 audit(1719844122.548:747): avc: denied { setopt } for pid=6379 comm="syz.0.2133" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 179.409535][ T6383] binder: 6382:6383 ioctl c0306201 20000240 returned -14 [ 179.455117][ T6393] loop0: detected capacity change from 0 to 128 [ 180.074503][ T6404] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2138'. [ 180.366942][ T2021] usb 5-1: USB disconnect, device number 18 [ 180.425054][ T6424] loop4: detected capacity change from 0 to 128 [ 180.431550][ T6420] loop2: detected capacity change from 0 to 256 [ 180.489253][ T6424] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 180.499750][ T6424] ext4 filesystem being mounted at /root/syzkaller.zSePZ1/177/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 180.537320][ T6420] exfat: Deprecated parameter 'namecase' [ 180.542944][ T6420] exfat: Deprecated parameter 'utf8' [ 180.548348][ T6420] exfat: Deprecated parameter 'namecase' [ 180.566780][ T6420] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 180.609837][ T6436] loop3: detected capacity change from 0 to 512 [ 180.713265][ T6436] EXT4-fs (loop3): Unrecognized mount option "errors=continue"max_dir_size_kb=0x0000000000000009" or missing value [ 180.727864][ T311] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 180.816693][ T6455] syz.4.2159[6455] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 180.817371][ T6455] syz.4.2159[6455] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 181.057725][ T6465] loop0: detected capacity change from 0 to 256 [ 181.300235][ T6465] exfat: Deprecated parameter 'namecase' [ 181.305853][ T6465] exfat: Deprecated parameter 'utf8' [ 181.311099][ T6465] exfat: Deprecated parameter 'namecase' [ 181.329341][ T6465] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 181.749021][ T311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.764320][ T311] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.778165][ T311] usb 2-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 181.788266][ T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.798946][ T311] usb 2-1: config 0 descriptor?? [ 182.145658][ T6496] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2178'. [ 182.212294][ T6499] netlink: 277 bytes leftover after parsing attributes in process `syz.4.2177'. [ 182.364417][ T6498] loop2: detected capacity change from 0 to 512 [ 182.398283][ T311] hid-rmi 0003:06CB:81A7.0019: unknown main item tag 0x0 [ 182.405265][ T311] hid-rmi 0003:06CB:81A7.0019: unknown main item tag 0x0 [ 182.410135][ T6502] loop3: detected capacity change from 0 to 256 [ 182.412733][ T311] hid-rmi 0003:06CB:81A7.0019: unknown main item tag 0x0 [ 182.425198][ T311] hid-rmi 0003:06CB:81A7.0019: unknown main item tag 0x0 [ 182.432405][ T311] hid-rmi 0003:06CB:81A7.0019: unknown main item tag 0x0 [ 182.440100][ T311] hid-rmi 0003:06CB:81A7.0019: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.1-1/input0 [ 182.443476][ T6502] exfat: Deprecated parameter 'namecase' [ 182.456717][ T6502] exfat: Deprecated parameter 'utf8' [ 182.462308][ T6502] exfat: Deprecated parameter 'namecase' [ 182.465056][ T6498] EXT4-fs (loop2): Test dummy encryption mode enabled [ 182.476159][ T6498] EXT4-fs error (device loop2): __ext4_iget:4892: inode #11: block 1: comm syz.2.2178: invalid block [ 182.487343][ T6498] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.2178: couldn't read orphan inode 11 (err -117) [ 182.498666][ T6502] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 182.505446][ T6498] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 182.625128][ T291] usb 2-1: USB disconnect, device number 16 [ 182.640012][ T6511] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2182'. [ 182.700429][ T6511] device veth0_vlan left promiscuous mode [ 182.726664][ T6515] loop3: detected capacity change from 0 to 128 [ 183.352530][ T311] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 183.409526][ T6537] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc [ 183.740777][ T6542] loop1: detected capacity change from 0 to 256 [ 183.791517][ T6551] loop2: detected capacity change from 0 to 256 [ 183.836891][ T311] usb 1-1: Using ep0 maxpacket: 32 [ 183.855703][ T6551] exfat: Unknown parameter 'threaded' [ 183.976685][ T6556] netlink: 277 bytes leftover after parsing attributes in process `syz.1.2199'. [ 184.205027][ T6551] loop2: detected capacity change from 0 to 1024 [ 184.213392][ T6551] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 184.230010][ T6551] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e11d, mo2=0002] [ 184.238202][ T6551] System zones: 0-1, 4-36, 102-102 [ 184.243467][ T6551] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,debug,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback. [ 184.333742][ T30] audit: type=1326 audit(1719844127.518:748): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6550 comm="syz.2.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f166814ab99 code=0x7ffc0000 [ 184.356999][ T30] audit: type=1326 audit(1719844127.518:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6550 comm="syz.2.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f166814ab99 code=0x7ffc0000 [ 184.417129][ T311] usb 1-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 184.426361][ T311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.435428][ T311] usb 1-1: Product: syz [ 184.439901][ T311] usb 1-1: Manufacturer: syz [ 184.444361][ T311] usb 1-1: SerialNumber: syz [ 184.449723][ T311] usb 1-1: config 0 descriptor?? [ 184.487754][ T311] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 184.515890][ T6568] loop2: detected capacity change from 0 to 128 [ 184.558887][ T291] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 184.611027][ T6572] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2206'. [ 184.621182][ T6572] device vlan2 entered promiscuous mode [ 184.927918][ T6] usb 1-1: USB disconnect, device number 15 [ 184.945850][ T30] audit: type=1326 audit(1719844128.128:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6571 comm="syz.3.2206" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f589e3b99 code=0x0 [ 185.235373][ T291] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 185.244313][ T291] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.253283][ T291] usb 5-1: config 0 descriptor?? [ 185.369100][ T30] audit: type=1326 audit(1719844128.558:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6597 comm="syz.1.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7ffc0000 [ 185.395944][ T30] audit: type=1326 audit(1719844128.588:752): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6597 comm="syz.1.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f635a8d8b99 code=0x7ffc0000 [ 185.420495][ T30] audit: type=1326 audit(1719844128.588:753): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6597 comm="syz.1.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7ffc0000 [ 185.611414][ T6625] x_tables: ip6_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 185.652038][ T6627] netlink: 277 bytes leftover after parsing attributes in process `syz.1.2218'. [ 185.797019][ T6626] loop3: detected capacity change from 0 to 128 [ 185.811667][ T291] usb 5-1: Cannot set MAC address [ 185.816589][ T291] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71 [ 185.825222][ T291] usb 5-1: USB disconnect, device number 19 [ 186.354956][ T30] audit: type=1326 audit(1719844129.538:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7ffc0000 [ 186.380394][ T30] audit: type=1326 audit(1719844129.538:755): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7ffc0000 [ 186.416155][ T30] audit: type=1326 audit(1719844129.568:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=189 compat=0 ip=0x7f635a8d8b99 code=0x7ffc0000 [ 186.443004][ T30] audit: type=1326 audit(1719844129.568:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2227" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7ffc0000 [ 186.691220][ T6642] loop4: detected capacity change from 0 to 40427 [ 186.699579][ T6661] loop1: detected capacity change from 0 to 256 [ 186.737409][ T6661] exfat: Unknown parameter 'threaded' [ 186.741486][ T6642] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 186.750275][ T6642] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 186.762418][ T6642] F2FS-fs (loop4): Unrecognized mount option "0xffffffffffffffff" or missing value [ 186.811192][ T6664] netlink: 277 bytes leftover after parsing attributes in process `syz.3.2238'. [ 186.970818][ T6661] loop1: detected capacity change from 0 to 1024 [ 186.984632][ T6661] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 186.997464][ T6661] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e11d, mo2=0002] [ 187.005479][ T6661] System zones: 0-1, 4-36, 102-102 [ 187.010970][ T6661] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,debug,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback. [ 187.323296][ T838] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 187.490766][ T6680] loop3: detected capacity change from 0 to 128 [ 187.849161][ T838] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 187.858218][ T838] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.866791][ T838] usb 1-1: config 0 descriptor?? [ 187.926915][ T6] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 188.187786][ T6686] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2247'. [ 188.214153][ T6688] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 188.306983][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.317998][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 188.327674][ T6] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 188.340463][ T6] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 188.349835][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 188.359511][ T6] usb 5-1: config 0 descriptor?? [ 188.386985][ T838] usb 1-1: Cannot set MAC address [ 188.391890][ T838] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71 [ 188.400960][ T838] usb 1-1: USB disconnect, device number 16 [ 188.424382][ T6695] syz.3.2251[6695] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.424432][ T6695] syz.3.2251[6695] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.436433][ T6695] syz.3.2251[6695] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.447750][ T6695] syz.3.2251[6695] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 188.473029][ T6697] loop3: detected capacity change from 0 to 256 [ 188.517897][ T6697] exfat: Unknown parameter 'threaded' [ 188.616435][ T6697] loop3: detected capacity change from 0 to 1024 [ 188.697373][ T6697] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 188.707333][ T6697] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e11d, mo2=0002] [ 188.715296][ T6697] System zones: 0-1, 4-36, 102-102 [ 188.720604][ T6697] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,debug,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback. [ 188.867648][ T6] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 188.875016][ T6] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving [ 188.885202][ T6] plantronics 0003:047F:FFFF.001A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 189.130245][ T6711] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2256'. [ 189.426785][ T6] usb 5-1: USB disconnect, device number 20 [ 190.041316][ T6741] tc_dump_action: action bad kind [ 190.116872][ T291] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 190.286894][ T6] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 190.353642][ T6761] netlink: 277 bytes leftover after parsing attributes in process `syz.1.2275'. [ 190.506981][ T291] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 190.515869][ T291] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.524241][ T291] usb 1-1: config 0 descriptor?? [ 190.606931][ T838] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 190.776911][ T6] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 190.789560][ T6] usb 4-1: New USB device found, idVendor=046d, idProduct=1017, bcdDevice= 0.00 [ 190.798408][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.807054][ T6] usb 4-1: config 0 descriptor?? [ 190.847389][ T6] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 190.976911][ T838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 190.987704][ T838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 190.997439][ T838] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 191.010349][ T838] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 191.019331][ T838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.032237][ T838] usb 5-1: config 0 descriptor?? [ 191.048774][ T6] usb 4-1: USB disconnect, device number 15 [ 191.050542][ T291] usb 1-1: Cannot set MAC address [ 191.059606][ T291] MOSCHIP usb-ethernet driver: probe of 1-1:0.0 failed with error -71 [ 191.075219][ T291] usb 1-1: USB disconnect, device number 17 [ 191.149598][ T6769] tc_dump_action: action bad kind [ 191.527671][ T838] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 191.535207][ T838] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving [ 191.543976][ T838] plantronics 0003:047F:FFFF.001B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 191.914781][ T6797] tc_dump_action: action bad kind [ 191.947283][ T6800] x_tables: unsorted entry at hook 2 [ 191.957253][ T6793] loop0: detected capacity change from 0 to 40427 [ 191.983774][ T6793] F2FS-fs (loop0): Found nat_bits in checkpoint [ 192.006925][ T6807] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=6807 comm=syz.3.2293 [ 192.024114][ T6793] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 192.066803][ T6810] loop1: detected capacity change from 0 to 256 [ 192.100667][ T6810] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 192.251175][ T6820] device pim6reg1 entered promiscuous mode [ 192.326955][ T838] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 192.686936][ T838] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 192.695798][ T838] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.704493][ T838] usb 4-1: config 0 descriptor?? [ 192.845507][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 192.845522][ T30] audit: type=1400 audit(1719844136.028:791): avc: denied { create } for pid=6831 comm="syz.0.2303" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 192.855764][ T6832] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2303'. [ 193.017829][ T30] audit: type=1326 audit(1719844136.208:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.041032][ T30] audit: type=1326 audit(1719844136.208:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.064034][ T30] audit: type=1326 audit(1719844136.208:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.087645][ T30] audit: type=1326 audit(1719844136.208:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.116420][ T30] audit: type=1326 audit(1719844136.208:796): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.157006][ T6] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 193.158564][ T30] audit: type=1326 audit(1719844136.208:797): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.216903][ T838] usb 4-1: Cannot set MAC address [ 193.221891][ T838] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 193.225203][ T30] audit: type=1326 audit(1719844136.208:798): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.234547][ T838] usb 4-1: USB disconnect, device number 16 [ 193.254169][ T30] audit: type=1326 audit(1719844136.208:799): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.281956][ T30] audit: type=1326 audit(1719844136.208:800): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6816 comm="syz.1.2297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f635a8d8b99 code=0x7fc00000 [ 193.323918][ T6847] loop1: detected capacity change from 0 to 256 [ 193.560635][ T6850] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.567776][ T6850] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.574998][ T6850] device bridge_slave_0 entered promiscuous mode [ 193.581361][ T6] usb 1-1: config 0 has an invalid interface number: 4 but max is 0 [ 193.582397][ T6850] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.589522][ T6] usb 1-1: config 0 has no interface number 0 [ 193.596556][ T6850] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.602073][ T6] usb 1-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.609589][ T6850] device bridge_slave_1 entered promiscuous mode [ 193.619586][ T6] usb 1-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.635321][ T6] usb 1-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 193.644222][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.652710][ T6] usb 1-1: config 0 descriptor?? [ 193.693243][ T6850] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.700098][ T6850] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.707206][ T6850] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.713970][ T6850] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.734294][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 193.741740][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 193.750168][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 193.757471][ T20] usb 5-1: USB disconnect, device number 21 [ 193.792733][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 193.803885][ T838] bridge0: port 1(bridge_slave_0) entered blocking state [ 193.810768][ T838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 193.819186][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 193.827223][ T838] bridge0: port 2(bridge_slave_1) entered blocking state [ 193.834068][ T838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 193.856978][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 193.870320][ T6857] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2315'. [ 193.887542][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 193.910006][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 193.918435][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 193.928928][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 193.943478][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 193.953695][ T6850] device veth0_vlan entered promiscuous mode [ 194.010533][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 194.039663][ T6850] device veth1_macvtap entered promiscuous mode [ 194.055219][ T6868] loop3: detected capacity change from 0 to 512 [ 194.065770][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 194.077493][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 194.118104][ T10] device bridge_slave_1 left promiscuous mode [ 194.124049][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 194.131769][ T10] device bridge_slave_0 left promiscuous mode [ 194.142173][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 194.149870][ T6868] EXT4-fs (loop3): unsupported inode size: 0 [ 194.156648][ T10] device veth1_macvtap left promiscuous mode [ 194.162571][ T6868] EXT4-fs (loop3): blocksize: 2048 [ 194.163040][ T10] device veth0_vlan left promiscuous mode [ 194.216930][ T6] usbhid 1-1:0.4: can't add hid device: -71 [ 194.227283][ T6] usbhid: probe of 1-1:0.4 failed with error -71 [ 194.246599][ T6] usb 1-1: USB disconnect, device number 18 [ 194.776414][ T6902] loop0: detected capacity change from 0 to 512 [ 194.832787][ T6904] loop4: detected capacity change from 0 to 256 [ 194.883769][ T6902] EXT4-fs (loop0): unsupported inode size: 0 [ 194.889959][ T6902] EXT4-fs (loop0): blocksize: 2048 [ 195.236893][ T291] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 195.416867][ T2021] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 195.486877][ T291] usb 2-1: Using ep0 maxpacket: 8 [ 195.776964][ T2021] usb 1-1: config 0 has an invalid interface number: 4 but max is 0 [ 195.784813][ T2021] usb 1-1: config 0 has no interface number 0 [ 195.790774][ T2021] usb 1-1: config 0 interface 4 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 195.801408][ T2021] usb 1-1: config 0 interface 4 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 195.806947][ T291] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 195.810955][ T2021] usb 1-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 195.820323][ T291] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.828621][ T2021] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.832315][ T2021] usb 1-1: config 0 descriptor?? [ 195.836805][ T291] usb 2-1: Product: syz [ 195.853234][ T291] usb 2-1: Manufacturer: syz [ 195.857588][ T291] usb 2-1: SerialNumber: syz [ 195.862565][ T291] usb 2-1: config 0 descriptor?? [ 196.376941][ T2021] usbhid 1-1:0.4: can't add hid device: -71 [ 196.382699][ T2021] usbhid: probe of 1-1:0.4 failed with error -71 [ 196.390368][ T2021] usb 1-1: USB disconnect, device number 19 [ 196.406902][ T291] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 196.602949][ T6945] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.610538][ T6945] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.617839][ T6945] device bridge_slave_0 entered promiscuous mode [ 196.625801][ T6945] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.644321][ T6945] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.651582][ T6945] device bridge_slave_1 entered promiscuous mode [ 196.699539][ T6945] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.706378][ T6945] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.713522][ T6945] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.720288][ T6945] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.739630][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 196.747465][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.754629][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.768295][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 196.776330][ T2021] bridge0: port 1(bridge_slave_0) entered blocking state [ 196.783179][ T2021] bridge0: port 1(bridge_slave_0) entered forwarding state [ 196.790424][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 196.798670][ T2021] bridge0: port 2(bridge_slave_1) entered blocking state [ 196.805492][ T2021] bridge0: port 2(bridge_slave_1) entered forwarding state [ 196.806931][ T291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 196.823448][ T291] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 196.823901][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 196.833258][ T291] usb 4-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 196.841662][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 196.850091][ T291] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.866538][ T291] usb 4-1: config 0 descriptor?? [ 196.882527][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 196.893753][ T6945] device veth0_vlan entered promiscuous mode [ 196.900421][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 196.910298][ T6962] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 196.912422][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 196.926880][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 196.927602][ T6962] SELinux: security_context_str_to_sid(s) failed for (dev bpf, type bpf) errno=-22 [ 196.947225][ T6945] device veth1_macvtap entered promiscuous mode [ 196.957893][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 196.970014][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 197.000237][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 197.022022][ T6966] loop7: detected capacity change from 0 to 16385 [ 197.316974][ T39] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 197.347991][ T291] itetech 0003:06CB:73F5.001C: collection stack underflow [ 197.354978][ T291] itetech 0003:06CB:73F5.001C: item 0 0 0 12 parsing failed [ 197.362296][ T291] itetech: probe of 0003:06CB:73F5.001C failed with error -22 [ 197.396880][ T292] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 197.574670][ T291] usb 4-1: USB disconnect, device number 17 [ 197.616870][ T39] usb 1-1: Using ep0 maxpacket: 32 [ 197.975120][ T291] usb 2-1: USB disconnect, device number 17 [ 197.986309][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 197.986324][ T30] audit: type=1400 audit(1719844141.168:855): avc: denied { create } for pid=6988 comm="syz.1.2369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 198.012464][ T292] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 198.012492][ T292] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.012876][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.040531][ T292] usb 3-1: config 0 descriptor?? [ 198.045364][ T30] audit: type=1400 audit(1719844141.168:856): avc: denied { write } for pid=6988 comm="syz.1.2369" path="socket:[44343]" dev="sockfs" ino=44343 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 198.069912][ T30] audit: type=1400 audit(1719844141.168:857): avc: denied { nlmsg_read } for pid=6988 comm="syz.1.2369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 198.077453][ T39] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.102309][ T39] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 198.111087][ T6991] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2370'. [ 198.111416][ T39] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.132510][ T39] usb 1-1: config 0 descriptor?? [ 198.140020][ T30] audit: type=1326 audit(1719844141.328:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6992 comm="syz.1.2371" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5b60d52b99 code=0x0 [ 198.187353][ T39] hub 1-1:0.0: USB hub found [ 198.397448][ T39] hub 1-1:0.0: 1 port detected [ 198.536925][ T292] usb 3-1: Cannot set MAC address [ 198.541874][ T292] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71 [ 198.553395][ T292] usb 3-1: USB disconnect, device number 17 [ 198.888236][ T26] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 198.895802][ T39] usb 1-1: USB disconnect, device number 20 [ 199.306921][ T26] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 199.317076][ T26] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 199.325857][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.333727][ T292] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 199.341820][ T26] usb 4-1: config 0 descriptor?? [ 199.377489][ T26] usb 4-1: Found UVC 0.00 device (046d:08c1) [ 199.384291][ T26] usb 4-1: No valid video chain found. [ 199.610727][ T26] usb 4-1: USB disconnect, device number 18 [ 199.639181][ T7025] SELinux: Context system_u:object_r:gpg_agent_exec_t:s0 is not valid (left unmapped). [ 199.670933][ T7025] loop0: detected capacity change from 0 to 256 [ 199.677541][ T292] usb 3-1: Using ep0 maxpacket: 8 [ 199.727225][ T30] audit: type=1400 audit(1719844142.838:859): avc: denied { relabelto } for pid=7021 comm="syz.0.2383" name="file1" dev="sda1" ino=2057 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:gpg_agent_exec_t:s0" [ 199.774722][ T30] audit: type=1400 audit(1719844142.888:860): avc: denied { mounton } for pid=7021 comm="syz.0.2383" path="/root/syzkaller.MhVFh1/269/file1" dev="sda1" ino=2057 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:gpg_agent_exec_t:s0" [ 199.986958][ T292] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 199.995858][ T292] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.003913][ T292] usb 3-1: Product: syz [ 200.007942][ T292] usb 3-1: Manufacturer: syz [ 200.012335][ T292] usb 3-1: SerialNumber: syz [ 200.017689][ T292] usb 3-1: config 0 descriptor?? [ 200.348583][ T30] audit: type=1400 audit(1719844143.538:861): avc: denied { rmdir } for pid=3583 comm="syz-executor" name="file1" dev="sda1" ino=2057 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:gpg_agent_exec_t:s0" [ 200.403135][ T7038] EXT4-fs warning (device sda1): ext4_group_extend:1822: can't shrink FS - resize aborted [ 201.876915][ T291] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 202.086881][ T6] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 202.164274][ T7083] syz.1.2404[7083] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 202.164332][ T7083] syz.1.2404[7083] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 202.176777][ T7083] syz.1.2404[7083] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 202.188098][ T7083] syz.1.2404[7083] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 202.256951][ T291] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 202.579779][ T291] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 202.592806][ T291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.608472][ T291] usb 5-1: Product: syz [ 202.615031][ T7104] loop0: detected capacity change from 0 to 512 [ 202.621270][ T6] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 202.621451][ T291] usb 5-1: Manufacturer: syz [ 202.631746][ T6] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 202.639506][ T291] usb 5-1: SerialNumber: syz [ 202.649218][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.652869][ T291] usb 5-1: config 0 descriptor?? [ 202.658168][ T6] usb 4-1: config 0 descriptor?? [ 202.679110][ T7104] EXT4-fs (loop0): 1 orphan inode deleted [ 202.684683][ T7104] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 202.705890][ T6] usb 4-1: Found UVC 0.00 device (046d:08c1) [ 202.708728][ T7104] ext4 filesystem being mounted at /root/syzkaller.MhVFh1/274/file1 supports timestamps until 2038 (0x7fffffff) [ 202.712657][ T6] usb 4-1: No valid video chain found. [ 202.827954][ T6] usb 3-1: USB disconnect, device number 18 [ 203.027341][ T291] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 203.067079][ T291] usb 5-1: USB disconnect, device number 22 [ 203.084229][ T2021] usb 4-1: USB disconnect, device number 19 [ 203.464194][ T6] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 203.550684][ T30] audit: type=1326 audit(1719844146.738:862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7123 comm="syz.0.2419" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7d58fb5b99 code=0x0 [ 203.660273][ T30] audit: type=1400 audit(1719844146.848:863): avc: denied { mounton } for pid=7123 comm="syz.0.2419" path="/proc/7123/task/7124/net/netfilter" dev="proc" ino=4026532309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=dir permissive=1 [ 203.665278][ T7131] loop0: detected capacity change from 0 to 256 [ 203.706981][ T6] usb 2-1: Using ep0 maxpacket: 32 [ 203.797050][ T7137] loop4: detected capacity change from 0 to 256 [ 203.931321][ T30] audit: type=1400 audit(1719844147.118:864): avc: denied { getopt } for pid=7134 comm="syz.2.2424" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 204.223017][ T7143] loop3: detected capacity change from 0 to 256 [ 204.307011][ T6] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 204.315922][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.323763][ T6] usb 2-1: Product: syz [ 204.327712][ T6] usb 2-1: Manufacturer: syz [ 204.332116][ T6] usb 2-1: SerialNumber: syz [ 204.352554][ T6] usb 2-1: config 0 descriptor?? [ 204.461491][ T7149] device pim6reg1 entered promiscuous mode [ 204.525052][ T30] audit: type=1400 audit(1719844147.708:865): avc: denied { bind } for pid=7154 comm="syz.0.2430" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 204.742321][ T7168] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2433'. [ 204.973256][ T7171] loop3: detected capacity change from 0 to 1024 [ 204.998309][ T7171] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 205.008880][ T7171] EXT4-fs (loop3): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue. Quota mode: writeback. [ 205.038973][ T7171] Disabled LAPIC found during irq injection [ 205.138433][ T30] audit: type=1326 audit(1719844148.328:866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7179 comm="syz.3.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f589e3b99 code=0x7ffc0000 [ 205.161815][ T6] (unnamed net_device) (uninitialized): Assigned a random MAC address: 5e:db:de:0e:8a:5b [ 205.172033][ T30] audit: type=1326 audit(1719844148.328:867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7179 comm="syz.3.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f589e3b99 code=0x7ffc0000 [ 205.197362][ T6] rtl8150 2-1:0.0: eth1: rtl8150 is detected [ 205.205876][ T30] audit: type=1326 audit(1719844148.328:868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7179 comm="syz.3.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f589e3b99 code=0x7ffc0000 [ 205.229317][ T30] audit: type=1326 audit(1719844148.328:869): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7179 comm="syz.3.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f589e3b99 code=0x7ffc0000 [ 205.256851][ T838] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 205.271266][ T30] audit: type=1326 audit(1719844148.328:870): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7179 comm="syz.3.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9f589e3b99 code=0x7ffc0000 [ 205.301504][ T30] audit: type=1326 audit(1719844148.328:871): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7179 comm="syz.3.2438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9f589e3b99 code=0x7ffc0000 [ 205.365664][ T6] usb 2-1: USB disconnect, device number 18 [ 205.472194][ T7214] device pim6reg1 entered promiscuous mode [ 205.826923][ T838] usb 3-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 205.839061][ T838] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 205.848277][ T838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.870627][ T838] usb 3-1: config 0 descriptor?? [ 205.907743][ T838] usb 3-1: Found UVC 0.00 device (046d:08c1) [ 205.914442][ T838] usb 3-1: No valid video chain found. [ 206.131922][ T838] usb 3-1: USB disconnect, device number 19 [ 206.446875][ T39] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 206.536423][ T7248] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2453'. [ 206.796950][ T39] usb 4-1: Using ep0 maxpacket: 32 [ 206.926967][ T39] usb 4-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 206.937870][ T39] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 207.767163][ T39] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 207.776422][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.785039][ T39] usb 4-1: Product: syz [ 207.789711][ T39] usb 4-1: Manufacturer: syz [ 207.794237][ T39] usb 4-1: SerialNumber: syz [ 207.836227][ T7295] loop2: detected capacity change from 0 to 256 [ 208.226417][ T7297] loop1: detected capacity change from 0 to 40427 [ 208.253003][ T7297] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 208.260979][ T7297] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 208.281420][ T7297] F2FS-fs (loop1): Unrecognized mount option "0xffffffffffffffff" or missing value [ 208.387494][ T39] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 208.404741][ T7330] netlink: 277 bytes leftover after parsing attributes in process `syz.0.2482'. [ 208.473929][ T39] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 208.510495][ T39] usb 4-1: USB disconnect, device number 20 [ 208.586301][ T7335] loop2: detected capacity change from 0 to 16 [ 208.677449][ T7335] erofs: (device loop2): mounted with root inode @ nid 36. [ 208.687182][ T7335] erofs: (device loop2): find_target_block_classic: corrupted dir block 0 @ nid 36 [ 209.206127][ T7363] loop3: detected capacity change from 0 to 16 [ 209.226911][ T63] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 209.237858][ T7363] erofs: (device loop3): mounted with root inode @ nid 36. [ 209.256242][ T7363] erofs: (device loop3): find_target_block_classic: corrupted dir block 0 @ nid 36 [ 209.278273][ T7371] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2507'. [ 209.302431][ T7375] loop1: detected capacity change from 0 to 128 [ 209.354015][ T7385] loop3: detected capacity change from 0 to 1024 [ 209.390873][ T7385] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000088,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,usrquota,data_err=abort,data_err=abort,,errors=continue. Quota mode: writeback. [ 209.434779][ T7388] handle_bad_sector: 47339 callbacks suppressed [ 209.434801][ T7388] attempt to access beyond end of device [ 209.434801][ T7388] loop1: rw=2049, want=1041, limit=128 [ 209.517064][ T2021] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 209.523596][ T7394] loop3: detected capacity change from 0 to 16 [ 209.547027][ T291] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 209.562335][ T7394] erofs: (device loop3): mounted with root inode @ nid 36. [ 209.570493][ T7394] erofs: (device loop3): find_target_block_classic: corrupted dir block 0 @ nid 36 [ 209.596932][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.612570][ T63] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 209.624711][ T63] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 209.635100][ T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.647620][ T63] usb 5-1: config 0 descriptor?? [ 209.766907][ T2021] usb 3-1: Using ep0 maxpacket: 32 [ 209.839409][ T7406] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.846286][ T7406] bridge0: port 1(bridge_slave_0) entered disabled state [ 209.854284][ T7406] device bridge_slave_0 entered promiscuous mode [ 209.861476][ T7406] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.868489][ T7406] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.875891][ T7406] device bridge_slave_1 entered promiscuous mode [ 209.886921][ T2021] usb 3-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 209.897270][ T2021] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 209.917063][ T291] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 209.927258][ T291] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 209.984281][ T7406] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.991161][ T7406] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.998286][ T7406] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.005040][ T7406] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.036954][ T291] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 210.045836][ T291] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 210.050013][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 210.053769][ T291] usb 1-1: SerialNumber: syz [ 210.061037][ T2021] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 210.077153][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 210.084762][ T2021] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.093817][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 210.100780][ T2021] usb 3-1: Product: syz [ 210.105943][ T2021] usb 3-1: Manufacturer: syz [ 210.115295][ T2021] usb 3-1: SerialNumber: syz [ 210.117586][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 210.127104][ T63] hid (null): bogus close delimiter [ 210.129042][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 210.139944][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 210.154872][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 210.162966][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 210.169811][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 210.177015][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 210.194369][ T7406] device veth0_vlan entered promiscuous mode [ 210.200607][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 210.208865][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 210.216632][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 210.229054][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 210.238053][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 210.254614][ T7406] device veth1_macvtap entered promiscuous mode [ 210.263721][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 210.275989][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 210.293558][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 210.322300][ T30] kauditd_printk_skb: 8 callbacks suppressed [ 210.322314][ T30] audit: type=1400 audit(1719844153.508:880): avc: denied { map } for pid=7418 comm="syz.1.2526" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 210.367603][ T291] usb 1-1: 0:2 : does not exist [ 210.367755][ T63] usb 5-1: language id specifier not provided by device, defaulting to English [ 210.372756][ T291] usb 1-1: unit 5: unexpected type 0x0b [ 210.390100][ T291] usb 1-1: USB disconnect, device number 21 [ 210.496991][ T2021] usb 3-1: Audio class v2/v3 interfaces need an interface association [ 210.505082][ T2021] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 210.514803][ T2021] usb 3-1: USB disconnect, device number 20 [ 210.561980][ T7438] loop1: detected capacity change from 0 to 128 [ 210.580209][ T30] audit: type=1400 audit(1719844153.768:881): avc: denied { getattr } for pid=7433 comm="syz.3.2532" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 210.580720][ T7434] overlayfs: statfs failed on './file0' [ 210.707854][ T7441] attempt to access beyond end of device [ 210.707854][ T7441] loop1: rw=2049, want=1041, limit=128 [ 210.798491][ T63] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.001D/input/input32 [ 210.830421][ T63] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:256C:006D.001D/input/input33 [ 210.856566][ T63] uclogic 0003:256C:006D.001D: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.4-1/input0 [ 210.957228][ T7446] loop3: detected capacity change from 0 to 40427 [ 211.001699][ T291] usb 5-1: USB disconnect, device number 23 [ 211.005227][ T7446] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 211.022513][ T7446] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 211.032529][ T7446] F2FS-fs (loop3): invalid crc value [ 211.059749][ T7446] F2FS-fs (loop3): Found nat_bits in checkpoint [ 211.161014][ T7446] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 211.168079][ T7446] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 211.189460][ T3583] ------------[ cut here ]------------ [ 211.199721][ T3583] WARNING: CPU: 0 PID: 3583 at fs/overlayfs/util.c:470 ovl_dir_modified+0x1a5/0x1e0 [ 211.210172][ T3583] Modules linked in: [ 211.214273][ T3583] CPU: 0 PID: 3583 Comm: syz-executor Not tainted 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 211.224728][ T3583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 211.235906][ T3583] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 211.241739][ T3583] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 f2 b1 9f ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2b 78 5d ff <0f> 0b e9 06 ff ff ff e8 1f 78 5d ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 211.265797][ T3583] RSP: 0018:ffffc90000a87b60 EFLAGS: 00010293 [ 211.272093][ T3583] RAX: ffffffff8212bf75 RBX: 0000000000000000 RCX: ffff88811861e2c0 [ 211.280904][ T3583] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.289135][ T3583] RBP: ffffc90000a87b90 R08: ffffffff8212be74 R09: ffffed1024135bf1 [ 211.297766][ T3583] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810be6a770 [ 211.305679][ T3583] R13: ffff88810be6a7a0 R14: 1ffff110217cd4f4 R15: ffff8881209adee0 [ 211.313597][ T3583] FS: 0000555557031500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 211.322535][ T3583] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 211.329149][ T3583] CR2: 00007fae44e5bff0 CR3: 0000000112384000 CR4: 00000000003506b0 [ 211.337048][ T3583] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 211.345393][ T3583] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 211.354069][ T3583] Call Trace: [ 211.360148][ T3583] [ 211.380276][ T3583] ? show_regs+0x58/0x60 [ 211.384476][ T3583] ? __warn+0x160/0x2f0 [ 211.388575][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 211.393436][ T3583] ? report_bug+0x3d9/0x5b0 [ 211.463109][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 211.468457][ T3583] ? handle_bug+0x41/0x70 [ 211.473072][ T3583] ? exc_invalid_op+0x1b/0x50 [ 211.478591][ T3583] ? asm_exc_invalid_op+0x1b/0x20 [ 211.504478][ T3583] ? ovl_dir_modified+0xa4/0x1e0 [ 211.524717][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 211.530695][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 211.537695][ T3583] ovl_do_remove+0x64c/0xa30 [ 211.544705][ T3583] ? ovl_set_redirect+0x690/0x690 [ 211.549855][ T3583] ? selinux_inode_rmdir+0x22/0x30 [ 211.555228][ T3583] ovl_rmdir+0x1a/0x20 [ 211.560640][ T3583] vfs_rmdir+0x324/0x470 [ 211.564838][ T3583] incfs_kill_sb+0x113/0x230 [ 211.569976][ T3583] deactivate_locked_super+0xad/0x110 [ 211.575280][ T3583] deactivate_super+0xbe/0xf0 [ 211.580039][ T3583] cleanup_mnt+0x45c/0x510 [ 211.584278][ T3583] __cleanup_mnt+0x19/0x20 [ 211.588863][ T3583] task_work_run+0x129/0x190 [ 211.593367][ T3583] exit_to_user_mode_loop+0xc4/0xe0 [ 211.599375][ T3583] exit_to_user_mode_prepare+0x5a/0xa0 [ 211.604767][ T3583] syscall_exit_to_user_mode+0x26/0x160 [ 211.610426][ T3583] do_syscall_64+0x49/0xb0 [ 211.614726][ T3583] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 211.620908][ T3583] RIP: 0033:0x7f7d58fb6ec7 [ 211.625183][ T3583] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 211.643548][ T7474] attempt to access beyond end of device [ 211.643548][ T7474] loop3: rw=2049, want=79960, limit=40427 [ 211.645045][ T3583] RSP: 002b:00007fff366dfa88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 211.659827][ T7474] attempt to access beyond end of device [ 211.659827][ T7474] loop3: rw=2049, want=81920, limit=40427 [ 211.680290][ T7474] attempt to access beyond end of device [ 211.680290][ T7474] loop3: rw=2049, want=51440, limit=40427 [ 211.693395][ T3583] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7d58fb6ec7 [ 211.695389][ T7474] attempt to access beyond end of device [ 211.695389][ T7474] loop3: rw=2049, want=53248, limit=40427 [ 211.717519][ T7474] attempt to access beyond end of device [ 211.717519][ T7474] loop3: rw=2049, want=59720, limit=40427 [ 211.733350][ T7474] attempt to access beyond end of device [ 211.733350][ T7474] loop3: rw=2049, want=61768, limit=40427 [ 211.747522][ T3583] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff366dfb40 [ 211.748917][ T7474] attempt to access beyond end of device [ 211.748917][ T7474] loop3: rw=2049, want=63816, limit=40427 [ 211.755316][ T3583] RBP: 00007fff366dfb40 R08: 0000000000000000 R09: 0000000000000000 [ 211.770795][ T7474] attempt to access beyond end of device [ 211.770795][ T7474] loop3: rw=2049, want=65864, limit=40427 [ 211.802684][ T3583] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff366e0bf0 [ 211.832951][ T3583] R13: 00007f7d5902364a R14: 00000000000338bb R15: 00007fff366e0c30 [ 211.841960][ T3583] [ 211.844800][ T3583] ---[ end trace 380bf120c982e31e ]--- [ 211.851123][ T3583] ------------[ cut here ]------------ [ 211.857675][ T3583] WARNING: CPU: 1 PID: 3583 at fs/overlayfs/util.c:470 ovl_dir_modified+0x1a5/0x1e0 [ 211.867149][ T3583] Modules linked in: [ 211.868240][ T510] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 211.870878][ T3583] CPU: 0 PID: 3583 Comm: syz-executor Tainted: G W 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 211.890866][ T3583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 211.891237][ T510] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 211.901168][ T3583] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 211.914980][ T3583] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 f2 b1 9f ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2b 78 5d ff <0f> 0b e9 06 ff ff ff e8 1f 78 5d ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 211.935344][ T2021] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 211.942813][ T3583] RSP: 0018:ffffc90000a87b60 EFLAGS: 00010293 [ 211.948687][ T3583] RAX: ffffffff8212bf75 RBX: 0000000000000000 RCX: ffff88811861e2c0 [ 211.956696][ T3583] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.965321][ T3583] RBP: ffffc90000a87b90 R08: ffffffff8212be74 R09: ffffed1024135bf1 [ 211.973994][ T3583] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810be6a770 [ 211.982240][ T3583] R13: ffff88810be6a7a0 R14: 1ffff110217cd4f4 R15: ffff8881209adee0 [ 211.990306][ T3583] FS: 0000555557031500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 211.999333][ T3583] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 212.005742][ T3583] CR2: 0000000000000000 CR3: 0000000112384000 CR4: 00000000003506b0 [ 212.013978][ T3583] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 212.022010][ T3583] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 212.030244][ T3583] Call Trace: [ 212.033361][ T3583] [ 212.033396][ T7481] bridge0: port 1(bridge_slave_0) entered disabled state [ 212.036114][ T3583] ? show_regs+0x58/0x60 [ 212.052507][ T3583] ? __warn+0x160/0x2f0 [ 212.056500][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 212.061609][ T3583] ? report_bug+0x3d9/0x5b0 [ 212.065945][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 212.071122][ T3583] ? handle_bug+0x41/0x70 [ 212.075267][ T3583] ? exc_invalid_op+0x1b/0x50 [ 212.081601][ T3583] ? asm_exc_invalid_op+0x1b/0x20 [ 212.086457][ T3583] ? ovl_dir_modified+0xa4/0x1e0 [ 212.091886][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 212.096738][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 212.101843][ T291] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 212.114895][ T3583] ovl_do_remove+0x64c/0xa30 [ 212.119633][ T3583] ? ovl_set_redirect+0x690/0x690 [ 212.124479][ T3583] ? selinux_inode_rmdir+0x22/0x30 [ 212.131683][ T3583] ovl_rmdir+0x1a/0x20 [ 212.137035][ T3583] vfs_rmdir+0x324/0x470 [ 212.141162][ T3583] incfs_kill_sb+0x1b4/0x230 [ 212.145586][ T3583] deactivate_locked_super+0xad/0x110 [ 212.151580][ T3583] deactivate_super+0xbe/0xf0 [ 212.156455][ T3583] cleanup_mnt+0x45c/0x510 [ 212.161999][ T3583] __cleanup_mnt+0x19/0x20 [ 212.166598][ T3583] task_work_run+0x129/0x190 [ 212.171473][ T3583] exit_to_user_mode_loop+0xc4/0xe0 [ 212.180960][ T3583] exit_to_user_mode_prepare+0x5a/0xa0 [ 212.186260][ T3583] syscall_exit_to_user_mode+0x26/0x160 [ 212.191861][ T3583] do_syscall_64+0x49/0xb0 [ 212.196103][ T3583] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 212.196930][ T2021] usb 3-1: Using ep0 maxpacket: 16 [ 212.201871][ T3583] RIP: 0033:0x7f7d58fb6ec7 [ 212.211446][ T3583] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 212.246866][ T3583] RSP: 002b:00007fff366dfa88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 212.255564][ T3583] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7d58fb6ec7 [ 212.267250][ T3583] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff366dfb40 [ 212.275268][ T3583] RBP: 00007fff366dfb40 R08: 0000000000000000 R09: 0000000000000000 [ 212.284233][ T3583] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff366e0bf0 [ 212.292082][ T3583] R13: 00007f7d5902364a R14: 00000000000338bb R15: 00007fff366e0c30 [ 212.299914][ T3583] [ 212.302697][ T3583] ---[ end trace 380bf120c982e31f ]--- [ 212.356873][ T291] usb 5-1: Using ep0 maxpacket: 32 [ 212.387001][ T2021] usb 3-1: unable to get BOS descriptor or descriptor too short [ 212.445221][ T7500] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=7500 comm=syz.0.2546 [ 212.477077][ T291] usb 5-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 212.487350][ T291] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 212.667006][ T2021] usb 3-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=d5.2a [ 212.675971][ T2021] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.683794][ T2021] usb 3-1: Product: syz [ 212.686914][ T291] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 212.697192][ T291] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 212.705102][ T291] usb 5-1: Product: syz [ 212.710868][ T291] usb 5-1: Manufacturer: syz [ 212.715361][ T291] usb 5-1: SerialNumber: syz [ 212.849101][ T2021] usb 3-1: Manufacturer: syz [ 212.853526][ T2021] usb 3-1: SerialNumber: syz [ 213.026885][ T6] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 213.117774][ T291] usb 5-1: Audio class v2/v3 interfaces need an interface association [ 213.125957][ T291] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 213.134680][ T291] usb 5-1: USB disconnect, device number 24 [ 213.147378][ T2021] usb 3-1: Invalid firmware size=18. [ 213.155053][ T2021] usb 3-1: USB disconnect, device number 21 [ 213.334575][ T7514] input: syz1 as /devices/virtual/input/input34 [ 213.396908][ T6] usb 4-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config [ 213.411545][ T6] usb 4-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 213.420494][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.428840][ T6] usb 4-1: config 0 descriptor?? [ 213.497403][ T6] usb 4-1: Found UVC 0.00 device (046d:08c1) [ 213.505467][ T6] usb 4-1: No valid video chain found. [ 213.575749][ T7522] loop4: detected capacity change from 0 to 256 [ 213.636958][ T7516] loop1: detected capacity change from 0 to 40427 [ 213.649590][ T7522] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x0619d298, utbl_chksum : 0xe619d30d) [ 213.682500][ T7524] loop2: detected capacity change from 0 to 128 [ 213.699290][ T26] usb 4-1: USB disconnect, device number 21 [ 213.707501][ T7516] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 213.716412][ T7516] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 213.727934][ T7524] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 213.740580][ T7524] ext4 filesystem being mounted at /root/syzkaller.ZJL3c0/38/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 213.743375][ T7516] F2FS-fs (loop1): invalid crc value [ 213.794024][ T7529] loop4: detected capacity change from 0 to 512 [ 213.801941][ T7516] F2FS-fs (loop1): Found nat_bits in checkpoint [ 213.831072][ T7516] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 213.838173][ T7516] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 213.869266][ T7529] EXT4-fs (loop4): 1 orphan inode deleted [ 213.874983][ T7529] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 213.896112][ T7529] ext4 filesystem being mounted at /root/syzkaller.zSePZ1/263/file1 supports timestamps until 2038 (0x7fffffff) [ 214.448814][ T7547] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=7547 comm=syz.2.2571 [ 214.480957][ T3583] ------------[ cut here ]------------ [ 214.486556][ T3583] WARNING: CPU: 1 PID: 3583 at fs/overlayfs/util.c:470 ovl_dir_modified+0x1a5/0x1e0 [ 214.496158][ T3583] Modules linked in: [ 214.500269][ T3583] CPU: 1 PID: 3583 Comm: syz-executor Tainted: G W 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 214.511930][ T3583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 214.522308][ T7537] handle_bad_sector: 5 callbacks suppressed [ 214.522325][ T7537] attempt to access beyond end of device [ 214.522325][ T7537] loop1: rw=2049, want=81920, limit=40427 [ 214.546363][ T3583] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 214.547666][ T7537] attempt to access beyond end of device [ 214.547666][ T7537] loop1: rw=2049, want=53248, limit=40427 [ 214.558143][ T3583] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 f2 b1 9f ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2b 78 5d ff <0f> 0b e9 06 ff ff ff e8 1f 78 5d ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 214.605823][ T7537] attempt to access beyond end of device [ 214.605823][ T7537] loop1: rw=2049, want=77824, limit=40427 [ 214.633244][ T7537] attempt to access beyond end of device [ 214.633244][ T7537] loop1: rw=2049, want=85872, limit=40427 [ 214.679357][ T3583] RSP: 0018:ffffc90000a87b60 EFLAGS: 00010293 [ 214.685824][ T3583] RAX: ffffffff8212bf75 RBX: 0000000000000000 RCX: ffff88811861e2c0 [ 214.694355][ T3583] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 214.694698][ T6850] attempt to access beyond end of device [ 214.694698][ T6850] loop1: rw=2049, want=40968, limit=40427 [ 214.702270][ T3583] RBP: ffffc90000a87b90 R08: ffffffff8212be74 R09: ffffed1024135a05 [ 214.721733][ T45] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 214.731720][ T45] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 214.740524][ T3583] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810ff21770 [ 214.750837][ T3583] R13: ffff88810ff217a0 R14: 1ffff11021fe42f4 R15: ffff8881209acf80 [ 214.759121][ T3583] FS: 0000555557031500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 214.776419][ T3583] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 214.788890][ T3583] CR2: 0000000020000200 CR3: 0000000112384000 CR4: 00000000003506a0 [ 214.796714][ T3583] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 214.812356][ T3583] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 214.821385][ T3583] Call Trace: [ 214.824674][ T3583] [ 214.828492][ T3583] ? show_regs+0x58/0x60 [ 214.832564][ T3583] ? __warn+0x160/0x2f0 [ 214.836556][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 214.842038][ T3583] ? report_bug+0x3d9/0x5b0 [ 214.849397][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 214.854299][ T3583] ? handle_bug+0x41/0x70 [ 214.856889][ T30] audit: type=1326 audit(1719844158.038:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7554 comm="syz.3.2577" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9bd1737b99 code=0x0 [ 214.858758][ T3583] ? exc_invalid_op+0x1b/0x50 [ 214.885544][ T3583] ? asm_exc_invalid_op+0x1b/0x20 [ 214.890987][ T3583] ? ovl_dir_modified+0xa4/0x1e0 [ 214.895980][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 214.900938][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 214.905742][ T3583] ovl_do_remove+0x64c/0xa30 [ 214.910524][ T3583] ? ovl_set_redirect+0x690/0x690 [ 214.915415][ T3583] ? selinux_inode_rmdir+0x22/0x30 [ 214.920482][ T3583] ovl_rmdir+0x1a/0x20 [ 214.924399][ T3583] vfs_rmdir+0x324/0x470 [ 214.944470][ T3583] incfs_kill_sb+0x113/0x230 [ 214.949000][ T3583] deactivate_locked_super+0xad/0x110 [ 214.954381][ T3583] deactivate_super+0xbe/0xf0 [ 214.959046][ T3583] cleanup_mnt+0x45c/0x510 [ 214.963236][ T3583] __cleanup_mnt+0x19/0x20 [ 214.968204][ T3583] task_work_run+0x129/0x190 [ 214.972620][ T3583] exit_to_user_mode_loop+0xc4/0xe0 [ 214.977878][ T3583] exit_to_user_mode_prepare+0x5a/0xa0 [ 214.984412][ T3583] syscall_exit_to_user_mode+0x26/0x160 [ 214.989881][ T3583] do_syscall_64+0x49/0xb0 [ 214.994084][ T3583] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 214.999898][ T3583] RIP: 0033:0x7f7d58fb6ec7 [ 215.004118][ T3583] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 215.023589][ T3583] RSP: 002b:00007fff366dfa88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 215.031846][ T3583] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7d58fb6ec7 [ 215.039639][ T3583] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff366dfb40 [ 215.047450][ T3583] RBP: 00007fff366dfb40 R08: 0000000000000000 R09: 0000000000000000 [ 215.055239][ T3583] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff366e0bf0 [ 215.063076][ T3583] R13: 00007f7d5902364a R14: 000000000003458c R15: 00007fff366e0c30 [ 215.070889][ T3583] [ 215.073727][ T3583] ---[ end trace 380bf120c982e320 ]--- [ 215.079393][ T3583] ------------[ cut here ]------------ [ 215.084647][ T3583] WARNING: CPU: 1 PID: 3583 at fs/overlayfs/util.c:470 ovl_dir_modified+0x1a5/0x1e0 [ 215.093875][ T3583] Modules linked in: [ 215.097766][ T3583] CPU: 1 PID: 3583 Comm: syz-executor Tainted: G W 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 215.109070][ T3583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 215.119448][ T3583] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 215.124896][ T3583] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 f2 b1 9f ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2b 78 5d ff <0f> 0b e9 06 ff ff ff e8 1f 78 5d ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 215.144369][ T3583] RSP: 0018:ffffc90000a87b60 EFLAGS: 00010293 [ 215.150260][ T3583] RAX: ffffffff8212bf75 RBX: 0000000000000000 RCX: ffff88811861e2c0 [ 215.158078][ T3583] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.165861][ T3583] RBP: ffffc90000a87b90 R08: ffffffff8212be74 R09: ffffed1024135a05 [ 215.173712][ T3583] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88810ff21770 [ 215.181642][ T3583] R13: ffff88810ff217a0 R14: 1ffff11021fe42f4 R15: ffff8881209acf80 [ 215.189445][ T3583] FS: 0000555557031500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 215.198351][ T3583] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 215.204738][ T3583] CR2: 00007f5b60d35da0 CR3: 0000000112384000 CR4: 00000000003506a0 [ 215.212573][ T3583] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 215.216869][ T2021] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 215.220383][ T3583] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 215.220401][ T3583] Call Trace: [ 215.238696][ T3583] [ 215.241447][ T3583] ? show_regs+0x58/0x60 [ 215.245533][ T3583] ? __warn+0x160/0x2f0 [ 215.249579][ T817] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 215.249928][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 215.261841][ T3583] ? report_bug+0x3d9/0x5b0 [ 215.266284][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 215.271206][ T3583] ? handle_bug+0x41/0x70 [ 215.275405][ T3583] ? exc_invalid_op+0x1b/0x50 [ 215.280161][ T3583] ? asm_exc_invalid_op+0x1b/0x20 [ 215.285055][ T3583] ? ovl_dir_modified+0xa4/0x1e0 [ 215.289868][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 215.299581][ T3583] ? ovl_dir_modified+0x1a5/0x1e0 [ 215.304511][ T3583] ovl_do_remove+0x64c/0xa30 [ 215.309005][ T3583] ? ovl_set_redirect+0x690/0x690 [ 215.313890][ T3583] ? selinux_inode_rmdir+0x22/0x30 [ 215.318916][ T3583] ovl_rmdir+0x1a/0x20 [ 215.322876][ T3583] vfs_rmdir+0x324/0x470 [ 215.324611][ T7566] SELinux: security_context_str_to_sid(Õ) failed for (dev ?, type ?) errno=-22 [ 215.327084][ T3583] incfs_kill_sb+0x1b4/0x230 [ 215.340143][ T3583] deactivate_locked_super+0xad/0x110 [ 215.341181][ T7566] SELinux: security_context_str_to_sid(Õ) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 215.345513][ T3583] deactivate_super+0xbe/0xf0 [ 215.361206][ T3583] cleanup_mnt+0x45c/0x510 [ 215.365659][ T3583] __cleanup_mnt+0x19/0x20 [ 215.370126][ T3583] task_work_run+0x129/0x190 [ 215.374638][ T3583] exit_to_user_mode_loop+0xc4/0xe0 [ 215.379833][ T3583] exit_to_user_mode_prepare+0x5a/0xa0 [ 215.385401][ T3583] syscall_exit_to_user_mode+0x26/0x160 [ 215.390868][ T3583] do_syscall_64+0x49/0xb0 [ 215.395056][ T3583] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 215.400890][ T3583] RIP: 0033:0x7f7d58fb6ec7 [ 215.405150][ T3583] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 215.424813][ T3583] RSP: 002b:00007fff366dfa88 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 215.433283][ T3583] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7d58fb6ec7 [ 215.441446][ T3583] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff366dfb40 [ 215.449409][ T3583] RBP: 00007fff366dfb40 R08: 0000000000000000 R09: 0000000000000000 [ 215.457367][ T3583] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff366e0bf0 [ 215.465209][ T3583] R13: 00007f7d5902364a R14: 000000000003458c R15: 00007fff366e0c30 [ 215.473158][ T3583] [ 215.476051][ T3583] ---[ end trace 380bf120c982e321 ]--- [ 215.496867][ T817] usb 2-1: Using ep0 maxpacket: 32 [ 215.607037][ T2021] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 215.616910][ T817] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 215.626840][ T2021] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 215.628444][ T817] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 215.637383][ T2021] usb 5-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 215.654967][ T2021] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 215.663650][ T2021] usb 5-1: config 0 descriptor?? [ 215.690060][ T7406] ------------[ cut here ]------------ [ 215.695735][ T7406] WARNING: CPU: 0 PID: 7406 at fs/overlayfs/util.c:470 ovl_dir_modified+0x1a5/0x1e0 [ 215.705103][ T7406] Modules linked in: [ 215.709143][ T7406] CPU: 0 PID: 7406 Comm: syz-executor Tainted: G W 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 215.719309][ T7579] loop2: detected capacity change from 0 to 40427 [ 215.721293][ T7406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 215.736729][ T7406] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 215.742484][ T7406] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 f2 b1 9f ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2b 78 5d ff <0f> 0b e9 06 ff ff ff e8 1f 78 5d ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 215.762177][ T7406] RSP: 0018:ffffc90000f8fb60 EFLAGS: 00010293 [ 215.768084][ T7406] RAX: ffffffff8212bf75 RBX: 0000000000000000 RCX: ffff88810cf40000 [ 215.775858][ T7406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.783721][ T7406] RBP: ffffc90000f8fb90 R08: ffffffff8212be74 R09: ffffed1024102ed3 [ 215.791522][ T7406] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881269b6cc0 [ 215.799344][ T7406] R13: ffff8881269b6cf0 R14: 1ffff11024d36d9e R15: ffff8881208175f0 [ 215.807147][ T63] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 215.814533][ T7406] FS: 0000555555f70500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 215.823307][ T7406] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 215.823316][ T817] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 215.823341][ T817] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.829752][ T7406] CR2: 00007ffd6ceafff8 CR3: 0000000116f60000 CR4: 00000000003506b0 [ 215.839987][ T817] usb 2-1: Product: syz [ 215.846336][ T7406] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 215.854452][ T817] usb 2-1: Manufacturer: syz [ 215.858705][ T7406] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 215.866207][ T817] usb 2-1: SerialNumber: syz [ 215.870716][ T7406] Call Trace: [ 215.870723][ T7406] [ 215.870730][ T7406] ? show_regs+0x58/0x60 [ 215.870751][ T7406] ? __warn+0x160/0x2f0 [ 215.870766][ T7406] ? ovl_dir_modified+0x1a5/0x1e0 [ 215.870787][ T7406] ? report_bug+0x3d9/0x5b0 [ 215.870805][ T7406] ? ovl_dir_modified+0x1a5/0x1e0 [ 215.911089][ T7406] ? handle_bug+0x41/0x70 [ 215.915196][ T7406] ? exc_invalid_op+0x1b/0x50 [ 215.917575][ T7579] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 215.919997][ T7406] ? asm_exc_invalid_op+0x1b/0x20 [ 215.932833][ T7579] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 215.932924][ T7406] ? ovl_dir_modified+0xa4/0x1e0 [ 215.942018][ T7579] F2FS-fs (loop2): invalid crc value [ 215.945700][ T7406] ? ovl_dir_modified+0x1a5/0x1e0 [ 215.952273][ T7579] F2FS-fs (loop2): Found nat_bits in checkpoint [ 215.955625][ T7406] ? ovl_dir_modified+0x1a5/0x1e0 [ 215.966490][ T7406] ovl_do_remove+0x64c/0xa30 [ 215.970976][ T7406] ? ovl_set_redirect+0x690/0x690 [ 215.975791][ T7406] ? selinux_inode_rmdir+0x22/0x30 [ 215.980951][ T7406] ovl_rmdir+0x1a/0x20 [ 215.984829][ T7406] vfs_rmdir+0x324/0x470 [ 215.988092][ T7579] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 215.989155][ T7406] incfs_kill_sb+0x113/0x230 [ 215.995872][ T7579] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 216.000357][ T7406] deactivate_locked_super+0xad/0x110 [ 216.000397][ T7406] deactivate_super+0xbe/0xf0 [ 216.000411][ T7406] cleanup_mnt+0x45c/0x510 [ 216.000426][ T7406] __cleanup_mnt+0x19/0x20 [ 216.000438][ T7406] task_work_run+0x129/0x190 [ 216.000451][ T7406] exit_to_user_mode_loop+0xc4/0xe0 [ 216.000474][ T7406] exit_to_user_mode_prepare+0x5a/0xa0 [ 216.000490][ T7406] syscall_exit_to_user_mode+0x26/0x160 [ 216.000507][ T7406] do_syscall_64+0x49/0xb0 [ 216.000523][ T7406] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 216.000540][ T7406] RIP: 0033:0x7f9bd1738ec7 [ 216.000555][ T7406] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 216.080001][ T7406] RSP: 002b:00007ffd6ceb0268 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 216.088651][ T7406] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f9bd1738ec7 [ 216.096469][ T7406] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6ceb0320 [ 216.104390][ T7406] RBP: 00007ffd6ceb0320 R08: 0000000000000000 R09: 0000000000000000 [ 216.112364][ T7406] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6ceb13d0 [ 216.120452][ T7406] R13: 00007f9bd17a564a R14: 0000000000034a68 R15: 00007ffd6ceb1410 [ 216.128527][ T7406] [ 216.131405][ T7406] ---[ end trace 380bf120c982e322 ]--- [ 216.137324][ T7406] ------------[ cut here ]------------ [ 216.142646][ T7406] WARNING: CPU: 0 PID: 7406 at fs/overlayfs/util.c:470 ovl_dir_modified+0x1a5/0x1e0 [ 216.152100][ T7406] Modules linked in: [ 216.155855][ T7406] CPU: 0 PID: 7406 Comm: syz-executor Tainted: G W 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 216.169307][ T7406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 216.179334][ T7406] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 216.184844][ T7406] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 f2 b1 9f ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 2b 78 5d ff <0f> 0b e9 06 ff ff ff e8 1f 78 5d ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 216.204690][ T7406] RSP: 0018:ffffc90000f8fb60 EFLAGS: 00010293 [ 216.206030][ T2021] wacom 0003:056A:00D0.001E: Unknown device_type for 'HID 056a:00d0'. Assuming pen. [ 216.212819][ T7406] RAX: ffffffff8212bf75 RBX: 0000000000000000 RCX: ffff88810cf40000 [ 216.220860][ T2021] wacom 0003:056A:00D0.001E: hidraw0: USB HID v0.00 Device [HID 056a:00d0] on usb-dummy_hcd.4-1/input0 [ 216.227754][ T7406] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 216.240743][ T2021] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:00D0.001E/input/input35 [ 216.253064][ T7406] RBP: ffffc90000f8fb90 R08: ffffffff8212be74 R09: ffffed1024102ed3 [ 216.258877][ T63] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 216.266939][ T817] usb 2-1: Audio class v2/v3 interfaces need an interface association [ 216.278443][ T63] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 216.289311][ T7406] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881269b6cc0 [ 216.302526][ T817] snd-usb-audio: probe of 2-1:1.0 failed with error -22 [ 216.552063][ T63] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 216.567068][ T7406] R13: ffff8881269b6cf0 R14: 1ffff11024d36d9e R15: ffff8881208175f0 [ 216.585252][ T63] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 216.594701][ T7406] FS: 0000555555f70500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 216.604910][ T63] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.609077][ T7588] attempt to access beyond end of device [ 216.609077][ T7588] loop2: rw=2049, want=81920, limit=40427 [ 216.613505][ T7406] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 216.631871][ T7588] attempt to access beyond end of device [ 216.631871][ T7588] loop2: rw=2049, want=53248, limit=40427 [ 216.633962][ T63] usb 1-1: config 0 descriptor?? [ 216.648568][ T7406] CR2: 0000000000000000 CR3: 0000000116f60000 CR4: 00000000003506b0 [ 216.672618][ T7588] attempt to access beyond end of device [ 216.672618][ T7588] loop2: rw=2049, want=72312, limit=40427 [ 216.694187][ T2021] usb 5-1: USB disconnect, device number 25 [ 216.694817][ T7588] attempt to access beyond end of device [ 216.694817][ T7588] loop2: rw=2049, want=74952, limit=40427 [ 216.705522][ T7406] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 216.717644][ T7588] attempt to access beyond end of device [ 216.717644][ T7588] loop2: rw=2049, want=77600, limit=40427 [ 216.719172][ T7406] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 216.739765][ T7406] Call Trace: [ 216.742962][ T7406] [ 216.745739][ T7406] ? show_regs+0x58/0x60 [ 216.750611][ T7406] ? __warn+0x160/0x2f0 [ 216.754584][ T7406] ? ovl_dir_modified+0x1a5/0x1e0 [ 216.759721][ T7406] ? report_bug+0x3d9/0x5b0 [ 216.764144][ T7406] ? ovl_dir_modified+0x1a5/0x1e0 [ 216.769123][ T7406] ? handle_bug+0x41/0x70 [ 216.771140][ T817] usb 2-1: USB disconnect, device number 19 [ 216.775306][ T7406] ? exc_invalid_op+0x1b/0x50 [ 216.783981][ T7406] ? asm_exc_invalid_op+0x1b/0x20 [ 216.784654][ T45] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 216.789270][ T7406] ? ovl_dir_modified+0xa4/0x1e0 [ 216.797898][ T45] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 216.817029][ T7406] ? ovl_dir_modified+0x1a5/0x1e0 [ 216.821976][ T7406] ? ovl_dir_modified+0x1a5/0x1e0 [ 216.826769][ T7406] ovl_do_remove+0x64c/0xa30 [ 216.831251][ T7406] ? ovl_set_redirect+0x690/0x690 [ 216.836112][ T7406] ? selinux_inode_rmdir+0x22/0x30 [ 216.841025][ T7406] ovl_rmdir+0x1a/0x20 [ 216.844937][ T7406] vfs_rmdir+0x324/0x470 [ 216.849153][ T7406] incfs_kill_sb+0x1b4/0x230 [ 216.853564][ T7406] deactivate_locked_super+0xad/0x110 [ 216.859137][ T7406] deactivate_super+0xbe/0xf0 [ 216.863630][ T7406] cleanup_mnt+0x45c/0x510 [ 216.868437][ T7406] __cleanup_mnt+0x19/0x20 [ 216.872667][ T7406] task_work_run+0x129/0x190 [ 216.877558][ T7406] exit_to_user_mode_loop+0xc4/0xe0 [ 216.882577][ T7406] exit_to_user_mode_prepare+0x5a/0xa0 [ 216.887956][ T7406] syscall_exit_to_user_mode+0x26/0x160 [ 216.893361][ T7406] do_syscall_64+0x49/0xb0 [ 216.897590][ T7406] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 216.903250][ T7406] RIP: 0033:0x7f9bd1738ec7 [ 216.907519][ T7406] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 216.927175][ T7406] RSP: 002b:00007ffd6ceb0268 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 216.935421][ T7406] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f9bd1738ec7 [ 216.945493][ T7406] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6ceb0320 [ 216.946029][ T7590] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2048 sclass=netlink_route_socket pid=7590 comm=syz.1.2589 [ 216.953362][ T7406] RBP: 00007ffd6ceb0320 R08: 0000000000000000 R09: 0000000000000000 [ 216.953379][ T7406] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6ceb13d0 [ 216.953390][ T7406] R13: 00007f9bd17a564a R14: 0000000000034a68 R15: 00007ffd6ceb1410 [ 216.953411][ T7406] [ 216.953418][ T7406] ---[ end trace 380bf120c982e323 ]--- [ 217.029213][ T7595] loop2: detected capacity change from 0 to 1024 [ 217.073581][ T7600] SELinux: security_context_str_to_sid(Õ) failed for (dev ?, type ?) errno=-22 [ 217.083456][ T7600] SELinux: security_context_str_to_sid(Õ) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 217.095417][ T7595] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 217.136489][ T7605] overlayfs: failed to resolve './file2': -2 [ 217.145306][ T7595] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2590'. [ 217.167778][ T63] plantronics 0003:047F:FFFF.001F: unknown main item tag 0x0 [ 217.175220][ T63] plantronics 0003:047F:FFFF.001F: No inputs registered, leaving [ 217.235453][ T63] plantronics 0003:047F:FFFF.001F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 217.402680][ T7614] loop4: detected capacity change from 0 to 256 [ 217.532035][ T30] audit: type=1326 audit(1719844160.718:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7610 comm="syz.3.2596" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9bd1737b99 code=0x0 [ 217.569695][ T30] audit: type=1400 audit(1719844160.738:884): avc: denied { getopt } for pid=7613 comm="syz.2.2597" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 217.733949][ T7625] cgroup: Bad value for 'name' [ 217.749732][ T7625] SELinux: Context system_u:object_r:logrotate_exec_t:s0 is not valid (left unmapped). [ 217.826958][ T30] audit: type=1400 audit(1719844160.948:885): avc: denied { relabelto } for pid=7621 comm="syz.2.2599" name="52" dev="sda1" ino=2015 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:logrotate_exec_t:s0" [ 217.925869][ T7628] loop1: detected capacity change from 0 to 1024 [ 217.948345][ T7628] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 217.959869][ T7628] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,dioread_lock,data_err=abort,,errors=continue. Quota mode: writeback. [ 218.250712][ T7645] syz.3.2608[7645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 218.250781][ T7645] syz.3.2608[7645] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 218.327298][ T7671] loop4: detected capacity change from 0 to 1024 [ 218.353354][ T7671] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 218.365521][ T7671] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,dioread_lock,data_err=abort,,errors=continue. Quota mode: writeback. [ 218.483875][ T30] audit: type=1400 audit(1719844161.668:886): avc: denied { write } for pid=6945 comm="syz-executor" name="52" dev="sda1" ino=2015 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:logrotate_exec_t:s0" [ 218.525460][ T30] audit: type=1400 audit(1719844161.668:887): avc: denied { remove_name } for pid=6945 comm="syz-executor" name="cgroup.cpu" dev="sda1" ino=2054 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:logrotate_exec_t:s0" [ 218.627030][ T7678] loop3: detected capacity change from 0 to 256 [ 218.634102][ T2409] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 218.683852][ T30] audit: type=1400 audit(1719844161.838:888): avc: denied { rmdir } for pid=6945 comm="syz-executor" name="52" dev="sda1" ino=2015 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:logrotate_exec_t:s0" [ 218.744499][ T7676] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.751510][ T7676] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.759070][ T7676] device bridge_slave_0 entered promiscuous mode [ 218.765773][ T7688] device pim6reg1 entered promiscuous mode [ 218.772142][ T7676] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.779056][ T7676] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.786370][ T7676] device bridge_slave_1 entered promiscuous mode [ 218.852711][ T7676] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.859601][ T7676] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.866678][ T7676] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.873490][ T7676] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.907887][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 218.916062][ T291] bridge0: port 1(bridge_slave_0) entered disabled state [ 218.924101][ T291] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.936330][ T7700] syz.2.2619[7700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 218.936399][ T7700] syz.2.2619[7700] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 218.948258][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 218.980802][ T39] bridge0: port 1(bridge_slave_0) entered blocking state [ 218.987716][ T39] bridge0: port 1(bridge_slave_0) entered forwarding state [ 218.999697][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 219.007246][ T7702] syz.2.2620[7702] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 219.007544][ T7702] syz.2.2620[7702] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 219.007946][ T39] bridge0: port 2(bridge_slave_1) entered blocking state [ 219.036576][ T39] bridge0: port 2(bridge_slave_1) entered forwarding state [ 219.053525][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 219.072435][ T7704] xt_SECMARK: invalid mode: 0 [ 219.074742][ T291] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 219.094493][ T7691] loop0: detected capacity change from 0 to 40427 [ 219.100931][ T2409] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 219.111413][ T2409] usb 2-1: config 0 has no interfaces? [ 219.116739][ T2409] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 219.123437][ T7691] F2FS-fs (loop0): invalid crc value [ 219.125627][ T2409] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.136530][ T7691] F2FS-fs (loop0): Found nat_bits in checkpoint [ 219.139184][ T2409] usb 2-1: config 0 descriptor?? [ 219.157441][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 219.165677][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 219.174153][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 219.181947][ T7691] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 219.182095][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 219.203990][ T7676] device veth0_vlan entered promiscuous mode [ 219.218268][ T7676] device veth1_macvtap entered promiscuous mode [ 219.234192][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 219.241930][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 219.251050][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 219.260202][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 219.297350][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 219.304857][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 219.317099][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 219.325338][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 219.333644][ T838] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 219.414232][ T30] audit: type=1400 audit(1719844162.598:889): avc: denied { sys_admin } for pid=7729 comm="syz.4.2628" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 219.436493][ T7734] loop3: detected capacity change from 0 to 1024 [ 219.445845][ T7728] syz.0.2629[7728] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 219.445922][ T7728] syz.0.2629[7728] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 219.547476][ T26] usb 1-1: USB disconnect, device number 22 [ 219.565371][ T7734] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 219.589389][ T7734] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2631'. [ 219.630016][ T45] device bridge_slave_1 left promiscuous mode [ 219.743647][ T7748] loop0: detected capacity change from 0 to 256 [ 219.762668][ T7661] overlayfs: failed to verify origin (/, ino=1, err=-1) [ 219.776328][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 219.812852][ T7661] overlayfs: failed to verify upper root origin [ 219.823928][ T45] device bridge_slave_0 left promiscuous mode [ 219.831001][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.839211][ T45] device veth1_macvtap left promiscuous mode [ 219.846085][ T45] device veth0_vlan left promiscuous mode [ 219.856914][ T2409] usb 2-1: string descriptor 0 read error: -71 [ 219.864237][ T7742] loop4: detected capacity change from 0 to 40427 [ 219.867430][ T2409] usb 2-1: USB disconnect, device number 20 [ 219.889189][ T7742] F2FS-fs (loop4): invalid crc value [ 219.896029][ T7742] F2FS-fs (loop4): Found nat_bits in checkpoint [ 219.933431][ T7742] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 220.017529][ T7755] netlink: 'syz.2.2634': attribute type 12 has an invalid length. [ 220.544793][ T7777] syz.3.2643[7777] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 220.544895][ T7777] syz.3.2643[7777] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 220.567954][ T30] audit: type=1400 audit(1719844163.538:890): avc: denied { shutdown } for pid=7760 comm="syz.4.2635" lport=6 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 220.585473][ T7788] loop2: detected capacity change from 0 to 1024 [ 220.634586][ T7788] EXT4-fs (loop2): Ignoring removed orlov option [ 220.643480][ T7788] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 220.665514][ T7788] EXT4-fs (loop2): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 220.694645][ T30] audit: type=1400 audit(1719844163.878:891): avc: denied { watch } for pid=7786 comm="syz.2.2644" path="/root/syzkaller.ZJL3c0/63/file1/file0" dev="loop2" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 220.726019][ T30] audit: type=1400 audit(1719844163.908:892): avc: denied { setattr } for pid=7786 comm="syz.2.2644" name="file0" dev="incremental-fs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 220.906954][ T838] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 220.964907][ T7815] bridge0: port 1(bridge_slave_0) entered blocking state [ 220.971948][ T7815] bridge0: port 1(bridge_slave_0) entered disabled state [ 220.979305][ T7815] device bridge_slave_0 entered promiscuous mode [ 220.986421][ T7815] bridge0: port 2(bridge_slave_1) entered blocking state [ 220.993330][ T7815] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.000774][ T7815] device bridge_slave_1 entered promiscuous mode [ 221.185823][ T7836] loop3: detected capacity change from 0 to 256 [ 221.346861][ T838] usb 1-1: Using ep0 maxpacket: 32 [ 221.375802][ T7844] loop4: detected capacity change from 0 to 1024 [ 221.386310][ T7844] EXT4-fs (loop4): Ignoring removed orlov option [ 221.392843][ T7844] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 221.400589][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 221.408153][ T63] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 221.419631][ T7844] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 221.420887][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 221.450400][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 221.458428][ T26] bridge0: port 1(bridge_slave_0) entered blocking state [ 221.465266][ T26] bridge0: port 1(bridge_slave_0) entered forwarding state [ 221.473407][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 221.480691][ T838] usb 1-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 221.480942][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 221.498511][ T838] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 221.498821][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 221.515151][ T26] bridge0: port 2(bridge_slave_1) entered blocking state [ 221.522007][ T26] bridge0: port 2(bridge_slave_1) entered forwarding state [ 221.539538][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 221.548921][ T2409] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 221.563333][ T2409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 221.567016][ T63] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 221.576785][ T7815] device veth0_vlan entered promiscuous mode [ 221.586653][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 221.595381][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 221.603325][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 221.626622][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 221.636735][ T7815] device veth1_macvtap entered promiscuous mode [ 221.656930][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 221.657101][ T7852] loop4: detected capacity change from 0 to 256 [ 221.665090][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 221.686964][ T838] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 221.697060][ T838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.704993][ T838] usb 1-1: Product: syz [ 221.709279][ T838] usb 1-1: Manufacturer: syz [ 221.723656][ T838] usb 1-1: SerialNumber: syz [ 221.730705][ T2021] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 221.730849][ T7852] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 221.848096][ T45] device bridge_slave_1 left promiscuous mode [ 221.854060][ T45] bridge0: port 2(bridge_slave_1) entered disabled state [ 221.864656][ T45] device bridge_slave_0 left promiscuous mode [ 221.870944][ T45] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.881065][ T45] device veth1_macvtap left promiscuous mode [ 221.897388][ T45] device veth0_vlan left promiscuous mode [ 222.426964][ T63] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 222.437329][ T63] usb 3-1: config 0 has no interfaces? [ 222.442696][ T63] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 222.451570][ T63] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.464137][ T63] usb 3-1: config 0 descriptor?? [ 222.846964][ T838] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 222.881250][ T838] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 222.914775][ T7893] loop1: detected capacity change from 0 to 512 [ 222.922220][ T838] usb 1-1: USB disconnect, device number 23 [ 222.953125][ T7889] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2671'. [ 222.962124][ T7896] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2671'. [ 222.999162][ T7893] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm syz.1.2672: bg 0: block 5: invalid block bitmap [ 223.016333][ T7893] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6176: Corrupt filesystem [ 223.028504][ T7893] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.2672: invalid indirect mapped block 3 (level 2) [ 223.042348][ T7893] EXT4-fs (loop1): 1 orphan inode deleted [ 223.050410][ T7893] EXT4-fs (loop1): 1 truncate cleaned up [ 223.055932][ T7893] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 223.089011][ T7837] overlayfs: failed to verify origin (/, ino=1, err=-1) [ 223.098109][ T7837] overlayfs: failed to verify upper root origin [ 223.136932][ T63] usb 3-1: string descriptor 0 read error: -71 [ 223.155909][ T63] usb 3-1: USB disconnect, device number 22 [ 223.553253][ T7917] loop3: detected capacity change from 0 to 256 [ 223.690867][ T7925] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2685'. [ 223.700578][ T7925] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2685'. [ 223.819445][ T7937] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7937 comm=syz.4.2689 [ 223.848547][ T7937] loop4: detected capacity change from 0 to 512 [ 223.916662][ T7937] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 223.955803][ T7941] loop3: detected capacity change from 0 to 512 [ 223.969301][ T7937] EXT4-fs (loop4): can't mount with data=, fs mounted w/o journal [ 223.993196][ T7936] loop0: detected capacity change from 0 to 40427 [ 224.049794][ T7941] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.2691: bg 0: block 5: invalid block bitmap [ 224.062705][ T7941] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6176: Corrupt filesystem [ 224.071655][ T7941] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.2691: invalid indirect mapped block 3 (level 2) [ 224.085406][ T7941] EXT4-fs (loop3): 1 orphan inode deleted [ 224.091134][ T7941] EXT4-fs (loop3): 1 truncate cleaned up [ 224.096698][ T7941] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 224.126797][ T7936] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 224.153452][ T7936] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 224.162075][ T7936] F2FS-fs (loop0): Unrecognized mount option "0xffffffffffffffff" or missing value [ 224.309666][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 224.309685][ T30] audit: type=1400 audit(1719844167.488:895): avc: denied { getopt } for pid=7945 comm="syz.1.2693" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 224.751432][ T7948] loop3: detected capacity change from 0 to 40427 [ 224.767859][ T7948] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 224.777064][ T7948] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 224.794580][ T7948] F2FS-fs (loop3): invalid crc value [ 224.803145][ T7959] netlink: 2112 bytes leftover after parsing attributes in process `syz.2.2699'. [ 224.822189][ T7948] F2FS-fs (loop3): Found nat_bits in checkpoint [ 224.883147][ T7970] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2697'. [ 224.895883][ T7948] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 224.903068][ T7948] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 224.911501][ T7970] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2697'. [ 225.967082][ T7990] handle_bad_sector: 4 callbacks suppressed [ 225.967102][ T7990] attempt to access beyond end of device [ 225.967102][ T7990] loop3: rw=2049, want=81920, limit=40427 [ 225.983954][ T30] audit: type=1400 audit(1719844169.138:896): avc: denied { ioctl } for pid=7992 comm="syz.1.2710" path="socket:[48622]" dev="sockfs" ino=48622 ioctlcmd=0x89f2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 225.992021][ T7990] attempt to access beyond end of device [ 225.992021][ T7990] loop3: rw=2049, want=53248, limit=40427 [ 226.041125][ T7990] attempt to access beyond end of device [ 226.041125][ T7990] loop3: rw=2049, want=68168, limit=40427 [ 226.061903][ T7990] attempt to access beyond end of device [ 226.061903][ T7990] loop3: rw=2049, want=71320, limit=40427 [ 226.078995][ T7990] attempt to access beyond end of device [ 226.078995][ T7990] loop3: rw=2049, want=73368, limit=40427 [ 226.095564][ T7990] attempt to access beyond end of device [ 226.095564][ T7990] loop3: rw=2049, want=75416, limit=40427 [ 226.112507][ T7990] attempt to access beyond end of device [ 226.112507][ T7990] loop3: rw=2049, want=77464, limit=40427 [ 226.120017][ T8000] loop2: detected capacity change from 0 to 512 [ 226.125063][ T7990] attempt to access beyond end of device [ 226.125063][ T7990] loop3: rw=2049, want=77824, limit=40427 [ 226.150576][ T7990] attempt to access beyond end of device [ 226.150576][ T7990] loop3: rw=2049, want=85824, limit=40427 [ 226.163055][ T7990] attempt to access beyond end of device [ 226.163055][ T7990] loop3: rw=2049, want=85872, limit=40427 [ 226.208428][ T45] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 226.217610][ T45] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 226.237213][ T8000] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 226.242228][ T7988] loop4: detected capacity change from 0 to 40427 [ 226.251525][ T8000] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8802c01c, mo2=0002] [ 226.259791][ T8000] EXT4-fs (loop2): orphan cleanup on readonly fs [ 226.267695][ T8000] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279949761 > max in inode 13 [ 226.277723][ T8000] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279949762 > max in inode 13 [ 226.288481][ T8000] EXT4-fs (loop2): 1 truncate cleaned up [ 226.294035][ T8000] EXT4-fs (loop2): mounted filesystem without journal. Opts: commit=0x0000000000000000,noblock_validity,user_xattr,,errors=continue. Quota mode: none. [ 226.340052][ T7988] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 226.364678][ T7988] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 226.368127][ T7995] EXT4-fs error (device loop2): dx_probe:822: inode #2: comm syz.2.2711: Attempting to read directory block (0) that is past i_size (256) [ 226.372766][ T7988] F2FS-fs (loop4): Unrecognized mount option "0xffffffffffffffff" or missing value [ 226.440471][ T8011] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2714'. [ 226.457336][ T8011] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2714'. [ 226.493445][ T8015] loop0: detected capacity change from 0 to 512 [ 226.513117][ T8015] EXT4-fs warning (device loop0): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 226.562801][ T8015] EXT4-fs warning (device loop0): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 226.593376][ T8015] EXT4-fs (loop0): 1 truncate cleaned up [ 226.606889][ T8015] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 226.637654][ T8015] fscrypt (loop0, inode 2): Error -61 getting encryption context [ 227.347647][ T8028] device veth0_vlan left promiscuous mode [ 227.353868][ T8028] device veth0_vlan entered promiscuous mode [ 227.777326][ T8045] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2730'. [ 227.834066][ T8058] loop3: detected capacity change from 0 to 512 [ 227.919952][ T8058] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 227.930269][ T8058] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 227.941676][ T8058] EXT4-fs (loop3): 1 truncate cleaned up [ 227.947166][ T8058] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 228.070199][ T8068] loop4: detected capacity change from 0 to 256 [ 228.107958][ T8058] fscrypt (loop3, inode 2): Error -61 getting encryption context [ 228.351638][ T8099] loop3: detected capacity change from 0 to 1024 [ 228.365489][ T8099] EXT4-fs (loop3): Ignoring removed orlov option [ 228.372636][ T8099] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 228.388709][ T8099] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,errors=continue,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 228.428092][ T30] audit: type=1400 audit(1719844171.618:897): avc: denied { mounton } for pid=8098 comm="syz.3.2755" path="/root/syzkaller.n3lEfH/61/file1/file0/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 228.432255][ T8099] EXT4-fs error (device loop3): get_max_inline_xattr_value_size:69: inode #12: comm syz.3.2755: corrupt xattr in inline inode [ 228.466468][ T30] audit: type=1400 audit(1719844171.618:898): avc: denied { map } for pid=8098 comm="syz.3.2755" path="/root/syzkaller.n3lEfH/61/file1/file0/bus" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 228.493237][ T8099] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2213: inode #12: comm syz.3.2755: corrupted in-inode xattr [ 228.528487][ T7406] ================================================================== [ 228.536368][ T7406] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 228.544180][ T7406] Read of size 4 at addr ffff888129ebe000 by task syz-executor/7406 [ 228.551991][ T7406] [ 228.554162][ T7406] CPU: 0 PID: 7406 Comm: syz-executor Tainted: G W 5.15.150-syzkaller-00330-g9044d25b8ff5 #0 [ 228.565445][ T7406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 228.575341][ T7406] Call Trace: [ 228.578465][ T7406] [ 228.581248][ T7406] dump_stack_lvl+0x151/0x1b7 [ 228.585759][ T7406] ? io_uring_drop_tctx_refs+0x190/0x190 [ 228.591221][ T7406] ? panic+0x751/0x751 [ 228.595127][ T7406] print_address_description+0x87/0x3b0 [ 228.600509][ T7406] kasan_report+0x179/0x1c0 [ 228.604846][ T7406] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 228.610315][ T7406] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 228.615788][ T7406] __asan_report_load4_noabort+0x14/0x20 [ 228.621254][ T7406] ext4_xattr_delete_inode+0xcd0/0xce0 [ 228.626545][ T7406] ? sb_end_intwrite+0x120/0x120 [ 228.631320][ T7406] ? ext4_expand_extra_isize_ea+0x1bb0/0x1bb0 [ 228.637222][ T7406] ? ext4_journal_check_start+0x16c/0x230 [ 228.642775][ T7406] ? __kasan_check_read+0x11/0x20 [ 228.647635][ T7406] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 228.653363][ T7406] ? ext4_evict_inode+0xb8d/0x14e0 [ 228.658312][ T7406] ext4_evict_inode+0xea1/0x14e0 [ 228.663084][ T7406] ? _raw_spin_unlock+0x4d/0x70 [ 228.667775][ T7406] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 228.673502][ T7406] ? _raw_spin_unlock+0x4d/0x70 [ 228.678187][ T7406] ? inode_io_list_del+0x18b/0x1a0 [ 228.683135][ T7406] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 228.688864][ T7406] evict+0x2a3/0x630 [ 228.692597][ T7406] iput+0x63b/0x7e0 [ 228.696242][ T7406] vfs_rmdir+0x359/0x470 [ 228.700320][ T7406] do_rmdir+0x3ab/0x630 [ 228.704314][ T7406] ? d_delete_notify+0x160/0x160 [ 228.709088][ T7406] __x64_sys_unlinkat+0xdf/0xf0 [ 228.713773][ T7406] do_syscall_64+0x3d/0xb0 [ 228.718025][ T7406] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 228.723752][ T7406] RIP: 0033:0x7f9bd1737217 [ 228.728009][ T7406] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 228.747448][ T7406] RSP: 002b:00007ffd6ceae088 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 228.755779][ T7406] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f9bd1737217 [ 228.763595][ T7406] RDX: 0000000000000200 RSI: 00007ffd6ceaf230 RDI: 00000000ffffff9c [ 228.771403][ T7406] RBP: 00007f9bd17a564a R08: 0000000000000000 R09: 0000000000000000 [ 228.779216][ T7406] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd6ceaf230 [ 228.787025][ T7406] R13: 00007f9bd17a564a R14: 0000000000037be8 R15: 00007ffd6ceb1410 [ 228.794840][ T7406] [ 228.797700][ T7406] [ 228.799870][ T7406] The buggy address belongs to the page: [ 228.805352][ T7406] page:ffffea0004a7af80 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x100 pfn:0x129ebe [ 228.815839][ T7406] flags: 0x4000000000000000(zone=1) [ 228.820881][ T7406] raw: 4000000000000000 ffffea00049eca88 ffffea0004991f08 0000000000000000 [ 228.829298][ T7406] raw: 0000000000000100 0000000000000000 00000000ffffff7f 0000000000000000 [ 228.837713][ T7406] page dumped because: kasan: bad access detected [ 228.843969][ T7406] page_owner tracks the page as freed [ 228.849169][ T7406] page last allocated via order 0, migratetype Movable, gfp_mask 0x100cca(GFP_HIGHUSER_MOVABLE), pid 7446, ts 210942850200, free_ts 212104738429 [ 228.863672][ T7406] post_alloc_hook+0x1a3/0x1b0 [ 228.868262][ T7406] prep_new_page+0x1b/0x110 [ 228.872603][ T7406] get_page_from_freelist+0x3550/0x35d0 [ 228.877984][ T7406] __alloc_pages+0x27e/0x8f0 [ 228.882411][ T7406] shmem_alloc_and_acct_page+0x4bd/0xa80 [ 228.887878][ T7406] shmem_getpage_gfp+0x1388/0x23c0 [ 228.892825][ T7406] shmem_write_begin+0xca/0x1b0 [ 228.897515][ T7406] generic_perform_write+0x2bc/0x5a0 [ 228.902631][ T7406] __generic_file_write_iter+0x25b/0x4b0 [ 228.908100][ T7406] generic_file_write_iter+0xaf/0x1c0 [ 228.913308][ T7406] vfs_write+0xd5d/0x1110 [ 228.917475][ T7406] ksys_write+0x199/0x2c0 [ 228.921648][ T7406] __x64_sys_write+0x7b/0x90 [ 228.926067][ T7406] do_syscall_64+0x3d/0xb0 [ 228.930319][ T7406] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 228.936050][ T7406] page last free stack trace: [ 228.940563][ T7406] free_unref_page_prepare+0x7c8/0x7d0 [ 228.945864][ T7406] free_unref_page_list+0x14b/0xa60 [ 228.950892][ T7406] release_pages+0x1310/0x1370 [ 228.955490][ T7406] __pagevec_release+0x84/0x100 [ 228.960175][ T7406] shmem_undo_range+0x604/0x1560 [ 228.964950][ T7406] shmem_evict_inode+0x215/0x9d0 [ 228.969724][ T7406] evict+0x2a3/0x630 [ 228.973456][ T7406] iput+0x63b/0x7e0 [ 228.977102][ T7406] dentry_unlink_inode+0x34f/0x440 [ 228.982047][ T7406] __dentry_kill+0x447/0x660 [ 228.986475][ T7406] dentry_kill+0xc0/0x2a0 [ 228.990642][ T7406] dput+0x45/0x80 [ 228.994112][ T7406] __fput+0x662/0x910 [ 228.997931][ T7406] ____fput+0x15/0x20 [ 229.001749][ T7406] task_work_run+0x129/0x190 [ 229.006177][ T7406] exit_to_user_mode_loop+0xc4/0xe0 [ 229.011213][ T7406] [ 229.013380][ T7406] Memory state around the buggy address: [ 229.018852][ T7406] ffff888129ebdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 229.026762][ T7406] ffff888129ebdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 229.034648][ T7406] >ffff888129ebe000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 229.042542][ T7406] ^ [ 229.046453][ T7406] ffff888129ebe080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 229.054349][ T7406] ffff888129ebe100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 229.062246][ T7406] ================================================================== [ 229.070145][ T7406] Disabling lock debugging due to kernel taint