last executing test programs: 10.44820671s ago: executing program 2: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f786174747200000000653d6cc71a2c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b46ea5952a332ad207000c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d9bb55bb77bcadfdf75143289938f8d282688c10f0ffcefa57ff27c893414af5266072d92b4513d8d2a3d9419501652a3ce7230a"], 0x1, 0x54f6, &(0x7f0000005800)="$eJzs3M1rI2UcB/Bf2u2+uxbx4G0HFqGFTdh0X9Bb1V18wS7Fl4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJlnKltfQGm2sdvPB6bfmSeT3/yeUFqeSUgAp9Zi9stPlbgSFyJiPiIuRxT7lXIrrKZ4LiKuRsTcI1ulHP9j4GxEXIyIK5PiqWalfOiz6+Nrt3984+evvz135tLnX303u1kDs/Z8RPS30v5uP2XeSfmgHG+Mu0X2b43LTA/0H5bHecrd9kZRYbdxcF6jyJuddH6+tTOc5Gav0Zxkp7tZjG8N0gWH485BneIJDxrbxXGrvVFkd5gX2dlPfe3tp79t+8NRqtMq631YlI/R6CDTeHuvneaz9bDI5mBUjqe6eau9N8lxmeXlopn3WkUfG0d5pf/f3uwOdvaycXt72M0H2e1a/YVa/U61vp232qP2rWqj37pzK1vq9CanVUftRn+1k+edXrvWzPvL2VKn2azW69nS3fZGtzHI6vXazdqN6u3lcu969ur9d7NeK1ua5Mvdwc6o2xtmm/l2lp6xnK3Ubr64nF2rZ2+vrWfrb927t7b+zvt337v/0trrr5Qn/aWtbGnlxspKtX6julJfPrnzn/yv/0/z/7hseorzhyOpzLoBgJPH+h+YhZO+/g/r/6mw/j/d84cjsf4HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADi1vl/44rViZzEdXyrHnyqHnimPKxExFxG//Y35OHuo5nxZZ+Efzl/4Uw/fVKKoMLnGuXK7GBGr5fbr04/7VQAAAIAn15cfXf00rdbTj8VZN8RxSjdt5i5/MKV6lYhYWPxhClWivNkUzx69q2Ty+30m9qZUrbiBdX5KxdIttzPTqvavzB+K849EJcXcsbYDAAAci8MrgeNdhQAAAHCcPpl1A8xG8U5r+Vn88gP851KUbwheOHQEAAAAnECVWTcAAAAAPHbF+t/3/wEAAMCTLX3/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDv7NxPTupQFAfg00Lf4/0xEuPcrTiDZbgEhw4NC3ATLAG34AZYA85cggFDW6I1mJj0to3k+5L2chvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpediNX+8v3pom7PdtZPmbgAAAIBjNsVqXr6YVvN/9fWz+tJFPc8iIo+IY737KH41Mkd1TvHF+4tPNTxFlAn7z/hdH38j4ro+Xs+7/hYAAADgdK0Xy1nVrVen6dAF0adq0Sb/f5MoL4uIYvqSKC3fny4ThZW/73HcJUorF7AmicKqJbdxqrRvGTWGyYchq4a813IAAIBeNDuBfrsQAAAA+nQ7dAEMI4vDVuZhL7j85/37huCfxgwAAAD4gbKhCwAAAAA6V/b/nv8HAAAAp616/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABd2hSr+XqxnLXN2e7aSXM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb+zPOwqEQBiEwd71ncnc/7DSoKmpSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAn+3zlRYQR0A3BCGQGGCh12tp6coAihj4E5Ci9FoCV360GWhVIWVhQ5m7IBgRQgKFrf9D51bqUrYONxSJiQFkn528HpE4iGJfks9Hen5fW5bf9zlRlK+f7wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa5J3dOCs2vWmcVsfuPb61VvT3Z/rCna0Hy0Ur4qTJpA+Hl+OdpN9eIgAAABwfWV3fhxAe5tsrRZ/2yvo/r88pav7vnp3GdT0/W/fXfV37F+3XXx69uDNQbzpOcdHL6+PRmX+m0jm4WS625/71jE5558tnL1n5A0nf33xhkpf3M/nm7t13u2V4oolsAYD/43TdV0H9/1DRD9tMDIBjoxMV3nX9n/XazQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCd3N8HQdJyGE5c5uXLj/+NZa2c/s39l6sFy3C7dvb8XXLC6RhxAur49HZ5qayCFw/cbNT1bH49G15oNXQgjtjV4FH85xTghtZijYb5BWv+uLks/hCFr+wwQAwJGTV62o6x/m2yvFsWQphL++f7L+fz2KQ1z/z/Rx/f/oowv34rHi+n/Y2AwX32Dj6ueD6zduvrl+dfXK6Mro07fODt8enrt4/vzFQfmsZOCJCQAAAPvTrVpc/6dLIUxm1v9PRXGYs/7/4tvhV/FYmfp/T7uLfm1nAgAAcLw9/+ofvyd7HE+63fDl6sbGteF0u7N/drptIdX/7ETV4vo/W2o7KwAAAKAJk83kifX/S1Ec5lz/f+aHl36Kr5mFEE5W6/+n1z4bX2puOi35c66zmvg48YFPFQAAgIV2smrx+n9evv+f7rzykIYQ3nhtGldfAzhX/Z+99/WP8Vjx+//nmpviQkr70/tR9v0QOv22MwIAAOAoe6pqRbH/W7698vHPpz7oev8fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoGl/BwAA//+S5D5T") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x1) chdir(&(0x7f00000003c0)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) unlink(&(0x7f0000000280)='./file1\x00') mkdir(0x0, 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) 9.99770538s ago: executing program 2: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='configfs\x00', 0x0, 0x0) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', &(0x7f0000000080), 0x18) utimensat(r0, 0x0, &(0x7f0000000880)={{0x0, 0xea60}, {0x0, 0x3ffffffe}}, 0x0) 9.858578881s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000040000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000084000000b70000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ff9}]}) ioprio_set$uid(0x2, 0x0, 0x0) 9.819299498s ago: executing program 2: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000160000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000006000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_VENDOR(r2, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000800)={0x1c, r0, 0x62c21a4ade68aba1, 0x0, 0x0, {{0x32}, {@void, @val={0x8}, @void}}}, 0x1c}}, 0x0) 9.792656962s ago: executing program 2: bpf$PROG_LOAD(0x5, 0x0, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, 0x0, 0x10) r0 = fsopen(&(0x7f0000000000)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x5, &(0x7f0000000040)='ro\x00', 0x0, 0x300) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x17, 0x0, 0x20000, 0x8000}, 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x800, 0x4, 0x5da, 0x20, 0xffffffffffffffff, 0x8983, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x4}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x10, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000003c00000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) r6 = fsmount(r5, 0x0, 0x0) r7 = openat$cgroup(r6, &(0x7f0000000000)='syz0\x00', 0x200002, 0x0) r8 = openat$cgroup_int(r7, &(0x7f0000000100)='cpu.weight\x00', 0x2, 0x0) sendfile(r8, r8, 0x0, 0x10000a006) dup2(r4, r3) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f00009b1ffc)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000240)=0x0) timer_settime(r9, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) read(r1, &(0x7f00000002c0)=""/203, 0xcb) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r11, &(0x7f0000000340), 0x11000) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) vmsplice(r11, &(0x7f0000001b40)=[{&(0x7f0000000680)="85", 0x1}, {&(0x7f00000001c0)="063fd78a77e5b5ef7840a45cf38131ed7fa3f4", 0x13}, {&(0x7f0000000400)="3fe79929a1d94ed5a7af8287ad834857ae961ae8369d76c73638cae8803ecdff7773a9f51a950a126832ce096751b911e17ae96503f93203de1a53ca2d4957020ca593df8a42d58266", 0x49}, {&(0x7f0000000500)="ea5375528392d6aab00410e8df5df59dd7ba0d560651bb96356731c076fd2eddcf51c136b7f5965884fe25d4d1b9b2e040e41eeb2d23f23adbcd92dd31cc6c68992c8b5a4613cecc918fa73e6367ba2ff5ecb12d98c55d181a59d9dfdf278f83a9ce30a902434711d2a2ab46e0c587e79b025ad89cb58276f072b699e65e0daee51a3016eff855df71607583642dac8750197c5de84a05cdbdb456766829b46102ab0448d0b99010a8e9911dc28d9b1b4af56330a7a9b1907c2e1f2fb5cb57efb336400fe2", 0xc5}, {&(0x7f0000000480)="c37e797b7d03ed8fc0ea51648e49310f4cb1939f7548a4a2ec0f1ed1b32a4c6ca70fd79ec9f6b988d6ad421f9b85f3b1b5d537cadc36bd858c3ea306efb7", 0x3e}, {&(0x7f0000000a40)="3e444c640699ae6d59a1f58e000e8518803a4d2a7d359c7bdfff9619b2abe1e8ad5468155dbb9e7f78b3c255dc2cd26bb420fa3ac8477885b3e50375a505c27264efc9dc19138e18e97dccac40998e623e76e544c66178b168fd111fc570674d858f97b2839991ea7a22b62b5aa8c46f3946495aab2a556aaf26359147eae46c1427777dac5dde9a639f78fa541f3d65e27d3ce284a862f3524907a1a8d7f67a475ad7ef1bb1cded402b568eb2f77aa0a8bbcd511de221f131a1a459a916cc18920f4c9fe0e74e6911523563cca03c7e17f1966d550494772556cb8b75dee99f1dc6b193dbacafcd7b081fef92df418a7c85f1b1d03590134d92f80e14c6980ea85669b85bdab2153487e3ed88e1c2663b14ebfce78d4632b6b1508ba9e844238e487086f565b5da49de7709c2a8c576f3c0bd9ae46622f03889953c3e4130cc9db7ff148d9274c2dcb5f2a80884900548e75608d0dffde18e3c005f82ea4a92732656433a633933bfbe0463da5ca6cf7e460595e06068e2acb1d9acc1b32dc3950e17030d8c6a3a889a54598382c5b2fff15943ea15f70b26bde58bc821b1cc0c21e1a49cb49d4fa480e1cdfec0f15054263aff7e9f5a9c1dea2e99d5c3c91d4cef9c92d8057d234b0a3e5adb20063ece2bf6aaac8fcd699927422db9ac119df39a56c31add54aef4833f1691439b9df5932fdb483daf5bd1c3d9d880a2882a1c9a487e4ceb8086767e3aa1bfa442c62dd80b35104a8de855446a1abcc7a540e0b691eee9764e31831a3f99bdb935f6b72ebdb92b9852c5f91a92a2562e4fd44e9189b3536c3dcf3357251b2feff70604689336d2131eb266e3a5aac99571cf49944c5ca17e4c578383ca006e0803cbcdc151d378d7de183255d7b70ebb445324e65c63507fe0e1966e06b5d8941fe1e49048df4a85111e208b10f95e45f52aa1c8ce7256782de088f36a26255683ef43f266a7051566064cb6a0a63d660e77dfebd8bd980f8ad4bed41589429a330363954a47bd2d702d49819b8644bf8c1a6646a9a3088b2931081122964df711f41b2f7cdb6b7cd0a7f7fb24e8ee87bde2f8cd824b8c162af08627528ccffa4331e6e9eb66616ddcb2271bd7e4b88cbdd5d67a78ec1c5eb39f3a8aa836baf845bc327623e7f27dee74874fa6b477a75852bc69c29866da65cdce180a258197b9cc5a404359e9e4808b622b6539e1c8fd9f5c6d20ef108428533a49d12e8b8bfcade3349133eae8b10208d30f74e9b22c92133d4747392eb128f7aa5e9a60d3323714e18140c9736f186b2bab44f70960bd99e3a4d671be48eed31234187eee4b3d12f8d09e525459bb1c8853ed106fe9f6169936a00a3f4825c451197a02e3358cbee581b91e01f237859780d73c6f5ec9117b9857d32868f8c89dda1e080a718b0cbf8993b8ff9650efee9deab7fec41e15fcd3199009cb7528d8c822a9e0d7120832cd01eae6b348dab5c1285098188f21827bc46bde9128bc6675b304beca8c00cd24257beac74dc67cb862e2cc963957893a3ec4472ce2f7c76637f712444ee5ec440bd516353790a7f18ac80ac2d566a2be8f45696af6099dcd25de248e2b7868a2303a9e6d7e98a4648df530ccdd6374227aaa3819341d476dcd2d1ea9e3c0d0f772e08bf3aa428a4cb5c9afa880c99e94d4ad0743a26f9047db34ee0f64252d1977ea9070aed179bcfdaeefbd94d25e54721d9eacdd3ee789c1f6133ab6b7686dae77e9587b7a9c092835473759731a48d238fee288a68b4d596b5b5142595a5be2dce5468884d8973864fd341354da32e00ce6df1e445914c2413bed07117ba3d92ff60f182bc87e0688b757b7fee1ef651174bb711cef3e03c2849c7b256bca38f2dc0cdaa958ecb97391d931d2a9712cb0a51bd05fe8130559f4c1b168d465a6ba95ef23de1baf54bfb5f53c1c6837d121ff06bc5ee233c0850b3ba8be520820fd221b9211e18185b19cf965a6f055bf8fee3da70941da1f863bedff54875c14f898ada184c3fce4748670664d83695e4d4559c1c34dafce4c837c02c10df87eb82d92a6ced5ca28a3328e6cd2461c29fc13e4abf8a2a74888aa9da1c963923f5acea1b4b04e5b727422a54ef4ffafa6dd29114f25d93769fb677f4b3af45b1245a7164db451d04462cc18ea26fe31cca125d3199ab9f11527b03a460c2479843566a1fba7974725312a3204a0471cad18781cd46a454381eabd44169c7f9a0d6703ac41099cc67b73214dadf7bdc29d605ad5d5788376f5c4e51de5f15c3d292b47f60abffcd3cb031d12d6ad3cedf6b0860b17fca73e583597c7fd6fe96921b8d447e072200a83599d9a5c2b3a1674fe8f4bd8f8879486437c28f933ca15d0a9563b0324c1a3bdec1c7444888ec5205b257ba468ebfbf3f7b8d45552928e3e74837dea69b4d877d80e59e2a4809d3de822249c439bfaa94c325d06d5757756c769917c4f5d309c7954870016ecde3c787403befb1d1b88901d06661fec728f32d1d454da728e0119a3e848e9cfc80819894a86defb2c043272313e1840751b5d11d4a59357b69f05e5450ca560969623e143e0e231593d396ce1ea6c0df6949770f39671736d78c82216b730e551d20c4a8c52cd57f532d7c563a60852a09f82a6e25aae0fbcdbf2f8f871c0243c490f0b663a64d4be1406f124235251151decc09e36e07baec6108d4ec5de5f4f7b96734663d0b023cd07f519bfc7f57208500b69f430e44108181daefaa3a4f7c676c5279aec37c6fcb1adcedd18ee3580b64a4859bf1840baa9edf5f1bd8963b03e7b40dbcc9c755d8313b71835aca09a6004b5367ec520ac45459803f72a34064405109abe2a7cb6d86654dc887201d7d425168882f8028f0e008353ea884abfd58b9397a18940db8495a6a955e14d8136ac30185ba824cf36c1de0385346a712e42bdcc483aa03f4aa2860e7037a0f165c595f32e3ea3ce5fdfbbd5e91cb4d3bda8c01970a8dd69e0476e51ac8cf7977a229840a39d9b58fef0af8aa4391f41c456c07d139f25e38b2d3f05963aa972afb1070dd2abf9f03f38f6c56b6eff2e950994087c24fc998454a3eb44786cb77f42b45000962b97ee55a3117d8992d36226e1e278a7d905ed35039f56e0ce230d6ccfe697c002ca19c4847b1a06e4e506c1624400fe71755271ea65da27ab1b85865bb2fcd720cefb1d70e2524b219e29acdcadbe134c64286d3fcbce0dfbde5d8009355c61e869d34daadc6a4d935cfc4fc97f737decfa48e356d5e578c7bf435275fc4c790118eadd784a29f21f36a45b4974b35551700294c7b379fd8b32dac0bf0c2a79d61994d1a39cfa4e7318666884911149c634ec6645dac25babe6a492fc9a8bffa9f60dc990582075951021c4a8763cd0a2ceca302ec7ca19557d5398fc53d4ca3f2ac9d03ae4662dd1cc53f291ea3f2ce8325d202262d36103969e89a0057ce99cc5bb9b0cd3d0964b78010b9581a7f5c8025c52fbab631e29157a45808ff23482ccfee6a7c3c4932add2e73a734ba55d409bc3ee8d6cd3023d1a5a4f843c0afc58102a036c9c42aa2418fcce92b6220a528c415dd38d8c55472aa93a00d91ff1b6481d668e26fc6d371a3851bf56c235d9917a12bc3cb9fcd49a744a98997b33895e73dd4145f4929053a832e4299c1d7842ca1f5adf7c98d803a5992c73ad40297b69a98bfddad04d037eb5a7d37a72faf80e8ae2b0ffb25483d7df0068913d9d5356fba2f620c1b8172372a9e23cbda2d8bb373e63a6ef6cbbc51dd041f609fd98fa934b4fc348b84bf1065448d740989cd4fdfaa1c061e3692e9e6c028e3fa481118f60c7e8735c03f5fa310ae59537d0c2aedb85fc72dc59b9a4c381f434dc7f20cdc9fe5835fed6b3bc2932f17180dfa3deb3dfd6d05d98e35817adfb4461341b2035345cc5eb9da39ad7467bc4849d5a58c7b4231e12184441deac28eb7947d67275bc26b99b7988b7618b46b04089a8476bfc33ee9e1de736bb2b66fed775d9b1d45c9b084d40b0a89aa8709298a06d2a2af3b0a65ae8b95352a1ab990d3a29c8448f81968b72c170650db86392a04f56567cdd88b61504020b7de1f1002fc2ac51879a258219806fc6484760e21b98b45a0a829cc5fd4e834761825e4c50b03fe9dd95aa59a2705c5915971d1a26d575cadb1876665447e1d90bd648e9e5b70ecd9f9901e859f167bf70aef17e6af57f2b8682a6eda533cf92e10574f60469d820d2ef4d84e8a44108808c11117f721d4a6b93a00b386678f975d6e42e1de3522516acf3a59cc201fc0a6c8e7a3346415d6b44863fd437a3f2a5e048104e5e1795d118daae32d19c5c5df8b9114e679128a79eb8013fc181b684d363703ef41483a52ed1b185585a726088a78aab54572ea76ed812979034e49594c8a2c2b3d9b67d9de4cf47b75c1984abfe254e980d45c0d4d8b134bcd24984ff6ebba016dd8d52da14a2fe66c368dda3bb927a427ee91b847ec006641909418bc0bf55f8e9fa4e9d12f06e2022bcd38f0a9106601b0f66666dbdff4b9cdff655b08873c06163a5ab5589d519ffb5437ed130e87099cfcd51ed85b02901d050be3c54d56698755c583ace1127dda1dfaea85db14ba83bd7c25c0949f674830e9a89aa0c12cd5d1db44bebfc3ecac1d0c67f70f31bddf3f578905cc43b3e048a4a111f9bc2a70945de909a25ce68bed83b1828e2ed29ad9243f53457d7952e5082d528321c318f80dd9d8ec4ebfab4a8065443241da7e46a758c7aa4ed70087da4f9eba5db899b8b6d5a65c632678b606a1965fd1b8b8dd98bb00d039985f8327025460bc10db96c7a604239fc1e6d80354ff863f772c9b13178228a2521fecfdc8b317c3c16db7413d1bf70bf0eb179d414712c7023ddbaf4f80bb9c182d4587c9c34badea49a90fcf1e08f7fa09a8859e860d7da16de413e617a9dd7156d97447f010394c22159e2e407162fff4a17b19047ed99c09307f91e380c946f4f342dfaf91de12575c1722c0e89a65f8a2a1ba4a08f71dd9875941a9023de17c6a819a0553801e97d9cf760ea5e3beabea37bb88c050afe3d8beccc45cde56159b45d311c92bb1e0c8cefc8dde898d025ba619444aa5f56ad1320d8c5f54dd5608b9c3462267632ce915e1b294cb6e97a650c1f2d21e728f4e0019d2e9d7a351d6bb88a57b414b15ca6b429e2deaff5d3f0eb8163ad9cf9a548148ba003bba2a330f3b57efc788b27f892f2fd8ae497927767672685d36abe3a4c36794fb5a394564286e724f636917b9fb44fb305eb177056a1eaccc824756f69ae369d51b92599f7159877a56779a855e15fe1513ff30152d6f943827ddda5c8b2fa6b2f2930d5e860f640c7941f302ae98c582f4132ce3ebef16928f08bec3f301b4a167645efea942860e0e58333cb1defba23935b35795a98c5c1c1a6cf7a8d2113500c3b6cefc09df29d804a85c6aadd6dab9730f86caae2683af6f5dee8f912d46d2beec0341ba06767bc74516f1cd504b01fb6370b1d378e047a284721baef547abb63c4861bbaffd8e06ed380abc2fd06290d4883d16d44edc243909bf871ba63de4656c613c37fef2c7a82d5a3508bfe605ab98546d98c946ce59d750da7dafaed153761530cf21f6ee62b84b1fcbbb741040e6fb873f2a074101d2b9cb7d9390e2d87a59cadabca7190ffdfbbd822bbcf496ad9ef799ffa6f28ab10886b75034fffcf8c8443355a5df1f1878833a969e0a314fa599d6664a54f042826935deb03a9bf6a6379d01db3918", 0x1000}, {&(0x7f00000006c0)="f9aeab10eafd84b7c0287bf26c1a535abc6cf812a9fb47a6e2d97e31b89b381934102aa13fd0d37be27b3308843a3feb771cceacb5ef365c8d38da0b867fae772c923f745fa74e49b22350022087c0f40a31c86b7cfe75045396772072fa81c091b3f396eef8d0220b5ee066c5b9fc679a86e5fdd6a79a0742852ea5f336979d11a9a9988b7fb1ace12d68c4fab6baba89e616efbe6edf77d4fcf62fe43b89e5a5ec4755211569e74e42b044ef7b8b35f76e0c4bccc88c77c98b3fd1ac4371e7b67cf0cff0919094a4a957fc9a57b7fbf83d56ef04d1058dbf21b1267bbae1e03501c95c76726b31a16a008983e27f0c7e94d0e46f59bd17e83acf", 0xfb}, {&(0x7f00000007c0)="877e9a93902740051453031f48322fb2704bd1154104af5b560c31179f1678ca305170d06c2928d76bdcde0ab7598e44cadecc27a43800c6df37875bbd260b33d2056d6b30fb90a1de4cee1c4198cf7a81621893f79d7209e9d557c17c833ed166bb9643677cc312a7026070b0e4181acc92f69177a964ea01b04be46388c23067d24154f9f584a156c08af1f48b9382c7c4e3e367959ccc3ab7235df4aedaeb830a068ae1795f6f4257571b9f7aa2ffe97f2d50a2839e83d019e4dc499e7cfa38bb0559fee1d309df61c5a5af79db6ccb8c8ef360563b52cdc89396710029f58cc0bbdf420188583e9e57", 0xeb}, {&(0x7f0000000600)="fecc945f8fe4d21dd38ba2", 0xb}, {&(0x7f00000008c0)="596241cf024ac8f3a511cb6ae1fd42f07bd034c8b704122a7668a299d0ee10ab38572f2a70f3778d09d7b24e53f00cd8092ac88051e8a2a5d06922f11b9f3183e9d67107c705756b32d587a55fb59dd1b0ad698d9c08e31ea6cbf137d87c4ec9555926b1757a11c4a4e19af7c0aafdd3b4e99e922c22278f5610770ab88adcdfa2697f503401a32133b6793865e32b7fede7c3021bdeee10", 0x98}, {&(0x7f0000001a40)="bafde3f965fd7b0a41f9f3572258c73cea15ecdb735f14359adf8e3bcef65e77d57396edcf3b117423c07b3220e7907b6fa5dc77c5430f577861d341ea57d5886e1022e6f44aa3af7209dc36378cebd6ecfeaff5fb5a6bb7e4b016a7d2ce007068d0139b4d35d54788b1394bd739f4333d73f17d04dc48decd04f9b8d43e71d957e1aa8882c12813a5af6d8003fa66fa322e749868a7d3afe6266930cd7d0ea9b7dc1211befe85e4a96087e96c0246db8d23bd09310c6db9f013469a464fa12f45bd47ef6c33be99f00c379c7446e6d1058adc9b96fb850c97fd478f52c8533df104f2c1", 0xe4}], 0xb, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) vmsplice(r10, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) 2.873791384s ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x2, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='ext4_mb_release_inode_pa\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='ext4_mb_release_inode_pa\x00', r3}, 0x10) write$cgroup_subtree(r2, 0x0, 0x32600) 2.83505234s ago: executing program 0: socket$inet6(0xa, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10) timer_delete(0x0) syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x774, &(0x7f0000001180)="$eJzs3c1rHOUfAPDvbJKmTfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBLSJ4EVQ8CHrp2Zd68+rLVf8LD2KpmhYrHiQym5l222zSJE2y0f18YLLPM89snue78/bszsNMAF1rOP1TiDgcEe8nEYPZ/CQi+pqp3oiTK8vdWlosp1MSy8uv/pY0l7m5tFiOlvekDmaZRyPiu3cijhRW11ufX5gqVauV2Sw/2pi+MFqfXzh6fro0WZmszBwfGx8/duKZE8e3L9Y/flw4dO2Dl5788uRfbz9y9b3vkzgZh7Ky1ji2y3AMZ59JX/oR3uXF7a6sw5JON4AtSXfNnpW9PA7HYPQ0UwDAf9mbEbEMAHSZxPkfALpM/jvAzaXFcj519heJ3XX9hYjYvxJ/fn1zpaQ3u2a3v3kddOBmcteVkSQihrah/uGI+PTr1z9Pp9ih65AA7bx1OSLODg2vPv4nq8YsbNZT65Tty16H75nv+Ae755u0//Nsu/5f4Xb/J9r0f/rb7Ltbcd/9/8A2VLKOtP/3fMvYtlst8WeGerLc/5p9vr7k3PlqJT22/T8iRqKvP82PrVPHyI2/b6xV1tr/+/3DNz5L609f7yxR+KW3/+73TJQapQeJudX1yxGP9baLP7m9/pM1+r+nN1jHy8+9+8laZWn8abz5tDr+yEYn7YzlKxFPtF3/d0a0JeuOTxxtbg6j+UbRxlc/fTwQxfZlres/ndL68+8CuyFd/wPrxz+UtI7XrG++jh+uDH67Vtn942+//e9LXmum837EpVKjMTsWsS95ZfX8Y3fem+fz5dP4Rx5vv/+vt/2n3wnPbjD+3mu/frH1+HdWGv/Eptb/5hNXb031rFX/xtb/eDM1ks3ZyPFvow18kM8OAAAAAAAAAAAAAAAAAAAAAAAAADaqEBGHIikUb6cLhWJx5RneD8dAoVqrN46cq83NTETzWdlD0VfIb3U52HI/1LHsfvh5/tg9+acPRDwUER/1H0jy+yhOdDh2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMgdXOP5/6mf+zvdOgBgx+zvdAMAgF3n/A8A3cf5HwC6j/M/AHQf538A6D7O/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyw06dOpdPyn0uL5TQ/cXF+bqp28ehEpT5VnJ4rF8u12QvFyVptsloplmvT9/t/1VrtwnjMzF0abVTqjdH6/MKZ6drcTOPM+enSZOVMpW9XogIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzanPL0yVqtXKrMQWEst7oxmdT/Rkm9Neac+uJpK90YxtTnT4wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwL/FPAAAA//9ZryM2") fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) mount$incfs(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140), 0x0, 0x0) setxattr$incfs_id(&(0x7f0000000140)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f0000000200), 0x20, 0x0) unlink(&(0x7f0000000080)='./file0/file0\x00') setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x21, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote}}}}) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r2 = dup(0xffffffffffffffff) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_NMI(r3, 0xae9a) socket$netlink(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) 2.764214221s ago: executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000100)=0x2, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000300)=[@window, @window, @mss, @timestamp, @timestamp, @timestamp, @window, @sack_perm], 0x2132) sendmmsg$inet(r0, &(0x7f0000003500)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000200)='R', 0x1}], 0x1}}], 0x1, 0x24000090) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) shutdown(r0, 0x1) 2.745093574s ago: executing program 0: r0 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x20000014}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000b8e9850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r0, &(0x7f0000000000)={0xa0000001}) epoll_wait(r3, &(0x7f0000000380)=[{}], 0x1, 0x1000) 2.740869085s ago: executing program 4: mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x3, 0x0, 0xd, 0x6000000, [{0x9, 0x43000000}, {0x2}, {}]}]}}, &(0x7f0000000f40)=""/4096, 0x3e, 0x1000, 0x1}, 0x20) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='nsdelegate', &(0x7f0000000140)='&)\x00', 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mm_page_alloc\x00', r3}, 0x10) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x10}]}, 0x50}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000080000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4003, &(0x7f00000003c0), 0x2, 0x4e6, &(0x7f0000000840)="$eJzs3M1rHOUfAPDvbJK26csv+fX3on3RrlYxKDZN+nrwYEWhF0FQpB5jkpbatJUmQluCjSIVPCj9C3y5Cf4FnvQiKh4Ur4pXEYrk0upBVmZ2Jm6yu0k23WTb5POBTZ6ZeWae55mZJ3leZjaADauc/94eET9FRF9EJAsjlKu/bs9Oj/4xOz2aRKXy4u9JFu/W7PRoEbXYb1u+MFCKKL2TxJ4G6U5euXpuZGJi/FK+PDhVykPnR86Mnxm/MHz8+OFDvceODh9pSznTPN3a/ebFvbtOvnLj+dFTN1795rM0v5V8e205qvpbTKGrbk05yvPPZY1HWzz63W5HTTjpTn+WOpcZli29a9PL1ZPV/75KLtvWF8+9XcTb1MlMAqsireyb69bO/S+bqdRKkuoOwDqRqNKwQRX/6G/Npj3V6dH6fnAD3W1tgnTUzRORFSgt9+38U93SnfVgy/3VvlHPKqX/34g4NfPnh+knGo5DAAC01xcnIrbm7Y7iU91Siv/XxPtXPirUHxH/joidEfGfvP3yv4gs7n0RcX/NPkk+n7SY8oLl+vbPD715oLa52jZp+++pfG5rfvtvbv6ivytf2pGVvyc5fXZi/GB+TgaiZ3O6PFR/6LlhtS+f/fGDZumXa9p/6SdNv2gL5vn4rXvBAN3YyNTInZa7cPOt7MReqy9/Et1JEYrYFRG7V3D89JydffzTvc22zyt/Ws668r/f/OBt6IdUPo54rHr9Z2JB+SOf90iy+cnzrw9OXrn65Nna+cmhY0eHjwxuiYnxg4PFXVHv2++vv5AH67oRS1//1ZVe/60N7/+5mcv+pHa+drL1NK7//G7TPs1K7/9NyUtZuJiXujwyNXVpKGJTMlO/fviffS+P9M6Ln5Z/YH/j+r8z4q+P8v32RER6Ez8QEQ9GxL487w9FxMMRsX+R8n/9zCOvNetC3g3Xf6yl698s8PR3EY03dZ376vO6hN8rL7P86fU/nIUG8jVjI1NblirXYjmtDdzxCQQAAIB7wL7s2f+kdCAf49wepdKBAxHb5kZQJqeeOH3xjQtj1XcE+qOnVIx09dWMhw7lY8PpcrrXcM1yuv1QNm5cqVQqvely2n+f2NHZosOGt61J/U/9Wv9KC7DetDSP1uyNNuCetPJ59PY/kAGsrXX0PD/QIvUfNq5l1//VegsO6JhG9f9axO0OZAVYY43q/8sdyAew9vT/YeNS/2HDWvJlWmBdWtZL8isI7Dy5SJyke3USbR4oxbw16V+8ed8C0B9RRC4ecFz8gL+UItqTw662lrR33jUtNYyzJdqRVpSWjNPdwhcxrG2gdHdkoxrYHBFL3L1zN9u1InB1tTOWVYJPOvvXCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M79HQAA//+o39mH") r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r5, 0x541c, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_update_reserve_space\x00'}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)=@newqdisc={0x78, 0x24, 0x8709, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x40000}}}}]}, 0x78}}, 0x0) 2.521539839s ago: executing program 4: mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) quotactl$Q_QUOTAON(0xffffffff80000201, &(0x7f0000000080)=@filename='./bus\x00', 0xee00, &(0x7f00000001c0)='./file0\x00') 2.492881443s ago: executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) ioctl$USBDEVFS_CLEAR_HALT(r0, 0xc00c5512, &(0x7f0000000340)) 2.240139103s ago: executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) socket$inet(0x2, 0x4000000000000001, 0x0) socket$packet(0x11, 0x3, 0x300) socket$nl_netfilter(0x10, 0x3, 0xc) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) r2 = creat(&(0x7f0000000200)='./file0\x00', 0x0) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000080)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}}) write$P9_RVERSION(r1, 0x0, 0x13) 2.035952754s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48) r1 = socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f00000005c0)='sys_enter\x00', r2}, 0x10) personality(0x0) 2.008298199s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x18, 0xb, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000004f4b00000000001b000000180100002020702000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000006ffffff850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x3ffffffffffffda, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00'}, 0x10) r4 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x52ba, 0xffffffffffffffff) r5 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff) r6 = add_key$fscrypt_v1(&(0x7f0000000400), &(0x7f0000000440)={'fscrypt:', @desc1}, &(0x7f0000000480)={0x0, "6035ae1e0fe721441705322225930e6c1e3e2a51a92fd796bc34d7cf6e0236805b4377f7ab1a9b01c103a4c6a7ef54e6763fd7264c39ea00c508ba6062696138"}, 0x48, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x4, r6, r5, 0x0, 0x0) keyctl$KEYCTL_MOVE(0x4, r4, r4, 0x0, 0x0) r7 = socket$pptp(0x18, 0x1, 0x2) getpeername(r7, &(0x7f0000000300)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000640), 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000740), 0x75}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000001380), 0x1, 0x5d8, &(0x7f0000000c00)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") 1.536089362s ago: executing program 0: mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x2, [@func_proto={0x0, 0x3, 0x0, 0xd, 0x6000000, [{0x9, 0x43000000}, {0x2}, {}]}]}}, &(0x7f0000000f40)=""/4096, 0x3e, 0x1000, 0x1}, 0x20) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = fsopen(&(0x7f0000000080)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='nsdelegate', &(0x7f0000000140)='&)\x00', 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f00000001c0), &(0x7f0000000200)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mm_page_alloc\x00', r3}, 0x10) r4 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x10}]}, 0x50}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000080000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x4003, &(0x7f00000003c0), 0x2, 0x4e6, &(0x7f0000000840)="$eJzs3M1rHOUfAPDvbJK26csv+fX3on3RrlYxKDZN+nrwYEWhF0FQpB5jkpbatJUmQluCjSIVPCj9C3y5Cf4FnvQiKh4Ur4pXEYrk0upBVmZ2Jm6yu0k23WTb5POBTZ6ZeWae55mZJ3leZjaADauc/94eET9FRF9EJAsjlKu/bs9Oj/4xOz2aRKXy4u9JFu/W7PRoEbXYb1u+MFCKKL2TxJ4G6U5euXpuZGJi/FK+PDhVykPnR86Mnxm/MHz8+OFDvceODh9pSznTPN3a/ebFvbtOvnLj+dFTN1795rM0v5V8e205qvpbTKGrbk05yvPPZY1HWzz63W5HTTjpTn+WOpcZli29a9PL1ZPV/75KLtvWF8+9XcTb1MlMAqsireyb69bO/S+bqdRKkuoOwDqRqNKwQRX/6G/Npj3V6dH6fnAD3W1tgnTUzRORFSgt9+38U93SnfVgy/3VvlHPKqX/34g4NfPnh+knGo5DAAC01xcnIrbm7Y7iU91Siv/XxPtXPirUHxH/joidEfGfvP3yv4gs7n0RcX/NPkk+n7SY8oLl+vbPD715oLa52jZp+++pfG5rfvtvbv6ivytf2pGVvyc5fXZi/GB+TgaiZ3O6PFR/6LlhtS+f/fGDZumXa9p/6SdNv2gL5vn4rXvBAN3YyNTInZa7cPOt7MReqy9/Et1JEYrYFRG7V3D89JydffzTvc22zyt/Ws668r/f/OBt6IdUPo54rHr9Z2JB+SOf90iy+cnzrw9OXrn65Nna+cmhY0eHjwxuiYnxg4PFXVHv2++vv5AH67oRS1//1ZVe/60N7/+5mcv+pHa+drL1NK7//G7TPs1K7/9NyUtZuJiXujwyNXVpKGJTMlO/fviffS+P9M6Ln5Z/YH/j+r8z4q+P8v32RER6Ez8QEQ9GxL487w9FxMMRsX+R8n/9zCOvNetC3g3Xf6yl698s8PR3EY03dZ376vO6hN8rL7P86fU/nIUG8jVjI1NblirXYjmtDdzxCQQAAIB7wL7s2f+kdCAf49wepdKBAxHb5kZQJqeeOH3xjQtj1XcE+qOnVIx09dWMhw7lY8PpcrrXcM1yuv1QNm5cqVQqvely2n+f2NHZosOGt61J/U/9Wv9KC7DetDSP1uyNNuCetPJ59PY/kAGsrXX0PD/QIvUfNq5l1//VegsO6JhG9f9axO0OZAVYY43q/8sdyAew9vT/YeNS/2HDWvJlWmBdWtZL8isI7Dy5SJyke3USbR4oxbw16V+8ed8C0B9RRC4ecFz8gL+UItqTw662lrR33jUtNYyzJdqRVpSWjNPdwhcxrG2gdHdkoxrYHBFL3L1zN9u1InB1tTOWVYJPOvvXCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M79HQAA//+o39mH") r5 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCL_PASTESEL(r5, 0x541c, &(0x7f0000000000)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_da_update_reserve_space\x00'}, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r6, &(0x7f0000000080), &(0x7f0000001540)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000080)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000002c0)=@newqdisc={0x78, 0x24, 0x8709, 0x0, 0x0, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x40000}}}}]}, 0x78}}, 0x0) 1.528920913s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d40)={&(0x7f0000000080)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 1.505503566s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000020000008500000086000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x28, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1.485168729s ago: executing program 0: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x1a0cc10, &(0x7f00000059c0)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461002018bbdecde39739fcd1df176dde746ec834120600000000003b043ebd000000000072462abc30ef5b65c70f73ecea54b5e5bec5aca9836c319f653557e79a002208ceae6dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e36868736000000f6a55493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1174e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a73c3ffde033b57941ba92cbeb77cc369c71e57fafab52f325ca91e684160191acf5ae7469c82ab4145b595b987d75912afdcc1c061835294cc0c618aba204f8adaa20c80108d356cd887ba217c8f569e6d0caf75052a77056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6ac0d90ea79b8027cf75964dd86c2ed2b5e75779677a28c76b848dd03dab190b5f02ec52830f3ff01eaae1c3df076000000000000000000000000000083a48a6b926c668b9ba42490175018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac011170182f99766e86fb125cc6799c43aa4dc708dc4a00a6decad26f037f0b3c3b61f1f6d388072a571da000000aec3dfbae348b5b494f6fddb9f56142a47a4995a430ca7eca421bd0ad198afa58ce69d61c29deaa93c0efea0f1415e90fd0400bad5f796374bb196e60e537b8ffca80a5ec3c5c063aab2c87a7824c4fbfab7264185e1b2e59012acbf3732abe75b848de8ec4aaba2e3c8cd14dd9bf9499952815b9fb34057a585a9c18a11f3d496825b3fcb0c8aa89e079fd7898eda864b302139b2b10597100846b55f7d0b050b7b0ef7e9c897c50b53404acdd701425323201b33465fddec69c37cb13fd441a830af5ea73f4ac82d7926eb0db1141003d148473077a76c3bee7e37dc799abb47bd67cde7958c50fb2d15c9cc196e4c191d0000000000140000000000c816bbeaa7c8efa7a7e5ee519013434e208fff9bac45b8fc653f68de8e581952e9f6f7284cd39925a9e2515c162d77f2ce25168bbad79ed034bba9226aeb33de4aa528e8f0f53bb9621147355a8ec1f0d67392f340f9f00364defbe60165252a82d1e94719a80a82306b3539a3a936463bac5ab9fdb75ef8b2747dd923fb9d703b02a9aa90490aab821449db6db447af297718481aae1e5a81a4ce5fe116dee0ee21fb6e21460dd11a351e50ae1dfe8190d221d94aa5dc7e9873863c57bc4aa81b993066770f4fd01fba00fd02dd28f9ea0d5857b29bc385700638f2722c0835945a49c2a1c696e0da61b2ecccd16011b842b0fbc49672dbfb53464fe22e78aa3ffad220909db66e951a7bbee66fc605dc5c7ff3481b870e61d88a3b6880e6cee7fbfe9fcd72f2e64d64060152460cea09e5c9b7b55fb87e397a1ea49be53bb1c8ac70192d311d2c08a09b8c9916eec7454f0948ff5dd11ad0c46ca603fd3e4aaf7eb636361ee32bd3058f6fdd5f735c743a0f21d770cbd0dd9f4ece37f78611d3fae73136d6f3555533d50b53e04d880c4f2a11b4406cf344e4c9c326288279584a7dcc3f560bfb3b07e5fd7ca24e8f9c4234a3d361165b746475990189e34415bde43d1f31c1552cd554d20a1d7ed4f5a14b81b427bb39aca2c2cee5b48daaddbdb49e7b26ff773335b8f88e88b919c6d445f5f3ef2926ab35bc9dfba18a51c36685d47066e8b454ae009562f1b4118ffcd517a2ff4e78e22224aff677dcf723ff8f3d92129209205a9e89ad6fc5933ed3384889847932cb29c85c761137ad16bca2743c09dfbc7983ea", @ANYBLOB="a93e1cbfeea088b9cb059ce91c144fd901b2d208e6ec16e9c0bdf78cda5604babe81021bae593d8bf404d46fe9ae1e8a141739e9717566c21648e8f46b4fc9d9eb0a646a28283f6f61bd31a6a5c909f53dcaf2e8a1914f6cbd8d230587ca11862216e1a7ea1aaca778c2b5eea4e08eeb7bbbfd55e1ba9fbcb378636cca2dcb46a029961a41e272c878b929b276ac2741c8f3b77e7850100e289c3b6edbf5d0377206c0bc212cf6a42ececcd4e98747c0423cc4b304569431e8b347fe68e9083d419f13de6e27d28126d9a4988919"], 0x1, 0x559f, &(0x7f0000000400)="$eJzs3M2LG2UYAPBnkm6/rYt48NaBIuxCE5rtB3qyaosf2FL8OHjSbJKGtElm2aTp2lMPHsWD/4koePLo3+BBj3oTD4o3oZKZWWn6/ZFmtf39YPLMPHnzzPsOYeGZWRLAM2s5/euPJA7FvoioRsTBJPL9pNwirkecLsa+FBGHI6Jy05aU+X8TuyNif0QcmhYvaiblW18dnRw5+fu7f37/455dB77+7qcdXTiwo16OiMFGsX91UMSsm4cb1TLfnPTyODgxKePGTI1BVuSvdtbzCleb2+OaeTzeLcZnG1dG03ix32xNY7d3Mc9vDIsTjibd7TrTD6SXmpv5cbuznsfeKMtj91px3q1rxd+2a6NxUadd1vssLx/j8XYs8p2tTrGejct5bA3HZb6om7U7W9M4KWN5umhl/XY+j/VHvcr/fe/1hle20klnc9TLhunJeuOVeuNUrbGZtTvjzolac9A+dSJd6fanw2rjTnNwuptl3X6n3soGq+lKt9WqNRrpypnOeq85TBuN+vH6sdrJ1XLvaPrW+Y/SfjtdmcY3esMr415/lF7MNtPiE6vpWv34q6vpkUb6wbkL6YX3z549d+HDT858fP71c++8WQ66bVrpytqxtbVa41htrbH6DK3/83LSD7H+5M7pX35+vMsGADyi2/r/uLX/D/0/MHf36P/j0n36/8Hl8vjJ9P9xx/6/Mtv/xzz7/2lLpf+/f/9b2YH+dyn0/w+8/upjfhvgId3lBtN97J77PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWLhfl755O99ZLo4PlPnnytQL5XESEZWIuHEH1dg9U7Na1lm6y/ilW+bwQxJ5hek59pTb/og4XW5/P/+krwIAAAA8vb69fvjLolsvXpZ3ekIsUnHTpnLw0znVSyJiafm3OVWrTF9enFOx/Pu9K7bmVC2/gbV3TsWKW2675lXtgVRnwt6bQlKEykKnAwAALMRsJ7DYLgQAAIBF+uKe7762sHmwYElsP8rcfhac/+d9xL7ygeC+mfcAAACA/6FkpycAAAAAPHF5/+/3/wAAAODpVvz+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/7NxdrtJAFADg0/YW/I3E+O5WfINluAQffRQW4CZYAq7AxA2wBkx8cAcqGDojSRUSYltQ7vclnd6ZC2dOgZczbQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCF9rlezD+9evu8Y5uOPXTd/N+32rmPeAAAAcC9s6tWs+WOS+o/z+NM89Dz3i4goI+JY7V7FqBWzynHqE6+vf8vhU0QTYT8+zsejiHiVj+/Phv4UAAAA4HatF8tpqtZTk5cAvpz37m8DZsYFpEWb8snrnuIVEVFPvvYUrdw3Lw7debdo+9/3XbztnFXSLGA96ClYWnI78SDLqK9J2qrW6deVzJsvsemVw8wLAABcU7sS8Dg9AADA7Xpz7QS4hD9L++LQHO4zjtMp3xB82OoBAAAA/6Hi2gkAAAAAfaqODTb1/7+0/19h/z8AAADoXdr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCFt6tVsvVhOT/1/fmac7a6b/q4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAn+/OOAiEQBmGwd31nMvc/rDRoaGxSBcLH3xgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzsz0sKhEAQRMGc8b+Tvv9hJUHPIEIENDyqqEUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzs27FvG1UYAPDPvthtCogQUCQCKEgdYKGpW1o6ghAoYuBPQIpSpwRSCm0GWkWULGwocxcEI0JIoLDlf+jcSF3K1iFDkJgYgu5855xjQ6MSnU39+0nP77vn67vvzlaV794ZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACjsvhMv1/M4SV+mOnExdm9vfSntdw71qe3N+7NpS+NaxXmPnonDA6+UN+ZmKk0GAACAMZUU9f3bB2P1qaz+b3S3I+L7ZzpxUc8frvt39tZP5m/NFvX/b78+fKE76VSSHSeddHlltX22P5W+QnlcPPvIPSayK5/de0myD6T+wcbzu43seta+vXv3vWYWnqgiWwDgcZwp+jwo/h5K+9YwEwNgbEyUCu8Hja2FtE+mhpsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBV2N+KpIq5FxOzEQZza2VtfGtR/vXl/djtvF+/c2SzPmU7RiIjlldX22QrPZXQVV/PWp4urq+3rN25WHcxFxIC3bh/tnyd5+v+4TzMiekZOvzhgno+OcKxD8/QF+dczqr2Gk+n5PXLnWs9Ire+Cv7vfMYwvwPEFc/knMHifev7uSKR6zEHx3Tv+mSv8rwgAgLHQyFtaiT5obC2kY7XpiP0feuv/10px9NT9+7c7I53t7VL9//Dji/fKxyrX/62Kzu//YH7t6ufzN27eemPl6uKV9pX2Z2+ea73VOn/pwoVL89m9kvnlqLtjAgAAwH/QzFu5/q9P96//nyrF8S/r/+X6/4vvWl+Vj5Wo/wc6WPQbdiYAAADjqNmNnnv1zz9qA/aoNZvx5eLa2vVW57W7fa7zWmm6j+lE3sr1fzI97KwAAACAKuxu1HrW/y+X4jji+v/TP770c3nOJCImI65FRPvM0rXVy9Wdzkir4ofK2YGawz5TAAAAhmUyb+X1/0b2/H+9+8hDPSJePx3xV/4b/jhi/Z+8/81P5WOVn/8/X+lZjp76TOd6ZP1MxMTMsDMCAADgSXYyb2mx/3tja+GTX0592PT8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDV/g4AAP//kF4wGA==") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]}) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000882b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) mknodat$loop(r0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x0) r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000000), &(0x7f0000000100)='./bus\x00', 0x100000, &(0x7f0000000200)=ANY=[], 0x1, 0x0, 0x0) linkat(r3, &(0x7f0000000140)='./file1\x00', r3, &(0x7f00000002c0)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) 1.387190145s ago: executing program 4: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = socket(0x11, 0x800000003, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@bridge_delneigh={0x2c, 0x1c, 0xf07, 0x0, 0x0, {0x7, 0x0, 0x0, r1, 0x80, 0x87}, [@NDA_LLADDR={0xa, 0x2, @link_local}, @NDA_FDB_EXT_ATTRS={0x4}]}, 0x2c}}, 0x0) 1.368347098s ago: executing program 4: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a440000102030109025c0002010000000904000001020d0000052406000105240000000d240f0100000000000000000006241a0000000905810300020000000904010000020d00000904010102020d0000090582020002000000090503020002"], 0x0) inotify_init1(0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0x2010}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.114081267s ago: executing program 1: mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x1) unshare(0x2040400) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = socket$vsock_stream(0x28, 0x1, 0x0) fgetxattr(r2, &(0x7f0000000000)=ANY=[], 0x0, 0x0) 1.03152835s ago: executing program 2: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400000fb7030000000007008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000800)={'syz1\x00'}, 0x45c) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0) writev(r2, &(0x7f0000000740)=[{&(0x7f0000000240)="82", 0x50}], 0x300) 1.011066353s ago: executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x40, 0x0, 0x0, 0x0, 0x0, {}, [@NBD_ATTR_BLOCK_SIZE_BYTES={0xc}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}, @NBD_ATTR_CLIENT_FLAGS={0xc}, @NBD_ATTR_SIZE_BYTES={0xc}]}, 0x40}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000100)={&(0x7f0000f4dff4), 0x4d9, &(0x7f0000000040)={&(0x7f0000000080)=@migrate={0x15c, 0x21, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast1}, @in6=@dev}}, [@migrate={0x10c}]}, 0x15c}}, 0x0) 991.565087ms ago: executing program 1: r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000004900)={0x4, 0x0, [{0x0, 0x0, 0x0}, {0x0, 0x0, 0x0}, {0x0, 0x6f, &(0x7f0000000900)=""/111}, {0x0, 0xce, &(0x7f00000046c0)=""/206}]}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240)) 952.897092ms ago: executing program 1: syz_btf_id_by_name$bpf_lsm(0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f511, &(0x7f0000000240)) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000980)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000003c0), 0x0) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000040)={r7, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xe}}, 0x10) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r8, 0x8914, &(0x7f0000000280)={'wg2\x00'}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8}, 0x48) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x9003000000000000, 0x40, &(0x7f0000000b40)=@raw={'raw\x00', 0x2, 0x3, 0x2c8, 0x0, 0x178, 0x178, 0x178, 0x178, 0x230, 0x230, 0x230, 0x230, 0x230, 0x3, 0x0, {[{{@uncond, 0x0, 0x158, 0x178, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'kmp\x00', "d9d9e63590ab5471c46924e95540949f0cd7e2b0a94d71d9d944acb7f0a1297674a95b30cee19db4c1725572ba928385b1635c89b58ae9a0e1ea500b26f006da3fa8a134552f7980e92de5a784cd4f46e799e191835d7d5ea776f04bef524e22f0bb6ed4b00f44ceb936943e13fa1caa6b4b159c673db1efa9a08b1ddc74ce6c", 0x43}}, @common=@inet=@socket3={{0x28}, 0x51}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0xb8, 0x0, {}, [@common=@inet=@set2={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x328) 52.369952ms ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000020000008500000086000000180100002020692500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x0, 0x28, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 35.020065ms ago: executing program 3: mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000002c0)='cpuset.sched_load_balance\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x9c) 17.466697ms ago: executing program 3: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00769a7d8200010000001495595915303d6000"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCFLSH(r1, 0x5415, 0x0) 0s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000180000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000f0850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000d40)={&(0x7f0000000080)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) kernel console output (not intermixed with test programs): } for pid=18196 comm="syz-executor.0" name="" dev="pipefs" ino=83684 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 442.255982][T18212] syz-executor.1[18212] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 442.256034][T18212] syz-executor.1[18212] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 442.701916][T18238] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 443.152068][T18249] loop1: detected capacity change from 0 to 128 [ 443.315406][T18254] loop1: detected capacity change from 0 to 512 [ 443.338090][T18254] EXT4-fs (loop1): Ignoring removed oldalloc option [ 443.349138][T18254] EXT4-fs (loop1): mounted filesystem without journal. Opts: i_version,dioread_lock,delalloc,oldalloc,usrquota,discard,init_itable=0x0000000000000001,max_batch_time=0x0000000000000020,resgid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 443.373080][T18254] ext4 filesystem being mounted at /root/syzkaller-testdir3601137211/syzkaller.9xqGqv/47/file0 supports timestamps until 2038 (0x7fffffff) [ 443.450189][T18259] loop2: detected capacity change from 0 to 512 [ 443.823399][T18280] loop3: detected capacity change from 0 to 128 [ 443.838720][T18282] syz-executor.4[18282] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.838796][T18282] syz-executor.4[18282] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 443.940929][T18297] cgroup: noprefix used incorrectly [ 443.961097][T18295] netlink: 'syz-executor.0': attribute type 17 has an invalid length. [ 443.973476][T18295] netlink: 'syz-executor.0': attribute type 15 has an invalid length. [ 444.091387][T18312] syz-executor.0[18312] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 444.091468][T18312] syz-executor.0[18312] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 444.207476][T18325] cgroup: noprefix used incorrectly [ 444.240353][T18329] loop3: detected capacity change from 0 to 512 [ 444.260815][T18327] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 444.272921][T18329] EXT4-fs (loop3): Test dummy encryption mode enabled [ 444.291999][T18329] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.3: inline data xattr refers to an external xattr inode [ 444.316440][T18329] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 12 (err -117) [ 444.331049][T18329] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,user_xattr,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000000409e,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 444.384267][ T30] audit: type=1400 audit(2000000090.093:19036): avc: denied { create } for pid=18328 comm="syz-executor.3" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=fifo_file permissive=1 [ 445.857138][T18396] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 445.910973][T18403] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 446.281731][T18414] netlink: 'syz-executor.1': attribute type 17 has an invalid length. [ 446.290858][T18414] netlink: 'syz-executor.1': attribute type 15 has an invalid length. [ 446.408822][T18422] loop1: detected capacity change from 0 to 128 [ 446.625345][ T330] Bluetooth: hci0: command 0x1003 tx timeout [ 446.631884][ T47] Bluetooth: hci0: sending frame failed (-49) [ 446.686139][T18444] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22 [ 446.696553][T18444] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 446.776500][T18460] syz-executor.1[18460] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.776579][T18460] syz-executor.1[18460] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 446.854331][T18467] xt_CT: You must specify a L4 protocol and not use inversions on it [ 447.791705][T18496] syz-executor.3[18496] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 447.791771][T18496] syz-executor.3[18496] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 448.239734][T18508] SELinux: security_context_str_to_sid( ) failed for (dev ?, type ?) errno=-22 [ 448.266336][T18508] SELinux: security_context_str_to_sid( ) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 448.309024][T18516] netem: change failed [ 448.429582][T18530] loop1: detected capacity change from 0 to 128 [ 448.470583][ T341] attempt to access beyond end of device [ 448.470583][ T341] loop1: rw=1, want=130, limit=128 [ 448.481395][ T341] Buffer I/O error on dev loop1, logical block 129, lost async page write [ 448.492455][T18536] syz-executor.4[18536] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 448.492532][T18536] syz-executor.4[18536] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 448.845926][ T20] Bluetooth: hci0: command 0x1001 tx timeout [ 448.872882][ T47] Bluetooth: hci0: sending frame failed (-49) [ 449.054339][ T30] audit: type=1107 audit(2000000094.755:19037): pid=18545 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 449.514479][T18569] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 449.711925][T18577] bridge0: port 1(bridge_slave_0) entered blocking state [ 449.718970][T18577] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.726742][T18577] device bridge_slave_0 entered promiscuous mode [ 449.736622][T18577] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.743586][T18577] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.750757][T18577] device bridge_slave_1 entered promiscuous mode [ 449.818547][T18577] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.825442][T18577] bridge0: port 2(bridge_slave_1) entered forwarding state [ 449.825561][T18577] bridge0: port 1(bridge_slave_0) entered blocking state [ 449.833557][T18582] syz-executor.0[18582] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 449.839341][T18577] bridge0: port 1(bridge_slave_0) entered forwarding state [ 449.839394][T18582] syz-executor.0[18582] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 449.872248][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 449.892758][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.900256][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.936794][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 449.945363][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 449.952209][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 449.959513][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 449.967767][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 449.974638][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 450.222280][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 450.241717][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 450.249949][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 450.260962][T18577] device veth0_vlan entered promiscuous mode [ 450.267283][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 450.275107][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 450.282347][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 450.487437][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 450.505364][T18577] device veth1_macvtap entered promiscuous mode [ 450.519052][ T341] device bridge_slave_1 left promiscuous mode [ 450.525097][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 450.532489][ T341] device bridge_slave_0 left promiscuous mode [ 450.538630][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 450.546507][ T341] device veth1_macvtap left promiscuous mode [ 450.552410][ T341] device veth0_vlan left promiscuous mode [ 450.616017][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 450.624392][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 450.708000][ T30] audit: type=1326 audit(2000000096.416:19038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e90528f29 code=0x7ffc0000 [ 450.735207][ T30] audit: type=1326 audit(2000000096.416:19039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e90528f29 code=0x7ffc0000 [ 450.762200][ T30] audit: type=1326 audit(2000000096.416:19040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e90528f29 code=0x7ffc0000 [ 450.797303][ T30] audit: type=1326 audit(2000000096.436:19041): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e90528f29 code=0x7ffc0000 [ 450.822450][ T30] audit: type=1326 audit(2000000096.446:19042): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9e90528f29 code=0x7ffc0000 [ 450.851541][ T30] audit: type=1326 audit(2000000096.476:19043): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e90528f29 code=0x7ffc0000 [ 450.898035][ T30] audit: type=1326 audit(2000000096.476:19044): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9e905266a7 code=0x7ffc0000 [ 451.246911][ T6200] Bluetooth: hci0: command 0x1009 tx timeout [ 451.256683][ T30] audit: type=1326 audit(2000000096.476:19045): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9e904ec379 code=0x7ffc0000 [ 451.286359][ T30] audit: type=1326 audit(2000000096.476:19046): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18600 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7f9e90528f29 code=0x7ffc0000 [ 451.325346][T18616] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.1'. [ 451.353622][T18620] syz-executor.3[18620] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 451.353676][T18620] syz-executor.3[18620] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 452.344444][T18651] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'. [ 452.369352][T18651] loop1: detected capacity change from 0 to 512 [ 452.403526][T18651] EXT4-fs (loop1): Test dummy encryption mode enabled [ 452.414494][T18651] EXT4-fs error (device loop1): __ext4_iget:4892: inode #11: block 1: comm syz-executor.1: invalid block [ 452.426492][T18651] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 11 (err -117) [ 452.438848][T18651] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 452.567525][T18673] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.3'. [ 453.260801][ T566] Bluetooth: hci1: Frame reassembly failed (-84) [ 453.544365][T18738] syz-executor.4[18738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 453.544443][T18738] syz-executor.4[18738] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 453.565252][T18740] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.3'. [ 453.686688][T18759] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 453.902170][T18784] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 454.053979][T18800] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 454.062891][T18800] overlayfs: missing 'lowerdir' [ 454.470241][T18812] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 454.518703][T18816] loop3: detected capacity change from 0 to 1024 [ 454.542762][T18816] EXT4-fs (loop3): Test dummy encryption mode enabled [ 454.549513][T18816] EXT4-fs (loop3): Ignoring removed orlov option [ 454.557839][T18816] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 454.722443][T18826] device pim6reg1 entered promiscuous mode [ 454.800189][T18832] syz-executor.0[18832] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 454.800265][T18832] syz-executor.0[18832] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 454.805416][T18834] syz-executor.3[18834] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 454.823648][T18834] syz-executor.3[18834] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 455.493296][ T6] Bluetooth: hci1: command 0x1003 tx timeout [ 455.512840][T17616] Bluetooth: hci1: sending frame failed (-49) [ 455.759383][ T6200] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 456.037466][ T6] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 456.064334][T18863] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore [ 456.073366][T18863] overlayfs: missing 'lowerdir' [ 456.081514][ T6200] usb 3-1: Using ep0 maxpacket: 32 [ 456.241601][ T6200] usb 3-1: unable to get BOS descriptor or descriptor too short [ 456.321642][ T6200] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 456.331753][ T6200] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 456.342503][ T6200] usb 3-1: config 1 interface 1 has no altsetting 0 [ 456.451681][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 456.462455][ T6] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 456.475165][ T6] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 456.484022][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 456.492422][ T6] usb 5-1: config 0 descriptor?? [ 456.501634][ T6200] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 456.510567][ T6200] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.518330][ T6200] usb 3-1: Product: syz [ 456.522344][ T6200] usb 3-1: Manufacturer: syz [ 456.526722][ T6200] usb 3-1: SerialNumber: syz [ 456.616596][T18869] syz-executor.0[18869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 456.616654][T18869] syz-executor.0[18869] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 456.961675][ T6200] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 456.972548][ T6] plantronics 0003:047F:FFFF.005B: unbalanced collection at end of report description [ 456.973354][ T6200] usb 3-1: 2:1 : format type 0 is not supported yet [ 456.981127][ T6] plantronics 0003:047F:FFFF.005B: parse failed [ 457.003182][ T6] plantronics: probe of 0003:047F:FFFF.005B failed with error -22 [ 457.005121][ T6200] usb 3-1: USB disconnect, device number 46 [ 457.157743][T18888] device veth0_vlan left promiscuous mode [ 457.166810][T18888] device veth0_vlan entered promiscuous mode [ 457.240073][ T6] usb 5-1: USB disconnect, device number 52 [ 457.605761][ T6200] Bluetooth: hci1: command 0x1001 tx timeout [ 457.611848][T17616] Bluetooth: hci1: sending frame failed (-49) [ 459.541527][ T587] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 459.544846][T18973] device syzkaller0 entered promiscuous mode [ 459.661661][ T6200] Bluetooth: hci1: command 0x1009 tx timeout [ 459.781525][ T587] usb 5-1: Using ep0 maxpacket: 16 [ 459.901534][ T60] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 459.911643][ T587] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 459.922565][ T587] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 459.932129][ T587] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 459.940982][ T587] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.952320][ T587] usb 5-1: config 0 descriptor?? [ 460.161583][ T60] usb 3-1: Using ep0 maxpacket: 16 [ 460.281635][ T60] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 460.402714][ T30] kauditd_printk_skb: 77 callbacks suppressed [ 460.402730][ T30] audit: type=1326 audit(2000000106.120:19124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.432650][ T30] audit: type=1326 audit(2000000106.120:19125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.451654][ T60] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 460.456895][ T30] audit: type=1326 audit(2000000106.120:19126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.465552][ T60] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 460.489605][ T30] audit: type=1326 audit(2000000106.120:19127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.497219][ T60] usb 3-1: Product: syz [ 460.521248][ T30] audit: type=1326 audit(2000000106.120:19128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.525128][ T60] usb 3-1: Manufacturer: syz [ 460.549188][ T30] audit: type=1326 audit(2000000106.120:19129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.553421][ T60] usb 3-1: SerialNumber: syz [ 460.577437][ T30] audit: type=1326 audit(2000000106.120:19130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.582525][ T60] usb 3-1: config 0 descriptor?? [ 460.606039][ T30] audit: type=1326 audit(2000000106.120:19131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.635278][ T30] audit: type=1326 audit(2000000106.120:19132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.659357][ T30] audit: type=1326 audit(2000000106.120:19133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=18964 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 460.660049][ T60] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 460.701716][ T60] usb 3-1: Detected FT232RL [ 461.055680][ T587] usbhid 5-1:0.0: can't add hid device: -71 [ 461.061699][ T587] usbhid: probe of 5-1:0.0 failed with error -71 [ 461.069013][ T587] usb 5-1: USB disconnect, device number 53 [ 461.261605][ T60] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 461.281992][ T60] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 461.288810][ T60] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 461.297675][ T60] usb 3-1: USB disconnect, device number 47 [ 461.307440][ T60] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 461.317850][ T60] ftdi_sio 3-1:0.0: device disconnected [ 461.474539][T19008] device veth0_vlan left promiscuous mode [ 461.482888][T19008] device veth0_vlan entered promiscuous mode [ 461.839985][T19022] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.847001][T19022] bridge0: port 1(bridge_slave_0) entered disabled state [ 461.854499][T19022] device bridge_slave_0 entered promiscuous mode [ 461.865828][T19022] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.872821][T19022] bridge0: port 2(bridge_slave_1) entered disabled state [ 461.880226][T19022] device bridge_slave_1 entered promiscuous mode [ 461.978464][T19022] bridge0: port 2(bridge_slave_1) entered blocking state [ 461.985368][T19022] bridge0: port 2(bridge_slave_1) entered forwarding state [ 461.992491][T19022] bridge0: port 1(bridge_slave_0) entered blocking state [ 461.999330][T19022] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.025789][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 462.033303][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.040544][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.060766][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 462.261664][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.268531][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 462.275838][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 462.299410][ T20] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.306298][ T20] bridge0: port 2(bridge_slave_1) entered forwarding state [ 462.331933][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 462.340191][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 462.348937][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 462.356253][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 462.364280][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 462.373337][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 462.534570][T19022] device veth0_vlan entered promiscuous mode [ 462.578605][T19022] device veth1_macvtap entered promiscuous mode [ 462.585444][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 462.594432][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 462.602679][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 462.623971][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 462.632306][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 462.640733][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 462.649661][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 462.703456][ T566] device bridge_slave_1 left promiscuous mode [ 462.709446][ T566] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.730263][ T566] device bridge_slave_0 left promiscuous mode [ 462.737443][ T566] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.746735][ T566] device veth1_macvtap left promiscuous mode [ 462.752888][ T566] device veth0_vlan left promiscuous mode [ 463.215746][T19081] device veth0_vlan left promiscuous mode [ 463.222098][T19081] device veth0_vlan entered promiscuous mode [ 463.735006][T19111] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 463.746015][T19111] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 463.772388][T19111] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=19111 comm=syz-executor.0 [ 464.744031][T19180] device syzkaller0 entered promiscuous mode [ 464.752893][T19180] PF_CAN: dropped non conform CAN skbuff: dev type 65534, len 65487 [ 465.143993][T19202] xt_l2tp: missing protocol rule (udp|l2tpip) [ 465.341002][T19217] loop1: detected capacity change from 0 to 256 [ 465.375092][T19217] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 465.493666][T19237] xt_l2tp: missing protocol rule (udp|l2tpip) [ 465.634577][T19247] bridge0: port 1(bridge_slave_0) entered blocking state [ 465.641879][T19247] bridge0: port 1(bridge_slave_0) entered disabled state [ 465.649802][T19247] device bridge_slave_0 entered promiscuous mode [ 465.669300][T19247] bridge0: port 2(bridge_slave_1) entered blocking state [ 465.679152][T19247] bridge0: port 2(bridge_slave_1) entered disabled state [ 465.687463][T19247] device bridge_slave_1 entered promiscuous mode [ 465.799493][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 466.064951][T19262] loop2: detected capacity change from 0 to 256 [ 466.492185][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 466.540445][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 466.561716][T19262] /dev/loop2: Can't open blockdev [ 466.567533][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 466.580333][ T1272] bridge0: port 1(bridge_slave_0) entered blocking state [ 466.587336][ T1272] bridge0: port 1(bridge_slave_0) entered forwarding state [ 466.623257][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 466.632772][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 466.641412][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 466.653711][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 466.660589][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 466.677673][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 466.688572][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 466.708922][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 466.722478][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 466.792848][T19247] device veth0_vlan entered promiscuous mode [ 466.800207][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 466.808424][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 466.816913][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 466.824497][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 466.832988][ T341] device bridge_slave_1 left promiscuous mode [ 466.839087][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 466.862899][ T341] device bridge_slave_0 left promiscuous mode [ 466.884489][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 466.896484][ T341] device veth1_macvtap left promiscuous mode [ 466.902495][ T341] device veth0_vlan left promiscuous mode [ 466.985456][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 466.994208][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 467.004069][T19247] device veth1_macvtap entered promiscuous mode [ 467.015914][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 467.024942][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 467.033370][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 467.048231][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 467.057210][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 467.065225][ T20] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 467.320756][T19314] loop1: detected capacity change from 0 to 256 [ 467.363638][T19314] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 467.481514][ T20] usb 3-1: Using ep0 maxpacket: 16 [ 467.611630][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 467.622427][ T20] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 467.632023][ T20] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 467.640882][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.649274][ T20] usb 3-1: config 0 descriptor?? [ 467.784918][T19320] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 467.794181][T19320] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 468.113548][ T30] kauditd_printk_skb: 120 callbacks suppressed [ 468.113563][ T30] audit: type=1326 audit(2000000113.830:19254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.144276][ T30] audit: type=1326 audit(2000000113.830:19255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.168718][ T30] audit: type=1326 audit(2000000113.830:19256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=35 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.192782][ T30] audit: type=1326 audit(2000000113.830:19257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.217382][ T30] audit: type=1326 audit(2000000113.830:19258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.242313][ T30] audit: type=1326 audit(2000000113.830:19259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.266791][ T30] audit: type=1326 audit(2000000113.830:19260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.291060][ T30] audit: type=1326 audit(2000000113.830:19261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.315838][ T30] audit: type=1326 audit(2000000113.830:19262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=431 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.339927][ T30] audit: type=1326 audit(2000000113.830:19263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19288 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f918bf32f29 code=0x7ffc0000 [ 468.375091][T19334] device bridge0 entered promiscuous mode [ 468.380943][T19333] device bridge0 left promiscuous mode [ 468.452930][T19340] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.459881][T19340] bridge0: port 1(bridge_slave_0) entered disabled state [ 468.467467][T19340] device bridge_slave_0 entered promiscuous mode [ 468.477476][T19340] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.484356][T19340] bridge0: port 2(bridge_slave_1) entered disabled state [ 468.491818][T19340] device bridge_slave_1 entered promiscuous mode [ 468.540137][T19340] bridge0: port 2(bridge_slave_1) entered blocking state [ 468.547140][T19340] bridge0: port 2(bridge_slave_1) entered forwarding state [ 468.554287][T19340] bridge0: port 1(bridge_slave_0) entered blocking state [ 468.561239][T19340] bridge0: port 1(bridge_slave_0) entered forwarding state [ 468.604000][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 468.613770][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 468.622281][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 468.632851][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 468.642538][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 468.662387][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 468.761485][T19340] device veth0_vlan entered promiscuous mode [ 468.767531][ T20] usbhid 3-1:0.0: can't add hid device: -71 [ 468.773453][ T20] usbhid: probe of 3-1:0.0 failed with error -71 [ 468.785818][ T20] usb 3-1: USB disconnect, device number 48 [ 468.861539][T19356] loop3: detected capacity change from 0 to 256 [ 468.939357][T19356] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 469.023212][T19340] device veth1_macvtap entered promiscuous mode [ 469.040722][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 469.048636][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 469.056642][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 469.064779][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 469.073129][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 469.080823][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 469.088242][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 469.103919][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 469.112985][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 469.128485][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 469.137636][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 469.181591][ T338] Bluetooth: hci0: command 0x1003 tx timeout [ 469.187557][T17616] Bluetooth: hci0: sending frame failed (-49) [ 469.190553][T19368] device bridge0 entered promiscuous mode [ 469.203020][T19367] device bridge0 left promiscuous mode [ 469.252432][ T341] device bridge_slave_1 left promiscuous mode [ 469.259141][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 469.267316][ T341] device bridge_slave_0 left promiscuous mode [ 469.273796][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 469.282062][ T341] device veth1_macvtap left promiscuous mode [ 469.287988][ T341] device veth0_vlan left promiscuous mode [ 469.779727][T19391] device bridge0 entered promiscuous mode [ 469.785759][T19390] device bridge0 left promiscuous mode [ 469.881309][T19397] bridge0: port 1(bridge_slave_0) entered blocking state [ 469.888283][T19397] bridge0: port 1(bridge_slave_0) entered disabled state [ 469.895851][T19397] device bridge_slave_0 entered promiscuous mode [ 469.904739][T19397] bridge0: port 2(bridge_slave_1) entered blocking state [ 469.911688][T19397] bridge0: port 2(bridge_slave_1) entered disabled state [ 469.918979][T19397] device bridge_slave_1 entered promiscuous mode [ 469.997692][T19397] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.004558][T19397] bridge0: port 2(bridge_slave_1) entered forwarding state [ 470.011675][T19397] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.018428][T19397] bridge0: port 1(bridge_slave_0) entered forwarding state [ 470.044509][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 470.052123][ T330] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.059258][ T330] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.085327][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 470.093505][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 470.100369][ T330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 470.107731][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 470.120047][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 470.126941][ T330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 470.141782][T19412] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 470.159162][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 470.179681][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 470.202781][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 470.223510][T19397] device veth0_vlan entered promiscuous mode [ 470.230471][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 470.248677][T19397] device veth1_macvtap entered promiscuous mode [ 470.263499][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 470.271675][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 470.278936][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 470.291991][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 470.300402][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 470.412845][ T341] device bridge_slave_1 left promiscuous mode [ 470.418945][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 470.426926][ T341] device bridge_slave_0 left promiscuous mode [ 470.432986][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 470.441047][ T341] device veth1_macvtap left promiscuous mode [ 470.446971][ T341] device veth0_vlan left promiscuous mode [ 470.782689][T19441] input: syz0 as /devices/virtual/input/input65 [ 471.261779][ T4583] Bluetooth: hci0: command 0x1001 tx timeout [ 471.267685][T17616] Bluetooth: hci0: sending frame failed (-49) [ 471.341592][ T330] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 471.372401][T19474] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 471.503028][T19485] syz-executor.0[19485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 471.503084][T19485] syz-executor.0[19485] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 471.521927][ T6] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 471.881663][ T330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 471.892449][ T330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 471.901929][ T330] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 471.910749][ T330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 471.919299][ T330] usb 2-1: config 0 descriptor?? [ 471.941650][ T6] usb 4-1: Using ep0 maxpacket: 16 [ 472.065685][ T6] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 472.232097][ T6] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 472.241021][ T6] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.248797][ T6] usb 4-1: Product: syz [ 472.252802][ T6] usb 4-1: Manufacturer: syz [ 472.257178][ T6] usb 4-1: SerialNumber: syz [ 472.262384][ T6] usb 4-1: config 0 descriptor?? [ 472.302481][ T6] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 472.310100][ T6] usb 4-1: Detected FT232RL [ 472.392682][ T330] isku 0003:1E7D:319C.005C: unknown main item tag 0x0 [ 472.399373][ T330] isku 0003:1E7D:319C.005C: unbalanced collection at end of report description [ 472.408308][ T330] isku 0003:1E7D:319C.005C: parse failed [ 472.413923][ T330] isku: probe of 0003:1E7D:319C.005C failed with error -22 [ 472.554783][T19499] device syzkaller0 entered promiscuous mode [ 472.622225][ T330] usb 2-1: USB disconnect, device number 44 [ 472.721587][ T6] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 472.741940][ T6] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 472.752166][ T6] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 472.760580][ T6] usb 4-1: USB disconnect, device number 35 [ 472.768464][ T6] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 472.778033][ T6] ftdi_sio 4-1:0.0: device disconnected [ 472.800679][T19517] loop2: detected capacity change from 0 to 1024 [ 473.258697][T19528] device syzkaller0 entered promiscuous mode [ 473.505738][ T330] Bluetooth: hci0: command 0x1009 tx timeout [ 474.173840][T19545] incfs: Can't find or create .index dir in ./file0 [ 474.180444][T19545] incfs: mount failed -5 [ 474.220470][T19549] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 474.277021][T19556] device syzkaller0 entered promiscuous mode [ 474.695953][T19563] binder: 19562:19563 ioctl c0306201 20000380 returned -14 [ 474.705859][T19565] loop3: detected capacity change from 0 to 256 [ 475.223604][T19578] incfs: Can't find or create .index dir in ./file0 [ 475.230285][T19578] incfs: mount failed -5 [ 475.521712][T19584] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 475.642006][T19592] loop3: detected capacity change from 0 to 512 [ 475.662830][T19592] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 475.675206][T19592] EXT4-fs (loop3): 1 truncate cleaned up [ 475.680736][T19592] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,lazytime,block_validity,quota,,errors=continue. Quota mode: writeback. [ 475.700755][ T6] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 475.810969][T19607] binder: 19606:19607 ioctl c0306201 20000380 returned -14 [ 475.838405][T19619] usb usb8: usbfs: process 19619 (syz-executor.2) did not claim interface 0 before use [ 476.024946][ T6] usb 2-1: too many configurations: 65, using maximum allowed: 8 [ 476.033762][T19628] input: syz1 as /devices/virtual/input/input66 [ 476.048370][T19630] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 476.074806][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 476.074820][ T30] audit: type=1400 audit(2000000121.790:19291): avc: denied { map } for pid=19631 comm="syz-executor.0" path="socket:[106453]" dev="sockfs" ino=106453 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 476.341530][ T26] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 476.672044][T19647] usb usb8: usbfs: process 19647 (syz-executor.3) did not claim interface 0 before use [ 476.701756][ T26] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 476.712934][ T26] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 476.725924][ T26] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 476.735005][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.743464][ T26] usb 1-1: config 0 descriptor?? [ 476.791650][ T6] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 476.802028][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.850790][T19656] loop2: detected capacity change from 0 to 512 [ 476.852041][ T6] usb 2-1: Found UVC 0.00 device (046d:08c1) [ 476.863729][ T6] usb 2-1: No valid video chain found. [ 477.036878][T19656] EXT4-fs (loop2): write access unavailable, skipping orphan cleanup [ 477.045289][T19656] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 477.066094][ T587] usb 2-1: USB disconnect, device number 45 [ 477.074058][T19656] EXT4-fs (loop2): Couldn't remount RDWR because of unprocessed orphan inode list. Please umount/remount instead [ 477.179946][T19661] binder: 19660:19661 ioctl c0306201 20000380 returned -14 [ 477.212410][ T26] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 477.219897][ T26] plantronics 0003:047F:FFFF.005D: No inputs registered, leaving [ 477.228537][ T26] plantronics 0003:047F:FFFF.005D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 477.415136][ T26] usb 1-1: USB disconnect, device number 42 [ 477.470085][T19672] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 477.669351][T19684] device syzkaller0 entered promiscuous mode [ 477.942803][T19710] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 478.013006][T19723] syz-executor.2[19723] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 478.013082][T19723] syz-executor.2[19723] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 478.069175][T19726] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22 [ 478.080836][ T26] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 478.093279][T19726] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev sda1, type ext4) errno=-22 [ 478.121326][T19728] loop2: detected capacity change from 0 to 1024 [ 478.349856][ T330] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 478.451644][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 478.462448][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 478.472095][ T26] usb 2-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 478.480888][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.489234][ T26] usb 2-1: config 0 descriptor?? [ 478.581543][ T338] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 478.651662][ T330] usb 5-1: too many configurations: 65, using maximum allowed: 8 [ 478.941621][ T338] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 478.952586][ T338] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 478.965327][ T338] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 478.977418][ T338] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.986916][ T338] usb 3-1: config 0 descriptor?? [ 479.012688][ T26] isku 0003:1E7D:319C.005E: unknown main item tag 0x0 [ 479.019321][ T26] isku 0003:1E7D:319C.005E: unbalanced collection at end of report description [ 479.028587][ T26] isku 0003:1E7D:319C.005E: parse failed [ 479.034820][ T26] isku: probe of 0003:1E7D:319C.005E failed with error -22 [ 479.222037][ T587] usb 2-1: USB disconnect, device number 46 [ 479.391664][ T330] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 479.400535][ T330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.472549][ T338] plantronics 0003:047F:FFFF.005F: unknown main item tag 0x0 [ 479.480037][ T338] plantronics 0003:047F:FFFF.005F: No inputs registered, leaving [ 479.482078][ T330] usb 5-1: Found UVC 0.00 device (046d:08c1) [ 479.488940][ T338] plantronics 0003:047F:FFFF.005F: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 479.501538][ T330] usb 5-1: No valid video chain found. [ 479.681265][ T587] usb 3-1: USB disconnect, device number 49 [ 479.700495][ T338] usb 5-1: USB disconnect, device number 54 [ 479.741621][ T26] Bluetooth: hci0: command 0x1003 tx timeout [ 479.747500][T17616] Bluetooth: hci0: sending frame failed (-49) [ 479.887369][T19761] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 479.895531][T19763] input: syz1 as /devices/virtual/input/input69 [ 480.075163][T19791] input: syz1 as /devices/virtual/input/input70 [ 480.172312][T19795] binder: 19794:19795 ioctl c0306201 20000380 returned -14 [ 480.327853][ T30] audit: type=1326 audit(2000000126.040:19292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.355049][ T30] audit: type=1326 audit(2000000126.040:19293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.379109][ T30] audit: type=1326 audit(2000000126.040:19294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.404332][ T30] audit: type=1326 audit(2000000126.040:19295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.428517][ T30] audit: type=1326 audit(2000000126.040:19296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.452742][ T30] audit: type=1326 audit(2000000126.040:19297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.478058][ T30] audit: type=1326 audit(2000000126.040:19298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.502157][ T30] audit: type=1326 audit(2000000126.040:19299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.526477][ T30] audit: type=1326 audit(2000000126.040:19300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19819 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 480.655324][T19843] loop2: detected capacity change from 0 to 256 [ 480.683068][T19843] exfat: Deprecated parameter 'namecase' [ 480.702003][T19843] /dev/loop2: Can't open blockdev [ 480.760967][T19855] loop2: detected capacity change from 0 to 512 [ 480.887645][ T4583] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 481.492898][ T30] kauditd_printk_skb: 76 callbacks suppressed [ 481.492914][ T30] audit: type=1326 audit(2000000127.210:19377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.524594][ T30] audit: type=1326 audit(2000000127.210:19378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.548870][ T30] audit: type=1326 audit(2000000127.210:19379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.573536][ T30] audit: type=1326 audit(2000000127.210:19380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.641032][ T30] audit: type=1326 audit(2000000127.210:19381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.665235][ T30] audit: type=1326 audit(2000000127.210:19382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.689710][ T30] audit: type=1326 audit(2000000127.210:19383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.716317][ T30] audit: type=1326 audit(2000000127.210:19384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.740604][ T30] audit: type=1326 audit(2000000127.210:19385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.741659][ T4583] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 481.777694][ T30] audit: type=1326 audit(2000000127.210:19386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19897 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 481.778765][ T4583] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 481.815931][ T4583] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 481.821580][ T26] Bluetooth: hci0: command 0x1001 tx timeout [ 481.827791][ T4583] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.834025][T17616] Bluetooth: hci0: sending frame failed (-49) [ 481.854349][ T4583] usb 5-1: config 0 descriptor?? [ 481.893113][T19926] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22 [ 481.903271][T19926] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev sda1, type ext4) errno=-22 [ 482.121546][ T587] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 482.141551][ T338] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 482.166482][T19928] loop2: detected capacity change from 0 to 131072 [ 482.352508][ T4583] plantronics 0003:047F:FFFF.0060: unknown main item tag 0x0 [ 482.360091][ T4583] plantronics 0003:047F:FFFF.0060: No inputs registered, leaving [ 482.369274][ T4583] plantronics 0003:047F:FFFF.0060: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 482.512055][ T338] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 482.523329][ T587] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 482.589509][ T587] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 482.599926][ T338] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 482.651425][ T587] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 482.658903][ T4583] usb 5-1: USB disconnect, device number 55 [ 482.660749][ T338] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 482.685524][ T587] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.693505][ T338] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 482.703189][ T587] usb 2-1: config 0 descriptor?? [ 482.721649][T19922] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 483.241869][ T587] hid (null): bogus close delimiter [ 483.461851][ T587] usb 2-1: language id specifier not provided by device, defaulting to English [ 483.712787][T19940] loop2: detected capacity change from 0 to 2048 [ 483.821838][ T338] aiptek 1-1:17.0: Aiptek using 400 ms programming speed [ 483.829192][ T338] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input72 [ 483.840390][ T338] usb 1-1: USB disconnect, device number 43 [ 483.893252][ T587] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0061/input/input73 [ 483.905467][ T26] Bluetooth: hci0: command 0x1009 tx timeout [ 483.912425][ T587] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0061/input/input74 [ 483.924946][ T587] uclogic 0003:256C:006D.0061: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 484.098462][ T6] usb 2-1: USB disconnect, device number 47 [ 484.214965][T19968] loop2: detected capacity change from 0 to 1024 [ 484.427471][T19983] device lo entered promiscuous mode [ 484.434307][T19983] device tunl0 entered promiscuous mode [ 484.440637][T19983] device gre0 entered promiscuous mode [ 484.447837][T19983] device gretap0 entered promiscuous mode [ 484.454704][T19983] device erspan0 entered promiscuous mode [ 484.462108][T19983] device ip_vti0 entered promiscuous mode [ 484.468607][T19983] device ip6_vti0 entered promiscuous mode [ 484.475828][T19983] device sit0 entered promiscuous mode [ 484.482465][T19983] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check. [ 484.571589][ T338] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 484.618196][T19988] loop1: detected capacity change from 0 to 1024 [ 484.642585][T19988] EXT4-fs (loop1): error: could not find journal device path: error -2 [ 484.714432][T19988] loop1: detected capacity change from 0 to 256 [ 484.742142][T19988] exfat: Unknown parameter 'jqfmt' [ 484.801550][ T6] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 484.931623][ T338] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 484.942540][ T338] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 484.955293][ T338] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 484.964189][ T338] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 484.972651][ T338] usb 3-1: config 0 descriptor?? [ 485.041549][ T6] usb 1-1: Using ep0 maxpacket: 16 [ 485.201629][ T6] usb 1-1: config 0 has no interfaces? [ 485.331621][ T6] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 485.340532][ T6] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 485.348312][ T6] usb 1-1: Product: syz [ 485.352322][ T6] usb 1-1: Manufacturer: syz [ 485.357207][ T6] r8152-cfgselector 1-1: config 0 descriptor?? [ 485.452359][ T338] plantronics 0003:047F:FFFF.0062: unknown main item tag 0x0 [ 485.459766][ T338] plantronics 0003:047F:FFFF.0062: No inputs registered, leaving [ 485.468284][ T338] plantronics 0003:047F:FFFF.0062: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 485.621650][ T6] r8152-cfgselector 1-1: Unknown version 0x0000 [ 485.655202][ T338] usb 3-1: USB disconnect, device number 50 [ 485.822609][ T6] r8152-cfgselector 1-1: USB disconnect, device number 44 [ 485.931554][ T587] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 486.174352][ T587] usb 2-1: Using ep0 maxpacket: 16 [ 486.291669][ T587] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 486.311115][ T587] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 486.320821][ T587] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 486.339282][ T587] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 486.347953][ T587] usb 2-1: config 0 descriptor?? [ 486.591551][ T6] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 486.812006][T20023] UDC core: couldn't find an available UDC or it's busy: -16 [ 486.819267][T20023] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 486.834953][ T587] hid-generic 0003:0158:0100.0063: unknown main item tag 0x0 [ 486.842185][ T587] hid-generic 0003:0158:0100.0063: collection stack underflow [ 486.849459][ T587] hid-generic 0003:0158:0100.0063: item 0 2 0 12 parsing failed [ 486.857060][ T587] hid-generic: probe of 0003:0158:0100.0063 failed with error -22 [ 486.971710][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 486.982774][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 486.992417][ T6] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 487.001177][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 487.009582][ T6] usb 5-1: config 0 descriptor?? [ 487.034688][ T6200] usb 2-1: USB disconnect, device number 48 [ 487.118403][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 487.118419][ T30] audit: type=1400 audit(2000000132.830:19412): avc: denied { create } for pid=20065 comm="syz-executor.2" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:fusefs_t tclass=blk_file permissive=1 [ 487.299922][T20079] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.306866][T20079] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.314383][T20079] device bridge_slave_0 entered promiscuous mode [ 487.325406][T20079] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.332375][T20079] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.339507][T20079] device bridge_slave_1 entered promiscuous mode [ 487.383668][T20079] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.390559][T20079] bridge0: port 2(bridge_slave_1) entered forwarding state [ 487.397649][T20079] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.404420][T20079] bridge0: port 1(bridge_slave_0) entered forwarding state [ 487.429960][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 487.437503][ T6200] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.445010][ T6200] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.454324][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 487.462892][ T20] bridge0: port 1(bridge_slave_0) entered blocking state [ 487.469730][ T20] bridge0: port 1(bridge_slave_0) entered forwarding state [ 487.482212][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 487.490274][ T6200] bridge0: port 2(bridge_slave_1) entered blocking state [ 487.497118][ T6200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 487.511816][ T6] hid (null): bogus close delimiter [ 487.517663][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 487.525561][ T587] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 487.540167][T20079] device veth0_vlan entered promiscuous mode [ 487.546720][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 487.557045][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 487.565031][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 487.572476][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 487.587755][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 487.596892][T20079] device veth1_macvtap entered promiscuous mode [ 487.607265][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 487.620215][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 487.731594][ T6] usb 5-1: string descriptor 0 read error: -22 [ 487.742591][T19883] device bridge_slave_1 left promiscuous mode [ 487.748563][T19883] bridge0: port 2(bridge_slave_1) entered disabled state [ 487.764627][T19883] device bridge_slave_0 left promiscuous mode [ 487.777134][T19883] bridge0: port 1(bridge_slave_0) entered disabled state [ 487.793169][T19883] device veth1_macvtap left promiscuous mode [ 487.804415][T19883] device veth0_vlan left promiscuous mode [ 487.973632][T20098] syz-executor.0[20098] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 487.973716][T20098] syz-executor.0[20098] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 488.021643][ T6] uclogic 0003:256C:006D.0064: interface is invalid, ignoring [ 488.059241][T20090] loop2: detected capacity change from 0 to 131072 [ 488.086550][T20105] syz-executor.0[20105] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 488.086608][T20105] syz-executor.0[20105] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 488.163498][ T30] audit: type=1400 audit(2000000133.880:19413): avc: denied { bind } for pid=20108 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 488.231737][ T338] usb 5-1: USB disconnect, device number 56 [ 488.486677][ T30] audit: type=1326 audit(2000000134.200:19414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20089 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faefa273f29 code=0x0 [ 488.729304][T20143] loop3: detected capacity change from 0 to 2048 [ 488.788386][T20143] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 488.835284][T20152] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 488.857903][T20143] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 234: padding at end of block bitmap is not set [ 488.872455][T20152] loop1: detected capacity change from 0 to 512 [ 488.879905][T20143] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2048 with error 117 [ 488.892420][T20143] EXT4-fs (loop3): This should not happen!! Data will be lost [ 488.892420][T20143] [ 488.917818][T19883] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 2050 with max blocks 1754 with error 28 [ 488.930459][T19883] EXT4-fs (loop3): This should not happen!! Data will be lost [ 488.930459][T19883] [ 488.940057][T19883] EXT4-fs (loop3): Total free blocks count 0 [ 488.946141][T19883] EXT4-fs (loop3): Free/Dirty block details [ 488.951907][T19883] EXT4-fs (loop3): free_blocks=0 [ 488.956633][T19883] EXT4-fs (loop3): dirty_blocks=1760 [ 488.961929][T19883] EXT4-fs (loop3): Block reservation details [ 488.967867][T19883] EXT4-fs (loop3): i_reserved_data_blocks=110 [ 488.976131][T20152] EXT4-fs (loop1): Test dummy encryption mode enabled [ 488.992524][T20152] EXT4-fs error (device loop1): __ext4_iget:4892: inode #11: block 1: comm syz-executor.1: invalid block [ 489.004068][T20152] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 11 (err -117) [ 489.016667][T20152] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 489.199130][T20174] device lo entered promiscuous mode [ 489.211976][T20174] device tunl0 entered promiscuous mode [ 489.229921][T20174] device gre0 entered promiscuous mode [ 489.241787][T20174] device gretap0 entered promiscuous mode [ 489.255137][T20174] device erspan0 entered promiscuous mode [ 489.265500][T20177] loop3: detected capacity change from 0 to 1024 [ 489.273883][T20174] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 489.325527][T20177] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 489.401545][ T6] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 489.611623][ T4583] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 489.681600][ T330] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 489.791640][ T6] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 489.800580][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.809077][ T6] usb 1-1: config 0 descriptor?? [ 490.090904][T20196] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 490.104689][T20196] loop2: detected capacity change from 0 to 512 [ 490.221767][ T4583] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.232712][ T330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 490.243487][ T4583] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 490.256215][ T330] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 490.265819][ T330] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 490.274803][ T4583] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 490.283687][ T330] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.291537][ T4583] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 490.300410][ T330] usb 2-1: config 0 descriptor?? [ 490.305443][ T4583] usb 4-1: config 0 descriptor?? [ 490.606455][T20206] syz-executor.4[20206] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 490.606538][T20206] syz-executor.4[20206] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 490.893407][ T30] audit: type=1400 audit(2000000136.610:19415): avc: denied { read } for pid=85 comm="acpid" name="event8" dev="devtmpfs" ino=1149 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 490.916812][ T4583] plantronics 0003:047F:FFFF.0065: unknown main item tag 0x0 [ 490.927273][ T30] audit: type=1400 audit(2000000136.650:19416): avc: denied { open } for pid=85 comm="acpid" path="/dev/input/event8" dev="devtmpfs" ino=1149 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 490.936737][ T330] hid (null): bogus close delimiter [ 490.956448][ T30] audit: type=1400 audit(2000000136.650:19417): avc: denied { ioctl } for pid=85 comm="acpid" path="/dev/input/event8" dev="devtmpfs" ino=1149 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=root:object_r:device_t tclass=file permissive=1 [ 490.961559][ T4583] plantronics 0003:047F:FFFF.0065: No inputs registered, leaving [ 490.994113][ T4583] plantronics 0003:047F:FFFF.0065: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 491.007467][ T4583] usb 4-1: USB disconnect, device number 36 [ 491.061636][ T330] usb 2-1: language id specifier not provided by device, defaulting to English [ 491.445728][T20229] SELinux: security_context_str_to_sid() failed for (dev ?, type ?) errno=-22 [ 491.454874][T20229] SELinux: security_context_str_to_sid() failed for (dev sda1, type ext4) errno=-22 [ 491.512949][ T330] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0066/input/input77 [ 491.526690][ T330] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0066/input/input78 [ 491.526886][T20233] syz-executor.4[20233] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 491.538553][T20233] syz-executor.4[20233] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 491.539771][ T330] uclogic 0003:256C:006D.0066: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 491.732917][ T587] usb 2-1: USB disconnect, device number 49 [ 491.822448][T20254] syz-executor.2[20254] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 491.822525][T20254] syz-executor.2[20254] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 491.849778][T20259] loop2: detected capacity change from 0 to 1024 [ 492.138275][ T338] usb 1-1: USB disconnect, device number 45 [ 492.251529][ T330] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 492.274258][ T30] audit: type=1326 audit(2000000137.990:19418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20269 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd554644f29 code=0x0 [ 492.585528][T20285] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20285 comm=syz-executor.4 [ 492.642533][ T330] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.659906][ T330] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 492.709451][ T330] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 492.729705][ T330] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.739846][ T330] usb 3-1: config 0 descriptor?? [ 493.142618][T20313] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20313 comm=syz-executor.1 [ 493.248939][T20319] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 493.265061][T20319] loop1: detected capacity change from 0 to 512 [ 493.356513][T20319] EXT4-fs (loop1): Test dummy encryption mode enabled [ 493.365490][T20319] EXT4-fs error (device loop1): __ext4_iget:4892: inode #11: block 1: comm syz-executor.1: invalid block [ 493.377047][T20319] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz-executor.1: couldn't read orphan inode 11 (err -117) [ 493.389393][T20319] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 493.706425][ T330] plantronics 0003:047F:FFFF.0067: unknown main item tag 0x0 [ 493.713964][ T330] plantronics 0003:047F:FFFF.0067: No inputs registered, leaving [ 493.724244][ T330] plantronics 0003:047F:FFFF.0067: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 493.784675][T20340] syz-executor.4[20340] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 493.784727][T20340] syz-executor.4[20340] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 493.821877][T20345] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=20345 comm=syz-executor.1 [ 493.906055][ T1272] usb 3-1: USB disconnect, device number 51 [ 496.740899][T20354] binder: BINDER_SET_CONTEXT_MGR already set [ 496.748667][T20354] binder: 20351:20354 ioctl 4018620d 200001c0 returned -16 [ 496.816380][T20378] syz-executor.3[20378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 496.816460][T20378] syz-executor.3[20378] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 497.019784][T20409] syz-executor.3[20409] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 497.021566][ T1272] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 497.031993][T20409] syz-executor.3[20409] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 497.187856][T20427] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 497.307306][T20441] syz-executor.3[20441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 497.307363][T20441] syz-executor.3[20441] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 497.401628][ T1272] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 497.424043][ T1272] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 497.434703][ T1272] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 497.444336][ T1272] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 497.531658][ T1272] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 497.540652][ T1272] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 497.548856][ T1272] usb 3-1: Manufacturer: syz [ 497.554325][ T1272] usb 3-1: config 0 descriptor?? [ 497.764743][ T30] audit: type=1400 audit(2000000143.480:19419): avc: denied { mounton } for pid=20475 comm="syz-executor.0" path="/root/syzkaller-testdir3203594578/syzkaller.gCeixJ/159/file0" dev="sda1" ino=1964 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=fifo_file permissive=1 [ 497.793097][ T587] kernel write not supported for file bpf-prog (pid: 587 comm: kworker/1:5) [ 497.953884][T20506] incfs: mount failed -22 [ 497.991050][ T587] hid-generic 0000:0000:0000.0068: unknown main item tag 0x0 [ 498.001005][T20509] loop3: detected capacity change from 0 to 512 [ 498.009638][ T587] hid-generic 0000:0000:0000.0068: unknown main item tag 0x0 [ 498.022539][ T587] hid-generic 0000:0000:0000.0068: hidraw0: HID v0.00 Device [syz0] on syz1 [ 498.052423][ T1272] appleir 0003:05AC:8243.0069: unknown main item tag 0x0 [ 498.065014][ T1272] appleir 0003:05AC:8243.0069: No inputs registered, leaving [ 498.140138][ T30] audit: type=1326 audit(2000000143.830:19420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20503 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cdfc07f29 code=0x0 [ 498.147230][ T1272] appleir 0003:05AC:8243.0069: hiddev96,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 498.363339][ T587] usb 3-1: USB disconnect, device number 52 [ 498.785093][T20555] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.3'. [ 498.956448][T20579] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'. [ 498.997183][T20585] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 500.002981][T20603] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 500.019422][T20603] loop3: detected capacity change from 0 to 512 [ 500.027624][T20604] overlayfs: statfs failed on './file0' [ 500.037838][ T587] kernel write not supported for file bpf-prog (pid: 587 comm: kworker/1:5) [ 500.064136][T20603] EXT4-fs (loop3): Test dummy encryption mode enabled [ 500.087657][T20603] EXT4-fs error (device loop3): __ext4_iget:4892: inode #11: block 1: comm syz-executor.3: invalid block [ 500.099138][T20603] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 11 (err -117) [ 500.111775][T20603] EXT4-fs (loop3): mounted filesystem without journal. Opts: noauto_da_alloc,user_xattr,max_dir_size_kb=0x0000000000000009,inode_readahead_blks=0x0000000000010000,jqfmt=vfsv0,delalloc,inode_readahead_blks=0x0000000000400000,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 500.338717][ T338] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 500.582402][ T30] audit: type=1107 audit(2000000146.300:19421): pid=20652 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¡' [ 500.721696][ T338] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 500.738823][ T338] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 500.762145][ T338] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 500.787241][ T338] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 500.881630][ T338] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 500.894803][ T338] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 500.903331][ T338] usb 2-1: Manufacturer: syz [ 500.912619][ T338] usb 2-1: config 0 descriptor?? [ 501.201974][T20671] KVM: debugfs: duplicate directory 20671-6 [ 501.286781][T20683] loop2: detected capacity change from 0 to 16 [ 501.325181][T20683] erofs: (device loop2): mounted with root inode @ nid 36. [ 501.461988][ T30] audit: type=1400 audit(2000000147.180:19422): avc: denied { remount } for pid=20690 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 501.485292][ T338] appleir 0003:05AC:8243.006A: unknown main item tag 0x0 [ 501.495531][ T338] appleir 0003:05AC:8243.006A: No inputs registered, leaving [ 501.505493][ T338] appleir 0003:05AC:8243.006A: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 501.552516][T20699] xt_TCPMSS: Only works on TCP SYN packets [ 501.564287][ T30] audit: type=1107 audit(2000000147.280:19423): pid=20696 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='¡' [ 501.594246][ T30] audit: type=1326 audit(2000000147.310:19424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20702 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 501.631583][ T30] audit: type=1326 audit(2000000147.330:19425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20702 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 501.707684][ T30] audit: type=1326 audit(2000000147.330:19426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20702 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 501.759655][ T30] audit: type=1326 audit(2000000147.330:19427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20702 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 501.784314][ T338] usb 2-1: USB disconnect, device number 50 [ 501.811422][ T30] audit: type=1326 audit(2000000147.330:19428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20702 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7f7a39b8df29 code=0x7ffc0000 [ 501.940293][T20733] device pim6reg1 entered promiscuous mode [ 501.949148][T20709] loop2: detected capacity change from 0 to 40427 [ 502.471714][T20754] loop1: detected capacity change from 0 to 40427 [ 502.513390][T20754] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 502.521049][T20754] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 502.530322][T20754] F2FS-fs (loop1): invalid crc value [ 502.537300][T20754] F2FS-fs (loop1): Found nat_bits in checkpoint [ 502.561379][T20754] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 502.568346][T20754] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 502.700207][T20761] attempt to access beyond end of device [ 502.700207][T20761] loop1: rw=10241, want=45104, limit=40427 [ 502.711556][ T338] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 502.711748][T20761] attempt to access beyond end of device [ 502.711748][T20761] loop1: rw=2049, want=45104, limit=40427 [ 502.730542][T20754] attempt to access beyond end of device [ 502.730542][T20754] loop1: rw=2049, want=45104, limit=40427 [ 502.754079][T19883] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 502.763249][T19883] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 502.882035][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 502.882059][ T30] audit: type=1326 audit(2000000148.600:19431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20762 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6cdfc07f29 code=0x0 [ 502.916952][ T30] audit: type=1400 audit(2000000148.630:19432): avc: denied { read } for pid=20764 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 502.999708][T20768] loop1: detected capacity change from 0 to 512 [ 503.035294][T20772] overlayfs: statfs failed on './file0' [ 503.042733][T20768] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 503.052678][T20768] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 503.063136][T20768] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 503.073648][T20768] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 503.081436][T20768] [EXT4 FS bs=4096, gc=2, bpg=35, ipg=32, mo=e000e118, mo2=0000] [ 503.089119][T20768] EXT4-fs (loop1): failed to initialize system zone (-117) [ 503.096374][T20768] EXT4-fs (loop1): mount failed [ 503.111651][ T338] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 503.124026][ T338] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 503.133873][ T338] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 503.146644][ T338] usb 5-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 503.155960][ T338] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 503.166427][ T30] audit: type=1326 audit(2000000148.880:19433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 503.168593][T20768] loop1: detected capacity change from 0 to 256 [ 503.196128][ T30] audit: type=1326 audit(2000000148.910:19434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 503.201502][ T338] usb 5-1: config 0 descriptor?? [ 503.225714][ T30] audit: type=1326 audit(2000000148.940:19435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 503.257069][ T30] audit: type=1326 audit(2000000148.940:19436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 503.284595][T20768] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 503.304457][ T30] audit: type=1326 audit(2000000148.940:19437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 503.328783][ T30] audit: type=1326 audit(2000000148.940:19438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 503.359421][ T30] audit: type=1326 audit(2000000148.970:19439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 503.383616][ T30] audit: type=1326 audit(2000000148.970:19440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f24519966a7 code=0x7ffc0000 [ 503.797209][ T338] holtek_mouse 0003:04D9:A070.006B: unbalanced collection at end of report description [ 503.819509][ T338] holtek_mouse 0003:04D9:A070.006B: hid parse failed: -22 [ 503.832313][ T338] holtek_mouse: probe of 0003:04D9:A070.006B failed with error -22 [ 503.861808][T20822] loop3: detected capacity change from 0 to 512 [ 503.911253][T20822] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 503.921385][T20822] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 503.932439][T20822] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 503.943307][T20822] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 503.951191][T20822] [EXT4 FS bs=4096, gc=2, bpg=35, ipg=32, mo=e000e118, mo2=0000] [ 503.959861][T20822] EXT4-fs (loop3): failed to initialize system zone (-117) [ 503.967455][T20822] EXT4-fs (loop3): mount failed [ 504.076863][T20822] loop3: detected capacity change from 0 to 256 [ 504.125590][T20822] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 504.419612][T20848] syz-executor.1[20848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 504.419690][T20848] syz-executor.1[20848] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 504.448557][T20846] device syzkaller0 entered promiscuous mode [ 505.440787][ T6] usb 5-1: USB disconnect, device number 57 [ 505.992715][T20901] loop3: detected capacity change from 0 to 2048 [ 506.015011][T20901] loop3: p1 < > p4 [ 506.025494][T20901] loop3: p4 size 8388608 extends beyond EOD, truncated [ 506.505475][T20923] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 506.531372][T20925] loop1: detected capacity change from 0 to 256 [ 506.539803][T20923] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 506.597934][T20925] FAT-fs (loop1): Directory bread(block 64) failed [ 506.604697][T20925] FAT-fs (loop1): Directory bread(block 65) failed [ 506.611279][T20925] FAT-fs (loop1): Directory bread(block 66) failed [ 506.617867][T20925] FAT-fs (loop1): Directory bread(block 67) failed [ 506.624667][T20925] FAT-fs (loop1): Directory bread(block 68) failed [ 506.631357][T20925] FAT-fs (loop1): Directory bread(block 69) failed [ 506.637997][T20925] FAT-fs (loop1): Directory bread(block 70) failed [ 506.644792][T20925] FAT-fs (loop1): Directory bread(block 71) failed [ 506.651431][T20925] FAT-fs (loop1): Directory bread(block 72) failed [ 506.658299][T20925] FAT-fs (loop1): Directory bread(block 73) failed [ 506.785148][T20934] attempt to access beyond end of device [ 506.785148][T20934] loop1: rw=2049, want=1832, limit=256 [ 506.798000][T20934] attempt to access beyond end of device [ 506.798000][T20934] loop1: rw=2049, want=4856, limit=256 [ 506.824224][T20934] attempt to access beyond end of device [ 506.824224][T20934] loop1: rw=2049, want=7848, limit=256 [ 506.850264][T20934] attempt to access beyond end of device [ 506.850264][T20934] loop1: rw=2049, want=11288, limit=256 [ 506.887030][T20934] attempt to access beyond end of device [ 506.887030][T20934] loop1: rw=2049, want=16344, limit=256 [ 506.906803][T20934] attempt to access beyond end of device [ 506.906803][T20934] loop1: rw=2049, want=17760, limit=256 [ 506.951809][T12953] bridge0: port 4(syz_tun) entered disabled state [ 506.959580][T12953] device syz_tun left promiscuous mode [ 506.965009][T12953] bridge0: port 4(syz_tun) entered disabled state [ 507.012778][ T341] tipc: Left network mode [ 507.043540][T20940] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.050531][T20940] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.058138][T20940] device bridge_slave_0 entered promiscuous mode [ 507.081873][T20940] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.088778][T20940] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.096150][T20940] device bridge_slave_1 entered promiscuous mode [ 507.186787][T20940] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.193820][T20940] bridge0: port 2(bridge_slave_1) entered forwarding state [ 507.200980][T20940] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.207854][T20940] bridge0: port 1(bridge_slave_0) entered forwarding state [ 507.247385][ T26] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 507.255110][ T26] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.263396][ T26] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.283619][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 507.292052][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.298903][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 507.332527][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 507.349382][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.356292][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 507.363964][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 507.384945][ T341] bridge0: port 3(erspan0) entered disabled state [ 507.402728][ T341] device erspan0 left promiscuous mode [ 507.408054][ T341] bridge0: port 3(erspan0) entered disabled state [ 507.444033][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 507.469805][T20940] device veth0_vlan entered promiscuous mode [ 507.489647][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 507.502001][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 507.520320][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 507.540275][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 507.562684][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 507.581038][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 507.595714][T20940] device veth1_macvtap entered promiscuous mode [ 507.617296][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 507.625214][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 507.642167][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 507.689134][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 507.701936][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 507.786578][ T341] device bridge_slave_1 left promiscuous mode [ 507.792779][ T341] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.810290][ T341] device bridge_slave_0 left promiscuous mode [ 507.819658][ T341] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.835254][ T341] device veth1_macvtap left promiscuous mode [ 507.847834][ T341] device veth0_vlan left promiscuous mode [ 508.339640][T20979] loop1: detected capacity change from 0 to 512 [ 508.383507][T20979] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz-executor.1: Invalid inode bitmap blk 4 in block_group 0 [ 508.411760][T20979] EXT4-fs (loop1): mounted filesystem without journal. Opts: noblock_validity,resuid=0x0000000000000000,data_err=abort,noload,nobarrier,lazytime,,errors=continue. Quota mode: none. [ 508.451093][T20979] EXT4-fs error (device loop1): ext4_read_inode_bitmap:140: comm syz-executor.1: Invalid inode bitmap blk 4 in block_group 0 [ 508.465059][T20979] EXT4-fs error (device loop1) in ext4_free_inode:362: Corrupt filesystem [ 508.752226][T20987] syz-executor.0[20987] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 508.752308][T20987] syz-executor.0[20987] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 508.983815][ T30] kauditd_printk_skb: 43 callbacks suppressed [ 508.983851][ T30] audit: type=1326 audit(2000000154.700:19484): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20990 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc5aafbbf29 code=0x0 [ 509.434915][ T30] audit: type=1400 audit(2000000155.150:19485): avc: denied { ioctl } for pid=21008 comm="syz-executor.0" path="/dev/fuse" dev="devtmpfs" ino=91 ioctlcmd=0xe57e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fuse_device_t tclass=chr_file permissive=1 [ 509.480768][ T30] audit: type=1400 audit(2000000155.180:19486): avc: denied { getopt } for pid=21010 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 509.529307][T20989] loop3: detected capacity change from 0 to 40427 [ 509.572413][T20989] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 509.583117][T20989] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 509.602529][T20989] F2FS-fs (loop3): invalid crc value [ 509.683358][T20989] F2FS-fs (loop3): Found nat_bits in checkpoint [ 509.768698][T20989] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 509.778525][T20989] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 509.790382][T21037] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.1'. [ 509.810459][T21035] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 509.839945][T21035] SELinux: security_context_str_to_sid(s) failed for (dev tmpfs, type tmpfs) errno=-22 [ 510.946972][ T344] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 510.956642][ T344] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 511.073335][T21070] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 511.092098][T21070] SELinux: security_context_str_to_sid(s) failed for (dev tmpfs, type tmpfs) errno=-22 [ 511.162301][T21076] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 511.182118][T21076] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 512.323760][T21096] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.4'. [ 512.390919][T21096] loop4: detected capacity change from 0 to 256 [ 512.624585][T21121] netlink: 9 bytes leftover after parsing attributes in process `syz-executor.0'. [ 513.093416][T21133] loop1: detected capacity change from 0 to 2048 [ 513.168042][T21133] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 513.205722][T21133] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 234: padding at end of block bitmap is not set [ 513.238005][T21133] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 4 with max blocks 29 with error 117 [ 513.263765][T21133] EXT4-fs (loop1): This should not happen!! Data will be lost [ 513.263765][T21133] [ 513.308256][T21132] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28 [ 513.320684][T21132] EXT4-fs (loop1): This should not happen!! Data will be lost [ 513.320684][T21132] [ 513.330346][T21132] EXT4-fs (loop1): Total free blocks count 0 [ 513.336128][T21132] EXT4-fs (loop1): Free/Dirty block details [ 513.342235][T21132] EXT4-fs (loop1): free_blocks=0 [ 513.346999][T21132] EXT4-fs (loop1): dirty_blocks=16 [ 513.352017][T21132] EXT4-fs (loop1): Block reservation details [ 513.357755][T21132] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 513.438453][ T30] audit: type=1400 audit(2000000159.150:19487): avc: denied { lock } for pid=21146 comm="syz-executor.4" path="socket:[112594]" dev="sockfs" ino=112594 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 514.818498][T21185] bridge0: port 1(bridge_slave_0) entered blocking state [ 514.829072][T21185] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.051697][T21185] device bridge_slave_0 entered promiscuous mode [ 515.124959][T21185] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.135042][T21185] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.152305][T21185] device bridge_slave_1 entered promiscuous mode [ 515.258583][T21185] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.265479][T21185] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.272771][T21185] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.279611][T21185] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.356238][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 515.372637][ T338] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.379970][ T338] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.402958][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 515.421225][ T6200] bridge0: port 1(bridge_slave_0) entered blocking state [ 515.428111][ T6200] bridge0: port 1(bridge_slave_0) entered forwarding state [ 515.441914][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 515.451797][ T6200] bridge0: port 2(bridge_slave_1) entered blocking state [ 515.458644][ T6200] bridge0: port 2(bridge_slave_1) entered forwarding state [ 515.486872][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 515.498706][ T338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 515.526514][ T6200] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 515.590419][T21163] device bridge_slave_1 left promiscuous mode [ 515.599779][T21163] bridge0: port 2(bridge_slave_1) entered disabled state [ 515.616411][T21163] device bridge_slave_0 left promiscuous mode [ 515.629087][T21163] bridge0: port 1(bridge_slave_0) entered disabled state [ 515.712780][T21163] device veth1_macvtap left promiscuous mode [ 515.730398][T21163] device veth0_vlan left promiscuous mode [ 516.067441][T21185] device veth0_vlan entered promiscuous mode [ 516.074754][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 516.083932][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 516.092926][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 516.100259][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 516.119755][T21185] device veth1_macvtap entered promiscuous mode [ 516.129559][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 516.138200][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 516.146887][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 516.155965][T21217] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 516.167263][T21217] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 516.172676][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 516.191905][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 516.215018][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 516.230356][ T1272] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 516.255653][T21225] incfs: Can't find or create .index dir in ./file0 [ 516.264518][T21225] incfs: mount failed -14 [ 517.126008][T21247] loop3: detected capacity change from 0 to 256 [ 517.177549][T21251] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 517.187215][T21251] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 517.458920][ T30] audit: type=1326 audit(2000000163.170:19488): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21257 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdd20158f29 code=0x0 [ 521.191519][ T1272] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 522.090451][ T30] audit: type=1326 audit(2000000167.520:19489): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21318 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdd20158f29 code=0x0 [ 522.361012][ T1272] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 522.371928][ T1272] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 522.381515][ T1272] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 522.394198][ T1272] usb 4-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 522.403201][ T1272] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 522.411690][ T1272] usb 4-1: config 0 descriptor?? [ 522.645415][T21346] loop4: detected capacity change from 0 to 40427 [ 523.062545][ T1272] holtek_mouse 0003:04D9:A070.006C: unbalanced collection at end of report description [ 523.077511][ T1272] holtek_mouse 0003:04D9:A070.006C: hid parse failed: -22 [ 523.091887][ T1272] holtek_mouse: probe of 0003:04D9:A070.006C failed with error -22 [ 523.264127][T21376] netlink: 'syz-executor.4': attribute type 5 has an invalid length. [ 523.407131][T21378] loop4: detected capacity change from 0 to 512 [ 523.415849][ T30] audit: type=1326 audit(2000000169.130:19490): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd554644f29 code=0x7ffc0000 [ 523.453922][ T30] audit: type=1326 audit(2000000169.130:19491): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd554644f29 code=0x7ffc0000 [ 523.480089][ T30] audit: type=1326 audit(2000000169.150:19492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd554644f29 code=0x7ffc0000 [ 523.504302][ T30] audit: type=1326 audit(2000000169.150:19493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd554644f29 code=0x7ffc0000 [ 523.537315][ T30] audit: type=1326 audit(2000000169.150:19494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd554644f29 code=0x7ffc0000 [ 523.565009][ T30] audit: type=1326 audit(2000000169.150:19495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd554644f29 code=0x7ffc0000 [ 523.591191][T21388] syz-executor.1[21388] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 523.591276][T21388] syz-executor.1[21388] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 523.611776][ T30] audit: type=1326 audit(2000000169.160:19496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd554644f29 code=0x7ffc0000 [ 523.659479][ T30] audit: type=1326 audit(2000000169.160:19497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd5546426a7 code=0x7ffc0000 [ 523.686170][ T30] audit: type=1326 audit(2000000169.160:19498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fd554608379 code=0x7ffc0000 [ 523.711147][ T30] audit: type=1326 audit(2000000169.160:19499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21379 comm="syz-executor.1" exe="/root/syz-executor.1" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fd5546426a7 code=0x7ffc0000 [ 523.805945][T21408] loop1: detected capacity change from 0 to 512 [ 523.848044][T21412] SELinux: security_context_str_to_sid(s) failed for (dev ?, type ?) errno=-22 [ 523.857186][T21412] SELinux: security_context_str_to_sid(s) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 523.913318][T21408] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3325938143 (3325938143 ns) > initial count (1986356271 ns). Using initial count to start timer. [ 524.436598][ T26] usb 4-1: USB disconnect, device number 37 [ 524.536011][T21434] loop3: detected capacity change from 0 to 512 [ 524.601677][T21434] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 524.624871][T21434] ext4 filesystem being mounted at /root/syzkaller-testdir2116723815/syzkaller.BlRgwQ/158/file0 supports timestamps until 2038 (0x7fffffff) [ 524.677660][ T330] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 524.700390][T21434] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 524.715016][T21434] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 511 with error 28 [ 524.727814][T21434] EXT4-fs (loop3): This should not happen!! Data will be lost [ 524.727814][T21434] [ 524.737549][T21434] EXT4-fs (loop3): Total free blocks count 0 [ 524.743467][T21434] EXT4-fs (loop3): Free/Dirty block details [ 525.205557][T21434] EXT4-fs (loop3): free_blocks=65280 [ 525.253235][T21434] EXT4-fs (loop3): dirty_blocks=511 [ 525.357294][T21434] EXT4-fs (loop3): Block reservation details [ 525.363770][T21434] EXT4-fs (loop3): i_reserved_data_blocks=511 [ 525.939578][T21458] loop1: detected capacity change from 0 to 512 [ 525.979759][T21458] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 525.992971][T21458] ext4 filesystem being mounted at /root/syzkaller-testdir2297998286/syzkaller.ygWhdY/189/file1 supports timestamps until 2038 (0x7fffffff) [ 526.022405][T21476] binder: 21475:21476 ioctl c0306201 20000240 returned -14 [ 526.091877][ T330] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 526.153201][ T330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.394869][T21485] usb usb8: usbfs: process 21485 (syz-executor.2) did not claim interface 0 before use [ 526.403825][ T330] usb 5-1: config 0 descriptor?? [ 526.585775][T21512] usb usb8: usbfs: process 21512 (syz-executor.2) did not claim interface 0 before use [ 526.761928][ T330] usb 5-1: Cannot read MAC address [ 526.772277][ T330] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71 [ 526.785158][ T330] usb 5-1: USB disconnect, device number 58 [ 526.830012][T21524] loop2: detected capacity change from 0 to 40427 [ 527.105377][T21540] loop3: detected capacity change from 0 to 1024 [ 527.285547][T21540] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 527.421532][ T1272] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 528.091614][ T1272] usb 2-1: config index 0 descriptor too short (expected 106, got 36) [ 528.099668][ T1272] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 528.121648][ T1272] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 528.141392][ T1272] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b3e, bcdDevice= 0.00 [ 528.160829][ T1272] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.179630][ T1272] usb 2-1: config 0 descriptor?? [ 528.201512][ T60] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 528.612151][ T60] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 528.663775][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.734342][ T60] usb 4-1: config 0 descriptor?? [ 528.853086][ T1272] hid-generic 0003:1B1C:1B3E.006D: unknown main item tag 0x0 [ 528.860334][ T1272] hid-generic 0003:1B1C:1B3E.006D: unknown main item tag 0x0 [ 528.867604][ T1272] hid-generic 0003:1B1C:1B3E.006D: unknown main item tag 0x1 [ 528.879483][ T1272] hid-generic 0003:1B1C:1B3E.006D: unknown main item tag 0x0 [ 528.886757][ T1272] hid-generic 0003:1B1C:1B3E.006D: unknown main item tag 0x0 [ 528.903455][ T1272] hid-generic 0003:1B1C:1B3E.006D: failed to start in urb: -90 [ 528.916756][ T1272] hid-generic 0003:1B1C:1B3E.006D: hidraw0: USB HID v0.00 Device [HID 1b1c:1b3e] on usb-dummy_hcd.1-1/input0 [ 528.951679][ T1272] usb 2-1: USB disconnect, device number 51 [ 529.131624][ T60] usb 4-1: Cannot read MAC address [ 529.136714][ T60] MOSCHIP usb-ethernet driver: probe of 4-1:0.0 failed with error -71 [ 529.151694][ T60] usb 4-1: USB disconnect, device number 38 [ 529.327092][T21623] binder: 21622:21623 ioctl c0306201 20000240 returned -14 [ 529.369716][T21625] loop4: detected capacity change from 0 to 128 [ 529.422158][ T30] kauditd_printk_skb: 100 callbacks suppressed [ 529.422173][ T30] audit: type=1326 audit(2000000175.140:19600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 529.456965][ T30] audit: type=1326 audit(2000000175.170:19601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 529.488240][ T30] audit: type=1326 audit(2000000175.170:19602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 529.515964][ T30] audit: type=1326 audit(2000000175.170:19603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 529.541120][ T30] audit: type=1326 audit(2000000175.200:19604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 529.578857][ T30] audit: type=1326 audit(2000000175.200:19605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f24519966a7 code=0x7ffc0000 [ 529.609883][ T30] audit: type=1326 audit(2000000175.200:19606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f245195c379 code=0x7ffc0000 [ 529.633847][ T30] audit: type=1326 audit(2000000175.200:19607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f2451998f29 code=0x7ffc0000 [ 529.658504][ T30] audit: type=1326 audit(2000000175.200:19608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f24519966a7 code=0x7ffc0000 [ 529.692560][ T30] audit: type=1326 audit(2000000175.200:19609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21630 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f245195c379 code=0x7ffc0000 [ 529.871526][T21054] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 530.231718][T21054] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 530.249691][T21054] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 530.268784][T21054] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 530.295074][T21054] usb 4-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00 [ 530.313280][T21054] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 530.330306][T21054] usb 4-1: config 0 descriptor?? [ 530.841517][ T60] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 530.852159][T21054] holtek_mouse 0003:04D9:A070.006E: unbalanced collection at end of report description [ 530.871750][T21054] holtek_mouse 0003:04D9:A070.006E: hid parse failed: -22 [ 530.882061][T21054] holtek_mouse: probe of 0003:04D9:A070.006E failed with error -22 [ 531.211640][ T60] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 531.220820][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 531.229560][ T60] usb 5-1: config 0 descriptor?? [ 531.591600][ T60] usb 5-1: Cannot read MAC address [ 531.596608][ T60] MOSCHIP usb-ethernet driver: probe of 5-1:0.0 failed with error -71 [ 531.605362][ T60] usb 5-1: USB disconnect, device number 59 [ 532.831439][T21054] usb 4-1: USB disconnect, device number 39 [ 533.301693][T21755] loop4: detected capacity change from 0 to 2048 [ 533.359984][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 533.440324][T21768] serio: Serial port pts0 [ 533.581118][T21776] loop3: detected capacity change from 0 to 8192 [ 533.662008][T21784] Invalid ELF header magic: != ELF [ 533.808723][T21803] loop4: detected capacity change from 0 to 512 [ 533.833147][T21808] netlink: 'syz-executor.3': attribute type 11 has an invalid length. [ 533.862515][T21803] EXT4-fs (loop4): bad geometry: first data block 1 is beyond end of filesystem (0) [ 533.879531][T21812] Invalid ELF header magic: != ELF [ 534.165062][T21849] loop3: detected capacity change from 0 to 512 [ 534.224240][T21849] EXT4-fs (loop3): bad geometry: first data block 1 is beyond end of filesystem (0) [ 534.358361][T21871] input: syz1 as /devices/virtual/input/input84 [ 534.489484][T21889] loop4: detected capacity change from 0 to 512 [ 534.501922][T21893] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22 [ 534.512506][T21889] EXT4-fs (loop4): bad geometry: first data block 1 is beyond end of filesystem (0) [ 534.522508][T21893] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 534.898516][T21907] device syzkaller0 entered promiscuous mode [ 535.042430][T21918] input: syz1 as /devices/virtual/input/input85 [ 535.070413][T21920] loop3: detected capacity change from 0 to 2048 [ 535.156132][T21920] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 535.274585][T19397] EXT4-fs error (device loop3): ext4_lookup:1855: inode #14: comm syz-executor.3: iget: bad extended attribute block 11776 [ 535.303231][T19397] EXT4-fs error (device loop3): ext4_lookup:1855: inode #14: comm syz-executor.3: iget: bad extended attribute block 11776 [ 535.441119][T21935] loop1: detected capacity change from 0 to 1024 [ 535.564822][T21935] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 535.870678][T21942] bridge0: port 1(bridge_slave_0) entered blocking state [ 535.887766][T21942] bridge0: port 1(bridge_slave_0) entered disabled state [ 535.895198][T21942] device bridge_slave_0 entered promiscuous mode [ 535.902442][T21942] bridge0: port 2(bridge_slave_1) entered blocking state [ 535.909351][T21942] bridge0: port 2(bridge_slave_1) entered disabled state [ 535.916758][T21942] device bridge_slave_1 entered promiscuous mode [ 536.091600][ T60] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 536.122249][ T30] kauditd_printk_skb: 181 callbacks suppressed [ 536.122265][ T30] audit: type=1400 audit(2000000181.840:19791): avc: denied { read } for pid=21950 comm="syz-executor.1" dev="sockfs" ino=117274 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 536.155513][T21163] device bridge_slave_1 left promiscuous mode [ 536.163498][T21163] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.176355][T21163] device bridge_slave_0 left promiscuous mode [ 536.182504][T21163] bridge0: port 1(bridge_slave_0) entered disabled state [ 536.192521][T21163] device veth1_macvtap left promiscuous mode [ 536.198801][ T30] audit: type=1400 audit(2000000181.890:19792): avc: denied { create } for pid=21954 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 536.220725][T21163] device veth0_vlan left promiscuous mode [ 536.244606][ T30] audit: type=1400 audit(2000000181.890:19793): avc: denied { write } for pid=21954 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 536.281321][ T30] audit: type=1400 audit(2000000181.890:19794): avc: denied { nlmsg_write } for pid=21954 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 536.389921][ T30] audit: type=1400 audit(2000000182.100:19795): avc: denied { execmem } for pid=21959 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 536.772012][ T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 536.805215][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 536.814929][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 536.845428][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 536.855267][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 536.872253][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 536.879233][ T330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 536.901667][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 536.920121][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 536.938332][ T330] bridge0: port 2(bridge_slave_1) entered blocking state [ 536.945357][ T330] bridge0: port 2(bridge_slave_1) entered forwarding state [ 536.962900][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 536.971581][ T60] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 536.988961][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.995397][T21942] device veth0_vlan entered promiscuous mode [ 537.004975][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 537.014614][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 537.022548][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 537.030100][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 537.033223][ T60] usb 5-1: Product: syz [ 537.037687][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 537.041109][ T60] usb 5-1: Manufacturer: syz [ 537.041127][ T60] usb 5-1: SerialNumber: syz [ 537.057828][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 537.073397][T21942] device veth1_macvtap entered promiscuous mode [ 537.083662][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 537.092161][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 537.100459][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 537.120237][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 537.137203][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 537.154409][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 537.171870][T21054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 538.201635][ T60] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 538.208017][ T60] cdc_ncm 5-1:1.0: setting tx_max = 184 [ 538.223154][ T60] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM, 42:42:42:42:42:42 [ 538.409943][ T330] usb 5-1: USB disconnect, device number 60 [ 538.416717][ T330] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM [ 538.621782][T21054] ================================================================== [ 538.629676][T21054] BUG: KASAN: use-after-free in __list_add_valid+0x6a/0xf0 [ 538.636801][T21054] Read of size 8 at addr ffff888114962c68 by task kworker/0:2/21054 [ 538.644606][T21054] [ 538.646785][T21054] CPU: 0 PID: 21054 Comm: kworker/0:2 Tainted: G W 5.15.149-syzkaller-00165-g85445b5a2107 #0 [ 538.658145][T21054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 538.668132][T21054] Workqueue: wg-crypt-wg0 wg_packet_encrypt_worker [ 538.674469][T21054] Call Trace: [ 538.677585][T21054] [ 538.680365][T21054] dump_stack_lvl+0x151/0x1b7 [ 538.684877][T21054] ? io_uring_drop_tctx_refs+0x190/0x190 [ 538.690344][T21054] ? __wake_up_klogd+0xd5/0x110 [ 538.695039][T21054] ? panic+0x751/0x751 [ 538.698940][T21054] print_address_description+0x87/0x3b0 [ 538.704328][T21054] kasan_report+0x179/0x1c0 [ 538.708661][T21054] ? __list_add_valid+0x6a/0xf0 [ 538.713347][T21054] ? __list_add_valid+0x6a/0xf0 [ 538.718032][T21054] __asan_report_load8_noabort+0x14/0x20 [ 538.723502][T21054] __list_add_valid+0x6a/0xf0 [ 538.728012][T21054] insert_work+0x104/0x320 [ 538.732270][T21054] __queue_work+0x92a/0xcd0 [ 538.736607][T21054] queue_work_on+0x105/0x170 [ 538.741035][T21054] ? wq_worker_last_func+0x50/0x50 [ 538.746191][T21054] wg_queue_enqueue_per_peer_tx+0x1df/0x350 [ 538.751920][T21054] wg_packet_encrypt_worker+0x1192/0x1560 [ 538.757480][T21054] ? wg_packet_tx_worker+0x530/0x530 [ 538.762590][T21054] ? enqueue_task_fair+0xd61/0x29a0 [ 538.767665][T21054] ? try_invoke_on_locked_down_task+0x2a0/0x2a0 [ 538.773702][T21054] ? pwq_activate_inactive_work+0x366/0x4a0 [ 538.779431][T21054] ? __kasan_check_write+0x14/0x20 [ 538.784377][T21054] process_one_work+0x6bb/0xc10 [ 538.789074][T21054] worker_thread+0xad5/0x12a0 [ 538.793577][T21054] ? _raw_spin_lock+0x1b0/0x1b0 [ 538.798269][T21054] kthread+0x421/0x510 [ 538.802169][T21054] ? worker_clr_flags+0x180/0x180 [ 538.807031][T21054] ? kthread_blkcg+0xd0/0xd0 [ 538.811462][T21054] ret_from_fork+0x1f/0x30 [ 538.815711][T21054] [ 538.818582][T21054] [ 538.820742][T21054] Allocated by task 60: [ 538.824748][T21054] ____kasan_kmalloc+0xdb/0x110 [ 538.829421][T21054] __kasan_kmalloc+0x9/0x10 [ 538.833761][T21054] __kmalloc+0x13a/0x270 [ 538.837851][T21054] kvmalloc_node+0x1f0/0x4d0 [ 538.842270][T21054] alloc_netdev_mqs+0x8c/0xc90 [ 538.846871][T21054] alloc_etherdev_mqs+0x33/0x40 [ 538.851552][T21054] usbnet_probe+0x1ff/0x2830 [ 538.855978][T21054] usb_probe_interface+0x5b6/0xa90 [ 538.860932][T21054] really_probe+0x28d/0x970 [ 538.865271][T21054] __driver_probe_device+0x1a0/0x310 [ 538.870391][T21054] driver_probe_device+0x54/0x3d0 [ 538.875255][T21054] __device_attach_driver+0x2c5/0x470 [ 538.880461][T21054] bus_for_each_drv+0x183/0x200 [ 538.885263][T21054] __device_attach+0x312/0x510 [ 538.889856][T21054] device_initial_probe+0x1a/0x20 [ 538.894714][T21054] bus_probe_device+0xbe/0x1e0 [ 538.899312][T21054] device_add+0xb60/0xf10 [ 538.903479][T21054] usb_set_configuration+0x190f/0x1e80 [ 538.908789][T21054] usb_generic_driver_probe+0x8b/0x150 [ 538.914073][T21054] usb_probe_device+0x144/0x260 [ 538.918755][T21054] really_probe+0x28d/0x970 [ 538.923093][T21054] __driver_probe_device+0x1a0/0x310 [ 538.928216][T21054] driver_probe_device+0x54/0x3d0 [ 538.933079][T21054] __device_attach_driver+0x2c5/0x470 [ 538.938283][T21054] bus_for_each_drv+0x183/0x200 [ 538.942974][T21054] __device_attach+0x312/0x510 [ 538.947568][T21054] device_initial_probe+0x1a/0x20 [ 538.952437][T21054] bus_probe_device+0xbe/0x1e0 [ 538.957048][T21054] device_add+0xb60/0xf10 [ 538.961201][T21054] usb_new_device+0x1038/0x1c00 [ 538.965895][T21054] hub_event+0x2def/0x4770 [ 538.970137][T21054] process_one_work+0x6bb/0xc10 [ 538.974823][T21054] worker_thread+0xad5/0x12a0 [ 538.979337][T21054] kthread+0x421/0x510 [ 538.983240][T21054] ret_from_fork+0x1f/0x30 [ 538.987505][T21054] [ 538.989665][T21054] Freed by task 330: [ 538.993398][T21054] kasan_set_track+0x4b/0x70 [ 538.997822][T21054] kasan_set_free_info+0x23/0x40 [ 539.002596][T21054] ____kasan_slab_free+0x126/0x160 [ 539.007543][T21054] __kasan_slab_free+0x11/0x20 [ 539.012152][T21054] slab_free_freelist_hook+0xbd/0x190 [ 539.017357][T21054] kfree+0xc8/0x220 [ 539.020997][T21054] kvfree+0x35/0x40 [ 539.024641][T21054] netdev_freemem+0x3f/0x60 [ 539.028981][T21054] netdev_release+0x7f/0xb0 [ 539.033323][T21054] device_release+0x95/0x1c0 [ 539.037755][T21054] kobject_put+0x178/0x260 [ 539.041999][T21054] put_device+0x1f/0x30 [ 539.045992][T21054] free_netdev+0x34f/0x440 [ 539.050247][T21054] usbnet_disconnect+0x245/0x390 [ 539.055021][T21054] usb_unbind_interface+0x1fa/0x8c0 [ 539.060055][T21054] device_release_driver_internal+0x50b/0x7d0 [ 539.065958][T21054] device_release_driver+0x19/0x20 [ 539.070903][T21054] bus_remove_device+0x2f8/0x360 [ 539.075675][T21054] device_del+0x663/0xe90 [ 539.079845][T21054] usb_disable_device+0x380/0x720 [ 539.084704][T21054] usb_disconnect+0x32a/0x890 [ 539.089217][T21054] hub_event+0x1d42/0x4770 [ 539.093470][T21054] process_one_work+0x6bb/0xc10 [ 539.098195][T21054] worker_thread+0xad5/0x12a0 [ 539.102667][T21054] kthread+0x421/0x510 [ 539.106576][T21054] ret_from_fork+0x1f/0x30 [ 539.110827][T21054] [ 539.112997][T21054] Last potentially related work creation: [ 539.118555][T21054] kasan_save_stack+0x3b/0x60 [ 539.123065][T21054] __kasan_record_aux_stack+0xd3/0xf0 [ 539.128275][T21054] kasan_record_aux_stack_noalloc+0xb/0x10 [ 539.133919][T21054] insert_work+0x56/0x320 [ 539.138083][T21054] __queue_work+0x92a/0xcd0 [ 539.142422][T21054] queue_work_on+0x105/0x170 [ 539.146861][T21054] usbnet_link_change+0xeb/0x100 [ 539.151622][T21054] usbnet_probe+0x1dd3/0x2830 [ 539.156135][T21054] usb_probe_interface+0x5b6/0xa90 [ 539.161082][T21054] really_probe+0x28d/0x970 [ 539.165420][T21054] __driver_probe_device+0x1a0/0x310 [ 539.170542][T21054] driver_probe_device+0x54/0x3d0 [ 539.175405][T21054] __device_attach_driver+0x2c5/0x470 [ 539.180611][T21054] bus_for_each_drv+0x183/0x200 [ 539.185298][T21054] __device_attach+0x312/0x510 [ 539.189898][T21054] device_initial_probe+0x1a/0x20 [ 539.194759][T21054] bus_probe_device+0xbe/0x1e0 [ 539.199357][T21054] device_add+0xb60/0xf10 [ 539.203523][T21054] usb_set_configuration+0x190f/0x1e80 [ 539.208819][T21054] usb_generic_driver_probe+0x8b/0x150 [ 539.214113][T21054] usb_probe_device+0x144/0x260 [ 539.218801][T21054] really_probe+0x28d/0x970 [ 539.223140][T21054] __driver_probe_device+0x1a0/0x310 [ 539.228515][T21054] driver_probe_device+0x54/0x3d0 [ 539.233366][T21054] __device_attach_driver+0x2c5/0x470 [ 539.238578][T21054] bus_for_each_drv+0x183/0x200 [ 539.243269][T21054] __device_attach+0x312/0x510 [ 539.247866][T21054] device_initial_probe+0x1a/0x20 [ 539.252720][T21054] bus_probe_device+0xbe/0x1e0 [ 539.257329][T21054] device_add+0xb60/0xf10 [ 539.261500][T21054] usb_new_device+0x1038/0x1c00 [ 539.266173][T21054] hub_event+0x2def/0x4770 [ 539.270425][T21054] process_one_work+0x6bb/0xc10 [ 539.275115][T21054] worker_thread+0xad5/0x12a0 [ 539.279626][T21054] kthread+0x421/0x510 [ 539.283533][T21054] ret_from_fork+0x1f/0x30 [ 539.287784][T21054] [ 539.289956][T21054] The buggy address belongs to the object at ffff888114962000 [ 539.289956][T21054] which belongs to the cache kmalloc-4k of size 4096 [ 539.303849][T21054] The buggy address is located 3176 bytes inside of [ 539.303849][T21054] 4096-byte region [ffff888114962000, ffff888114963000) [ 539.317124][T21054] The buggy address belongs to the page: [ 539.322603][T21054] page:ffffea0004525800 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x114960 [ 539.332660][T21054] head:ffffea0004525800 order:3 compound_mapcount:0 compound_pincount:0 [ 539.340816][T21054] flags: 0x4000000000010200(slab|head|zone=1) [ 539.346725][T21054] raw: 4000000000010200 0000000000000000 0000000100000001 ffff888100043380 [ 539.355144][T21054] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 539.363557][T21054] page dumped because: kasan: bad access detected [ 539.369817][T21054] page_owner tracks the page as allocated [ 539.375360][T21054] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 21849, ts 534147804082, free_ts 534132623372 [ 539.395328][T21054] post_alloc_hook+0x1a3/0x1b0 [ 539.399925][T21054] prep_new_page+0x1b/0x110 [ 539.404261][T21054] get_page_from_freelist+0x3550/0x35d0 [ 539.409642][T21054] __alloc_pages+0x27e/0x8f0 [ 539.414069][T21054] new_slab+0x9a/0x4e0 [ 539.417978][T21054] ___slab_alloc+0x39e/0x830 [ 539.422401][T21054] __slab_alloc+0x4a/0x90 [ 539.426568][T21054] __kmalloc_track_caller+0x16c/0x260 [ 539.431776][T21054] __alloc_skb+0x10c/0x550 [ 539.436028][T21054] rtmsg_ifinfo_build_skb+0x7f/0x180 [ 539.441150][T21054] rtmsg_ifinfo+0x78/0x120 [ 539.445402][T21054] __dev_notify_flags+0xdd/0x610 [ 539.450178][T21054] rtnl_newlink+0x19d1/0x2050 [ 539.454689][T21054] rtnetlink_rcv_msg+0x951/0xc40 [ 539.459463][T21054] netlink_rcv_skb+0x1cf/0x410 [ 539.464061][T21054] rtnetlink_rcv+0x1c/0x20 [ 539.468319][T21054] page last free stack trace: [ 539.472829][T21054] free_unref_page_prepare+0x7c8/0x7d0 [ 539.478126][T21054] free_unref_page+0xe8/0x750 [ 539.482637][T21054] __free_pages+0x61/0xf0 [ 539.486805][T21054] __free_slab+0xec/0x1d0 [ 539.490968][T21054] __unfreeze_partials+0x165/0x1a0 [ 539.495917][T21054] put_cpu_partial+0xc4/0x120 [ 539.500440][T21054] __slab_free+0x1c8/0x290 [ 539.504681][T21054] ___cache_free+0x109/0x120 [ 539.509116][T21054] qlink_free+0x4d/0x90 [ 539.513100][T21054] qlist_free_all+0x44/0xb0 [ 539.517442][T21054] kasan_quarantine_reduce+0x15a/0x180 [ 539.522736][T21054] __kasan_slab_alloc+0x2f/0xe0 [ 539.527422][T21054] slab_post_alloc_hook+0x53/0x2c0 [ 539.532370][T21054] kmem_cache_alloc+0xf5/0x200 [ 539.536970][T21054] __d_alloc+0x2d/0x6c0 [ 539.540961][T21054] d_alloc_pseudo+0x1d/0x70 [ 539.545303][T21054] [ 539.547469][T21054] Memory state around the buggy address: [ 539.552942][T21054] ffff888114962b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.560844][T21054] ffff888114962b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 2033/05/18 03:36:25 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 539.568739][T21054] >ffff888114962c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.576652][T21054] ^ [ 539.583931][T21054] ffff888114962c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.591837][T21054] ffff888114962d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 539.599720][T21054] ================================================================== [ 539.607623][T21054] Disabling lock debugging due to kernel taint