last executing test programs: 5.913275916s ago: executing program 2 (id=1242): r0 = getpid() (async) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b705000000000000611088000000000004000000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x6, 0xc8, &(0x7f0000000700)=""/200, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000080), 0x10}, 0x90) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) (async) syz_mount_image$ext4(&(0x7f0000001d00)='ext3\x00', &(0x7f0000000200)='./file1\x00', 0x210802, &(0x7f0000000100)={[{@user_xattr}, {@init_itable_val={'init_itable', 0x3d, 0x9}}, {@grpquota}, {@data_err_abort}, {@grpquota}, {@lazytime}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x8}}, {@debug}, {@noauto_da_alloc}]}, 0xfe, 0x561, &(0x7f0000000ac0)="$eJzs3d9rW1UcAPDvTZvuR6frYAz1QQZ7cDKXrq0/JvgwH0WHA32fob0ro+kymnSsdeD24F58kSGIOBD/AN99HP4D/hUDHQwZRR98idz0puvWpOm6tM3M5wO3Pefek5xz7rnn5NychAQwsI5nfwoRr0bEt0nE4XXHhiM/eHw13cqjG9PZlkSj8dlfSST5vlb6JP8/mkdeiYjfvo44VdiYb21pea5cqaQLeXy8Pn91vLa0fPryfHk2nU2vTE5NnX1navL9997tWV3fvPDPD5/e++jsNydWvv/lwZE7SZyLQ/mx9fV4Djfz/42vmuf2eH5OinHuqYQTPcisnyR7XQC2ZSjv58XIxoDDMZT3+raKu1kyYKdlr1MNYEAl+j8MqNY8oHVv36P74BfGww9Xb4A21n949b2R2N+87Tm4kjxxZ5Td7471IP8sj1//vHsn26J370MAdHXzVkScGR7eOP4l+fi3fWe2kObpPIx/sHvuZfOft9rNfwpr859oM/8ZbdN3t6N7/y886EE2HWXzvw/azn/XFq3GhvLYS805XzG5dLmSZmPbyxFxMor7svhm6zlnV+43Oh1bP//Ltiz/1lwwL8eD4X1PPmamXC8/T53Xe3gr4rW2899krf2TNu2fnY8LW8zjWHr39U7Hutd/ZzV+jnijbfs/XtFKNl+fHG9eD+Otq2Kjv28f+71T/ntd/6z9D25e/7Fk/XptrcsTtlkI/Gn/v2mn5Nu9/keSz5vhkXzf9XK9vjARMZJ8snH/5OPHtuKt9Fn9T57YfPxrd/0fiIgvupyKlttHb3dM2g/tP/NM7f/sgfsff/ljp/y31v5vN0Mn8z1bGf+2WsDnOXcAAAAAAADQbwoRcSiSQmktXCiUSquf7zgaBwuVaq1+6lJ18cpMNL8rOxbFQmule3Td5yEm8s/DtuKTT8WnIuJIRHw3dKAZL01XKzN7XXkAAAAAAAAAAAAAAAAAAADoE6Mdvv+f+WNor0sH7LhNfvIb+J/r2v978UtPQF/y+g+DS/+HwaX/w+DS/2Fw6f8wuDr3/5FdLQew+7z+w+DS/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnLpw/n22NlUc3prP4zLWlxbnqtdMzaW2uNL84XZquLlwtzVars5W0NF2d7/Z8lWr16sRkLF4fr6e1+nhtafnifHXxSv3i5fnybHoxLe5KrQAAAAAAAAAAAAAAAAAAAODFUltanitXKumCgMC2AsP9UQyBHgf2emQCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMf+CwAA//9/PTo9") (async, rerun: 32) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 32) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000000)={0x30}, 0x30) (async, rerun: 32) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x28011, r4, 0x0) (async, rerun: 32) ftruncate(r4, 0x796c) (async) sched_setscheduler(r0, 0x1, &(0x7f00000000c0)=0x5) (async) getsockopt$inet6_tcp_buf(r3, 0x6, 0x0, 0x0, &(0x7f0000001040)) sendmmsg$unix(r2, &(0x7f0000002940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000840)=[@cred={{0x1c, 0x1, 0x2, {r0}}}], 0x20}}], 0x1, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 5.678878245s ago: executing program 2 (id=1245): socketpair$nbd(0x1, 0x1, 0x0, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xe, 0x4, 0x4, 0xbf22}, 0x48) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) connect$inet(r1, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r2) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x8c, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 5.470450263s ago: executing program 2 (id=1249): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r3}, &(0x7f0000000000), &(0x7f00000005c0)=r4}, 0x20) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) socket$inet6_tcp(0xa, 0x1, 0x0) socket(0x1e, 0xa, 0x0) socket$packet(0x11, 0x3, 0x300) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000180)={0x1, &(0x7f0000000280)=[{0x6, 0x4, 0x0, 0xe4}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r6, &(0x7f0000000c00)=[{{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000004c0)="0036d551863e1902129da79f5986e0529ef50e5398660c1a29b0f45c0cc36902e0251c8d34197b357b32b161f9ad72d55a7700976aae24ed805271b43f0ce2fea5e764494873e0d82a172b3bb54f59b458fd35039c7d81e9ab07f2fb4dad61bd500a118154c74a12e4569e47b69a95f92c6380af2bd003fa56f06a23bbd1c76d7756bf4fcaff0c23374ec7c4aadbb8b985f14893a91d750e168350685e0f4f079d2d8e79be174ef9355b70719c712c5d15d2e7505a8696b50738ece17b30c0fa017fd726c5fa809b98c3b53c48ff2a1e91a7137de88f1dc1e4f9f0eddd7522b3", 0xe0}, {&(0x7f0000000a00)="316f825a3d29f96a2093a917017b4cd30000000000000035ed313e19d6dd", 0x1e}, {&(0x7f0000000700)="f5e022a4d2ed0cf5f8b2e9857cb9af98da7aa60f7a1582aadeaef336f9139f6768452f868624c7e6ce0948f33f1a63e0fcf0f2df283b3ca3f1f4de26a8b575ccb465985e48f65b9a7fcc93c0a5be8b16774f7c7ca9848a182d6ee7c0f2b9c0e7030ed93ee34214c25c951279b18c8e5bfbc52152be37f5e2b783e2149be25180430ac63ee1bbe01fbb6125e65839ae5b02d542a97d1bfb1ca420b5405baaaf5ec6ad96af2814dbbea5a064f2ab6fc0904c07f02cbfadfb96866d962e6e21d3a0a0276a36e01b6edafd6c8461de7afec966f9c023ffe15c3c1caec8ff3ef3", 0xde}, {&(0x7f0000000800)="fff5c0293353db83a683db60266a3867d03f740f4e0a7bafe7be9b2bacb7c2d40bf1b2019dbde5f640c897ac57789fb8490642b47a96f0d03ec69d1f6e90e86be7fb3ef9e76969438283f5ed67232e172945aecaf6dd89d72d7a429ef6d0dcc5f0d9cc15dba086d191c0a8f23acdeb928805cae14ca8aec1241e5342ef1675f8b948568fe6229a3bb6b71418a123e62962d5fb073391000000000020d6bd0000000062b043f12bbc4c839da0f35d437b0add4957016a90d9925b1a09cfefc9387e21fc02f3c548f9c32e0949d36d91b1bdeef1ea6aa5946db4ba26180005216886", 0xe1}, {&(0x7f0000000a40)="560e78011ebeced7c4d4f4adc887d8a4c55ae9e6d3bae49259a935b480ee610812f5c5b35943bdb14ae21509b259f5eaf5f3a7b7ca845156bf64809dee25c0eadad25cac50b01aabdb713c8c9965a19e114c8bbc35054f68bf88c9786ed430aff1952b2498efc44341ebc815cb2ea201611173b2e9d5ca", 0x77}], 0x5}}, {{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000002c0)="02be09ad65c73fc5fbdafe1617323a4a3b2655cbbf36d137a6e542d2a2b303d25a64b2658972a9e0d9a1c80ac6e52d81e85ee9778c06ab2d681fed6f976eea2a1145b9d9a1038eb3d902fb2a4146954b60d59ef539d86c3d1e25c079bbee2d51a03d2d5470cc186a69edfca75569b185326d1af0ac4ea350550070d75404a02520ac2361da8bbba919b4cda582", 0x8d}], 0x1}}], 0x2, 0x0) setsockopt$sock_int(r6, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4) syz_usb_connect(0x1, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f0104000000090583"], 0x0) r7 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r7, 0xaf01, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), 0xffffffffffffffff) 4.093085085s ago: executing program 4 (id=1255): bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000f40)=ANY=[@ANYBLOB="9feb010018000000000000003c0000003c00000002000000000000000200000400000089bbe5d73d"], 0x0, 0x56}, 0x20) (fail_nth: 1) 4.010605248s ago: executing program 3 (id=1256): r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f00000020c0)='.\x00', 0x2000020c) creat(&(0x7f00000000c0)='./file0\x00', 0x0) unlink(&(0x7f0000000080)='./file0\x00') (fail_nth: 1) 3.520209697s ago: executing program 4 (id=1258): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) setsockopt$packet_fanout_data(r0, 0x107, 0x16, &(0x7f0000000100)={0x3, &(0x7f0000000180)=[{0x28, 0x0, 0x0, 0xfffff034}, {0x50}, {0x6}]}, 0x10) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) sendmsg$inet(r2, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0x2}], 0x1, 0x0, 0x7}, 0x0) 3.516267877s ago: executing program 3 (id=1259): setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x29, &(0x7f0000000280)=ANY=[@ANYBLOB="e0"], 0x1c) syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x1004010, 0x0, 0x0, 0x0, 0x0) r0 = epoll_create1(0x0) r1 = epoll_create1(0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r2, &(0x7f0000000100)={0x10000014}) r3 = dup(r0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1]) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x16, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x4d}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x9}, 0x80) write$binfmt_script(r4, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000180)) 2.321190302s ago: executing program 0 (id=1262): r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000), 0x901800, 0x0) (async, rerun: 32) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (async, rerun: 32) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000400), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan1\x00', 0x0}) (async, rerun: 32) r5 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32) sendmsg$NL80211_CMD_GET_SCAN(r5, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000c80)={&(0x7f0000000c40)={0x1c, r3, 0x719, 0x0, 0x0, {{0x11}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x28, r1, 0x400, 0x70bd28, 0x25dfdbff, {{}, {@void, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x80, 0x3b}}}}, [""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x2004c011) r6 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSF2(r6, 0x402c542d, &(0x7f0000000140)={0x0, 0x0, 0x0, 0xffff, 0x0, "4ae23ae17df2e98c69ba36c4095c911abad88f", 0xfffffffd}) (async, rerun: 32) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000002840)) (rerun: 32) ioctl$TIOCSTI(r6, 0x5412, &(0x7f0000000040)=0x3a) 2.202466847s ago: executing program 0 (id=1263): r0 = syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x543, &(0x7f0000000fc0)="$eJzs3c+PG1cdAPDvzP5smnYT6AEqIAEKAUWxs04bVb20uYBQVQlRcUAc0mXXWS2x4xB7S3dZie3fABJInOBP4IDEAaknDtw4InFASOWAFGAFyiKBZDTj2V131yYm9tp0/flIk5k3b2a+78UZv+dnZ14AU+tyROxGxHxEvBURS8X+pFjitc6SHfdob2d1f29nNYl2+82/Jnl+ti+6zsk8XVxzMSK+9uWIbyUn4za3tu+u1GrVB0W63KrfLze3tq9t1FfWq+vVe5XKzeWb11++8VJlZHW9VP/5wy9tvP71X/3yk+//dveL38uKdb7I667HKHWqPncYJzMbEa+fRrAJmCnW8xMuB08mjYiPRMRn8vt/KWbyf50AwFnWbi9Fe6k7DQCcdWk+BpakpYhI06ITUOqM4T0X59Jao9m6eqexeW+tM1Z2IebSOxu16vWLC7//Tn7wXJKll/O8PD9PV46lb0TExYj44cJTebq02qitTabLAwBT7+nu9j8i/rGQpqXSQKf2+FYPAPjQWJx0AQCAsdP+A8D00f4DwPQZoP0vvuzfPfWyAADj4fM/AEwf7T8ATB/tPwBMla++8Ua2tPeL51+vvb21ebfx9rW1avNuqb65WlptPLhfWm801vNn9tQfd71ao3F/+cXYfKfcqjZb5ebW9u16Y/Ne63b+XO/b1bmx1AoA+G8uXnrvd0lE7L7yVL5E11wO2mo429JJFwCYmJlhTtZBgA81s33B9BqoCc87Cb859bIAk9HzYd6LPTc/6Mf/QxC/M4L/K1c+Pvj4vzme4Wwx/g/T68nG/18deTmA8TP+D9Or3U6Oz/k/f5gFAJxJQ/yEr/39UXVCgIl63GTeI/n+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM6Y8xHx7UjSUj4XeJr9mZZKEc9ExIWYS+5s1KrXI+LZuBQRcwtZennShQYAhpT+OSnm/7qy9ML547nzyT8X8nVEfPcnb/7onZVW68Fytv9vh/sXDqYPqxydN8S8ggDAiOXtd6VYd32Qf7S3s3qwjLM8D2/Fv4upiFf393bypZMzG9nOiMW8L3Hu70nMFucsRsTzETEzgvi770bEx3rVP8nHRi4UM592x48i9jNjjZ9+IH6a53XWWefroyMoC0yb925FxGu97r80Lufr3vf/Yv4ONbyHtzoXO3jv2++KP1tEmukRP7vnLw8a48Vff+XEzvZSJ+/diOdne8VPDuMnfeK/cDLUfK/4f/jEp37wap+ytX8acSV6x++OVW7V75ebW9vXNuor69X16r1K5ebyzesv33ipUs7HqMsHI9Un/eWVq8/2CZ/X/1yf+Is9639Uxc/1u+gxP/vXW9/89FFy4Xj8L3y29+v/XM/4HVmb+PkB46+c+0Xf6buz+Gt96v+41//qgPHf/9P22oCHAgBj0NzavrtSq1UfDLWRfQodxXVObGRFHOzgg+7icEH/GKdRiyfcmDutv9VT35g97CuO9srfyK445uqkI6/FUBuPxhVrcu9JwHgc3fSTLgkAAAAAAAAAAAAAANDPOP7rUkTsTrqeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnE3/CQAA//8PK81u") r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$UHID_DESTROY(r1, &(0x7f0000000140), 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='hugetlb.2MB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=@base={0xa, 0x3, 0x807, 0xc}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002008007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001840)={{r2}, &(0x7f00000017c0), &(0x7f0000001800)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000200)='signal_deliver\x00', r3}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nfc(&(0x7f00000004c0), r5) capget(&(0x7f0000000380)={0x19980330, r4}, &(0x7f00000003c0)={0x3f, 0x44509d14, 0x3, 0x400, 0x78c, 0x6}) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)={0x54, r7, 0x1, 0x0, 0x0, {0x3, 0x74, 0x600}, [@NLBL_UNLABEL_A_SECCTX={0x2c, 0x7, 'system_u:object_r:udev_helper_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast2}]}, 0x54}, 0x1, 0xffffffff00000003}, 0x0) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wpan3\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r6, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f0000000540)=ANY=[@ANYBLOB="3c040000", @ANYRES16=r8, @ANYRES64=r0, @ANYRES32=0x0, @ANYBLOB="08000300", @ANYRES32=r9, @ANYBLOB="0c00060002000000000000000c00060002000000000000009800308005000200ff00000024000300bd13146d37a6f1da11dbe0caa95b82db1d375174faceb7ada422a21176b3866b680001801c000380060001000200000006000100ffff000006000300a3aa0000080004000000000005000200010000000880040005105d7ddc9d0f0c05882c5e5cc1c80000000c000500600f0000000000000cedbd00f8119788d424d40005000200000000ff00000500020002000000080004000400", @ANYRES32=0x0, @ANYBLOB="1c013080050002009f000000050002008f0000005800018008000400ffffffff440003800c0004000201aaaaaaaaaaaa0c0004000200aaaaaaaaaaaa0c0004000202aaaaaaaaaaaa0c0004000203aaaaaaaaaaaa080002000200000006000300a1aa00000500020003000000050002000900000014000400db4b3d2c7e9564563d47ed72d6a1b579680001804c00038006000300a3aa00000c000400000000000000000006000100fdff000006000300feff000006000100ffff000006000300a2aa000006000100030000000c0004000201aaaaaaaaaaaa0c00050006000000000000000c0005000000000000000000050002000700000024000300d94d1ad6ea151b5aa91e3b06414306f25666874612b49a1fa0b356bd05eb38c298003080050002005100000024000300e01f8d7da6d3f1362077122ca838a2c512610dae0bed22cd991fae8e9b631b6d1400040036820475b214fd7e12f6477558adcaeb24000300c632a40fa14598eb244e4be3921176261c3867c0373d1f10dacf78fd02c300a52800018008000100020000000c00038006000300a2aa000008000400010000800800040090a400000500020009000000a4013080fc0001800c000500010000000000000008000100010000000c000500040000000000000008000400040000000500020000000000440003800600030000000000080002000200000006000100030000000c0004000200aaaaaaaaaaaa060003000000000006000100ffff00000c0004000201aaaaaaaaaaaa240003800c0004000202aaaaaaaaaaaa08000200000000000c0004000202aaaaaaaaaaaa4c000380080002000300000006000300ef9c000006000300ddc600000c0004000201aaaaaaaaaaaa0c0004000202aaaaaaaaaaaa080002000000000006000100ffff000006000300feff00000c000500000000000000000008000400080000001400040062a187ef61dc13a684d3aad0451dff13500001802800038008000200020000000c0004000202aaaaaaaaaaaa080002000300000008000200000000000800010001000000050002000000000008000100000000000c0005000600000000000000050002000600000024000300054017f8c002d26ca5d2daaeafb3d4058b3e804f7cf71602caf76fd5057fd9af140004003a8abb6db8e0575985dd7a925a4a9bea080003009f6e7f625cb52433630c123d927c70fdfa3d1a79865715db34cd2951e0bf277e383243ba475dc675e7a69bc9ceb967abe9c65f6c2891ffdee3823f9874731ed35111fc0ac392677ac98296a5054691b583b446175bbd07a29616b88d1987930c3b7b081ca631df8e13a828c7302084126c70c3d5c84e5bc8e5897e1468d3b2f0bd977d2635fbd561f994cbcf2a8ef55801", @ANYRES32=0x0, @ANYBLOB="6c775054cc51206099955d6c3465a63aaeb0e7c30ce4f3a2bb1cd60c3a"], 0x43c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) rmdir(&(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00') 2.133750419s ago: executing program 3 (id=1264): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x2000480, &(0x7f0000000100), 0x85, 0x764, &(0x7f0000000f80)="$eJzs3c1rHGUYAPBnNknTptVEEbSeAoIGSjemxlbBQ8WDCBYKerZdNttQs8mW7KY0IVCLCF4EFQ+CXnr2o968+nHV/8KDtFRNixUPEpnNbLptdtNNm2TF/f1g2uedj7zz7My877s7w24APWs0/ScXcTAiPkwihrP5SUQM1KP+iONr691aWS6mUxKrq2/8ntTXubmyXIymbVL7s8ITEfHDexGHchvrrS4uzRTK5dJ8Vh6vzZ4bry4uHT47W5guTZfmjk5MTh459vyxo9uX6J8/Lx249tGrz3x9/O93H7/ywY9JHI8D2eLmPLbLaIxmr8lA+hLe4ZXtrqzLkm7vAPclvTT71q7yOBjD0VePAID/s4sRsQoA9JhE/w8APabxOcDNleViY+ruJxK76/rLEbF3Lf/G/c21Jf3ZPbu99fugQzeTO+6MJBExsg31j0bE59++9WU6xQ7dhwRo5Z1LEXF6ZHRj+59seGZhq57tYJ3Ru8raP9g936Xjnxdajf9y6+OfaDH+GWxx7d6Pe1//uavbUE1b6fjvpaZn22415Z8Z6ctKD9XHfAPJmbPlUtq2PRwRYzEwmJYnNqlj7MY/N9otax7//fHx21+k9af/314jd7V/8M5tpgq1woPk3Oz6pYgn+1vln6wf/6TN+Pdkh3W89uL7n2Xho3cvS/NP821MG/PfWauXI55uefxvP9GWbPp84nj9dBhvnBQtfPPLp0Pt6m8+/umU1t94L7Ab0uM/tHn+I0nz85rVrdfx0+Xh79stu3f+rc//Pcmb9XhPNu9CoVabn4jYk7y+cf6RerivqbwvsvXT/Meean39b3b+p+8JT3eYf/+13766//x3Vpr/1JaO/9aDK7dm+trV39nxn6xHY9mcTtq/TnfwQV47AAAAAAAAAAAAAAAAAAAAAAAAAOhULiIORJLLr8e5XD6/9hvej8VQrlyp1g6dqSzMTUX9t7JHYiDX+KrL4abvQ53Ivg+/UT5yV/m5iHgkIj4Z3Fcv54uV8lS3kwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAzP42v/+f+nWw23sHAOyYvd3eAQBg1+n/AaD36P8BoPfo/wGg9+j/AaD36P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYYSdPnEin1b9Wlotpeer84sJM5fzhqVJ1Jj+7UMwXK/Pn8tOVynS5lC9WZm9vOdDy75UrlXOTMbdwYbxWqtbGq4tLp2YrC3O1U2dnC9OlU6XWWwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAd1UXl2YK5XJpXiAQCNaDtHW42O3mCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA/798AAAD//+TuKn8=") open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) (async) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file0\x00', 0x120c480, &(0x7f0000000340), 0x23, 0x4d1, &(0x7f0000000b40)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FkmXvnmfLxli2jCUnsQnDYX/AYGxraZ/61JdC/4BCyZ9QCoH2vZTSEtr8eOhDWxXJV43rSv5BLCuxPh84uefcq6vv9yjWlc49F90AOtaZiBiLiK6IOB8R/en6TFpibb1UH/f40d3JakmiUrn5eRJJuq7+XEm6PJbu1hsRf/1LxD+SH8YtrazOTRQK+aW0nSvPL+ZKK6sXZucnZvIz+YWxkeHLo1dGL40O7Vlfr/7pk///+80/X333t7c/Gv/s3D+rafWl2zb2o5GuTe21HcZc73pP7bWo646Ipd0k/gLrSvvT0+5EAADYkep3/B9HxC8j4slr7c4GAAAAaIXKH/riqySiAgAAABxYmdo1sEkmm14L0BeZTDa7fg3vT+NoplAslX8zXVxemFq/VnYgejLTs4X8UHqt8ED0JNX2cK3+rH1xU3skIk5ExH/7j9Ta2cliYardJz8AAACgQxzbNP5/2r8+/gcAAAAOmIF2JwAAAAC0nPE/AAAAHHxNx/9J9/4mAgAAALTC9WvXqqVSv//11K2V5bnirQtT+dJcdn55MjtZXFrMzhSLM7Xf7Jvf7vkKxeLi72Jh+U6unC+Vc6WV1fH54vJCebx2X+/xvPtEAwAAwP478Yv7HyYRsfb7I7VSdSjdtoOx+lhrswNaKbO7hyetygPYf13tTgBoGxf4QucyHw9sM7D/36b2Lk8bAAAAL4LBn203/9+71e7mA+ElZiAPncv8P3Qu8//Qucz/Q4c73GzD9af1WtOzgO+1IiEAAKAV+molyWTTucC+yGSy2YjjtdsC9CTTs4X8UET8KCI+6O85XG0PtztpAAAAAAAAAAAAAAAAAAAAAAAAAHjJVCpJVAAAAIADLSLzaZLeyH+w/2zf5vMDh5Iv+2vLiLj9+s1X7kyUy0vD1fVffLe+/Gq6/mI7zmAAAAAAm9XH6fVxPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADspceP7k7Wy37GffjHiBhoFL87emvL3uiJiKNPkujesF8SEV17EH/tXkScbBQ/qaYVA2kWm+NnIuJIm+Mf24P40MnuV48/Y43ef5k4U1s2fv91p+V5PTyz8fjXHRvj149/XU2Of8d3GOPUg7dzTePfizjV3fj4U4+fPOfx9+9/W11ttq3yRsRgw8+f5HuxcuX5xVxpZfXC7PzETH4mvzAyMnx59MropdGh3PRsIZ/+2zDGf37+zjdb9f9ok/gD2/T/7A77//WDO49+skX8c79q/Pd3cov41df+1+nnQHX7YL2+tl7f6PRb75/eqv9TTfq/3f//uR32//yNf328w4cCAPugtLI6N1Eo5JdUVA5Wpfp19QVIo82VG+kbfde7t/nABAAA7LlnX/rbnQkAAAAAAAAAAAAAAAAAAAB0rv34EbKN8Xrb11UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC19GwAA//9I2dFh") unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[], 0x40) (async) write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[], 0x40) fallocate(r0, 0x0, 0x0, 0x1000f4) (async) fallocate(r0, 0x0, 0x0, 0x1000f4) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r1 = open(&(0x7f0000000100)='./bus\x00', 0x14113e, 0x0) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000200)="06ed036510495dbb5abfb09a3b34df8ab3ddffc945a891fbeb1fb548e668a016f13d4d285780b3f2e1b388c35cfdadb8530d40103e3e4965267a4bd2f59ff0e38d253eda58aef17afe45fe4a8b877fdf507a9b856983f8fbffe722076b2b231af7956a7dc651753197d5aae844ba37f28588385e1de40da016c146d3397a4df381a4d6f79e2aae08efcf6c5fa6a06909a2963ed098873778484bf7ced7c9dda77f34edf20a23d32a9aea4f43a11a20d40fe2c9c4e6eb9e95b12b2b0fcbfe5614db135ee5ae20f3b783287b3205d009517301e53667547e939063bcbd904a7d7e0ccdebcee5de76fcbfd079b77b8004e09e39ae1c06cf472b2275dff66de3d2496e66d9aa9d9cfdfcebf2e49eed20c02cdd465071f20c9b9467c1b2ad733d5ed219d182a2a9883c3d7e520748d9d612355eba7874e45eaef2a0640da9715212c418050ac01f8e9c599b61ce43d0f100e895f7229a9c965de0c9ecbf9071167d6dc9345ee3624161bd636aab1e3d08a41da1074445ee6962910d8c45a9b50a136c4d19d9cf2211e31a193566aa6d2a3f2c1712a1bf02d847ee6917336ab98162708dde4e71632be3d7d4cf1289a8183b3189201ff62ad81dabd3087f0a041363664da9b64cf21227f7eab9dadbdbf0ef4744b4d7e9a2ea57a7f532f0166e157a4a519463a5627c06a125f9dc881966c5a9e2edbd3104002eec0204fe78fb77a14d0ab0ac97f40ff9424112f4ce6500838f2aae0002c87a85d0958a363af1357f7dbe995a969bf489f1e544c879b72006bf9fbf94f77bd7c3d213b45d8e8e58e001fd833472e1f429f4d599f05fcf9ee5eb71f174912153e7c53c59b6f7cdec4c06d6985c33e4f952b7a07986fac451a1304bc8fea38cf43c4ddc18b39187de1e955aee2f9cc6a15c43449650a1a763c267798d29180d6c760a9464075c4a5e0dcc5255edf96ef35346346861bef13961b3eb2863b8f55c26e2bef6d77db5cc3232c7f49de6479f09b5807ef1c4c43b06e9ee8507d43100b23db8308d135529e371eb1bab751351f34776629196b6d81f1ce09064fb2d99f44eed1dc8b351f70d45ded0e0c855d72ac8d752479f931c4bb02fd375928293a5aa6d6c21bfccbb145ea28993af23bc3108f910bd3b0afb87f37ea4d0c1eb1a871a55a20158c4349e138c8a8d79d6f1d383a38d6bd90f93397e3aac9f3a41281f4b6ab48f5e43a1e754524a9c122d1e50d2b721f8a3178d182a4c260a4e3f7f8eb9795227fa382323ba02cd6ba72cc832ba9fe4618c689a137c50d36313fa7594fca8523fc1f3ba27da6c834d49a7aac5116b63a7d84e4a46a3c374f08990cbd41c33f3f9d2d56ea72ae8490cc6f957198a4d6915158559e9d43a0b3a8b4faa311741c528a6ced8a75302c8552ae6151bcb721fdbfb3d9455fb838cdaae4e5b3f5c5eaacc4b181948adfb2f02c8261071c81effa770cb8c299765fdc60ba07382fed1565c4bb3f7829959e62067a4a98a8f644847fdafbc0359137a7236997a63263ae9272b518545d887e149323ef1bbad14312a1abe89de81014abc927a04ddd687a1066751b0e0432fe74394493a6a605e5e83f55fc6301203534c648cb3efe55dee5ce9d9970ad7c3a7bda643c97174fd41ccde1b3ee2c27a96c5e67ff09a466ffc72efe5499b1100854644082469699598b10e5fd9a699cce1156e9c8e6f026b225a75c49a501c3b20a8d483e2837495baedbd23779ff2f3e6ed98ba36a4f6a201fb9df3a3ef44c269a7002dabed75ad9167d009913f20e12ce163965c1faf2f7a7c25594a61a850718649a1a1a273c5c069bd8479cd34d55ee7f7254df32fbff67c5c3cfebff08b02e30eabaa28037dc21a2087bae0711e61bb516857e743c0f15b9d27932def75bef086878cc2da89cc80dd0371a22668ecdc77cc3340a8cadce47c12cccebc51e2121269a5ccb428cf419a839d611017a47ac627efe5d8cd801e50b07425d39b97026f20bdbce8f61a2a66e4608a887b9469a8c0cbe4c616ff9a9013ba526f4d08109bd753743ed3dad682831ec7d6bea0bf876d286fd31e25f7f4af472ef8e369f3438dec61272363c57202ddc49d43466ee854129cfcc7bcb525e14732a1bf5f8e1a61edf043db048e633707204017267da275c1a795c8ec535b8a316caba42f75880d5b6e8b13d752ca709fee241d41fb161576bdd667be923f2c2ba4b57ee124e14e3fd74199d50c02b526d2fafbc68e33b8dcc26ac9a669e9f92e0ee23a748ca16683225a629cec99327c8eb17c506c3ee2c7e92085551898f74c1e9d556ab403883dfc5fa8724db0093b6333ba17edb385eca39e0b841bf5910636bbf6380b1f70b27e4a20157dcd0db4ce384d0ecd9bea84e4f7d11d467bec2a38126ac5c6a79a7c78f8f8411a591af13b53b90a9a8a9fb529fcdfda4127326362f6bd023409c2d889cd32a21a56bbdf5a314b30ce7ff67dd2bf157f4d9f090db4884401ecb2b1c5869a3e939bd164c30aac3884450d0bfc335f404df473acd21921c55d6b86c6df2a3c2e7afab33530ca398cb99e12167d5edaad6e4c1765c0bc2944c5157ff898ea5391547cb6b7cb1e979b6c7adf17f3367a439472ffa6a46a9563a3c6bbdea5526ffc3076727b384fef0e1bd722fe863352d5dfc145e49325df2202990ee0843bafe0ef139c12c481f4fc3d62da507c6dbb5525ce89aec92bef369e25985eaeef216025a5a2af7177551db28a747658f53f3b7cb2a5613ba343f73e955528ad5f6ec352fb4aed8e50a1fe473c93dada2543d4ddbd2c25e8ae8c35cc1c03306c6951cb2174c4c493737a9b37c85bf8a8b0574e50f3cbcae0b2f6c94ea0ef3db265c8d93fe631ff94962f1cadaaac7d958c9d99d824ae8bb63357b4481f1d607f3a073a16d0779274a8d7c184e5d8ae36b24961266faafa6329aea380fd2cff78a5813d73e04ff4295eff70b3ad6a919595b110467a5dfee96dddf62986dbcd0836117ed1f7a907c6e482bbe1463c7c853b1a5c4f8c00a4e7e4f31e84a3e57e6d11462a27a932e5d2b742201e19af849e5ba26d732f40c8b67affd5211fb11928bd0690612784b080c327b5c5d1de742018b8c7c90f9ed0bd54b1c9a954f1f799b258db2816e421efec1f93647d771c12cde4c4dcebf2970b2ca60cb34ac4d1d639cdb6228dc768891c68a4227fa1f0d30a75d6e61606cafa4f6ab2a656390e77f2d16ccc1e007f9919000496e98a7422a937e520bbd25b38a700f5e3554429f68e84dfb4323ea0c709ec614fd3bfd38a7b1ae17c3d02daf46b66d9f58da8b13804e5eb7b7c2a8a549574de7100f3a9d137bb018a12ea5ca8b2a3015c655f2f182fd345ab17df210896a5623c3692d70068765f7244a47c20e8a9df27670d1ba7c269945702c1316e2170adbd96ba62dc47bfb4763e0ef2a1fcfc07369d11476ff1ecf7ea2ae60be74d166b500137a44fa2009a0361cd291a1626cb7c80b083c78f15e83d3c8ad720ad62cda0cb53772aeb87379d6efa7746ce0f222d725dfc58c1aed4d779fdb718ff28e46e8d9b413e928ff284ac3c9093795307cabbde50dff56b9a7c88c678424f6c1d3c1bcc9203b62d4e1e717f3b22dc103e99eb1237d3906d89e06aa861acdaa54731772f1f4e3a63619de158274e533fb97e53032b3ddc473b564002964e6f069da2518650618f5235de47470b3d4a5ec27e613da50e9911fbe7bc117ef2d8cf50ab09e3f5bbb6c8ac6959a39554604bed825a97111107a38c2fe9d71825f7a92ec5001643cef0248f0301fd255a1cc4f1aae99533085d853295c5333851a16cafb5a02fa7dd210132714728d079c5443ff22bce40da6021d292ac68940e9cd20811b9fd35bfe1eb64743ee171bb13cce771854ac0897115afe1cf53cd2f89ef2e3bdcf7fb57fa2f22031742b43117d5490320a7c3ff4523f119095cbc53bb2f18d8a830fe6997bc35a91b5983ccf41915712d1266445b92566403936e28426f74bb11082405b8544974d301b48d52e65992f64806591cf085ee6449e144b7f862392043d735b2b22d525c0bfce5b921adf4dc5ffd4233fb1e53dfc6e0253e4ff5ac09d5604e457f32b6ba184a25f2cdb2a6ef32da8340957ddea8fa6a9f41c29ac1412d218d2ce81fca31c4cc838bd19ebc6db14e47b4dc9f0c2e8c52bacffb35f19e92666ac35f0f447f21dcebf4a2c91515d047d6b066ac4a506831661e2780768403cea851bf93173629887cb87cf96f1ed5a4f829764267367050932cc1897d2ce8260848268ceeefc2f4c92b9125cb4d2466ed44f1194ce92329014783254a3bc4f66600e02652e73276d37a86ac99882cf78d7e80fa7134f279312fc1b9e1c4a53d51cc9230c45e7bda3d38649de7190d60e6b48c2cc2728a1ab4b53655e72d378799e90e75312af4dc5b98bec31d177022cca04c2fb618d54e4c51d75ec8c16e63b470811a8fd21be8bd357ce9e1bf41a8f0bbcf609c5f1bc424cb3aff29d50f8114e6a1325e36d049bedffa40edc46d6afed4673f5fccc8133b8a2973f042be13de9ae9bbe6543ac99d199279972f43a0007cbe46cc56fe14b4ba454dd2f90a8bfd9e5cd006ede6bd91b20caada0e9614d54bdeef7dee4f4e8025e641f98561a3951cb87a44645bcb6c571d6c72135ff0848d7abb512128139636db46c6faf40188ef77636074ba9dee46877551187b9f5787d272d3bb7c4013a582976596beebd879e3f53853a6ad8dfd16333e2b852eae677c74ff172baa632c669f79df14655b15d68f440426bc318aff3a758ef137ccbcda287e8de748988ab0976b4d15d9ba88d5f64a0f9ca1426567488bdb27b3be47c6e51e2241442a2caa38fae9e44760450443339e14a9160a25ccf672dc689d056b9096a7181400b6413460319ca31cb001b99c6bc9adcd5d371d4f50400046dab93d9bad355f07ec0f3f836c8f92e67fae7501e4a02406826deb3d05d38ecb931b3b79015786fe534ccdec07302341be6aa82142bad2d951c4a2afabd4a95872bcc5a9d1b7169a688d0f0a057ac9b4e39dbf3b73fd130738fff05b9642cab1ef9bc1b4c9a620bb16c6fef954e624f0171be9a9fc44f8f98f9ef2b53a3bb7144fbc4a2ba9a339d94f86945f27518d77d5f46a63c10cf5d6f45231ec9d4502a94c2e2379682d2804b5b049753a855737ace32d10b103bac21e364a209844a3583b83472b3c89cdd0041f480d3118797f51778a4499fc7e7c8fca9251084acafbed71c7b5beb9c85e4d600cf92ef97651ac7a9cbb8b8474acbf795e4bd153684469dfb8d271ba16ffa4bbffdebeb3f470c7f54810b696f29584d6f0ffc514804db5df4bd41da8c4f0408297c14c87e8756dc67972494a1665f9943a9259722ef7a8feca75e956f65c02c5b5e46dbeb244412ea31ae39b54302de2243e4ea57a45722a6a163a88b2ce4d86d1e9662240690ec0a2af9a8637d2c7c0a10c8f69bc70ce0699d8f84ac41edfd1987817ded1d3cdca01af87741090f7bcf9a7be17d51bf290468c8cd5a22bb13b192ce09ecef120af8f9833051b6e8c2a0162f1d9dcdf091fb6e88cf2176045b69ce1df841d1d3b30bc9ad1e916cae7385e74925fc7e1fcc576a2704460abe22e4371666da5dfd27cb5cbdb7aeb535d87d59aea65c6322cd4f92aa3d31cfe5d57e5ab61aa0ef11a602ac76e12fc7b66ed47db0671723b37ad136b51fac11f3fbcd0d9e30c75c552f813eae8c6bfcf150d78099eb524ede0fe5c218a5d4acca72df56b2efc8edff9629a363e97235394201405256e048cfd7fc9504f42a2413f6d6590cee08cfaf4e72b4eb65e8e353b38c3d7bcf5eed3844939a40721848b1f95aca93cb3aa7bdb7727dc93cb2315e38281434cc136448f9373d2669d0f781e06c7ff2188cbb8b9b1ccba8aa0dddb2aa197af6eaa4fbd8de263593e54c032358a24564915caf4fbf3c9b22c84eba6fe386cd71c96986dd9865c653e0ac365517b9785c520d69dd5662938ae651a54fe141ae0b76817f10ef6f61df8037fa003a7fd101f429c731659e4aa2e5e963b35a7787df005024974618b66503ce3019aaffa78f47ff0c3b3c1f2ad68d07750e9d20ed824ad08623619aed1a3b1250c2f2106a7031406d0687db9e8a5fe0a0a460579c6bf9740f7bfb1340cf05496c70e93ffd2b919dfcc82469080e641d827172f6c2ba54e2e41da3fbc48f77b4ecfb7d2f9105ea46a5b99febc83ee1d877e1f5a28051b6aaa5379a5ec1032892726db9866ee02ff05787232ad566dbbcd3c5a424515a49cce3ee223c706423d6e2a62fc8bfdd2ae135e7d3091fedf752788f2d696b4c0058599fa94cbc2fcf0a3ca7897b084b5ee6a6637db35e3d94e9bbb214b22559d9b3cc82e1bf3b50e5190cb8f1740fb7f855a37a19d8e292214720bcb0509eee9fc21a593cc41719d45bedcf1d18857010d223e7930fc5c506707ca3af8238dd7bb60ed89296462f1c97c5a7e2c437446c98ddbdfece58a4c8e04839405bcf10cc94732a561a85dbbc2fd67612cb1da71cd895a58e979a31fedd0fdb5556f05442b55167a95b2e27aa76117e4e8094f371b13813aed29a50eb64b64dd2fdc98c583924a59f62046e139ea2eab14c55702aa49a4b513dc2ba855dcbc46f09e8c5d068b03f83b83fc9910fd0caac0d313f63196c2250e717e65d172a96326d447f2c08198a8b6d498206401471e9e80d3686b80601022705e8d2006864cf9dafc45ec32f9f9aaad9c81e9c6b9c2e84a44de6854f57afad57e56eb2cbb6d26c6afa6cf42e71a05f6cc7ee346a796f05c5204b4f01d985c7e6ef688ebbd145da8a5ee9a7afbc4d6963a6614cc5845d17ee9aeae583554b26212c70b1d7a6e990dfadd5dbb9bd1d50ade8ecc2e082a9115dc34a83d5d8c8a0cd6bb51fd330fd9a9a1df7417febce34fcadf02ef6badafcd638435ee08d86c421bb2f2f74ae9f2c12dfd407d4a9ae9bfcc5633c27a85e3d6dfaccc53fac813dec545eb43303424db85ef42a10856ea20cd803e1deb4f46c357a63cd30d4988bc693e7138143c16eb796124727001e25669fab4a0297c5d3632ec5c1c1b976439c2b6a7e220a146a49b3e13bef906fd33a3e7b546e21fb3e8dcfb4b65a42ca7011b584f2620fc07feefe0aca73718420117bbc4168fb7f824985dba2dbf17ab03d642a56b397e2da51c588a4debb1641e7a5f99536454c4e15e935801b1d7f9ba708902cfeea468271b84ea7786514768706358d7ad91af948c7f37955c3960ff2cf300d8f90d3480ffd8554ed029cdfbaa1b792def049731abae02b2902fb93f9f31e6cc2964d03da51ee52278323cce34e42e4c76772d6707f78a1b5d367f730c5a5bb6567f42d5e3a9f3fef95c70709a884353a55ce5ff4c53789dfaf1cf8d3fba503cd241bf4b0783fc534ea3fc6a36119f891cfd4565239475a5ad5e2b87651f45187e5958f5fbb57fa77611b8ab1bfca0d68d35679ea64587b7740de328dbf9c4718dd2be3f45e3874f5de0afa39a2b555bd0e1d01bf420776ecd458ac066e82d6e79b58b401759df52d576ec44243b43ec8ad7fe000d87d9ea5d0e22c2ac9a6620a05d2ec0274bc552fb5c84963b594fbc91d7efad0584d8dff18126c5be5c901444d3585f3a5bc21eaf62302c7e103aa76eea698784b3c972e72da73cf1320736424dad3d1f4628fe7667c5f4a6b3fe3f12fbe2b9eb53771b762a954f964001a9bb0f84274565b226ed33405e01d88963e1e8951e098ce6508b8369472beb8576627f0686dfc06a7659dd41996d41aabbe9820e22d03c71052bbae6171d2909e9730fbf72636311bf40961ef7de99e2c09e613038a1c809797089f07df10640d00bb210ec8de8e7900d5e2eb0a81a16afc1d39515e682b79598e69c19e20c636a98e6cc497c1893e870af9cf3bb1a8957ead7ebbe2c7475faea39b0aefacc1d648ed07b993e2046d3f15b42c5aa61e1483f53450bbc73b06a7ea25d9fee8a8070b999d5df8eb12b0ff733823e8183721fcc3cf7f1bcf58982365b66076f237c73259b8f85df0e00b5244b4b229b8b856b8b062f0cd07847dad57021367da983ede47b22fd3ed5cafe6cbe9305b2ef17ae3a6aa410a77cfb0f5f4d326d5101b08371156894f75fdbb779587f1363a519747bfab1b235e172fba6121de0cb530ed31fb9bfb441b55ee93768891afb4c757f60a077c669ed7f6ff5c0092a52394f3940e03714e294c703d6e1fa8a053459e62df0b25c3f0585e182ddec6d6bf956e9f0801e9c98e2d505399550d32b81958067dd4cefddf1be41479b360112003307b043cce774ac1beb0ca2e4cbab9aa2ab9af56f21dfc6d7bae1d4841ebe6ed26e1afd938bef44c20e4a2e46f8cb43e6505189b4ca000520f85482f4e827aff1ecd4587c0f4a9c485ef922a08a42b310064a249c9c0db8f95ec4470ef7bc01ab25c9bac7565796ca43365a075d8fcc6515c4d328288116b4bc809384526143035b8293cadf6c6a9bab71907ab07d8ba91f6dda9ced47c1d2c3e4219570466adc5bc22937d0f95ee0e9626b06c394c99321ce0273aa07b8d1d414ccb7205afdf5308fe5c8bc2c1c136da2351e0b02dc9d3121d5ff41a0c9e55287402826768babbc653477921daa7cdfbfc37759af15b43f6cffa2efd80ae701c01fac6dfc346b098f2650b053efb1fed76593159af5c1d169e17b6daf7e258c74fd20d5d2eb6bad5eaae2fc0ac757e5190f852c38d51e9442af13790da6d95bf4e74728042fad7e371ed231e393ee91a8f175af03b106dbc3c016a983c0963298aad19b565f179ed7c6bedbbc538cebb9060db8599e4aeb790ec583ca070148e593faf5e70f3d1eae9ab2b7daad26acf002d205d5d462cf987a8486d4f5ecd206d797ead4f9fecfbafc607cfb4777f70f304330fcccd66762f13508494138b55a83a1846c17b7779df1ffb17fd2b73e93a8d26a0f72ab309b33f67038272c73bad5a36f0db25f0e468a69f6a07b805fab06548bcb900026b616e7ac748fa522f2dca442adbde9d4f92bb3e3a537f41e694939a7ba71b4cca906edb99dd25ea6bee18fe64eea2f01b2a1f55e027682fc6e6f87260a2cd1999e1007220290a9dac3067cf0268ebf0f14614bac5be3ac12f044ba73aa9aaf155c840db023a1d5352ddef288b036b8b71f90a88b559faba3d57d767c35f90bb19446e89da1940e6dc03d24cc272c0c64e90d9ab5c88c154c762c8bc539ce608ea76364b3bdfaa57b2ee4ebf9b4c6c137271589cf221c53e6f4a761da9de5ff49f357996e35f4a63b3e1d280032a7f29f2129488c9e13846f0f61e03150d22d7b4ac61981c8348f38d217fa34ad13ce2ec3651262dad4d39d04358620fab6d2cde9e377b1b7733e648040779af6a8ebc24fede7e00a5479078ef9a0390c40dfb7d66cd5bb9c760c09eb216994a5afa243b172c31ad6b13f00dcdded91c3ec1b50d6b1e29627e8c8093d9695feb2b5e837ce15a324cc7e6f689e3a5f2b05dbce2b0fb75024b743e46c329cb2b7a716a33f3cac34619fd4a0ac9bc1f38d7d710822989afe580a7b2b20a1f6524868a1a7695c7642f265f97a287c456a5da246c04e14fc87a75ca1e70a33be5490f5e74d98ad7a954847ab8c4e6ca494efabbba284f83ebe0c8fb94eec90c642b839b583d60fb13255c2c1e05f424cd6819e7c926baee7ad12949f5b6a030956c8418df0dc16fd7df32eeee17f3ba41ccf0810e266a848ece657c7a6d9759c1f5b19f9868cca496073f92e6a4d94c4707367cd0f4db484f530224209d38b307d0d51c4b77ca9d61e558e54b59fb1be8b790651df3d76a8e2fc420225fad67f4cfa4422fa62db40a78211a747740f9122608eb2dc9e4db6c117b471a16144437d0de9efafc756c39af55bac624eb56b446c285ce34d462966d233fe7b5f8e2aa74277ac73bac38ef901ce8c78998f291c5d743a3b457a639844830ed33d2ef83590eb6156d4af60a9e38b08b4d74fed32ff2aa4fda91cba2ab8e91ce1b92c5e2d45266372c115a0c914ab3b5d2469064278b14566181df84fd4ead02ea09d6718fdadaae17b79499c759eaaecd2968fcf9097a21c983f7bb03aeed4691063269ed195c9480a7b31170f02abad9b81d776bc40194279e463b895689f6aa96bbcc4a31b596d3177fc119443a6b219346c62cddf7e3f0242c257e78a1d8c87b6abf2398cd47fa3a3880abcd015a029305ca047b116f0e44653f25ff6500cc8b4872c19097a752b8c3596cc6b2d79305be47c8a4ec8a786342c7e376c68b54d6f1f00e91ccb9f94bf09443c8373ff573c7bbc6a2e93fd4a6ba52420e99795b5302427cf125c71095b1d8864c3f27672788e243b6cba8d658b008460266f74e67401a4da15cee43955511cc98d8ac97c7a20ecabb62e860b5c13f8d38fd75bfe1abc4eab1a58aec38e5febb4cd64f8abe508c4ba446df9f57800f1f81785b41f91eb1fc477e43ac912d4c3f7e67a22d6b4f816498c374e40483a3ea7c851983e61c38fb071c4f0522b16b87a5748ffacf5413e621fadc51c18240ea6349f11b5238b35a45bd05a5500bfb686d56b9cc72bd27bfa496f3b27eb8f6f628477ef15c64fb7ba4037a3ba2ea7c6eb8e619ea18c25fa93e618c829b08166b90e75000461d8f1ce4e0645505d53820d8c2107670cfb98073afc09153da205863ea96ed5d78976008d29f6d98b132836c8300ba5465385b682eefbbfbf1c343cd66554bbb5f59b0d2a1c81e42826f6e00c88bd2a52b96ecd36f81b2a63bb234fc708e957a7226364582ae849995514c75f0770eb273719c3e5559e282727a46ec3a1a127a31b99af1b9a42a95521e37c00cc5d030dc4ea4969748e56843d8dad14c8344f34e13d3cadfef863e0124ee9e226750144a43c41f5d8dc0d4a7beaa34b86e89c130d3feb0d00293e65b599ac502072a744f21bcc4677689ad1b1faa45a3f7c00eecaa311c49279b759039e710e321270ed3c0cf8d383b1871de63d2e8af90a0a5e50c815ec544a3f26c116aa60c18f3571c3a6d14c8e098713b43a0d2a18a8be13fe3525dbba9fac9e475fd69bded39e3277d027177e0e3c2c7d731e87d4f9c02c736c8e30f71a87f456e8a06a4f96afa03180e9d6d1a2b610a75e6348c2d62d4a53a28a99d58ddb34a7f8a7c3c66026d3638d92f7557454efbe75fd5ff5bda10f4f062c20575ff945af8c6861391319b5c857056aa900ceaad98209eb75b3d105b29e00184daee3a7a0071b37dd44ae70218cf46a33095577d9e6dec03e2490bd934f569aa39c6a6d3630b8074431cda4d8c8835907f6a13f56adb132053f049263b793b080417b6f94a9e01f7d1531f804132f4813d2c2f198ab67c2a67073347dec7ebcc4d5dd9ed661947689a5004b9cb3e8c3b270626334674a4a7176b2c0a66801a1a7e40947c93b0f79c7e0d4908ef97f9417e18b3c0daae34d8bf499ede931115ebb383ce4f368027f257685e5260653a7f821cb095b10f7166a54f78892ffceef1b22ff0993b4ea855029e229e35add86a2ebca7d3a2e3650319c38af49641bbced2fff6817f4", 0x2000, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) (async) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) write$binfmt_script(r1, &(0x7f0000000080), 0x208e24b) write$UHID_CREATE(r0, &(0x7f00000003c0)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', 0x0}}, 0x120) 2.12985084s ago: executing program 4 (id=1265): clock_adjtime(0x0, &(0x7f0000000700)={0x100000000006500, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x240e, 0x0, 0x3, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) socket$inet6_udp(0xa, 0x2, 0x0) add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r0 = gettid() io_setup(0x7, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r1, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x7ffff000}], 0x1) readv(r1, &(0x7f0000001240)=[{&(0x7f0000000040)=""/73, 0x49}], 0x1) 2.058288942s ago: executing program 0 (id=1266): r0 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0xa382) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000040)) (async, rerun: 32) r1 = socket$can_raw(0x1d, 0x3, 0x1) (rerun: 32) symlinkat(&(0x7f0000000080)='./file6/file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file6\x00') (async, rerun: 32) renameat2(0xffffffffffffff9c, &(0x7f0000000b80)='./file6\x00', 0xffffffffffffff9c, &(0x7f0000000bc0)='./file7\x00', 0x4) (async, rerun: 32) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file7\x00', 0x0, 0x0) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) (async, rerun: 32) r2 = socket$packet(0x11, 0x2, 0x300) (rerun: 32) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'ip6tnl0\x00', 0x0}) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000340)=0x80, 0x4) (async) sendmsg$can_raw(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x1d, r3}, 0x10, &(0x7f0000000240)={&(0x7f0000000100)=@can={{}, 0x0, 0x0, 0x0, 0x0, "5d5901d3284a3d58"}, 0x10}}, 0x0) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100), 0x4) (async) r5 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x40, 0x40, 0x5, [@struct={0x0, 0x2, 0x0, 0x4, 0x0, 0x0, [{}, {0x0, 0x0, 0x800}]}, @func_proto, @var={0xc, 0x0, 0x0, 0xe, 0x2}]}, {0x0, [0x0, 0x0, 0x0]}}, &(0x7f0000000240)=""/154, 0x5d, 0x9a, 0x1, 0x4}, 0x20) r6 = syz_btf_id_by_name$bpf_lsm(&(0x7f0000000040)='bpf_lsm_inode_listsecurity\x00') bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000080)=@bpf_lsm={0x3, 0x4, &(0x7f0000000300)=@framed={{0x66, 0xa, 0x0, 0x2, 0x0, 0x61, 0x10, 0x7e, 0x1}, [@call]}, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, r5, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r6}, 0x90) (async, rerun: 32) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x10, &(0x7f00000002c0)=@raw=[@alu={0x0, 0x0, 0x1, 0x4, 0x8, 0x0, 0xfffffffffffffffc}, @btf_id={0x18, 0xb}, @cb_func={0x18, 0x9, 0x4, 0x0, 0x7}, @map_idx={0x18, 0x7226a8b7102d6a35, 0x5, 0x0, 0xa}, @printk={@x, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x5}}, @ldst={0x2, 0x1, 0x4, 0x1, 0x0, 0x8, 0x10}], &(0x7f0000000340)='syzkaller\x00', 0xee97, 0x79, &(0x7f0000000380)=""/121, 0x41100, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000400)={0x4, 0x3}, 0x8, 0x10, &(0x7f0000000440)={0x2, 0x1, 0x101, 0x7}, 0x10, 0x0, 0x0, 0x4, &(0x7f0000000480)=[0xffffffffffffffff], &(0x7f00000004c0)=[{0x5, 0x1, 0x9, 0x7}, {0x1, 0x3, 0xb, 0x4}, {0x4, 0x1, 0x7, 0x8}, {0x1, 0x1, 0xf}], 0x10, 0x4}, 0x90) (async, rerun: 32) r8 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) mknodat$loop(r8, &(0x7f0000001600)='./file1\x00', 0x0, 0x0) r9 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r9, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, "ef359f413bb93852f7d6d1ce5d29c3ee5e5cff000f7c41499dc2aac63a4b78c660e677df701908b9aaa3f6a00400", "036c47c6780820d1cbf7896de1fdcf335263bdbcef549ba197fce47ddfdd753abd9501ce721b6ae9b49600002a00", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00"}) (async) r10 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000600)=@o_path={&(0x7f00000005c0)='./file0\x00', 0x0, 0x18, r0}, 0x18) (async) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) pipe(&(0x7f0000000040)={0xffffffffffffffff}) vmsplice(r12, &(0x7f0000002100)=[{&(0x7f00000001c0)='H', 0x1}, {&(0x7f0000000100)="18", 0x1}, {&(0x7f0000000480)="2cd74857ce196be78013be4e96b4a944539de294b1ff920a037b7859688fb0204a119cabc46fbe670bb0b9bb400380707b03003edbd66e59472c17f7cab543f86cc749ad1357ba9aca9c341cdac5e2704a90eff1a895e1a0e119ed7c667720ff015d5fac259b5f69058f067e7bdb8b0b1f66b617184950dc037160380f14207789c4b90146e83551f3f75797cf6c3e31c12eeb25bcf6b1114fd5e0b1a5bb6b4763cbefd7862a43ff7020c61c97a22e17705545c16d6f8101c4fdecedf16836d667f85024c834119c64335d2d32572c2e1c3bc9509267c529df8bf2f5d60ba6f3fcf75226c6e3a99975665e2f55b398e0ca55dfcddd1af71c7a9365fb97eda189a676014260b671dc28e19177f57e37809283b4cba8eb3669b817b1ddc1faef9ed69137fee5b518e3894edd3c2a058b978c8d9aa483bb7129371962b149cdf11cbd094474227de5bd6d410d7fd7f78230e0d73761bbae9f16badd3ff8a41f34262a83b0f5f0616edb0a1f406b764ecbb0644960ad0a0627d08a73187d7cdfada7c5c4e25bbd32a7c37ca6b7c51caa4e8070983c8011549b6509779d7946bd97f230b38277fa4965cf15efc6ca909ccf4a773a555fac43a51257b6ad8e3645618871b6884a28e03d136233981dc2ce721e37c9b2855c93344e8b02713e34f9267e00b179258f5fcb87cc586d3f0ac084e059475e6b522beb21ac223807513c7c1433b1b4741dfcc3ff2a7ffa4c4fdeecd77a7dfe95e7f7489e3cac7e6b76b2e725fd02e7ca0d37aa9a84c4413de31c75fc857039ac714bf93f7930aaada4c9f4a93b89a4646d5244b25b4d1078b73d4ac097de4336e727bd055e713b47d62ee1ae07282f057a27951f2a792bd5ad4e6387c40d1761f5826c71578379a9fb266f15c101f5251cc86d3281442e5980fd5029abc503bd312c8beeef939e827b5fa2ba47b94650d7cbee65023d93773e292ee2821fa42a0ddbe946e9026b2c41b09bd0a8d6e67afb0cacaba15e34296ac25180ee28cea19478bd4084c36ca832e246fce2f1caf86e92e52845e39940ab732be7adecd6351c41711a5cad0a13fa7608e8ac491fe495952a5c41733ed0aa7f54ed69797222e39ffd87fc166cecb585b454cfcba1c6c9f993acd29adab0c3a3e10461c7527931d360892677b917488a1072f4d89600901ae46ea6d86000613ca9bfff1b57817e646ebf45c049a86658c6f0379921a4ed5903e6e7efe831c60eaf7332bcf3d7f1b1904e37db56eccf9dec3a18fb0bfc170d66f5c034bfa3ae87bdfba35ca678e08ef2a54ce3f67826721a0d33ef3a253b16e9f930fd137679fe9083927f1a01fe76e2a94341363897734f59653315948c7bb7f4652a6ee17b0c60001a0883f18122dc371ebadbb10817691645d1838cd33b3b3ae73c8888538063b6941f71dc4c09f7ee9fe35de0fe43655b9a", 0x401}], 0x3, 0x0) (async, rerun: 32) r13 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000680), 0x8000, 0x0) (rerun: 32) bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x5b43d6109c17ee6d, 0x2, &(0x7f0000000080)=@raw=[@call={0x85, 0x0, 0x0, 0xbe}, @ldst={0x0, 0x0, 0x0, 0x0, 0x6, 0x1, 0xfffffffffffffffc}], &(0x7f00000000c0)='GPL\x00', 0x96b, 0xb7, &(0x7f0000000180)=""/183, 0x41000, 0x0, '\x00', r3, 0x31, r4, 0x8, &(0x7f0000000240)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x5, 0x8, 0xff, 0x7}, 0x10, r6, r7, 0x7, &(0x7f00000006c0)=[r8, r9, r10, 0x1, r11, r12, r13], &(0x7f0000000700)=[{0x0, 0x1, 0xc, 0xa}, {0x4, 0x5, 0x5}, {0x4, 0x4, 0x7, 0xa}, {0x3, 0x1, 0x0, 0x5}, {0x1, 0x3, 0x7, 0xc}, {0x1, 0x4, 0x10, 0x3}, {0x2, 0x4, 0xf, 0x1}], 0x10, 0x4480}, 0x90) ioctl$LOOP_SET_BLOCK_SIZE(r0, 0x4c00, 0x0) syz_open_dev$usbfs(&(0x7f0000000000), 0x2, 0x40000) r14 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0) ioctl$EVIOCSKEYCODE_V2(r14, 0x80004508, 0x0) 2.054713032s ago: executing program 2 (id=1267): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) mmap(&(0x7f000000d000/0x1000)=nil, 0x1000, 0x0, 0x11, r0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_udp(0x2, 0x2, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/syz0\x00', 0x200002, 0x0) unshare(0x22000600) ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, 0x0) socket$inet6(0xa, 0x80002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) sendto$inet6(r2, 0x0, 0x0, 0x0, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c) ioctl$SIOCGSTAMPNS(r2, 0x8907, 0x0) recvmmsg(r2, &(0x7f0000002040)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') pselect6(0x40, &(0x7f0000000180)={0xfc, 0x3, 0x0, 0x100, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b40500000a0000006110180000000000660500001d0000009500bc26c733c6538e685d19000000000000c0db2156f2f3376a2ad796c4aa79046f3b152bc873eb42ed4e19a325db14626a064eea8e"], &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x48) 1.85068972s ago: executing program 1 (id=1268): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='nobarrier,mode=lfs,fsync_mode=strict\x00acl,\x00'], 0x21, 0x551f, &(0x7f000000af80)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DCJmy6H+it6i5+YJey6sGTpkkasptkSpOmtScPHsWD/4koePLo3+DBszcRUbwJSmYm69YPWG2a2O3vB5Nn3jdvnjxvKKXPTEkAJ9Zi8stPpbgU5yJiPiIuRmTnpeLIrObhuYi4HBFzjxylYv7hxOmIOB8Rl0bJ85yl4qlPrw6v3PzhjZ+/+ubMqQufffnt7HYNzNrzEdHdys93u3lMW3m8X8zXhu0sdm8Mi5g/0X1QjNM87jY3sgy7tfG6Whavt/L16dZOfxQ3O7X6KLbam9n8Vi9/w/6wNc6TveB+bTsbN5obWWz30yy29vO69vbz3237/UGep1Hk+yBLH4PBOObzzb1mvp+tB1ms9wbFfJ43bTT3RnFYxOLtop52GlkdG4f5pP/f3mz3dvaSYXO73057yc1K9YVK9Va5up02moPmjXKt27h1I1lqdUbLyoNmrbvaStNWp1mpp93lZKlVr5er1WTpdnOjXesl1WrleuVa+eZycXY1efXuO0mnkSyN4svt3s6g3eknm+l2kr9iOVmpXH9xOblSTd5aW0/W7925s7b+9nu337370trrrxSL/lJWsrRybWWlXL1WXqkun6D9f1QUPcH9w6GU/t3yM0dVB8Axov8HZmEC/f/DP+UO9v/b9yKOvv+P/97/z4/r1v8fs/73pPf/R7B/OJTH6P9/nEYdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM3XcLn7+WnSzm4wvF/FPF1DPFuBQRcxHx29+Yj9MHcs4XeRb+Yf3Cn2r4uhRZhtF7nCmO8xGxWhy/Pn3UnwIAAAA8ub748PInebeePyzOuiCmKb9oM3fx/QnlK0XEwuL3E8o2N3p4dkLJsp/vU7E3oWzZBayzE0qWX3I7Nalsj2X+QDj7SCjlYW6q5QAAAFNxsBOYbhcCAADANH086wKYjVKMb2WO7wVn/3n/xw3BcwdGAAAAwDFUmnUBAAAAwJHL+n/f/wcAAABPtvz7/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4nZ27yUkeiOMA/G+hL7xfkRj3XsUdHMMjuHRJOICX4Ah4BS/AGXDnEQwY2vqBwY+kUxrJ8yRlmKb8OkNgMTPNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC06b5YTG6n5zdNc9abZtL0BgAAANhnVSwm5ZtRVf9bn/9fnzqt61lE5BGxb+zei187mb06p/jg+uJdG+4iyoTtPQb18SciLurj8aTtbwEAAACO13I2H1ej9epl1HWDSGb69SXVpE3+7zLRLbOIKEYPidLybd5ZorDy992P60Rp5QTWMFFYNeXWT5X2LeXf/WXWbvimyKoi//zzyfoOAAAcUG+nOOwoBAAAgEO66roBdCOL56XMeilwUD55/7q893unBgAAAPxAWdcNAAAAAFpXjv/t/wcAAADHrdr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDatisVkOZuPm+asN82k6Q0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBP7844CIRAGYbB3fWcy9z+sNGhqalIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPbQqAIBCGwa3s6194/8PGC3qGCGZAeNhFQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH7knrGMU+uMLfFUVcs0sWfcq+rIKnFmlbhyoY8HW//wRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDLzv28xlHFAQB/M5PZplVxjZJDRCx4sBebbJV6FA9K8OCfIIR0W2O3/mhzsKUouXiTnHsRPYoISrz1f+i5hV7qrYc9VPCszK/kpQ10U9qZbfbzgTfvO9Phve+bhZLvvkkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhn/OFenBWHfhWn9bXbD66vF/2dh/rCze27S0Ur4qTNpJ8Pb8QnyWJ0Mt9+MgAAAMyGrKnvQwj38p3Vok/7Zf2fN/cUNf/PL1VxU88/XPc3fVP7F+2vP++/tjtRv5qnGPT8xmi48mgqvWe3yun28mPvmCuffPndS1Z+IOknW6+O8/J5Jj/euvVRrwyPtZEtAPAkTjd9HTQ/DxX9oMvEAJgZc3ULUf2f9bvNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAN463wQhMnIYSlub24cOfB9fWD+pvbd5eadvbGje14zGKIPIRwfmM0XAnzLa5mul25eu3i2mg0vPzY4PsJ7jlU8GYI4akOeIjgg3r5Fz+b4OYQnlEaJztZ+8wFaf1hT0s+z0fQ4X9KAAAcSXndirr+Xr6zWlxLFkL475f99f/bURwmrP/vf372djxXXP8PWlvh9FvevPT18pWr197ZuLR2YXhh+OV7Zwbvn6r/cWM0XFmuvjEBAACAJ9WrW1z/pwuP7v+fiOIwYf3/zU+D7+K5MvX/gfY2/brOBAAAYLa9cvLff5IDrie9Xvh2bXPz8qA67p6fqY4dpHpox+oW1//ZQtdZAQAAAG0YbyX79v/PRXGYcP//xV9f/z0eMwshHK/3/0+vfzU6195yplobv07c9RoBAADo1vG6xfv/efn+f7r7ykMaQjj1VhXXfwZwovo/+/iH3+K54vf/321viVMpXayeR9kvhjC32HVGAAAAHGXzZeuX9f/f+c7qF3+c+LTn/X8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAtv0fAAD//0caO5c=") ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000040)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc0185879, &(0x7f0000000140)={r1, 0x0, 0x5e}) 1.689801326s ago: executing program 0 (id=1269): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xce, 0xce, 0x5, [@datasec={0xf, 0x7, 0x0, 0xf, 0x2, [{0x2, 0x9, 0xffff}, {0x1, 0x6, 0x3}, {0x2, 0x80000000, 0x9}, {0x1, 0x3f, 0x7}, {0x1, 0x8ffd}, {0x3, 0x1fb, 0x6}, {0x2, 0x5, 0x86}], "111b"}, @volatile={0xe, 0x0, 0x0, 0x9, 0x1}, @restrict={0xa, 0x0, 0x0, 0xb, 0x1324}, @ptr={0xa, 0x0, 0x0, 0x2, 0x1}, @enum={0xe, 0x6, 0x0, 0x6, 0x4, [{0xf, 0x4}, {0xc, 0x1}, {0x2, 0x5}, {0x2, 0xfffffffd}, {0x9, 0x1}, {0x2, 0x101}]}, @func={0x5, 0x0, 0x0, 0xc, 0x5}]}, {0x0, [0x61, 0x5f, 0x2e]}}, &(0x7f00000005c0)=""/4096, 0xed, 0x1000, 0x0, 0x7}, 0x20) r2 = dup(r1) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000001001600000000001000000020000000000000009500000000000000c23a2272440e2fa501e1247b1f45c16cb652a6b51db9bd50414925b4875d67cf"], &(0x7f0000000240)='GPL\x00', 0x3, 0x9d, &(0x7f00000003c0)=""/157}, 0x80) syz_usb_connect$cdc_ncm(0x0, 0x7c, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6a, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x12}, {0xd}, {0x6}, [@dmm={0x7}, @dmm={0x7, 0x24, 0x14, 0x6}]}}}}}]}}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) ioctl$KVM_NMI(r6, 0xae9a) ioctl$KVM_RUN(r6, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xce, 0xce, 0x5, [@datasec={0xf, 0x7, 0x0, 0xf, 0x2, [{0x2, 0x9, 0xffff}, {0x1, 0x6, 0x3}, {0x2, 0x80000000, 0x9}, {0x1, 0x3f, 0x7}, {0x1, 0x8ffd}, {0x3, 0x1fb, 0x6}, {0x2, 0x5, 0x86}], "111b"}, @volatile={0xe, 0x0, 0x0, 0x9, 0x1}, @restrict={0xa, 0x0, 0x0, 0xb, 0x1324}, @ptr={0xa, 0x0, 0x0, 0x2, 0x1}, @enum={0xe, 0x6, 0x0, 0x6, 0x4, [{0xf, 0x4}, {0xc, 0x1}, {0x2, 0x5}, {0x2, 0xfffffffd}, {0x9, 0x1}, {0x2, 0x101}]}, @func={0x5, 0x0, 0x0, 0xc, 0x5}]}, {0x0, [0x61, 0x5f, 0x2e]}}, &(0x7f00000005c0)=""/4096, 0xed, 0x1000, 0x0, 0x7}, 0x20) (async) dup(r1) (async) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000001001600000000001000000020000000000000009500000000000000c23a2272440e2fa501e1247b1f45c16cb652a6b51db9bd50414925b4875d67cf"], &(0x7f0000000240)='GPL\x00', 0x3, 0x9d, &(0x7f00000003c0)=""/157}, 0x80) (async) syz_usb_connect$cdc_ncm(0x0, 0x7c, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6a, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x12}, {0xd}, {0x6}, [@dmm={0x7}, @dmm={0x7, 0x24, 0x14, 0x6}]}}}}}]}}, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async) dup(r4) (async) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) (async) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) (async) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) (async) newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) (async) ioctl$KVM_NMI(r6, 0xae9a) (async) ioctl$KVM_RUN(r6, 0xae80, 0x0) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) 1.60647979s ago: executing program 1 (id=1270): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ_RESET(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000400)={&(0x7f0000000700)={0x40, 0x15, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_OBJ_TABLE={0x0, 0x1, 'syz0\x00'}, @NFTA_OBJ_HANDLE={0x9, 0x6, 0x1, 0x0, 0x3}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x3}, @NFTA_OBJ_NAME={0x0, 0x2, 'syz0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4044000}, 0x20) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, 0x0, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) statx(0xffffffffffffff9c, 0x0, 0x0, 0x0, &(0x7f0000000500)) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) add_key$user(0x0, 0x0, &(0x7f0000000080)="7c514c15576b96bd72c17ae37e1cd15e049affc1337a8ee76e529ae1649c919c8bd891c707965c230a57e71b89d160d51f8ded87d10d145f7a3ff1ba51bad8", 0x3f, 0xfffffffffffffff9) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000080)=@keyring={'key_or_keyring:', 0x0, 0x2}) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) socket$packet(0x11, 0x3, 0x300) timer_create(0x0, &(0x7f0000066000)={0x0, 0x12}, &(0x7f00009b1ffc)=0x0) timer_gettime(r4, &(0x7f00000001c0)) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) timer_settime(r4, 0x0, &(0x7f0000000280)={{}, {r5, r6+60000000}}, &(0x7f00000003c0)) sendmmsg$inet(r0, &(0x7f0000000580)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000004c0)='k', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000640)="56a2f8fac12fe62412557d0b93fc068856edc93245b17f26836f3a849ac0bc787d12f69f827ada300c49140da769dbceb28e7084b0ce5189570095c98f76d297fe789cbf1cd1153469e8b01ab14fedbe62ed06bbcb6f37694d32e4ab2a281f41306830c820931b9553e845b7b3b27bbffe0ca3fc466367275c87e1bc5be81cf61964dd526d0ac38a97b138f786af504d0cecb1220c138b6dc84f0368949e1cb1aac057ae708b9a9b1865992650de2c2a6988aa6641", 0xb5}, {&(0x7f0000000180)="47c976258ac1cc5aa7", 0x9}, {&(0x7f0000000940)="8d7af8bb51eeeafe737610134c891ebed665377b52c33db586b932741ed69b1a3f99831f5ee965d8f6546da48e94389112a57b8a6bbdafcf812cd8222bc33029228b0941167175eb1032ee6bd3536034df7f54ec2e238a5ef7c82b3f56d363b511a9953b0b4375170cc8c9a3f8cf29386d1ad31147862dd5b3348c4600b278e53af55705314d9bd1a5a21411c3bc04", 0x8f}, {&(0x7f0000000dc0)="aad2e2bbaf5a6730770b2b6458fe9934768de83ceac0e83c57d3f7f5ee64ef8c17530d7b98ec66a3bb829c5b623257b0ce12c550771a5873740bf2e4572005b614cf6e2f8d8a136dfefc65cd95e151a41a86341d62f5564c6bc94292f05f00ca1bc2fcaaedc65cce92ab411a5b6329d7db41c33998b7fc7c6672f123f565f22a6222e8703faa305a88eb99d22a7e82828fd93ea89639f70ae9abe3571bf2ada80e9ea2ff0c1d96fcf2d1a9b9a333d26aca08a9135689d5c59e04bcfd921ee8f193828ce507fa1b96060ff3056823e7a504911816760e079cdb23c1ff78e3d24efd30759b93db9b0b5c7f7fde8b8bee29eea8420b1133cb69d7f81ca055d2ecf8e212bec8aecbeac57cee97a003af6edd4a79bb9d78853d8790191c007dcefc4c406633714ff8aed1a093f9d785902fe16779116f09378b897fd7fd4d23be65ea538ce6694d579699b443a7ba7c", 0x14d}, {&(0x7f0000000200)}, {&(0x7f0000000500)="07759df1e25d8d39f867219a7a43732386418805234dc745b59a4c26980fb341b6446b4dfa40256a56016f729fed9c631e8b5be5f40183bb109756b40f178eb4f60f6994501c4d84f9a1a40fae56db43aebb1afe6258806ec57a0f1685e3814639b8ce", 0x63}, {&(0x7f0000000840)="aa6f5bc82efbaddadf09c581ec494a6cd679416a55967268a91d36557a9c7de0bfb53db717e6cfc408ee04a5f1098ee1c770a387743761d626629f384e5d056018b5a6600be1727e4a788c10ae671895898fbc13f213ae7196de4ec2e6522592b1e2fb59db9027640d8b4bab4842253a35d988fca6eb63922386f512c70195a71825670865f422c45a6c4c3d3f099899b89cc80da3e4041d94", 0x99}, {&(0x7f0000000c80)}], 0x8}}], 0x2, 0x0) sendto$inet(r0, &(0x7f0000000b00)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc445afe0220cbeb79a2a87bba6be2de3e756e674c405bcc51843b4cc75ff7ec38a34d1a2a61f0a1223e69484b5d922b5590758c33317df18c401ff910f9b3f0eaef8b9d928392097a", 0x12e, 0x40040, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x4, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x10, 0x8c}, [@generic={0x62}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1}, 0x90) syz_usb_connect(0x0, 0x2d, &(0x7f0000000880)={{0x12, 0x1, 0x0, 0xd9, 0xf1, 0xfe, 0x40, 0x1546, 0x1343, 0xd96b, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0x6, 0x0, 0x0, [], [{{0x9, 0x5, 0x0, 0x0, 0x8}}]}}]}}]}}, 0x0) 1.60634612s ago: executing program 3 (id=1272): creat(0x0, 0x0) creat(0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) recvmmsg(r1, &(0x7f0000000440), 0x6f5, 0x4800, &(0x7f0000000480)={0x77359400}) 1.395130118s ago: executing program 3 (id=1273): r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000700), 0x801, 0x0) writev(r0, &(0x7f0000000a00)=[{&(0x7f0000000740)="422b2dc07900b6", 0x7}], 0x1) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2004088, &(0x7f0000000540), 0xfd, 0x530, &(0x7f0000000f00)="$eJzs3cFvI1cZAPBvvHE22c02KXCASi2FFmUrWDtpaBtxKEVCcKqEKPclJE4UxYmj2Gk3UQXZvwAJIUDiBBcuSPwBSGglLhwRUiW4AlIRCMEWJDhAB9keJ8EZJ96tE+86v580O+/NeOb7njdvPON5GgdwaT0bEa9FxPtpmr4QEdPZ8kI2xUF7ar7uvftvLzenJNL0jb8lkWTLOvtKsvn1bLOJiPjqlyO+kZyMW9/b31iqVis7Wb3c2Nwu1/f2b61vLq1V1ipbCwvzLy++svjS4txA2nkjIl794p++9+2ffOnVX3zmrT/e/svNbzbTmsrWH2/HAxo7bWW76cWrE10b7DxksEdRsz3FTmWyv23unmM+AAD01jzH/1BEfDIiXojpuHL66SwAAADwGEo/PxX/SSLSfOM9lgMAAACPkUJrDGxSKGVjAaaiUCiV2mN4PxLXCtVavfHp1dru1kp7rOxMFAur69XKXDZWeCaKSbM+3yof1V/sqi9ExJMR8d3pyVa9tFyrrgz7yw8AAAC4JK53Xf//c7p9/Q8AAACMmJlhJwAAAACcO9f/AAAAMPpc/wMAAMBI+8rrrzen33d+/3rlzb3djdqbt1Yq9Y3S5u5yabm2s11aq9XWWs/s2zxrf9VabfuzsbV7p9yo1Bvl+t7+7c3a7lbj9npMXEiDAAAAgBOe/Pi93yURcfC5ydbUND7spIALMXZYSrJ5Tu//wxPt+bsXlBRwIa708Zp3r+Yvd54Aj7ex7gU9+joweorDTgAYuuSM9T0H7/w6m39isPkAAACDN/ux/Pv/Z98XOChcQHrAOdKJ4fLq+pxPp4eVCHDhWvf/+x3I42QBRkqxrxGAwCj7wPf/z5SmD5QQAAAwcFOtKSmUsq/3pqJQKJUibrR+FqCYrK5XK3MR8URE/Ha6eLVZn29tmZx5zQAAAAAAAAAAAAAAAAAAAAAAAAAAtKVpEikAAAAw0iIKf05+2X6W/+z081Pd3w+MJ/9u/STweES89cM3vn9nqdHYmW8u//vh8sYPsuUvDuMbDAAAAKBb5zq9Nf/XsLMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYNS8d//t5c7Ux8snBxX3r1+IiJm8+GMx0ZpPRDEirv0jibFj2yURcWUA8Q/uRsRH8+InzbQOQ+bFH8SbcEb8mMnehbz41wcQHy6ze83jz2t5/a8Qz7bm+f1vLOL/6g+r9/EvDo9/V3r0/xt9xnjqnZ+Ve8a/G/HUWP7xpxM/6RH/uT7jf/1r+/u91qU/ipjtfP60jnjHIxyVyo3N7XJ9b//W+ubSWmWtsrWwMP/y4iuLLy3OlVfXq5Xs39wY33n65++f1v5ruZ9/SZZN7/Y/n7O/vM+k/75z5/6HO5WDk/FvPpcT/1c/zl5xMn4hi/OprNxcP9spH7TLxz3z0988c1r7V47aX3yQ//+bvXba7URHebrfPx0A4BzU9/Y3lqrVys7IFppX6Y9AGgqPYOFbA91hmqZps0/lrLoXEf3sJ4kBt7SQn89RoecRYNhHJgAAYNCOTvqHnQkAAAAAAAAAAAAAAAAAAABcXhfxlLXumEePQE4G8QhtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICB+F8AAAD//1iF094=") mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000002c0)={[{@huge_always}]}) chdir(&(0x7f0000000140)='./file0\x00') r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000200), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x28011, r1, 0x0) remap_file_pages(&(0x7f0000426000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 979.921753ms ago: executing program 1 (id=1271): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) writev(r0, &(0x7f0000000780)=[{&(0x7f00000003c0)='\f\x00\x00\x00', 0x4}], 0x6) 952.680574ms ago: executing program 4 (id=1274): socket$netlink(0x10, 0x3, 0x0) open(0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x4, 0x0, @empty, @multicast1}, {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}, 0x0) 866.477167ms ago: executing program 1 (id=1275): ioctl$USBDEVFS_CONNECTINFO(0xffffffffffffffff, 0x40085511, 0x0) socket$inet6(0xa, 0x0, 0x0) socket(0x0, 0x803, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000c80)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @private}}}, @ip_retopts={{0x1c, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0x73}, @noop]}}}], 0x40}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xf23}, 0x18}}, 0x0) 866.129797ms ago: executing program 2 (id=1276): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x0, 0x6cc, 0x6b9, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x80, 0x5}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r4 = socket$inet(0x2, 0x0, 0x8d) setsockopt$inet_msfilter(r4, 0x0, 0x8, &(0x7f0000000200)=ANY=[@ANYRES64=r0], 0x1) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000001480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x2, [@func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{0x0, 0x5}, {0x0, 0x1}]}]}}, 0x0, 0x36}, 0x20) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000500)={0x0, {0x2, 0x4e20, @local}, {0x2, 0x4e20, @private=0xa010102}, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x34}}, 0x200, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)='vlan1\x00', 0x3, 0x8, 0x2}) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r7, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0) getsockname$packet(r7, &(0x7f0000000140)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x28a) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @empty}, {0x300, 0x22eb, 0xc, 0x0, @opaque="7ed62bcb"}}}}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000240)=ANY=[@ANYBLOB="38000000100039040000001b2ebaf8a9114d5b00", @ANYRES32=r8, @ANYBLOB="00000000000000001800128008000100677265000c00028008000100", @ANYRES32], 0x38}}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8, 0x20020}, [@IFLA_TXQLEN={0x8, 0xd, 0x3}]}, 0x28}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xd, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000000000000000000000000850000006e00000018100000", @ANYRES32=r5, @ANYBLOB="00000000000000000900080000000000180000000400000000000000000000009500000000000000a60a000000000000183a000005000000000000000001000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x80}, 0x90) 690.032284ms ago: executing program 3 (id=1282): r0 = socket$inet6(0xa, 0x2, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100009b23fd40643c1ee17f6869cba9dc6d04c1088dee000000ff0100000724", @ANYRES32=r0], 0x0) 616.046287ms ago: executing program 4 (id=1277): bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) recvmsg$unix(r2, &(0x7f0000000100)={&(0x7f0000000000)=@abs, 0x6e, &(0x7f00000000c0)=[{&(0x7f0000000240)=""/242, 0xf2}], 0x1}, 0x40012123) (async, rerun: 32) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (rerun: 32) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) (async, rerun: 64) r3 = syz_open_dev$tty20(0xc, 0x4, 0x0) (rerun: 64) ioctl$KDGKBDIACR(r3, 0x4b4a, &(0x7f0000000400)) 550.580929ms ago: executing program 1 (id=1278): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/vlan1\x00') sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40010001}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="20f9d161000000", @ANYRES16=0x0, @ANYBLOB="000128bd7000fddbdf254f0000000c0099000008000064000000"], 0x20}, 0x1, 0x0, 0x0, 0x4811}, 0x40) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, &(0x7f00000003c0)="0f08440f20c03506000000440f22c0660f06c74424002b010000c744240262000000ff1c2466baa00066ed66baf80cb8ec2b148fef66bafc0c66b8090066ef9c42f467260f4d3666ba2100ed", 0x4c}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r2, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x4500, &(0x7f0000000240)={[{@data_ordered}, {@noquota}, {@quota}, {@barrier}, {@noauto_da_alloc}, {@grpid}, {@barrier}, {@test_dummy_encryption}, {@usrquota}]}, 0x10, 0x4ec, &(0x7f0000000a40)="$eJzs3c9vG1kdAPDvjONNf2RJFjgsK7G7YhelK6idbNg24gBFQvSAKgHlXkLiRFGcOIqdtokqlIo7SAgBEidOXJD4A5BQ/wSEVAkO3FBBIAQtHDgARh6PIUntJAjH000+H2k6781k/P2+Jn6eN/PkCeDcejMibkREKSLeiYjJfHuaLzc7lb3uzz17+mCxsyTRbt/+cxJJvq33Wkm+vtw9JC5ExFduRnw9eT5uc2d3baFer23l9WprfbPa3Nm9urq+sFJbqW3Mzc1em78+/978zFDaORURn/n877/37R9/If35J+/99s4fr3yjk9ZEvn9/O4ap2/Ry9n/RMxYRW6cRrAClfF0esP9bpQPVpM+fAgAAI9Q5x/9gRHwsO/+fjFJ2dgoAAACcJe3PTsQ/kog2AAAAcGal2RzYJK3kcwEmIk0rle4c3g/HpbTeaLY+sdzY3ljqzpWdinK6vFqvzeRzhaeinHTqs/kc21793UP1uYh4JSK+O3kxq1cWG/Wloi9+AAAAwDlx+dD4/2+T2fh/vOi8AAAAgCGbKjoBAAAA4NQZ/wMAAMDZd8T4/zejzAMAAAA4FV+6dauztHvPv166u7O91rh7danWXKusby9WFhtbm5WVRmMl+86+9eNer95obH4qNrbvV1u1Zqva3Nm9s97Y3mjdWT3wCOyDFQAAAOBUvfLGo18nEbH36YvZ0vFS0UkBI5Ecsz97SMiTvPK7ESQEjEyp6ASAwowVnQBQmHLRCQCFO+46wMD5Or8Yfi4AAMDpmP7I4Pv/rg3A2ZYWnQAAMHLu/8P5VTYDEM69Dxyz//+//99u/08JAQAAQzeRLUlaye8FTkSaVioRL2ePBSgny6v12kw+PvjVZHm8U5/NjkyOnTMMAAAAAAAAAAAAAAAAAAAAAAAAAHS120m0AQAAgDMtIv1Dkn2bf8T05NsTh68PvJT8fTJbR8S9H97+/v2FVmtrtrP9L//Z3vpBvv3dIq5gAAAAAIf1xum9cTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNOzpw8We8so4/7pcxEx1Tf+Gxey1YUoR8SlvyYxtu+4JCJKQ4i/9zAiXu0XP+mkFVPRzaJf/IsFxk8j4vIQ4sN59qjT/9zo9/5L481s3ff9V+qUx4YQf3D/l0av/yvti1/Oj+v0Py+fMMZrj39aHRj/YcRrY/37n178ZED/99YJ43/tq7u7g/a1fxQx3ffzJzkQq9pa36w2d3avrq4vrNRWahtzc7PX5q/Pvzc/U11erdfyf/vG+M5Hf/avo9p/aUD8qWPa//YJ2//Px/effqhbLPeLf+Wt/p+/rz4f/4v38r6/8zfx8bzc2T/dK+91y/u9/pNfvn5U+5cGtP+43/+VE7b/nS9/88kJfxQAGIHmzu7aQr1e23rhC7EX8QKkoXBahfEXI433b6E93n1PD+cFi+6ZAACAYfvvSX/RmQAAAAAAAAAAAAAAAAAAAMD5NYrvJzscc6+YpgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOnfAQAA//98otjR") 350.102767ms ago: executing program 4 (id=1279): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x16}]}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000b19000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="3e6664f33edab82f000f00180f011a2e360f0135f2a58356c4a7260fc7ad7bdf0f84a7f00f01c2ba2000b003ee", 0x2d}], 0x1, 0x0, 0x0, 0x0) unshare(0x20600) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000001b00), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r2, 0x1, 0x0, 0x0, {{}, {}, {0x8, 0x11, 0x2007ff}}}, 0x24}}, 0x0) r3 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$tipc(r3, &(0x7f00000003c0)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x41}, 0x200000}}, 0x10, 0x0}, 0x0) ioctl$BTRFS_IOC_SCRUB_CANCEL(r0, 0xc0182101, 0x20000000) 232.252121ms ago: executing program 2 (id=1280): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x21081e, &(0x7f0000000840), 0x1, 0x4e6, &(0x7f0000001400)="$eJzs3U1vW0sZAODXzpeTm3uTe+kCENBSCgVVdRK3jaouoKwQQpUQXYLUhsSNothxFDulCV2k/wGJSqxgyQ9g3RV7Ngh2bMoCiY8I1FRiYXSOT1I3tZvQfDiKn0c6OmdmHL8zdc9M/brxBNC3LkXEVkQMR8TDiJjI6nPZEXdbR/K4V9tP53e2n87notm8/89c2p7URdvPJD7KnrMQET/6XsRPc+/GrW9sLs9VKuW1rDzVqK5O1Tc2ry9V5xbLi+WVUml2Znb69o1bpWMb68XqcHb15Zd/2PrWz5NujWc17eM4Tq2hD+3FSQxGxA9OIlgPDGTjGe51R/gg+Yj4LCIup/f/RAykryYAcJ41mxPRnGgvAwDnXT7NgeXyxSwXMB75fLHYyuFdiLF8pVZvXHtUW19ZaOXKJmMo/2ipUp7OcoWTMZRLyjPp9ZtyaV/5RkR8GhG/GBlNy8X5WmWhl//wAYA+9tG+9f8/I631HwA45wq97gAAcOqs/wDQf6z/ANB/rP8A0H+s/wDQf6z/ANB/rP8A0Fd+eO9ecjR3su+/Xni8sb5ce3x9oVxfLlbX54vztbXV4mKttph+Z0/1oOer1GqrMzdj/cnkt1frjan6xuaDam19pfEg/V7vB+WhUxkVAPA+n1588edcRGzdGU2PaNvLwVoN51u+1x0Aemag1x0AesZuX9C/jvAeX3oAzokOW/S+pRARo/srm81m8+S6BJywq1+Q/4d+1Zb/97+Aoc/I/0P/kv+H/tVs5g67538c9oEAwNkmxw90+fz/s+z82+zDgZ8s7H/E85PsFQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxtu/v/FrO9wMcjny8WIz6OiMkYyj1aqpSnI+KTiPjTyNBIUp7pcZ8BgKPK/y2X7f91deLK+P7W4dzrkfQcET/71f1fPplrNNb+mNT/a6++8TyrL/Wi/wDAQXbX6fTc9kb+1fbT+d3jNPvz9+9GRKEVf2d7OHb24g/GYHouxFBEjP07l5Vbcm25i6PYehYRn+80/lyMpzmQ1s6n++MnsT8+1fj5t+Ln07bWOfmz+Nwx9AX6zYtk/rnb6f7Lx6X03Pn+L6Qz1NFl81/yVPM76Rz4Jv7u/DfQZf67dNgYN3///dbV6LttzyK+OBixG3unbf7ZjZ/rEv/KIeP/5UtfudytrfnriKvROX57rKlGdXWqvrF5fak6t1heLK+USrMzs9O3b9wqTaU56qnuq8E/7lz7pFtbMv6xLvELB4z/64cc/2/++/DHX31P/G9+rVP8fFx4T/xkTfzGIePPjf2u0K0tib/QZfwHvf7XDhn/5V8339k2HADonfrG5vJcpVJec+Hi7F8kf2XPQDc6XnzntGINx//1U83mB8XqNmMcR9YNOAv2bvqIeN3rzgAAAAAAAAAAAAAAAB2dxm8s9XqMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CwAA///77dI4") creat(&(0x7f00000000c0)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = creat(&(0x7f0000000000)='./bus\x00', 0x0) io_setup(0x202, &(0x7f00000001c0)=0x0) io_submit(r1, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x16000}]) quotactl$Q_SETQUOTA(0xffffffff80000801, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0xee00, &(0x7f0000000080)={0xa00}) 178.502363ms ago: executing program 0 (id=1281): process_vm_writev(0x0, 0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/213, 0xd5}], 0x1, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_async', 0x40a02, 0x0) write$tcp_congestion(r2, &(0x7f0000000240)='highspeed\x00', 0xa) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = dup(r3) ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)={0x3b, 0x0, [{}]}) 29.021769ms ago: executing program 1 (id=1283): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="44000e00320009"], 0x44}}, 0x0) 0s ago: executing program 0 (id=1284): clock_adjtime(0x0, &(0x7f0000000700)={0x100000000006500, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x240e, 0x0, 0x3, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}) socket$inet6_udp(0xa, 0x2, 0x0) add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r0 = gettid() io_setup(0x7, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) readv(r1, &(0x7f0000001340)=[{&(0x7f0000000580)=""/148, 0x7ffff000}], 0x1) readv(r1, &(0x7f0000001240)=[{&(0x7f0000000040)=""/73, 0x49}], 0x1) kernel console output (not intermixed with test programs): : config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.128349][ T1243] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.139339][ T1243] usb 4-1: New USB device found, idVendor=5543, idProduct=0005, bcdDevice= 0.00 [ 137.148516][ T1243] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.157277][ T1243] usb 4-1: config 0 descriptor?? [ 137.397974][ T2702] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 137.405192][ T2702] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x1 [ 137.412962][ T2702] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 137.420515][ T2702] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 137.427995][ T2702] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 137.435357][ T2702] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 137.442639][ T2702] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 137.450258][ T2702] plantronics 0003:047F:FFFF.001C: unknown main item tag 0x0 [ 137.458050][ T2702] plantronics 0003:047F:FFFF.001C: No inputs registered, leaving [ 137.470234][ T2702] plantronics 0003:047F:FFFF.001C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 137.758311][ T3515] fuse: Unknown parameter '' [ 138.065562][ T3515] EXT4-fs (loop2): Unsupported blocksize for fs encryption [ 138.086701][ T1243] uclogic 0003:5543:0005.001D: unknown main item tag 0x0 [ 138.092016][ T3561] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3561 comm=syz.0.849 [ 138.093602][ T1243] uclogic 0003:5543:0005.001D: unknown main item tag 0x0 [ 138.113663][ T1243] uclogic 0003:5543:0005.001D: unknown main item tag 0x0 [ 138.121262][ T1243] uclogic 0003:5543:0005.001D: unknown main item tag 0x0 [ 138.128423][ T1243] uclogic 0003:5543:0005.001D: unknown main item tag 0x0 [ 138.135956][ T1243] uclogic 0003:5543:0005.001D: No inputs registered, leaving [ 138.144050][ T1243] uclogic 0003:5543:0005.001D: hidraw1: USB HID v0.00 Device [HID 5543:0005] on usb-dummy_hcd.3-1/input0 [ 138.229040][ T3515] netlink: 108 bytes leftover after parsing attributes in process `syz.2.834'. [ 138.239769][ T2700] usb 3-1: USB disconnect, device number 29 [ 138.267334][ T3565] A link change request failed with some changes committed already. Interface batadv_slave_1 may have been left with an inconsistent configuration, please check. [ 138.707681][ T1243] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 138.967671][ T1243] usb 2-1: Using ep0 maxpacket: 16 [ 139.054523][ T383] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 139.097808][ T1243] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.108655][ T1243] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.118247][ T1243] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 139.130911][ T1243] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 139.139790][ T1243] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.148746][ T1243] usb 2-1: config 0 descriptor?? [ 139.152702][ T3602] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=3602 comm=syz.2.861 [ 139.306097][ T3604] EXT4-fs (loop2): Unrecognized mount option "appraise" or missing value [ 139.357724][ T383] usb 1-1: device descriptor read/64, error 18 [ 139.620149][ T372] usb 4-1: USB disconnect, device number 25 [ 139.662224][ T1243] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 139.669276][ T1243] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 139.676812][ T1243] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 139.684054][ T1243] microsoft 0003:045E:07DA.001E: unknown main item tag 0x0 [ 139.691516][ T1243] microsoft 0003:045E:07DA.001E: No inputs registered, leaving [ 139.700096][ T1243] microsoft 0003:045E:07DA.001E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 139.711473][ T1243] microsoft 0003:045E:07DA.001E: no inputs found [ 139.718237][ T1243] microsoft 0003:045E:07DA.001E: could not initialize ff, continuing anyway [ 139.780811][ T383] usb 1-1: device descriptor read/64, error 18 [ 140.038829][ T3623] tmpfs: Unknown parameter '_6huge' [ 140.083617][ T383] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 140.093511][ T3621] EXT4-fs error (device loop4): ext4_ext_check_inode:540: inode #15: comm syz.4.868: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 140.114335][ T3621] EXT4-fs error (device loop4): ext4_orphan_get:1240: comm syz.4.868: couldn't read orphan inode 15 (err -117) [ 140.127711][ T3621] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 140.136890][ T3621] ext4 filesystem being mounted at /root/syzkaller.Vv1IqS/92/file2 supports timestamps until 2038 (0x7fffffff) [ 140.227264][ T3626] netlink: 64 bytes leftover after parsing attributes in process `syz.4.868'. [ 140.376141][ T383] usb 1-1: device descriptor read/64, error 18 [ 140.456384][ T2700] usb 2-1: USB disconnect, device number 23 [ 140.928661][ T383] usb 1-1: device descriptor read/64, error 18 [ 141.032777][ T3639] netlink: 8 bytes leftover after parsing attributes in process `syz.2.871'. [ 141.058896][ T383] usb usb1-port1: attempt power cycle [ 141.312959][ T3652] 9pnet: Insufficient options for proto=fd [ 141.314011][ T3653] IPv6: sit1: Disabled Multicast RS [ 141.467318][ T23] audit: type=1400 audit(2000000083.575:500): avc: denied { create } for pid=3654 comm="syz.2.878" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 141.599778][ T23] audit: type=1400 audit(2000000083.695:501): avc: denied { read write } for pid=3657 comm="syz.4.879" name="raw-gadget" dev="devtmpfs" ino=840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 141.626207][ T23] audit: type=1400 audit(2000000083.695:502): avc: denied { open } for pid=3657 comm="syz.4.879" path="/dev/raw-gadget" dev="devtmpfs" ino=840 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 141.650121][ T23] audit: type=1400 audit(2000000083.695:503): avc: denied { ioctl } for pid=3657 comm="syz.4.879" path="/dev/raw-gadget" dev="devtmpfs" ino=840 ioctlcmd=0x5500 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 141.682935][ T383] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 141.747715][ T3656] F2FS-fs (loop2): Mismatch start address, segment0(0) cp_blkaddr(512) [ 141.755873][ T3656] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 141.765828][ T3656] F2FS-fs (loop2): Ignore s_resuid=0, s_resgid=60929 w/o reserve_root [ 141.775773][ T3656] F2FS-fs (loop2): Found nat_bits in checkpoint [ 141.810712][ T3656] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 141.817581][ T3656] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 141.882139][ T2700] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 141.936358][ T383] usb 1-1: device descriptor read/8, error -61 [ 142.010115][ T3667] attempt to access beyond end of device [ 142.010115][ T3667] loop2: rw=2049, want=45104, limit=40427 [ 142.163807][ T383] usb 1-1: device descriptor read/8, error -71 [ 142.380619][ T2700] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.392348][ T2700] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.402952][ T2700] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 142.412114][ T2700] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.421190][ T2700] usb 5-1: config 0 descriptor?? [ 142.468652][ T23] audit: type=1400 audit(2000000084.508:504): avc: denied { unlink } for pid=2516 comm="syz-executor" name="file0" dev="sda1" ino=2029 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=chr_file permissive=1 [ 142.939967][ T3683] netlink: 8 bytes leftover after parsing attributes in process `syz.3.887'. [ 143.371951][ T3712] overlayfs: failed to resolve './file1': -2 [ 143.372148][ T3713] overlayfs: failed to resolve './file1': -2 [ 143.463292][ T23] audit: type=1400 audit(2000000085.412:505): avc: denied { mounton } for pid=3709 comm="syz.1.896" path="/root/syzkaller.NRXVCZ/13/file1/bus" dev="loop1" ino=65 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 143.487707][ T23] audit: type=1400 audit(2000000085.421:506): avc: denied { mounton } for pid=3709 comm="syz.1.896" path="/root/syzkaller.NRXVCZ/13/file1/bus" dev="devtmpfs" ino=9191 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 143.504443][ T3708] FAULT_INJECTION: forcing a failure. [ 143.504443][ T3708] name failslab, interval 1, probability 0, space 0, times 0 [ 143.526570][ T372] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 143.530694][ T3708] CPU: 1 PID: 3708 Comm: syz.3.895 Tainted: G W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 143.544849][ T3708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 143.554746][ T3708] Call Trace: [ 143.557881][ T3708] dump_stack+0x1d8/0x241 [ 143.562037][ T3708] ? panic+0x89d/0x89d [ 143.565939][ T3708] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 143.571585][ T3708] ? fat_search_long+0x1278/0x13a0 [ 143.576529][ T3708] should_fail+0x71f/0x880 [ 143.580781][ T3708] ? setup_fault_attr+0x3d0/0x3d0 [ 143.585644][ T3708] ? asan.module_dtor+0x20/0x20 [ 143.590329][ T3708] ? fat_alloc_inode+0x19/0x90 [ 143.594929][ T3708] should_failslab+0x5/0x20 [ 143.599266][ T3708] kmem_cache_alloc+0x28/0x250 [ 143.603866][ T3708] ? fat_get_block_bmap+0x470/0x470 [ 143.608901][ T3708] fat_alloc_inode+0x19/0x90 [ 143.613327][ T3708] ? fat_get_block_bmap+0x470/0x470 [ 143.618363][ T3708] new_inode_pseudo+0x60/0x210 [ 143.622964][ T3708] new_inode+0x25/0x1d0 [ 143.626957][ T3708] ? mutex_trylock+0xa0/0xa0 [ 143.631381][ T3708] fat_build_inode+0x1ee/0x3c0 [ 143.635983][ T3708] vfat_lookup+0x368/0x5c0 [ 143.640238][ T3708] ? setup+0xf0/0xf0 [ 143.643965][ T3708] ? _raw_spin_unlock+0x49/0x60 [ 143.648651][ T3708] ? d_alloc+0x18b/0x1c0 [ 143.652731][ T3708] __lookup_hash+0x117/0x240 [ 143.657169][ T3708] do_unlinkat+0x28b/0x8b0 [ 143.661413][ T3708] ? fsnotify_link_count+0x80/0x80 [ 143.666362][ T3708] ? getname_flags+0x1ec/0x4e0 [ 143.670962][ T3708] do_syscall_64+0xca/0x1c0 [ 143.675301][ T3708] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 143.681029][ T3708] RIP: 0033:0x7fafb5f10b99 [ 143.685282][ T3708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.704720][ T3708] RSP: 002b:00007fafb5192048 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 143.712966][ T3708] RAX: ffffffffffffffda RBX: 00007fafb609efa0 RCX: 00007fafb5f10b99 [ 143.720772][ T3708] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000 [ 143.728590][ T3708] RBP: 00007fafb51920a0 R08: 0000000000000000 R09: 0000000000000000 [ 143.736506][ T3708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.744364][ T3708] R13: 000000000000000b R14: 00007fafb609efa0 R15: 00007ffe195c3958 [ 143.869573][ T3510] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000d0c1) [ 143.879335][ T3510] FAT-fs (loop1): Filesystem has been set read-only [ 143.885813][ T3510] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 0, start 0000d0c1) [ 144.013480][ T3719] EXT4-fs (loop3): unsupported inode size: 12032 [ 144.021063][ T3719] EXT4-fs (loop3): blocksize: 1024 [ 144.120595][ T3725] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.127915][ T3725] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.135294][ T3725] device bridge_slave_0 entered promiscuous mode [ 144.141558][ T372] usb 3-1: config index 0 descriptor too short (expected 30768, got 350) [ 144.149852][ T372] usb 3-1: config 102 has too many interfaces: 102, using maximum allowed: 32 [ 144.158522][ T372] usb 3-1: config 102 has an invalid descriptor of length 0, skipping remainder of the config [ 144.168566][ T372] usb 3-1: config 102 has 0 interfaces, different from the descriptor's value: 102 [ 144.177932][ T3725] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.184804][ T3725] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.194368][ T3725] device bridge_slave_1 entered promiscuous mode [ 144.247334][ T3725] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.254189][ T3725] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.261335][ T3725] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.268194][ T3725] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.296372][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 144.304234][ T1243] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.311980][ T1243] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.316953][ T23] audit: type=1400 audit(2000000086.206:507): avc: denied { open } for pid=3729 comm="syz.3.901" path="/root/syzkaller.gqa3Ki/91/file0/file0" dev="incremental-fs" ino=2037 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 144.345655][ T23] audit: type=1400 audit(2000000086.224:508): avc: denied { write } for pid=3729 comm="syz.3.901" path="/file0" dev="incremental-fs" ino=2037 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 144.352501][ T372] usb 3-1: New USB device found, idVendor=9022, idProduct=d483, bcdDevice=b5.0c [ 144.368565][ T2701] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 144.386141][ T372] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.394499][ T372] usb 3-1: Product: syz [ 144.398519][ T372] usb 3-1: Manufacturer: syz [ 144.405417][ T372] usb 3-1: SerialNumber: syz [ 144.414666][ T3730] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 144.434144][ T3730] EXT4-fs (loop3): invalid inodes per group: 4 [ 144.434144][ T3730] [ 144.443105][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 144.451402][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 144.459270][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 144.468129][ T1243] bridge0: port 1(bridge_slave_0) entered blocking state [ 144.474987][ T1243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 144.482848][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 144.490811][ T1243] bridge0: port 2(bridge_slave_1) entered blocking state [ 144.497745][ T1243] bridge0: port 2(bridge_slave_1) entered forwarding state [ 144.504929][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 144.512707][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 144.529590][ T383] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 144.541225][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 144.552459][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 144.554713][ T23] audit: type=1400 audit(2000000086.428:509): avc: denied { mount } for pid=3729 comm="syz.3.901" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 144.601980][ T179] device bridge_slave_1 left promiscuous mode [ 144.605742][ T3730] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 144.616536][ T179] bridge0: port 2(bridge_slave_1) entered disabled state [ 144.619291][ T3730] erofs: (device loop3): erofs_read_inode: unsupported i_format 36 of nid 37 [ 144.634084][ T179] device bridge_slave_0 left promiscuous mode [ 144.640127][ T179] bridge0: port 1(bridge_slave_0) entered disabled state [ 144.657511][ T3734] FAULT_INJECTION: forcing a failure. [ 144.657511][ T3734] name failslab, interval 1, probability 0, space 0, times 0 [ 144.670050][ T3734] CPU: 0 PID: 3734 Comm: syz.1.910 Tainted: G W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 144.680954][ T3734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 144.690849][ T3734] Call Trace: [ 144.693981][ T3734] dump_stack+0x1d8/0x241 [ 144.698142][ T3734] ? panic+0x89d/0x89d [ 144.702047][ T3734] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 144.707696][ T3734] should_fail+0x71f/0x880 [ 144.711940][ T3734] ? setup_fault_attr+0x3d0/0x3d0 [ 144.716801][ T3734] ? __anon_vma_prepare+0x98/0x420 [ 144.721746][ T3734] should_failslab+0x5/0x20 [ 144.726085][ T3734] kmem_cache_alloc+0x28/0x250 [ 144.730694][ T3734] __anon_vma_prepare+0x98/0x420 [ 144.735462][ T3734] ? _raw_spin_unlock+0x49/0x60 [ 144.740145][ T3734] ? __pte_alloc+0x145/0x1c0 [ 144.744581][ T3734] handle_mm_fault+0x46df/0x4990 [ 144.749352][ T3734] ? finish_fault+0x230/0x230 [ 144.753870][ T3734] ? down_read_trylock+0x179/0x1d0 [ 144.758813][ T3734] ? avc_has_perm+0x16f/0x260 [ 144.763321][ T3734] __do_page_fault+0x509/0xbb0 [ 144.767923][ T3734] page_fault+0x2f/0x40 [ 144.771912][ T3734] RIP: 0010:copy_user_generic_unrolled+0x89/0xc0 [ 144.778070][ T3734] Code: 38 4c 89 47 20 4c 89 4f 28 4c 89 57 30 4c 89 5f 38 48 8d 76 40 48 8d 7f 40 ff c9 75 b6 89 d1 83 e2 07 c1 e9 03 74 12 4c 8b 06 <4c> 89 07 48 8d 76 08 48 8d 7f 08 ff c9 75 ee 21 d2 74 10 89 d1 8a [ 144.796660][ T2701] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.797509][ T3734] RSP: 0018:ffff8881da027e60 EFLAGS: 00050203 [ 144.797525][ T3734] RAX: ffffffff822d0b01 RBX: 00000000200006a6 RCX: 0000000000000004 [ 144.808455][ T2701] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.814084][ T3734] RDX: 0000000000000006 RSI: ffff8881e301f200 RDI: 0000000020000680 [ 144.814091][ T3734] RBP: 0000000000000008 R08: 7974697275636573 R09: ffffed103c603e45 [ 144.814096][ T3734] R10: 0000000000000000 R11: dffffc0000000001 R12: 00007ffffffff000 [ 144.814101][ T3734] R13: 0000000000000026 R14: ffff8881e301f200 R15: 0000000020000680 [ 144.814121][ T3734] ? _copy_to_user+0x1/0xb0 [ 144.814131][ T3734] _copy_to_user+0x8d/0xb0 [ 144.814141][ T3734] listxattr+0x11b/0x2e0 [ 144.814157][ T3734] ? sockfs_setattr+0x150/0x150 [ 144.822729][ T2701] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 144.831461][ T3734] __x64_sys_flistxattr+0x12d/0x1a0 [ 144.831472][ T3734] do_syscall_64+0xca/0x1c0 [ 144.831482][ T3734] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 144.831490][ T3734] RIP: 0033:0x7f800b4c4b99 [ 144.831499][ T3734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 144.831503][ T3734] RSP: 002b:00007f800a746048 EFLAGS: 00000246 ORIG_RAX: 00000000000000c4 [ 144.831512][ T3734] RAX: ffffffffffffffda RBX: 00007f800b652fa0 RCX: 00007f800b4c4b99 [ 144.831516][ T3734] RDX: 00000000000000eb RSI: 0000000020000680 RDI: 0000000000000003 [ 144.831520][ T3734] RBP: 00007f800a7460a0 R08: 0000000000000000 R09: 0000000000000000 [ 144.831524][ T3734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 144.831529][ T3734] R13: 000000000000000b R14: 00007f800b652fa0 R15: 00007ffc3401a0e8 [ 144.984240][ T2701] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.000505][ T2701] usb 1-1: config 0 descriptor?? [ 145.045806][ T2700] usbhid 5-1:0.0: can't add hid device: -71 [ 145.051578][ T2700] usbhid: probe of 5-1:0.0 failed with error -71 [ 145.059792][ T2700] usb 5-1: USB disconnect, device number 17 [ 145.389710][ T3745] netlink: 8 bytes leftover after parsing attributes in process `syz.3.904'. [ 145.450602][ T3741] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 145.458906][ T3741] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 145.471916][ T3741] F2FS-fs (loop1): invalid crc value [ 145.480485][ T3743] F2FS-fs (loop4): Found nat_bits in checkpoint [ 145.487757][ T3741] F2FS-fs (loop1): Found nat_bits in checkpoint [ 145.533546][ T3743] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 145.539925][ T3741] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 145.551494][ T3741] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 145.675594][ T2204] attempt to access beyond end of device [ 145.675594][ T2204] loop4: rw=2049, want=45104, limit=40427 [ 145.707531][ T3758] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,dioread_lock,,errors=continue [ 145.718030][ T3758] ext4 filesystem being mounted at /root/syzkaller.gqa3Ki/93/file1 supports timestamps until 2038 (0x7fffffff) [ 145.736807][ T3758] bridge0: port 3(ip6gretap0) entered disabled state [ 145.745883][ T3758] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.753716][ T3758] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.768998][ T3758] bridge0: port 3(ip6gretap0) entered blocking state [ 145.775523][ T3758] bridge0: port 3(ip6gretap0) entered forwarding state [ 145.784510][ T3758] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.791358][ T3758] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.799384][ T3758] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.806245][ T3758] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.826010][ T2701] usbhid 1-1:0.0: can't add hid device: -32 [ 145.832377][ T2701] usbhid: probe of 1-1:0.0 failed with error -32 [ 145.861073][ T3724] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.868893][ T3724] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.895889][ T3724] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.902769][ T3724] bridge0: port 1(bridge_slave_0) entered forwarding state [ 145.910784][ T3724] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.917761][ T3724] bridge0: port 2(bridge_slave_1) entered forwarding state [ 145.935544][ T1796] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.gqa3Ki/93/file1: bad entry in directory: rec_len is smaller than minimal - offset=108, inode=646161, rec_len=0, size=4096 fake=0 [ 145.943873][ T2701] usb 1-1: USB disconnect, device number 29 [ 146.500802][ T372] usb 3-1: USB disconnect, device number 30 [ 146.813124][ T3771] F2FS-fs (loop4): Unrecognized mount option "00000000000000000000" or missing value [ 146.949723][ T3771] EXT4-fs (loop4): Unsupported blocksize for fs encryption [ 147.070197][ T3790] netlink: 8 bytes leftover after parsing attributes in process `syz.2.917'. [ 147.179455][ T3792] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.186472][ T3792] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.193787][ T3792] device bridge_slave_0 entered promiscuous mode [ 147.200832][ T3792] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.208164][ T3792] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.215511][ T3792] device bridge_slave_1 entered promiscuous mode [ 147.292014][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 147.306895][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 147.316702][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 147.325159][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 147.334097][ T2701] bridge0: port 1(bridge_slave_0) entered blocking state [ 147.340959][ T2701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 147.348743][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 147.367085][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 147.375736][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 147.383931][ T2701] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.384091][ T3799] binder: 3796:3799 ioctl c0306201 200001c0 returned -14 [ 147.390795][ T2701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 147.391479][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 147.410782][ T23] kauditd_printk_skb: 7 callbacks suppressed [ 147.410791][ T23] audit: type=1400 audit(2000000089.058:517): avc: denied { read } for pid=3796 comm="syz.4.921" path="socket:[35233]" dev="sockfs" ino=35233 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 147.413849][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 147.461974][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 147.470247][ T3801] fuse: Bad value for 'blksize' [ 147.479565][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 147.494669][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 147.507546][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 147.519612][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 147.530276][ T3802] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 147.539253][ T3802] EXT4-fs (loop3): invalid inodes per group: 4 [ 147.539253][ T3802] [ 147.658253][ T407] device bridge_slave_1 left promiscuous mode [ 147.664278][ T407] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.671633][ T407] device bridge_slave_0 left promiscuous mode [ 147.678019][ T407] bridge0: port 1(bridge_slave_0) entered disabled state [ 147.693953][ T23] audit: type=1400 audit(2000000089.326:518): avc: denied { unmount } for pid=1796 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1 [ 147.918047][ T3814] EXT4-fs (loop4): couldn't mount as ext2 due to feature incompatibilities [ 148.343159][ T23] audit: type=1400 audit(2000000097.924:519): avc: denied { read } for pid=3832 comm="syz.1.932" path="socket:[34627]" dev="sockfs" ino=34627 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 148.629122][ T3848] overlayfs: failed to resolve './file1': -2 [ 148.653949][ T23] audit: type=1400 audit(2000000098.210:520): avc: denied { mounton } for pid=3844 comm="syz.1.934" path="/root/syzkaller.9jQv3E/6/file0" dev="sda1" ino=2028 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=fifo_file permissive=1 [ 148.812313][ T3825] F2FS-fs (loop2): Unrecognized mount option "00000000000000000000" or missing value [ 148.904216][ T3853] device syzkaller0 entered promiscuous mode [ 149.029917][ T23] audit: type=1400 audit(2000000098.551:521): avc: denied { setopt } for pid=3855 comm="syz.1.937" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 149.185528][ T3858] EXT4-fs (loop3): Unrecognized mount option "euid<18446744073709551615" or missing value [ 149.354056][ T3865] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 149.532277][ T3865] EXT4-fs error (device loop1): ext4_quota_enable:6056: inode #3: comm syz.1.941: casefold flag without casefold feature [ 149.545571][ T3865] EXT4-fs (loop1): Remounting filesystem read-only [ 149.551937][ T3865] EXT4-fs warning (device loop1): ext4_enable_quotas:6100: Failed to enable quota tracking (type=0, err=-30, ino=3). Please run e2fsck to fix. [ 149.567569][ T3865] EXT4-fs (loop1): mount failed [ 149.846293][ T3884] FAT-fs (loop2): Directory bread(block 1285) failed [ 149.911316][ T3884] FAT-fs (loop2): Directory bread(block 1285) failed [ 149.917922][ T3884] FAT-fs (loop2): Directory bread(block 1285) failed [ 149.924435][ T3884] FAT-fs (loop2): Directory bread(block 1285) failed [ 150.497787][ T3875] incfs_lookup_dentry err:-103 [ 150.502503][ T3875] incfs: Can't find or create .index dir in ./file0 [ 150.509656][ T3875] incfs: mount failed -103 [ 150.995895][ T3893] netlink: 12 bytes leftover after parsing attributes in process `syz.0.946'. [ 151.004970][ T3893] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 151.014451][ T3893] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 151.092279][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.114133][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.122974][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.132800][ T3897] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,dioread_lock,,errors=continue [ 151.143570][ T3897] ext4 filesystem being mounted at /root/syzkaller.Vv1IqS/102/file1 supports timestamps until 2038 (0x7fffffff) [ 151.156969][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.165333][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.187061][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.195636][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.204106][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.213321][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.221840][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.230423][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.239144][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.248055][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.256521][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.265076][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.273423][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.283924][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.292438][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.300891][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.309277][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.317911][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.326424][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.340158][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.348615][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.357396][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.366076][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.374618][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.382989][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.392510][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.401109][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.411960][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.420605][ T3901] debugfs: Directory 'vcpu0' with parent '3901-4' already present! [ 151.668856][ T3899] F2FS-fs (loop3): Unrecognized mount option "00000000000000000000" or missing value [ 151.730426][ T372] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 151.853235][ T3899] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 151.891284][ T3917] 9pnet: Insufficient options for proto=fd [ 152.120525][ T372] usb 3-1: config 0 has an invalid interface number: 200 but max is 1 [ 152.128658][ T372] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.138670][ T372] usb 3-1: config 0 has no interface number 1 [ 152.144717][ T372] usb 3-1: config 0 interface 200 has no altsetting 0 [ 152.489009][ T372] usb 3-1: New USB device found, idVendor=0403, idProduct=bdc8, bcdDevice=cb.ec [ 152.498313][ T372] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.506185][ T372] usb 3-1: Product: syz [ 152.510529][ T372] usb 3-1: Manufacturer: syz [ 152.514975][ T372] usb 3-1: SerialNumber: syz [ 152.520081][ T372] usb 3-1: config 0 descriptor?? [ 152.565257][ T372] usb 3-1: Ignoring serial port reserved for JTAG [ 152.572207][ T372] ftdi_sio 3-1:0.200: FTDI USB Serial Device converter detected [ 152.580247][ T372] usb 3-1: Detected FT2232C [ 152.874121][ T3907] EXT4-fs (loop2): first meta block group too large: 5 (group descriptor block count 1) [ 153.009059][ T372] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 153.030642][ T372] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 153.033545][ T3943] EXT4-fs error (device loop3): ext4_orphan_get:1260: comm syz.3.960: bad orphan inode 8192 [ 153.042483][ T372] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 153.048236][ T3943] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 153.057141][ T372] usb 3-1: USB disconnect, device number 31 [ 153.075871][ T372] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 153.086841][ T372] ftdi_sio 3-1:0.200: device disconnected [ 153.111782][ T3943] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 153.121956][ T3943] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 153.170573][ T1796] EXT4-fs error (device loop3): ext4_map_blocks:617: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 153.203888][ T2699] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 153.491356][ T3955] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.498737][ T3955] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.506189][ T3955] device bridge_slave_0 entered promiscuous mode [ 153.514071][ T3955] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.521131][ T3955] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.528626][ T3955] device bridge_slave_1 entered promiscuous mode [ 153.603905][ T3955] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.610798][ T3955] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.617886][ T3955] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.624638][ T3955] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.632199][ T2699] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 153.643431][ T2699] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 153.653733][ T2699] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 153.663868][ T2699] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 153.684737][ T2699] usb 5-1: config 0 descriptor?? [ 153.704701][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 153.712547][ T2698] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.720620][ T2698] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.727722][ T2700] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 153.748111][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 153.756177][ T2698] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.763043][ T2698] bridge0: port 1(bridge_slave_0) entered forwarding state [ 153.770768][ T2698] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 153.783125][ T3961] EXT4-fs (loop2): Mount option "nouser_xattr" will be removed by 3.5 [ 153.783125][ T3961] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 153.783125][ T3961] [ 153.784031][ T2698] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.808025][ T2698] bridge0: port 2(bridge_slave_1) entered forwarding state [ 153.815295][ T3961] EXT4-fs (loop2): Ignoring removed oldalloc option [ 153.832606][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 153.840861][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 153.848865][ T3961] EXT4-fs (loop2): can't mount with data=, fs mounted w/o journal [ 153.876096][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 153.888614][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 153.907666][ T2702] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 153.925893][ T2697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 153.940190][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 154.083435][ T413] bridge0: port 3(ip6gretap0) entered disabled state [ 154.092489][ T413] device ip6gretap0 left promiscuous mode [ 154.103982][ T413] bridge0: port 3(ip6gretap0) entered disabled state [ 154.168219][ T2700] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 154.179512][ T2700] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 154.189134][ T2700] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 154.204625][ T2700] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 154.214435][ T2700] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.223874][ T2699] hid-multitouch 0003:1FD2:6007.001F: unknown main item tag 0x0 [ 154.232990][ T2700] usb 2-1: config 0 descriptor?? [ 154.238128][ T2699] hid-multitouch 0003:1FD2:6007.001F: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.4-1/input0 [ 154.362367][ T3975] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.369612][ T3975] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.376896][ T3975] device bridge_slave_0 entered promiscuous mode [ 154.383855][ T3975] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.390740][ T3975] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.398757][ T3975] device bridge_slave_1 entered promiscuous mode [ 154.408495][ T3976] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 154.417690][ T3976] ext4 filesystem being mounted at /root/syzkaller.JAl2Jp/2/file0 supports timestamps until 2038 (0x7fffffff) [ 154.440802][ T2702] usb 5-1: USB disconnect, device number 18 [ 154.478012][ T3975] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.484874][ T3975] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.491944][ T3975] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.498771][ T3975] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.520734][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 154.528212][ T2699] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.535587][ T2699] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.549486][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 154.557670][ T1243] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.564523][ T1243] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.577985][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 154.586147][ T372] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.592989][ T372] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.608272][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 154.623601][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 154.634437][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 154.650295][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 154.663334][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 154.679064][ T372] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 154.689609][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 154.698863][ T413] device bridge_slave_1 left promiscuous mode [ 154.705275][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 154.712719][ T413] device bridge_slave_0 left promiscuous mode [ 154.718692][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 154.768485][ T2700] plantronics 0003:047F:FFFF.0020: No inputs registered, leaving [ 154.784565][ T2700] plantronics 0003:047F:FFFF.0020: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 155.059196][ T1243] usb 2-1: USB disconnect, device number 24 [ 155.251743][ T2703] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 155.441183][ T4000] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,max_dir_size_kb=0x0000000000000001,dioread_lock,norecovery,discard,lazytime,noload,usrquota,noauto_da_alloc,,errors=continue [ 155.614305][ T413] device bridge_slave_1 left promiscuous mode [ 155.623974][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 155.631930][ T413] device bridge_slave_0 left promiscuous mode [ 155.637988][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 155.655619][ T4012] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 155.664115][ T2703] usb 4-1: config index 0 descriptor too short (expected 64575, got 68) [ 155.665773][ T4012] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e018, mo2=0002] [ 155.672925][ T2703] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.680229][ T4012] System zones: 0-1, 15-15, 18-18, 34-34 [ 155.691282][ T2703] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping [ 155.707141][ T2703] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 155.716140][ T4012] EXT4-fs (loop4): orphan cleanup on readonly fs [ 155.726208][ T4012] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0 [ 155.735495][ T4012] EXT4-fs warning (device loop4): ext4_enable_quotas:6100: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 155.750092][ T4012] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 155.758686][ T4012] EXT4-fs error (device loop4): ext4_orphan_get:1260: comm syz.4.981: bad orphan inode 16 [ 155.768967][ T4012] ext4_test_bit(bit=15, block=18) = 1 [ 155.774346][ T4012] is_bad_inode(inode)=0 [ 155.778528][ T4012] NEXT_ORPHAN(inode)=0 [ 155.783436][ T4012] max_ino=32 [ 155.786472][ T4012] i_nlink=2 [ 155.789428][ T4012] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 155.804858][ T2703] usb 4-1: config index 1 descriptor too short (expected 64575, got 68) [ 155.813396][ T2703] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 155.823693][ T2703] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint descriptor of length 3, skipping [ 155.834573][ T2703] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 155.912429][ T2703] usb 4-1: string descriptor 0 read error: -71 [ 155.918544][ T2703] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 155.927621][ T2703] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.956593][ T2703] usb 4-1: can't set config #1, error -71 [ 155.963491][ T2703] usb 4-1: USB disconnect, device number 26 [ 156.123279][ T4027] netlink: 8 bytes leftover after parsing attributes in process `syz.4.984'. [ 156.132631][ T4027] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 156.177879][ T4029] overlayfs: workdir and upperdir must be separate subtrees [ 156.194447][ T4029] incfs: Error accessing: ./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 156.194497][ T4029] incfs: mount failed -36 [ 156.443307][ T2700] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 156.615506][ T4050] netlink: 20 bytes leftover after parsing attributes in process `syz.2.991'. [ 156.670676][ T4055] fuseblk: Unknown parameter 'no' [ 156.833411][ T2700] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.844453][ T2700] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 156.854387][ T2700] usb 5-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 156.863355][ T2700] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.879116][ T2700] usb 5-1: config 0 descriptor?? [ 156.931318][ T344] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 157.095457][ T4079] netlink: 'syz.0.997': attribute type 4 has an invalid length. [ 157.102939][ T4079] netlink: 182 bytes leftover after parsing attributes in process `syz.0.997'. [ 157.190865][ T344] usb 3-1: Using ep0 maxpacket: 32 [ 157.320939][ T344] usb 3-1: config 0 has an invalid interface number: 8 but max is 0 [ 157.328938][ T344] usb 3-1: config 0 has no interface number 0 [ 157.334928][ T344] usb 3-1: config 0 interface 8 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 157.399925][ T2700] hid-rmi 0003:06CB:81A7.0021: hidraw0: USB HID v0.00 Device [HID 06cb:81a7] on usb-dummy_hcd.4-1/input0 [ 157.526828][ T344] usb 3-1: New USB device found, idVendor=1199, idProduct=9041, bcdDevice=58.08 [ 157.535733][ T344] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.543602][ T344] usb 3-1: Product: syz [ 157.547563][ T344] usb 3-1: Manufacturer: syz [ 157.552019][ T344] usb 3-1: SerialNumber: syz [ 157.557365][ T344] usb 3-1: config 0 descriptor?? [ 157.616092][ T344] usb 5-1: USB disconnect, device number 19 [ 157.823427][ T2701] usb 3-1: USB disconnect, device number 32 [ 157.853477][ T4088] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 158.501815][ T344] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 158.754681][ T4126] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 158.762277][ T344] usb 1-1: Using ep0 maxpacket: 16 [ 158.893512][ T344] usb 1-1: config 0 has an invalid interface number: 144 but max is 3 [ 158.901514][ T344] usb 1-1: config 0 has an invalid interface number: 187 but max is 3 [ 158.910938][ T344] usb 1-1: config 0 has 3 interfaces, different from the descriptor's value: 4 [ 158.919845][ T344] usb 1-1: config 0 has no interface number 1 [ 158.926071][ T344] usb 1-1: config 0 has no interface number 2 [ 158.931972][ T344] usb 1-1: config 0 interface 187 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 158.942538][ T344] usb 1-1: config 0 interface 187 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 158.952909][ T344] usb 1-1: config 0 interface 187 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 158.963472][ T344] usb 1-1: config 0 interface 187 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 158.973935][ T344] usb 1-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping [ 159.043556][ T383] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 159.088777][ T4128] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 159.151987][ T344] usb 1-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53 [ 159.161023][ T344] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.196061][ T344] usb 1-1: Product: syz [ 159.200321][ T344] usb 1-1: Manufacturer: syz [ 159.204720][ T344] usb 1-1: SerialNumber: syz [ 159.210846][ T344] usb 1-1: config 0 descriptor?? [ 159.357794][ T383] usb 3-1: device descriptor read/64, error 18 [ 159.663923][ T4146] tmpfs: Unknown parameter 'alwaV' [ 159.676588][ T23] audit: type=1400 audit(2000000124.379:522): avc: denied { mount } for pid=4141 comm="syz.3.1018" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 159.693568][ T344] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 159.823574][ T383] usb 3-1: device descriptor read/64, error 18 [ 160.116315][ T344] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 160.127025][ T383] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 160.143970][ T344] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.173094][ T344] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 160.212275][ T344] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 160.239835][ T344] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.265700][ T344] usb 2-1: config 0 descriptor?? [ 160.419534][ T383] usb 3-1: device descriptor read/64, error 18 [ 160.425801][ T23] audit: type=1400 audit(2000000125.071:523): avc: denied { unmount } for pid=3955 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1 [ 160.799818][ T344] plantronics 0003:047F:FFFF.0022: No inputs registered, leaving [ 160.816130][ T344] plantronics 0003:047F:FFFF.0022: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 160.841989][ T383] usb 3-1: device descriptor read/64, error 18 [ 160.864800][ T4163] EXT4-fs (loop3): Ignoring removed mblk_io_submit option [ 160.871747][ T4163] EXT4-fs (loop3): Ignoring removed bh option [ 160.886998][ T4163] EXT4-fs error (device loop3): ext4_ext_check_inode:540: inode #16: comm syz.3.1025: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200) [ 160.905729][ T4163] EXT4-fs error (device loop3): ext4_orphan_get:1240: comm syz.3.1025: couldn't read orphan inode 16 (err -117) [ 160.917591][ T4163] EXT4-fs (loop3): mounted filesystem without journal. Opts: init_itable,noquota,nouid32,barrier,resgid=0x0000000000000000,journal_dev=0x0000000000000202,barrier,mblk_io_submit,bh,,errors=continue [ 160.936788][ T4163] ext4 filesystem being mounted at /root/syzkaller.JAl2Jp/18/file1 supports timestamps until 2038 (0x7fffffff) [ 160.955656][ T23] audit: type=1400 audit(2000000125.560:524): avc: denied { map } for pid=4162 comm="syz.3.1025" path="/root/syzkaller.JAl2Jp/18/file1/bus" dev="devtmpfs" ino=9193 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 160.981661][ T383] usb usb3-port1: attempt power cycle [ 161.065030][ T3955] EXT4-fs error (device loop3): ext4_lookup:1814: inode #11: comm syz-executor: iget: checksum invalid [ 161.076582][ T3955] EXT4-fs error (device loop3): ext4_lookup:1814: inode #11: comm syz-executor: iget: checksum invalid [ 161.098943][ T2700] usb 2-1: USB disconnect, device number 25 [ 161.448735][ T383] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 161.470641][ T2701] usb 1-1: USB disconnect, device number 30 [ 161.498540][ T4173] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.505850][ T4173] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.513356][ T4173] device bridge_slave_0 entered promiscuous mode [ 161.521933][ T4173] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.528862][ T4173] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.536275][ T4173] device bridge_slave_1 entered promiscuous mode [ 161.591390][ T4173] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.598253][ T4173] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.605375][ T4173] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.612143][ T4173] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.641341][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 161.649095][ T2699] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.654705][ T383] usb 3-1: device descriptor read/8, error -61 [ 161.662080][ T2699] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.672761][ T23] audit: type=1400 audit(2000000126.225:525): avc: denied { create } for pid=4186 comm="syz.0.1031" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 161.675287][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 161.700449][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 161.707423][ T344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 161.720908][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 161.729074][ T2699] bridge0: port 2(bridge_slave_1) entered blocking state [ 161.735935][ T2699] bridge0: port 2(bridge_slave_1) entered forwarding state [ 161.750743][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 161.763612][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 161.778644][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 161.791966][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 161.805773][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 161.818078][ T413] device bridge_slave_1 left promiscuous mode [ 161.824110][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 161.831533][ T413] device bridge_slave_0 left promiscuous mode [ 161.837543][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 161.899335][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 161.909271][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 161.937227][ T383] usb 3-1: device descriptor read/8, error -71 [ 161.999446][ T4192] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1032'. [ 162.296093][ T4203] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 162.382152][ T4201] F2FS-fs (loop4): invalid crc value [ 162.388725][ T4201] F2FS-fs (loop4): Found nat_bits in checkpoint [ 162.415612][ T4201] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 162.618895][ T1243] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 162.700820][ T4220] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1041'. [ 163.002214][ T4238] FAULT_INJECTION: forcing a failure. [ 163.002214][ T4238] name failslab, interval 1, probability 0, space 0, times 0 [ 163.014671][ T4238] CPU: 1 PID: 4238 Comm: syz.1.1046 Tainted: G W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 163.025632][ T4238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 163.035527][ T4238] Call Trace: [ 163.038667][ T4238] dump_stack+0x1d8/0x241 [ 163.042818][ T4238] ? panic+0x89d/0x89d [ 163.046730][ T4238] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 163.052368][ T4238] ? bpf_check+0x9c4/0xb340 [ 163.056709][ T4238] should_fail+0x71f/0x880 [ 163.060961][ T4238] ? setup_fault_attr+0x3d0/0x3d0 [ 163.065823][ T4238] ? kvmalloc_node+0x7e/0xf0 [ 163.070244][ T4238] should_failslab+0x5/0x20 [ 163.074584][ T4238] __kmalloc+0x51/0x2e0 [ 163.078585][ T4238] kvmalloc_node+0x7e/0xf0 [ 163.082954][ T4238] bpf_check+0x192a/0xb340 [ 163.087209][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.092581][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.097784][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.103340][ T4238] ? is_bpf_text_address+0x24c/0x260 [ 163.108462][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.113669][ T4238] ? rcu_preempt_deferred_qs+0xa4/0x2b0 [ 163.119047][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.124603][ T4238] ? rcu_preempt_deferred_qs+0xa4/0x2b0 [ 163.129984][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.135538][ T4238] ? rcu_softirq_qs+0x90/0x90 [ 163.140055][ T4238] ? bpf_verifier_log_write+0x240/0x240 [ 163.145463][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.150989][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.156197][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.161576][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.167235][ T4238] ? plist_check_list+0x20d/0x220 [ 163.172080][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.177635][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.182839][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.188394][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.193604][ T4238] ? switch_mm_irqs_off+0x325/0xab0 [ 163.198639][ T4238] ? plist_check_list+0x1f8/0x220 [ 163.203500][ T4238] ? _raw_spin_unlock_irq+0x4a/0x60 [ 163.208532][ T4238] ? finish_task_switch+0x130/0x590 [ 163.213572][ T4238] ? __schedule+0xb0d/0x1320 [ 163.217993][ T4238] ? is_mmconf_reserved+0x430/0x430 [ 163.223113][ T4238] ? is_mmconf_reserved+0x430/0x430 [ 163.228148][ T4238] ? preempt_schedule_irq+0xe7/0x140 [ 163.233270][ T4238] ? preempt_schedule_notrace+0x140/0x140 [ 163.238825][ T4238] ? preempt_schedule_irq+0xe7/0x140 [ 163.243942][ T4238] ? preempt_schedule_notrace+0x140/0x140 [ 163.249496][ T4238] ? retint_kernel+0x1b/0x1b [ 163.253928][ T4238] ? retint_kernel+0x1b/0x1b [ 163.258355][ T4238] __se_sys_bpf+0x8139/0xbcb0 [ 163.262960][ T4238] ? rcu_preempt_deferred_qs+0xa4/0x2b0 [ 163.268341][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.273905][ T4238] ? rcu_softirq_qs+0x90/0x90 [ 163.278409][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.283958][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.289162][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.294739][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.299923][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.305133][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.310862][ T4238] ? __x64_sys_bpf+0x80/0x80 [ 163.315288][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.320930][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.326144][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.331708][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.336922][ T4238] ? switch_mm_irqs_off+0x325/0xab0 [ 163.342028][ T4238] ? plist_check_list+0x1f8/0x220 [ 163.346892][ T4238] ? __schedule+0xb0d/0x1320 [ 163.351305][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.356514][ T4238] ? rcu_preempt_deferred_qs+0xa4/0x2b0 [ 163.361894][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.367449][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.373002][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.378211][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.383419][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.388973][ T4238] ? plist_check_list+0x20d/0x220 [ 163.393839][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.399477][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.404685][ T4238] ? check_preemption_disabled+0x9f/0x320 [ 163.410242][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.415448][ T4238] ? switch_mm_irqs_off+0x325/0xab0 [ 163.420481][ T4238] ? plist_check_list+0x1f8/0x220 [ 163.425343][ T4238] ? _raw_spin_unlock_irq+0x4a/0x60 [ 163.430459][ T4238] ? finish_task_switch+0x130/0x590 [ 163.435525][ T4238] ? check_preemption_disabled+0x153/0x320 [ 163.441138][ T4238] ? debug_smp_processor_id+0x20/0x20 [ 163.446348][ T4238] ? schedule+0x143/0x1d0 [ 163.450724][ T4238] do_syscall_64+0xca/0x1c0 [ 163.455135][ T4238] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 163.460836][ T4238] RIP: 0033:0x7f800b4c4b99 [ 163.465090][ T4238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 163.484704][ T4238] RSP: 002b:00007f800a704048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 163.493396][ T4238] RAX: ffffffffffffffda RBX: 00007f800b653150 RCX: 00007f800b4c4b99 [ 163.501286][ T4238] RDX: 000000000000006d RSI: 00000000200000c0 RDI: 0000000000000005 [ 163.509437][ T4238] RBP: 00007f800a7040a0 R08: 0000000000000000 R09: 0000000000000000 [ 163.517250][ T4238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 163.525069][ T4238] R13: 000000000000006e R14: 00007f800b653150 R15: 00007ffc3401a0e8 [ 163.734818][ T1243] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 163.743114][ T1243] usb 4-1: can't read configurations, error -22 [ 163.775840][ T23] audit: type=1400 audit(2000000128.163:526): avc: denied { map } for pid=4241 comm="syz.0.1048" path="/dev/ashmem" dev="devtmpfs" ino=850 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 163.908093][ T1243] usb 4-1: new full-speed USB device number 28 using dummy_hcd [ 163.951305][ T4228] F2FS-fs (loop4): QUOTA feature is enabled, so ignore jquota_fmt [ 163.963983][ T4228] F2FS-fs (loop4): invalid crc value [ 164.001705][ T4228] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 164.017773][ T4228] syz.4.1045 (pid 4228) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 164.080371][ T23] audit: type=1400 audit(2000000128.440:527): avc: denied { write } for pid=4253 comm="syz.1.1053" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 164.223854][ T23] audit: type=1400 audit(2000000128.588:528): avc: denied { nlmsg_read } for pid=4256 comm="syz.0.1051" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 164.352391][ T1243] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 164.360205][ T1243] usb 4-1: can't read configurations, error -22 [ 164.366544][ T1243] usb usb4-port1: attempt power cycle [ 164.449357][ T4265] EXT4-fs (loop1): Project quota feature not enabled. Cannot enable project quota enforcement. [ 164.757641][ T4282] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1058'. [ 164.807341][ T1243] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 164.814763][ T1242] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 164.910958][ T4285] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 164.920425][ T4285] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 165.089098][ T1243] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 165.096918][ T1243] usb 4-1: can't read configurations, error -22 [ 165.208288][ T1242] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.219054][ T1242] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.228741][ T1242] usb 5-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 165.237882][ T1242] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.305888][ T1243] usb 4-1: new full-speed USB device number 30 using dummy_hcd [ 165.315474][ T1242] usb 5-1: config 0 descriptor?? [ 165.489955][ T1243] usb 4-1: device descriptor read/all, error -71 [ 165.496332][ T1243] usb usb4-port1: unable to enumerate USB device [ 166.147350][ T4322] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1071'. [ 166.163332][ T4270] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 166.183317][ T4270] EXT4-fs (loop4): mounted filesystem without journal. Opts: nombcache,sysvgroups,norecovery,grpid,norecovery,,errors=continue [ 166.192778][ T4321] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.203440][ T4321] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.211516][ T4321] device bridge_slave_0 entered promiscuous mode [ 166.221132][ T4321] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.228224][ T4321] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.235516][ T4321] device bridge_slave_1 entered promiscuous mode [ 166.301048][ T4321] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.308027][ T4321] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.315422][ T4321] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.322249][ T4321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.335037][ T2701] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 166.372731][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 166.381359][ T2699] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.388699][ T2699] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.405572][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 166.415118][ T2699] bridge0: port 1(bridge_slave_0) entered blocking state [ 166.421980][ T2699] bridge0: port 1(bridge_slave_0) entered forwarding state [ 166.429894][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 166.438821][ T2699] bridge0: port 2(bridge_slave_1) entered blocking state [ 166.445692][ T2699] bridge0: port 2(bridge_slave_1) entered forwarding state [ 166.464523][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 166.465021][ T1242] usb 5-1: string descriptor 0 read error: -71 [ 166.489620][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 166.507312][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 166.508354][ T1242] uclogic 0003:256C:006D.0023: failed retrieving string descriptor #200: -71 [ 166.526571][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 166.541460][ T1242] uclogic 0003:256C:006D.0023: failed retrieving pen parameters: -71 [ 166.549530][ T1242] uclogic 0003:256C:006D.0023: failed probing pen v2 parameters: -71 [ 166.557648][ T1242] uclogic 0003:256C:006D.0023: failed probing parameters: -71 [ 166.565228][ T1242] uclogic: probe of 0003:256C:006D.0023 failed with error -71 [ 166.570150][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 166.574083][ T1242] usb 5-1: USB disconnect, device number 20 [ 166.588893][ T4333] blk_update_request: I/O error, dev loop2, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 166.595295][ T413] device bridge_slave_1 left promiscuous mode [ 166.604234][ T4333] EXT4-fs (loop2): unable to read superblock [ 166.611401][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 166.618678][ T2701] usb 4-1: Using ep0 maxpacket: 16 [ 166.624705][ T413] device bridge_slave_0 left promiscuous mode [ 166.630937][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 166.659564][ T4333] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 166.674233][ T4333] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 166.747287][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 166.761197][ T2701] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 166.772732][ T2701] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 166.783818][ T2701] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 166.793231][ T2701] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.802507][ T2701] usb 4-1: config 0 descriptor?? [ 166.809488][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 166.970138][ T4328] F2FS-fs (loop1): invalid crc value [ 167.005241][ T4328] F2FS-fs (loop1): Found nat_bits in checkpoint [ 167.031208][ T4328] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 167.051994][ T4328] F2FS-fs (loop1): dec_valid_node_count: inconsistent i_blocks, ino:7, iblocks:0 [ 167.322097][ T2701] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 167.329188][ T2701] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 167.336290][ T2701] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 167.343321][ T2701] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 167.350247][ T2701] cp2112 0003:10C4:EA90.0024: unknown main item tag 0x0 [ 167.358789][ T2701] cp2112 0003:10C4:EA90.0024: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 167.548572][ T2701] cp2112 0003:10C4:EA90.0024: Part Number: 0x00 Device Version: 0x00 [ 167.580909][ T2703] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 167.830584][ T2701] cp2112 0003:10C4:EA90.0024: error requesting SMBus config [ 167.839451][ T2701] cp2112: probe of 0003:10C4:EA90.0024 failed with error -71 [ 167.846704][ T2703] usb 3-1: Using ep0 maxpacket: 16 [ 167.853755][ T2701] usb 4-1: USB disconnect, device number 31 [ 167.971020][ T2703] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.982016][ T2703] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.991699][ T2703] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 168.005046][ T2703] usb 3-1: New USB device found, idVendor=5543, idProduct=0064, bcdDevice= 0.00 [ 168.014058][ T2703] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.024441][ T2703] usb 3-1: config 0 descriptor?? [ 168.298881][ T4379] EXT4-fs (loop1): Test dummy encryption mode enabled [ 168.319787][ T4379] EXT4-fs (loop1): 1 orphan inode deleted [ 168.325328][ T4379] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,max_batch_time=0x0000000000000000,data_err=abort,test_dummy_encryption,delalloc,usrquota, [ 168.345089][ T4379] ext4 filesystem being mounted at /root/syzkaller.9jQv3E/35/file1 supports timestamps until 2038 (0x7fffffff) [ 168.365260][ T4379] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 168.365340][ T4391] xt_hashlimit: overflow, try lower: 18446744073709551613/9 [ 168.547523][ T2703] uclogic 0003:5543:0064.0025: No inputs registered, leaving [ 168.556411][ T2703] uclogic 0003:5543:0064.0025: hidraw0: USB HID v0.00 Device [HID 5543:0064] on usb-dummy_hcd.2-1/input0 [ 168.573289][ T23] audit: type=1400 audit(2000000132.594:529): avc: denied { setattr } for pid=4394 comm="syz.3.1089" name="pfkey" dev="proc" ino=4026532358 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 168.764431][ T2703] usb 3-1: USB disconnect, device number 37 [ 168.806550][ T23] audit: type=1400 audit(2000000132.815:530): avc: denied { create } for pid=4406 comm="syz.4.1094" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 169.005134][ T4416] EXT4-fs (loop3): Project quota feature not enabled. Cannot enable project quota enforcement. [ 169.174964][ T23] audit: type=1400 audit(2000000141.156:531): avc: denied { mount } for pid=4415 comm="syz.3.1096" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 169.245778][ T23] audit: type=1400 audit(2000000141.211:532): avc: denied { unmount } for pid=4173 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 169.300477][ T4430] FAT-fs (loop4): error, fat_free_clusters: deleting FAT entry beyond EOF [ 169.309601][ T4430] FAT-fs (loop4): Filesystem has been set read-only [ 169.424671][ T4436] tipc: Enabling of bearer rejected, failed to enable media [ 169.965897][ T4449] EXT4-fs error (device loop4): ext4_orphan_get:1260: comm syz.4.1103: bad orphan inode 8192 [ 169.976384][ T4449] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 170.029732][ T4462] 9pnet: Insufficient options for proto=fd [ 170.122693][ T4459] loop1: p1 < > p2 p3 < p5 > p4 [ 170.127736][ T4459] loop1: partition table partially beyond EOD, truncated [ 170.134886][ T4459] loop1: p1 start 4278190080 is beyond EOD, truncated [ 170.141660][ T4459] loop1: p2 start 16908800 is beyond EOD, truncated [ 170.148720][ T4459] loop1: p4 start 11326 is beyond EOD, truncated [ 170.155046][ T4459] loop1: p5 start 16908800 is beyond EOD, truncated [ 170.358762][ T4435] erofs: (device loop3): check_layout_compatibility: unidentified incompatible feature 6, please upgrade kernel version [ 170.451988][ T2703] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 170.530511][ T350] udevd[350]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 170.542547][ T4435] overlayfs: unrecognized mount option "smackfsroot=" or missing value [ 170.595372][ T23] audit: type=1400 audit(2000000142.467:533): avc: denied { connect } for pid=4473 comm="syz.1.1109" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 170.619749][ T450] udevd[450]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 170.842170][ T2703] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.853288][ T2703] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.866862][ T2703] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 170.876060][ T2703] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.885061][ T2703] usb 3-1: config 0 descriptor?? [ 171.082706][ T4484] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1112'. [ 171.106430][ T4446] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 171.130198][ T4446] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:455: comm syz.4.1103: Invalid block bitmap block 0 in block_group 0 [ 171.153405][ T4446] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 171.163362][ T4446] EXT4-fs error (device loop4) in ext4_reserve_inode_write:6099: Corrupt filesystem [ 171.184953][ T4482] F2FS-fs (loop3): Found nat_bits in checkpoint [ 171.217500][ T4482] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 171.251895][ T2204] EXT4-fs error (device loop4): ext4_map_blocks:617: inode #2: block 16: comm syz-executor: lblock 0 mapped to illegal pblock 16 (length 1) [ 171.287469][ T4173] attempt to access beyond end of device [ 171.287469][ T4173] loop3: rw=2049, want=45104, limit=40427 [ 171.447848][ T4496] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.454908][ T4496] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.462803][ T4496] device bridge_slave_0 entered promiscuous mode [ 171.471831][ T4496] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.478826][ T4496] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.481267][ T2703] usbhid 3-1:0.0: can't add hid device: -71 [ 171.486252][ T4496] device bridge_slave_1 entered promiscuous mode [ 171.497614][ T2703] usbhid: probe of 3-1:0.0 failed with error -71 [ 171.516024][ T2703] usb 3-1: USB disconnect, device number 38 [ 171.581484][ T4496] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.588331][ T4496] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.595614][ T4496] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.602451][ T4496] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.602460][ T2701] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 171.634693][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 171.642153][ T344] bridge0: port 1(bridge_slave_0) entered disabled state [ 171.651786][ T344] bridge0: port 2(bridge_slave_1) entered disabled state [ 171.676960][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 171.685033][ T344] bridge0: port 1(bridge_slave_0) entered blocking state [ 171.692091][ T344] bridge0: port 1(bridge_slave_0) entered forwarding state [ 171.699656][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 171.707997][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 171.715016][ T344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 171.722471][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 171.730785][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 171.764983][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 171.772859][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 171.838941][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 171.847769][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 171.861953][ T4503] netlink: 'syz.3.1115': attribute type 4 has an invalid length. [ 171.873391][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 171.881693][ T4503] netlink: 'syz.3.1115': attribute type 4 has an invalid length. [ 171.892931][ T2701] usb 1-1: Using ep0 maxpacket: 32 [ 171.923977][ T4506] loop1: p1 < > p2 p3 < p5 > p4 [ 171.929408][ T4506] loop1: partition table partially beyond EOD, truncated [ 171.937299][ T4506] loop1: p1 start 4278190080 is beyond EOD, truncated [ 171.944123][ T4506] loop1: p2 start 16908800 is beyond EOD, truncated [ 171.954234][ T4506] loop1: p4 start 11326 is beyond EOD, truncated [ 171.960718][ T4506] loop1: p5 start 16908800 is beyond EOD, truncated [ 172.045159][ T413] device bridge_slave_1 left promiscuous mode [ 172.051156][ T413] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.058295][ T413] device bridge_slave_0 left promiscuous mode [ 172.064292][ T413] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.196403][ T2701] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 172.209792][ T2701] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.218145][ T2701] usb 1-1: Product: syz [ 172.222167][ T2701] usb 1-1: Manufacturer: syz [ 172.226843][ T2701] usb 1-1: SerialNumber: syz [ 172.232805][ T2701] usb 1-1: config 0 descriptor?? [ 172.272716][ T2701] usb 1-1: bad CDC descriptors [ 172.277996][ T4517] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1121'. [ 172.278021][ T2701] usb 1-1: unsupported MDLM descriptors [ 172.384372][ T4518] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1123'. [ 172.663331][ T2703] usb 1-1: USB disconnect, device number 31 [ 173.150134][ T4547] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 173.159780][ T4547] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db [ 173.402270][ T4550] erofs: (device loop4): mounted with opts: , root inode @ nid 36. [ 173.409461][ T4546] EXT4-fs (loop3): Unsupported blocksize for fs encryption [ 173.432913][ T4554] loop1: p1 < > p2 p3 < p5 > p4 [ 173.437771][ T4554] loop1: partition table partially beyond EOD, truncated [ 173.445332][ T4554] loop1: p1 start 4278190080 is beyond EOD, truncated [ 173.452154][ T4554] loop1: p2 start 16908800 is beyond EOD, truncated [ 173.459330][ T4554] loop1: p4 start 11326 is beyond EOD, truncated [ 173.465777][ T4554] loop1: p5 start 16908800 is beyond EOD, truncated [ 173.473116][ T162] loop1: p1 < > p2 p3 < p5 > p4 [ 173.477951][ T162] loop1: partition table partially beyond EOD, truncated [ 173.484884][ T162] loop1: p1 start 4278190080 is beyond EOD, truncated [ 173.491807][ T162] loop1: p2 start 16908800 is beyond EOD, truncated [ 173.499230][ T162] loop1: p4 start 11326 is beyond EOD, truncated [ 173.505394][ T162] loop1: p5 start 16908800 is beyond EOD, truncated [ 173.576878][ T162] loop1: p1 < > p2 p3 < p5 > p4 [ 173.581886][ T162] loop1: partition table partially beyond EOD, truncated [ 173.589425][ T162] loop1: p1 start 4278190080 is beyond EOD, truncated [ 173.596262][ T162] loop1: p2 start 16908800 is beyond EOD, truncated [ 173.603862][ T162] loop1: p4 start 11326 is beyond EOD, truncated [ 173.610622][ T162] loop1: p5 start 16908800 is beyond EOD, truncated [ 173.697900][ T450] udevd[450]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 173.724180][ T450] udevd[450]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 173.752556][ T450] udevd[450]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 173.767264][ T344] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 173.948724][ T4561] F2FS-fs (loop1): invalid crc value [ 173.956071][ T4561] F2FS-fs (loop1): Found nat_bits in checkpoint [ 173.983245][ T4561] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 173.997452][ T4577] attempt to access beyond end of device [ 173.997452][ T4577] loop1: rw=2049, want=45120, limit=40427 [ 174.026031][ T4563] F2FS-fs (loop4): Found nat_bits in checkpoint [ 174.027304][ T344] usb 4-1: Using ep0 maxpacket: 16 [ 174.042043][ T4561] attempt to access beyond end of device [ 174.042043][ T4561] loop1: rw=2049, want=45120, limit=40427 [ 174.066882][ T4563] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 174.136687][ T3725] attempt to access beyond end of device [ 174.136687][ T3725] loop1: rw=524288, want=45072, limit=40427 [ 174.148452][ T3725] attempt to access beyond end of device [ 174.148452][ T3725] loop1: rw=0, want=45072, limit=40427 [ 174.164491][ T3725] attempt to access beyond end of device [ 174.164491][ T3725] loop1: rw=2049, want=45128, limit=40427 [ 174.168216][ T344] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 174.347846][ T4575] F2FS-fs (loop2): invalid crc value [ 174.354472][ T4575] F2FS-fs (loop2): Found nat_bits in checkpoint [ 174.374138][ T344] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 174.389005][ T344] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.397233][ T344] usb 4-1: Product: syz [ 174.401318][ T344] usb 4-1: Manufacturer: syz [ 174.402353][ T4575] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 174.405631][ T344] usb 4-1: SerialNumber: syz [ 174.409898][ T344] usb 4-1: config 0 descriptor?? [ 174.462661][ T344] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 174.470430][ T344] usb 4-1: Detected FT232RL [ 174.621049][ T4604] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.628045][ T4604] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.635438][ T4604] device bridge_slave_0 entered promiscuous mode [ 174.642399][ T4604] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.649258][ T4604] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.656563][ T4604] device bridge_slave_1 entered promiscuous mode [ 174.688207][ T344] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 174.710003][ T344] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 174.720077][ T4604] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.727007][ T4604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.731563][ T344] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 174.734155][ T4604] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.741346][ T344] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 174.747319][ T4604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.774977][ T344] usb 4-1: USB disconnect, device number 32 [ 174.781217][ T344] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 174.791127][ T344] ftdi_sio 4-1:0.0: device disconnected [ 174.821426][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 174.829551][ T2700] bridge0: port 1(bridge_slave_0) entered disabled state [ 174.836784][ T2700] bridge0: port 2(bridge_slave_1) entered disabled state [ 174.845439][ T4496] attempt to access beyond end of device [ 174.845439][ T4496] loop4: rw=2049, want=45112, limit=40427 [ 174.874502][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 174.883444][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 174.890273][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 174.900666][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 174.908986][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 174.915836][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 174.939765][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 174.947686][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 174.962948][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 174.978114][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 174.991974][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 175.006606][ T2700] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 175.017974][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 175.047879][ T4613] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 175.057721][ T4613] ext4 filesystem being mounted at /root/syzkaller.jtV7LJ/113/file1 supports timestamps until 2038 (0x7fffffff) [ 175.456104][ T4628] FAULT_INJECTION: forcing a failure. [ 175.456104][ T4628] name failslab, interval 1, probability 0, space 0, times 0 [ 175.468711][ T4628] CPU: 1 PID: 4628 Comm: syz.2.1142 Tainted: G W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 175.479696][ T4628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 175.489589][ T4628] Call Trace: [ 175.492728][ T4628] dump_stack+0x1d8/0x241 [ 175.496888][ T4628] ? panic+0x89d/0x89d [ 175.500791][ T4628] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 175.506429][ T4628] ? check_preemption_disabled+0x9f/0x320 [ 175.512158][ T4628] ? debug_smp_processor_id+0x20/0x20 [ 175.517365][ T4628] ? debug_smp_processor_id+0x20/0x20 [ 175.522573][ T4628] should_fail+0x71f/0x880 [ 175.526835][ T4628] ? setup_fault_attr+0x3d0/0x3d0 [ 175.531688][ T4628] ? retint_kernel+0x1b/0x1b [ 175.536112][ T4628] ? find_tree_dqentry+0x57/0xa90 [ 175.540969][ T4628] should_failslab+0x5/0x20 [ 175.545309][ T4628] __kmalloc+0x51/0x2e0 [ 175.549303][ T4628] find_tree_dqentry+0x57/0xa90 [ 175.553997][ T4628] ? __down_read+0xf0/0x210 [ 175.558330][ T4628] ? preempt_schedule_notrace+0x140/0x140 [ 175.563882][ T4628] qtree_read_dquot+0x137/0x650 [ 175.568571][ T4628] ? mutex_lock+0xa5/0x110 [ 175.572852][ T4628] v2_read_dquot+0xb5/0x100 [ 175.577162][ T4628] dquot_acquire+0x13a/0x5a0 [ 175.581588][ T4628] ? __ext4_journal_start_sb+0x295/0x460 [ 175.587241][ T4628] ext4_acquire_dquot+0x209/0x2d0 [ 175.592089][ T4628] dqget+0x722/0xd00 [ 175.595917][ T4628] __dquot_initialize+0x387/0xd50 [ 175.600773][ T4628] ? preempt_schedule_notrace+0x140/0x140 [ 175.606324][ T4628] ? dquot_initialize+0x20/0x20 [ 175.611013][ T4628] ? ext4_mkdir+0xe0/0x1520 [ 175.615347][ T4628] ? ext4_mkdir+0x188/0x1520 [ 175.619778][ T4628] ext4_mkdir+0x190/0x1520 [ 175.624031][ T4628] ? show_sid+0x250/0x250 [ 175.628198][ T4628] ? ext4_symlink+0xef0/0xef0 [ 175.632709][ T4628] ? security_inode_mkdir+0xb4/0x100 [ 175.637835][ T4628] vfs_mkdir+0x4b9/0x690 [ 175.641911][ T4628] do_mkdirat+0x1a6/0x2c0 [ 175.646076][ T4628] ? vfs_mkdir+0x690/0x690 [ 175.650327][ T4628] ? schedule+0x143/0x1d0 [ 175.654494][ T4628] do_syscall_64+0xca/0x1c0 [ 175.659384][ T4628] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 175.665083][ T4628] RIP: 0033:0x7f946d36c4d7 [ 175.669337][ T4628] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.688782][ T4628] RSP: 002b:00007f946c5ace78 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 175.697020][ T4628] RAX: ffffffffffffffda RBX: 00007f946c5acf00 RCX: 00007f946d36c4d7 [ 175.704832][ T4628] RDX: 00000000000001ff RSI: 0000000020000280 RDI: 00000000ffffff9c [ 175.712643][ T4628] RBP: 0000000020000140 R08: 00000000200000c0 R09: 0000000000000000 [ 175.720454][ T4628] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000020000280 [ 175.728265][ T4628] R13: 00007f946c5acec0 R14: 0000000000000000 R15: 0000000000000000 [ 175.736163][ T4628] VFS: Not enough memory for quota buffers. [ 175.742734][ T4628] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 64512 [ 175.772814][ T407] device bridge_slave_1 left promiscuous mode [ 175.793340][ T407] bridge0: port 2(bridge_slave_1) entered disabled state [ 175.800613][ T407] device bridge_slave_0 left promiscuous mode [ 175.806963][ T407] bridge0: port 1(bridge_slave_0) entered disabled state [ 176.393048][ T4656] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1157'. [ 176.404478][ T4652] erofs: (device loop3): mounted with opts: , root inode @ nid 36. [ 176.415390][ T4652] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress, in[4096, 0] out[9000] [ 176.417407][ T4656] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1157'. [ 176.425575][ T4652] ------------[ cut here ]------------ [ 176.439480][ T4652] WARNING: CPU: 1 PID: 4652 at fs/erofs/decompressor.c:170 z_erofs_lz4_decompress+0x910/0xc70 [ 176.449524][ T4652] Modules linked in: [ 176.453268][ T4652] CPU: 1 PID: 4652 Comm: syz.3.1156 Tainted: G W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 176.464280][ T4652] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 176.474186][ T4652] RIP: 0010:z_erofs_lz4_decompress+0x910/0xc70 [ 176.480253][ T4652] Code: b6 04 03 84 c0 0f 85 da 02 00 00 45 8b 0f 48 89 ef 48 c7 c6 72 fd 5a 85 48 c7 c2 a0 c3 f7 84 44 89 e9 45 89 f0 e8 80 ec fe ff <0f> 0b 44 89 e8 48 c7 c7 00 c4 f7 84 48 c7 c6 20 c4 f7 84 ba 02 00 [ 176.499693][ T4652] RSP: 0018:ffff8881cfc16d18 EFLAGS: 00010246 [ 176.505592][ T4652] RAX: d8f6b9e578bfd200 RBX: 1ffff11039f82e60 RCX: d8f6b9e578bfd200 [ 176.513408][ T4652] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 176.521219][ T4652] RBP: ffff8881e691a000 R08: ffffffff814d59b2 R09: 0000000000000003 [ 176.529027][ T4652] R10: ffffffffffffffff R11: dffffc0000000001 R12: ffff8881ed744000 [ 176.536842][ T4652] R13: 0000000000001000 R14: 0000000000000000 R15: ffff8881cfc17300 [ 176.544657][ T4652] FS: 00007ff61e5686c0(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 176.553416][ T4652] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 176.559839][ T4652] CR2: 00007ff61f4710e0 CR3: 00000001da5d2000 CR4: 00000000003406a0 [ 176.567666][ T4652] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 176.575463][ T4652] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 176.583269][ T4652] Call Trace: [ 176.586407][ T4652] ? __warn+0x162/0x250 [ 176.590391][ T4652] ? report_bug+0x3a1/0x4e0 [ 176.594733][ T4652] ? z_erofs_lz4_decompress+0x910/0xc70 [ 176.600116][ T4652] ? z_erofs_lz4_decompress+0x910/0xc70 [ 176.605502][ T4652] ? do_invalid_op+0x6e/0x110 [ 176.610011][ T4652] ? invalid_op+0x1e/0x30 [ 176.614176][ T4652] ? wake_up_klogd+0xb2/0xf0 [ 176.618600][ T4652] ? z_erofs_lz4_decompress+0x910/0xc70 [ 176.623984][ T4652] ? z_erofs_lz4_decompress+0x910/0xc70 [ 176.629363][ T4652] ? z_erofs_lz4_prepare_destpages+0x690/0x690 [ 176.635364][ T4652] z_erofs_decompress+0xba6/0xfc0 [ 176.640213][ T4652] z_erofs_vle_unzip_all+0x1147/0x1bf0 [ 176.645513][ T4652] ? z_erofs_onlinepage_endio+0x140/0x140 [ 176.651076][ T4652] ? _raw_spin_lock_irqsave+0xf9/0x210 [ 176.656462][ T4652] ? _raw_spin_lock+0x1b0/0x1b0 [ 176.661149][ T4652] ? prepare_to_wait_event+0x3c1/0x420 [ 176.666443][ T4652] ? autoremove_wake_function+0xf0/0xf0 [ 176.671835][ T4652] ? finish_wait+0xa5/0x1a0 [ 176.676181][ T4652] z_erofs_submit_and_unzip+0x12d2/0x13d0 [ 176.681729][ T4652] ? z_erofs_attach_page+0x4d7/0x710 [ 176.686845][ T4652] ? z_erofs_do_read_page+0x2580/0x2580 [ 176.692223][ T4652] ? init_wait_entry+0xd0/0xd0 [ 176.696828][ T4652] ? z_erofs_vle_normalaccess_readpages+0xc70/0xc70 [ 176.703250][ T4652] ? check_preemption_disabled+0x9f/0x320 [ 176.708802][ T4652] z_erofs_vle_normalaccess_readpages+0x901/0xc70 [ 176.715052][ T4652] ? z_erofs_vle_normalaccess_readpage+0x630/0x630 [ 176.721416][ T4652] ? setup_fault_attr+0x3d0/0x3d0 [ 176.726242][ T4652] ? plist_add+0x3f2/0x490 [ 176.730493][ T4652] ? plist_check_list+0x1f8/0x220 [ 176.735359][ T4652] ? z_erofs_vle_normalaccess_readpage+0x630/0x630 [ 176.741693][ T4652] read_pages+0x119/0x400 [ 176.745860][ T4652] ? __do_page_cache_readahead+0x4f0/0x4f0 [ 176.751505][ T4652] ? find_get_entry+0x569/0x600 [ 176.756189][ T4652] __do_page_cache_readahead+0x448/0x4f0 [ 176.761658][ T4652] ? read_cache_pages_invalidate_pages+0x1b0/0x1b0 [ 176.767992][ T4652] generic_file_read_iter+0x673/0x21f0 [ 176.773293][ T4652] ? find_get_pages_range_tag+0xae0/0xae0 [ 176.778847][ T4652] ? packet_ioctl+0x220/0x220 [ 176.783361][ T4652] ? iov_iter_init+0x82/0x160 [ 176.787864][ T4652] __vfs_read+0x5cd/0x730 [ 176.792039][ T4652] ? rw_verify_area+0x360/0x360 [ 176.796728][ T4652] ? __fsnotify_update_child_dentry_flags+0x290/0x290 [ 176.803319][ T4652] ? security_file_permission+0x1dc/0x2f0 [ 176.808879][ T4652] vfs_read+0x148/0x360 [ 176.812865][ T4652] ksys_read+0x199/0x2c0 [ 176.816943][ T4652] ? vfs_write+0x4e0/0x4e0 [ 176.821197][ T4652] do_syscall_64+0xca/0x1c0 [ 176.825537][ T4652] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 176.831262][ T4652] RIP: 0033:0x7ff61f2e6b99 [ 176.835522][ T4652] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.854967][ T4652] RSP: 002b:00007ff61e568048 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 176.863200][ T4652] RAX: ffffffffffffffda RBX: 00007ff61f474fa0 RCX: 00007ff61f2e6b99 [ 176.871012][ T4652] RDX: 0000000000000010 RSI: 0000000020001c40 RDI: 0000000000000004 [ 176.878822][ T4652] RBP: 00007ff61f36777e R08: 0000000000000000 R09: 0000000000000000 [ 176.886643][ T4652] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 176.894468][ T4652] R13: 000000000000000b R14: 00007ff61f474fa0 R15: 00007ffc49f270f8 [ 176.902260][ T4652] ---[ end trace eeb1f30d54d1f9be ]--- [ 177.003399][ T4659] fuse: Bad value for 'fd' [ 177.054718][ T4659] xt_CT: You must specify a L4 protocol and not use inversions on it [ 177.574130][ T4687] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 177.583229][ T4687] ext4 filesystem being mounted at /root/syzkaller.z5ZvLa/4/w5T)`)YFnA@T<3ڂ$rcnHwC" -8 supports timestamps until 2038 (0x7fffffff) [ 177.601931][ T4687] EXT4-fs error (device loop1): ext4_readdir:260: inode #2: block 3: comm syz.1.1164: path (unknown): bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0 [ 177.754262][ T2700] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 178.072144][ T4705] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 178.147847][ T4705] input: syz1 as /devices/virtual/input/input29 [ 178.231054][ T2700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 178.242118][ T2700] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 178.251828][ T2700] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 178.260895][ T2700] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.269891][ T2700] usb 4-1: config 0 descriptor?? [ 178.281308][ T23] audit: type=1400 audit(2000000173.554:534): avc: denied { write } for pid=4710 comm="syz.2.1172" name="net" dev="proc" ino=42410 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 178.302697][ T23] audit: type=1400 audit(2000000173.554:535): avc: denied { add_name } for pid=4710 comm="syz.2.1172" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1 [ 178.323675][ T23] audit: type=1400 audit(2000000173.554:536): avc: denied { create } for pid=4710 comm="syz.2.1172" name="pfkey" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1 [ 178.343399][ T23] audit: type=1400 audit(2000000173.554:537): avc: denied { associate } for pid=4710 comm="syz.2.1172" name="pfkey" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 178.527332][ T4716] EXT4-fs (loop2): dax option not supported [ 178.651959][ T4719] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1175'. [ 178.670264][ T0] NOHZ: local_softirq_pending 08 [ 178.748556][ T23] audit: type=1400 audit(2000000173.988:538): avc: denied { map } for pid=4720 comm="syz.0.1176" path="socket:[41474]" dev="sockfs" ino=41474 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 178.784804][ T2700] logitech 0003:046D:C29C.0026: unknown main item tag 0x0 [ 178.791939][ T2700] logitech 0003:046D:C29C.0026: unknown main item tag 0x0 [ 178.799143][ T2700] logitech 0003:046D:C29C.0026: unknown main item tag 0x0 [ 178.806461][ T2700] logitech 0003:046D:C29C.0026: unknown main item tag 0x0 [ 178.813470][ T2700] logitech 0003:046D:C29C.0026: unknown main item tag 0x0 [ 178.821485][ T2700] logitech 0003:046D:C29C.0026: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0 [ 178.887878][ T4724] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1178'. [ 178.944837][ T4724] FAT-fs (loop4): Directory bread(block 64) failed [ 178.951575][ T4724] FAT-fs (loop4): Directory bread(block 65) failed [ 178.958638][ T4724] FAT-fs (loop4): Directory bread(block 66) failed [ 178.965056][ T4724] FAT-fs (loop4): Directory bread(block 67) failed [ 178.971424][ T4724] FAT-fs (loop4): Directory bread(block 68) failed [ 178.977866][ T4724] FAT-fs (loop4): Directory bread(block 69) failed [ 178.984302][ T4724] FAT-fs (loop4): Directory bread(block 70) failed [ 178.990658][ T4724] FAT-fs (loop4): Directory bread(block 71) failed [ 178.997097][ T4724] FAT-fs (loop4): Directory bread(block 72) failed [ 179.003502][ T4724] FAT-fs (loop4): Directory bread(block 73) failed [ 179.102448][ T23] audit: type=1326 audit(2000000174.311:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4729 comm="syz.0.1180" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce43559b99 code=0x0 [ 179.134817][ T4724] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4724 comm=syz.4.1178 [ 179.309775][ T4736] EXT4-fs (loop1): Unrecognized mount option "H" or missing value [ 179.628619][ T2700] logitech 0003:046D:C29C.0026: no inputs found [ 179.636955][ T2700] usb 4-1: USB disconnect, device number 33 [ 179.716949][ T23] audit: type=1400 audit(2000000174.883:540): avc: denied { getopt } for pid=4751 comm="syz.4.1187" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 179.920644][ T4764] 9pnet: Insufficient options for proto=fd [ 180.296739][ C1] PF_CAN: dropped non conform CAN skbuff: dev type 823, len 132 [ 180.310772][ T4777] tipc: Started in network mode [ 180.318137][ T4777] tipc: Own node identity d63bc2339ecd, cluster identity 4711 [ 180.325797][ T4777] tipc: Enabled bearer , priority 0 [ 180.360617][ T4774] tipc: Resetting bearer [ 180.374667][ T4774] tipc: Disabling bearer [ 180.414393][ T4781] tmpfs: Bad value for 'size' [ 180.928718][ T344] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 180.953106][ T23] audit: type=1400 audit(2000000184.026:541): avc: denied { map } for pid=4797 comm="syz.0.1203" path="socket:[41713]" dev="sockfs" ino=41713 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 181.039590][ T23] audit: type=1400 audit(2000000184.100:542): avc: denied { write } for pid=4800 comm="syz.1.1206" name="file0" dev="sda1" ino=2059 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=blk_file permissive=1 [ 181.297527][ T4817] A link change request failed with some changes committed already. Interface bond_slave_1 may have been left with an inconsistent configuration, please check. [ 181.329667][ T344] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 181.340796][ T344] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 181.350364][ T344] usb 4-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 181.359269][ T344] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.367637][ T344] usb 4-1: config 0 descriptor?? [ 181.423576][ T4823] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1210'. [ 181.470974][ T4825] FAT-fs (loop1): Unrecognized mount option "utM8=0" or missing value [ 181.692187][ T23] kauditd_printk_skb: 1 callbacks suppressed [ 181.692197][ T23] audit: type=1400 audit(2000000192.710:544): avc: denied { ioctl } for pid=4831 comm="syz.4.1215" path="socket:[42755]" dev="sockfs" ino=42755 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 181.830528][ T4840] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1218'. [ 181.872479][ T344] sony 0003:054C:024B.0027: invalid report_size 54311 [ 181.879088][ T344] sony 0003:054C:024B.0027: item 0 2 1 7 parsing failed [ 181.886152][ T344] sony 0003:054C:024B.0027: parse failed [ 181.891624][ T344] sony: probe of 0003:054C:024B.0027 failed with error -22 [ 182.142135][ T2700] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 182.326341][ T2699] usb 1-1: new low-speed USB device number 32 using dummy_hcd [ 182.381100][ T4854] EXT4-fs (loop4): Unrecognized mount option "appraise_type=imasig" or missing value [ 182.532295][ T2700] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.543192][ T2700] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.552889][ T2700] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 182.561945][ T2700] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.571012][ T2700] usb 2-1: config 0 descriptor?? [ 182.619613][ T2699] usb 1-1: device descriptor read/64, error 18 [ 183.041347][ T2699] usb 1-1: device descriptor read/64, error 18 [ 183.095972][ T2700] hid (null): bogus close delimiter [ 183.217328][ T4863] EXT4-fs (loop4): Test dummy encryption mode enabled [ 183.228964][ T4863] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,stripe=0x0000000000010000,dioread_nolock,,errors=continue [ 183.250589][ T4861] F2FS-fs (loop2): Found nat_bits in checkpoint [ 183.282931][ T4861] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 183.334063][ T2700] usb 2-1: language id specifier not provided by device, defaulting to English [ 183.346440][ T2699] usb 1-1: new low-speed USB device number 33 using dummy_hcd [ 183.520097][ T23] audit: type=1400 audit(2000000194.390:545): avc: denied { bind } for pid=4873 comm="syz.4.1227" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 183.680586][ T2699] usb 1-1: device descriptor read/64, error 18 [ 183.834078][ T2700] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0028/input/input30 [ 183.847718][ T2700] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:256C:006D.0028/input/input31 [ 183.863479][ T2703] usb 4-1: USB disconnect, device number 34 [ 183.874626][ T2700] uclogic 0003:256C:006D.0028: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.1-1/input0 [ 184.018414][ T4882] device syzkaller0 entered promiscuous mode [ 184.035888][ T23] audit: type=1326 audit(2000000194.861:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4881 comm="syz.2.1228" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f946d36db99 code=0x0 [ 184.062845][ T2701] usb 2-1: USB disconnect, device number 26 [ 184.124773][ T2699] usb 1-1: device descriptor read/64, error 18 [ 184.260511][ T2699] usb usb1-port1: attempt power cycle [ 184.503972][ T2703] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 184.709847][ T2699] usb 1-1: new low-speed USB device number 34 using dummy_hcd [ 184.754383][ T4902] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 184.763206][ T4902] ext4 filesystem being mounted at /root/syzkaller.z5ZvLa/17/file0 supports timestamps until 2038 (0x7fffffff) [ 184.778717][ T4902] EXT4-fs error (device loop1): ext4_validate_block_bitmap:418: comm syz.1.1235: bg 0: block 288: padding at end of block bitmap is not set [ 184.796618][ T2703] usb 4-1: device descriptor read/64, error 18 [ 184.904906][ T2699] usb 1-1: device descriptor read/8, error -61 [ 185.083652][ T4913] debugfs: Directory 'vcpu0' with parent '4910-5' already present! [ 185.092341][ T4913] debugfs: Directory 'vcpu0' with parent '4910-5' already present! [ 185.100798][ T4913] debugfs: Directory 'vcpu0' with parent '4910-5' already present! [ 185.109244][ T4913] debugfs: Directory 'vcpu0' with parent '4910-5' already present! [ 185.117897][ T4913] debugfs: Directory 'vcpu0' with parent '4910-5' already present! [ 185.126230][ T4913] debugfs: Directory 'vcpu0' with parent '4910-5' already present! [ 185.134740][ T4913] debugfs: Directory 'vcpu0' with parent '4910-5' already present! [ 185.143768][ T4913] debugfs: Directory 'vcpu0' with parent '4910-5' already present! [ 185.197399][ T2699] usb 1-1: device descriptor read/8, error -61 [ 185.219130][ T2703] usb 4-1: device descriptor read/64, error 18 [ 185.243303][ T23] audit: type=1400 audit(2000000203.982:547): avc: denied { setopt } for pid=4916 comm="syz.2.1238" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 185.511558][ T2703] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 185.800190][ T4938] overlayfs: failed to resolve './file1': -2 [ 185.804091][ T2703] usb 4-1: device descriptor read/64, error 18 [ 186.226680][ T2703] usb 4-1: device descriptor read/64, error 18 [ 186.356686][ T2703] usb usb4-port1: attempt power cycle [ 186.443291][ T2701] usb 3-1: new low-speed USB device number 39 using dummy_hcd [ 186.475814][ T1243] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 186.735860][ T1243] usb 2-1: Using ep0 maxpacket: 16 [ 186.800852][ T2703] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 186.833405][ T2701] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 186.841581][ T2701] usb 3-1: config 179 has no interface number 0 [ 186.847646][ T2701] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10 [ 186.858709][ T2701] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 8 [ 186.869613][ T2701] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 186.876768][ T1243] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7 [ 186.879622][ T2701] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 186.890746][ T1243] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 186.903281][ T2703] usb 4-1: Invalid ep0 maxpacket: 76 [ 186.913310][ T1243] usb 2-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 186.918000][ T2701] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 186.927614][ T1243] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.935905][ T2701] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.944819][ T1243] usb 2-1: config 0 descriptor?? [ 186.974276][ T4957] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 187.093379][ T2703] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 187.132990][ T4965] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1253'. [ 187.190934][ T2703] usb 4-1: Invalid ep0 maxpacket: 76 [ 187.196230][ T2703] usb usb4-port1: unable to enumerate USB device [ 187.247589][ T23] audit: type=1400 audit(2000000213.832:548): avc: denied { create } for pid=4966 comm="syz.0.1254" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1 [ 187.366204][ T4971] FAULT_INJECTION: forcing a failure. [ 187.366204][ T4971] name failslab, interval 1, probability 0, space 0, times 0 [ 187.378851][ T4971] CPU: 0 PID: 4971 Comm: syz.4.1255 Tainted: G W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 187.389830][ T4971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 187.399729][ T4971] Call Trace: [ 187.402855][ T4971] dump_stack+0x1d8/0x241 [ 187.407106][ T4971] ? panic+0x89d/0x89d [ 187.411012][ T4971] ? unwind_next_frame+0x176a/0x1ea0 [ 187.415990][ T4972] FAULT_INJECTION: forcing a failure. [ 187.415990][ T4972] name failslab, interval 1, probability 0, space 0, times 0 [ 187.416224][ T4971] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 187.434277][ T4971] ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 187.440176][ T4971] should_fail+0x71f/0x880 [ 187.444421][ T4971] ? setup_fault_attr+0x3d0/0x3d0 [ 187.449293][ T4971] ? preempt_count_add+0x8f/0x180 [ 187.451564][ T4955] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1250'. [ 187.454160][ T4971] ? btf_new_fd+0x110/0x10e0 [ 187.467568][ T4971] should_failslab+0x5/0x20 [ 187.471917][ T4971] kmem_cache_alloc_trace+0x28/0x260 [ 187.473709][ T4955] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 187.477028][ T4971] btf_new_fd+0x110/0x10e0 [ 187.488563][ T4971] ? security_capable+0x86/0xb0 [ 187.493245][ T4971] __se_sys_bpf+0x13de/0xbcb0 [ 187.497763][ T4971] ? 0xffffffffa0058000 [ 187.501750][ T4971] ? stack_trace_save+0x1c0/0x1c0 [ 187.506703][ T4971] ? __kernel_text_address+0x94/0x100 [ 187.511906][ T4971] ? unwind_get_return_address+0x49/0x80 [ 187.517372][ T4971] ? arch_stack_walk+0xf5/0x140 [ 187.522060][ T4971] ? _kstrtoull+0x390/0x4a0 [ 187.526429][ T4971] ? __x64_sys_bpf+0x80/0x80 [ 187.531007][ T4971] ? kstrtouint_from_user+0x20a/0x2a0 [ 187.536907][ T4971] ? kstrtol_from_user+0x310/0x310 [ 187.541856][ T4971] ? get_pid_task+0xde/0x130 [ 187.546275][ T4971] ? proc_fail_nth_write+0x20b/0x290 [ 187.551409][ T4971] ? proc_fail_nth_read+0x210/0x210 [ 187.556436][ T4971] ? proc_fail_nth_read+0x210/0x210 [ 187.561464][ T4971] ? memset+0x1f/0x40 [ 187.565293][ T4971] ? fsnotify+0x1280/0x1340 [ 187.570058][ T4971] ? __kernel_write+0x350/0x350 [ 187.574745][ T4971] ? check_preemption_disabled+0x9f/0x320 [ 187.580308][ T4971] ? debug_smp_processor_id+0x20/0x20 [ 187.585516][ T4971] ? __fsnotify_parent+0x310/0x310 [ 187.590457][ T4971] ? __sb_end_write+0xc4/0x120 [ 187.595052][ T4971] ? vfs_write+0x41a/0x4e0 [ 187.599304][ T4971] ? fput_many+0x15e/0x1b0 [ 187.603566][ T4971] ? check_preemption_disabled+0x153/0x320 [ 187.609218][ T4971] ? __do_page_fault+0x725/0xbb0 [ 187.613984][ T4971] do_syscall_64+0xca/0x1c0 [ 187.618320][ T4971] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 187.624045][ T4971] RIP: 0033:0x7f18abb30b99 [ 187.628296][ T4971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.647824][ T4971] RSP: 002b:00007f18aadb2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 187.656065][ T4971] RAX: ffffffffffffffda RBX: 00007f18abcbefa0 RCX: 00007f18abb30b99 [ 187.663874][ T4971] RDX: 0000000000000020 RSI: 0000000020000280 RDI: 0000000000000012 [ 187.671687][ T4971] RBP: 00007f18aadb20a0 R08: 0000000000000000 R09: 0000000000000000 [ 187.679499][ T4971] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.687310][ T4971] R13: 000000000000000b R14: 00007f18abcbefa0 R15: 00007ffe074fae48 [ 187.695134][ T4972] CPU: 1 PID: 4972 Comm: syz.3.1256 Tainted: G W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 187.696567][ T1243] hid (null): report_id 0 is invalid [ 187.706142][ T4972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 187.706146][ T4972] Call Trace: [ 187.706161][ T4972] dump_stack+0x1d8/0x241 [ 187.706169][ T4972] ? panic+0x89d/0x89d [ 187.706178][ T4972] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 187.706186][ T4972] ? __fsnotify_parent+0x310/0x310 [ 187.706203][ T4972] should_fail+0x71f/0x880 [ 187.712219][ T1243] hid (null): unknown global tag 0xd [ 187.721166][ T4972] ? __sb_end_write+0xc4/0x120 [ 187.721181][ T4972] ? setup_fault_attr+0x3d0/0x3d0 [ 187.724329][ T1243] hid (null): report_id 5085 is invalid [ 187.728458][ T4972] ? fput_many+0x15e/0x1b0 [ 187.728473][ T4972] ? check_preemption_disabled+0x153/0x320 [ 187.736174][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.738010][ T4972] ? getname_flags+0xb8/0x4e0 [ 187.738025][ T4972] should_failslab+0x5/0x20 [ 187.742996][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.747272][ T4972] kmem_cache_alloc+0x28/0x250 [ 187.747281][ T4972] getname_flags+0xb8/0x4e0 [ 187.747289][ T4972] __x64_sys_unlink+0x38/0x50 [ 187.747297][ T4972] do_syscall_64+0xca/0x1c0 [ 187.747312][ T4972] entry_SYSCALL_64_after_hwframe+0x5c/0xc1 [ 187.752365][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.756921][ T4972] RIP: 0033:0x7ff61f2e6b99 [ 187.756930][ T4972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.756934][ T4972] RSP: 002b:00007ff61e568048 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 187.756949][ T4972] RAX: ffffffffffffffda RBX: 00007ff61f474fa0 RCX: 00007ff61f2e6b99 [ 187.761822][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.767167][ T4972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000080 [ 187.767173][ T4972] RBP: 00007ff61e5680a0 R08: 0000000000000000 R09: 0000000000000000 [ 187.767177][ T4972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 187.767181][ T4972] R13: 000000000000000b R14: 00007ff61f474fa0 R15: 00007ffc49f270f8 [ 187.909888][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.917136][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.924272][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.931536][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.938726][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.945906][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.953108][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.960294][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.967484][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.974721][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.981984][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.989233][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 187.996642][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.003919][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.011211][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.018574][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.026625][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.033850][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.041139][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.048291][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x1 [ 188.055454][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.062821][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.070070][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.077240][ T1243] hid-generic 0003:0158:0100.0029: unknown main item tag 0x0 [ 188.085587][ T1243] hid-generic 0003:0158:0100.0029: report_id 0 is invalid [ 188.093673][ T1243] hid-generic 0003:0158:0100.0029: item 0 2 1 8 parsing failed [ 188.197329][ T1243] hid-generic: probe of 0003:0158:0100.0029 failed with error -22 [ 188.313385][ T1243] usb 2-1: USB disconnect, device number 27 [ 188.851455][ T4984] F2FS-fs (loop1): Unrecognized mount option "00000000000000000000" or missing value [ 189.134131][ T4984] usb usb5: usbfs: process 4984 (syz.1.1260) did not claim interface 0 before use [ 189.251993][ T2701] usb 3-1: USB disconnect, device number 39 [ 189.307304][ T4984] EXT4-fs (loop1): Ignoring removed bh option [ 189.315992][ T4984] EXT4-fs error (device loop1): ext4_ext_check_inode:540: inode #16: comm syz.1.1260: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 19200(19200) [ 189.334840][ T4984] EXT4-fs error (device loop1): ext4_orphan_get:1240: comm syz.1.1260: couldn't read orphan inode 16 (err -117) [ 189.347462][ T4984] EXT4-fs (loop1): mounted filesystem without journal. Opts: init_itable,noquota,barrier,nodiscard,init_itable=0x0000000000000040,journal_dev=0x0000000000000102,barrier,nojournal_checksum,bh,,errors=continue [ 189.367640][ T4984] ext4 filesystem being mounted at /root/syzkaller.z5ZvLa/21/file1 supports timestamps until 2038 (0x7fffffff) [ 189.391304][ T4984] syz.1.1260 uses obsolete (PF_INET,SOCK_PACKET) [ 189.418253][ T4984] device syzkaller0 entered promiscuous mode [ 189.550088][ T4604] EXT4-fs error (device loop1): ext4_lookup:1818: inode #2: comm syz-executor: deleted inode referenced: 16 [ 189.561805][ T4604] EXT4-fs error (device loop1): ext4_lookup:1818: inode #2: comm syz-executor: deleted inode referenced: 16 [ 189.586843][ T5005] EXT4-fs error (device loop3): ext4_orphan_get:1260: comm syz.3.1264: bad orphan inode 8192 [ 189.597078][ T5005] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue [ 189.615886][ T5005] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2221: inode #15: comm syz.3.1264: corrupted in-inode xattr [ 189.761226][ T4173] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /root/syzkaller.2sATCz/27/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 189.807347][ T5020] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.814242][ T5020] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.821445][ T5020] device bridge_slave_0 entered promiscuous mode [ 189.829633][ T5020] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.836667][ T5020] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.844090][ T5020] device bridge_slave_1 entered promiscuous mode [ 189.891183][ T5020] bridge0: port 2(bridge_slave_1) entered blocking state [ 189.898020][ T5020] bridge0: port 2(bridge_slave_1) entered forwarding state [ 189.905184][ T5020] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.911943][ T5020] bridge0: port 1(bridge_slave_0) entered forwarding state [ 189.947323][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 189.956671][ T2701] bridge0: port 1(bridge_slave_0) entered disabled state [ 189.963741][ T2701] bridge0: port 2(bridge_slave_1) entered disabled state [ 189.981751][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 189.989761][ T2701] bridge0: port 1(bridge_slave_0) entered blocking state [ 189.996577][ T2701] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.004374][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.012601][ T2701] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.019685][ T2701] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.045565][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.062086][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.081806][ T2701] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 190.094681][ T383] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 190.115421][ T5028] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.122545][ T5028] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.130209][ T5028] device bridge_slave_0 entered promiscuous mode [ 190.136858][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 190.145223][ T7] device bridge_slave_1 left promiscuous mode [ 190.151395][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.158572][ T7] device bridge_slave_0 left promiscuous mode [ 190.164685][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 190.228109][ T5028] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.235012][ T5028] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.242298][ T5028] device bridge_slave_1 entered promiscuous mode [ 190.280216][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 190.306908][ T1243] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 190.319607][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 190.354657][ T383] usb 1-1: Using ep0 maxpacket: 16 [ 190.362812][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 190.372350][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 190.380832][ T2703] bridge0: port 1(bridge_slave_0) entered blocking state [ 190.387687][ T2703] bridge0: port 1(bridge_slave_0) entered forwarding state [ 190.394967][ T2703] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 190.405163][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 190.413948][ T344] bridge0: port 2(bridge_slave_1) entered blocking state [ 190.420800][ T344] bridge0: port 2(bridge_slave_1) entered forwarding state [ 190.439906][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 190.447828][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 190.474092][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 190.482201][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 190.490171][ T383] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 190.501092][ T383] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 190.510968][ T383] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 190.521582][ T383] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 190.531141][ T383] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 190.540585][ T383] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 190.552561][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 190.560995][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 190.579177][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 190.587736][ T344] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 190.601246][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 190.609925][ T2699] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 190.722900][ T383] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 190.731798][ T383] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.739982][ T383] usb 1-1: Product: syz [ 190.743981][ T383] usb 1-1: Manufacturer: syz [ 190.748403][ T383] usb 1-1: SerialNumber: syz [ 191.134596][ T383] cdc_ncm 1-1:1.0: bind() failure [ 191.140916][ T383] cdc_ncm 1-1:1.1: bind() failure [ 191.147035][ T383] usb 1-1: USB disconnect, device number 36 [ 191.159280][ T5051] EXT4-fs (loop1): Test dummy encryption mode enabled [ 191.170215][ T5051] EXT4-fs (loop1): can't mount with data=, fs mounted w/o journal [ 191.178403][ T23] audit: type=1326 audit(2000000225.463:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5074 comm="syz.4.1279" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f18abb30b99 code=0x0 [ 191.199603][ T1243] usb 4-1: new full-speed USB device number 39 using dummy_hcd [ 191.221383][ T7] device bridge_slave_1 left promiscuous mode [ 191.227513][ T7] bridge0: port 2(bridge_slave_1) entered disabled state [ 191.235470][ T7] device bridge_slave_0 left promiscuous mode [ 191.241558][ T7] bridge0: port 1(bridge_slave_0) entered disabled state [ 191.303016][ T5081] tipc: Started in network mode [ 191.307915][ T5081] tipc: Own node identity 2007ff, cluster identity 4711 [ 191.316780][ T5081] tipc: 32-bit node address hash set to 2007ff [ 191.440323][ T5083] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue [ 191.449281][ T5083] ext4 filesystem being mounted at /root/syzkaller.jtV7LJ/142/file0 supports timestamps until 2038 (0x7fffffff) [ 191.465325][ T5083] EXT4-fs error (device loop2): ext4_map_blocks:617: inode #4: block 16: comm syz.2.1280: lblock 0 mapped to illegal pblock 16 (length 1) [ 191.479566][ T5083] Quota error (device loop2): find_tree_dqentry: Can't read quota tree block 1 [ 191.488419][ T5083] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 60928 [ 191.503151][ T1243] usb 4-1: too many configurations: 220, using maximum allowed: 8 [ 191.513593][ T7] ================================================================== [ 191.521472][ T7] BUG: KASAN: null-ptr-deref in tcf_idrinfo_destroy+0xe2/0x280 [ 191.528835][ T7] Read of size 4 at addr 0000000000000010 by task kworker/u4:0/7 [ 191.536382][ T7] [ 191.538557][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 191.549492][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 191.559392][ T7] Workqueue: netns cleanup_net [ 191.563981][ T7] Call Trace: [ 191.567116][ T7] dump_stack+0x1d8/0x241 [ 191.571284][ T7] ? panic+0x89d/0x89d [ 191.575184][ T7] ? nf_ct_l4proto_log_invalid+0x258/0x258 [ 191.580833][ T7] ? idr_get_next_ul+0x32a/0x3f0 [ 191.585603][ T7] ? tcf_idrinfo_destroy+0xe2/0x280 [ 191.590725][ T7] __kasan_report+0xe9/0x120 [ 191.595147][ T7] ? tcf_idrinfo_destroy+0xe2/0x280 [ 191.600180][ T7] kasan_report+0x30/0x60 [ 191.604349][ T7] check_memory_region+0x272/0x280 [ 191.609385][ T7] tcf_idrinfo_destroy+0xe2/0x280 [ 191.614335][ T7] ? tcf_idr_check_alloc+0x370/0x370 [ 191.619449][ T7] ? netdev_refcnt_read+0x1c0/0x1c0 [ 191.624491][ T7] ? gact_exit_net+0xef/0x140 [ 191.629003][ T7] police_exit_net+0xd7/0x140 [ 191.632987][ T1243] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 191.633520][ T7] ? police_init_net+0x1c0/0x1c0 [ 191.640962][ T1243] usb 4-1: can't read configurations, error -61 [ 191.645672][ T7] cleanup_net+0x6e2/0xc90 [ 191.645683][ T7] ? ops_init+0x4a0/0x4a0 [ 191.645692][ T7] ? read_word_at_a_time+0xe/0x20 [ 191.645699][ T7] ? strscpy+0x89/0x220 [ 191.645708][ T7] process_one_work+0x765/0xd20 [ 191.645718][ T7] worker_thread+0xaef/0x1470 [ 191.645729][ T7] kthread+0x2da/0x360 [ 191.645735][ T7] ? worker_clr_flags+0x170/0x170 [ 191.645742][ T7] ? kthread_blkcg+0xd0/0xd0 [ 191.645749][ T7] ret_from_fork+0x1f/0x30 [ 191.645756][ T7] ================================================================== [ 191.645758][ T7] Disabling lock debugging due to kernel taint [ 191.648532][ T7] kasan: CONFIG_KASAN_INLINE enabled [ 191.714865][ T7] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 191.722913][ T7] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 191.729646][ T7] CPU: 1 PID: 7 Comm: kworker/u4:0 Tainted: G B W 5.4.276-syzkaller-00020-g4275fce9fe94 #0 [ 191.740576][ T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 191.750482][ T7] Workqueue: netns cleanup_net [ 191.755166][ T7] RIP: 0010:tcf_idrinfo_destroy+0xe9/0x280 [ 191.760800][ T7] Code: ee e8 9b 9b b6 00 48 85 c0 0f 84 54 01 00 00 49 89 c6 48 8d 58 20 48 89 df be 04 00 00 00 e8 6e 55 00 fe 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 f5 00 00 00 8b 1b 31 ff 89 de e8 bf 9f [ 191.780245][ T7] RSP: 0018:ffff8881f5dbfb60 EFLAGS: 00010202 [ 191.786147][ T7] RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffff8881f5d6cec0 [ 191.793953][ T7] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000ffffffff [ 191.801771][ T7] RBP: ffff8881f5dbfc30 R08: ffffffff813ae585 R09: 0000000000000003 [ 191.809580][ T7] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff1103ebb7f78 [ 191.817390][ T7] R13: ffff8881f5dbfbc0 R14: fffffffffffffff0 R15: dffffc0000000000 [ 191.825200][ T7] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 191.833971][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 191.840388][ T7] CR2: 0000000000000000 CR3: 0000000005e0e000 CR4: 00000000003406a0 [ 191.848201][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 191.856010][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 191.863819][ T7] Call Trace: [ 191.866958][ T7] ? __die+0xb4/0x100 [ 191.870770][ T7] ? die+0x26/0x50 [ 191.874336][ T7] ? do_general_protection+0x266/0x3c0 [ 191.879620][ T7] ? ___preempt_schedule+0x16/0x20 [ 191.884571][ T7] ? do_trap+0x340/0x340 [ 191.888648][ T7] ? check_panic_on_warn+0x5e/0xa0 [ 191.893594][ T7] ? tcf_idrinfo_destroy+0xe2/0x280 [ 191.898629][ T7] ? general_protection+0x28/0x30 [ 191.903499][ T7] ? check_panic_on_warn+0x55/0xa0 [ 191.908436][ T7] ? tcf_idrinfo_destroy+0xe9/0x280 [ 191.913496][ T7] ? tcf_idr_check_alloc+0x370/0x370 [ 191.918591][ T7] ? netdev_refcnt_read+0x1c0/0x1c0 [ 191.923625][ T7] ? gact_exit_net+0xef/0x140 [ 191.928138][ T7] police_exit_net+0xd7/0x140 [ 191.932653][ T7] ? police_init_net+0x1c0/0x1c0 [ 191.937426][ T7] cleanup_net+0x6e2/0xc90 [ 191.941683][ T7] ? ops_init+0x4a0/0x4a0 [ 191.945844][ T7] ? read_word_at_a_time+0xe/0x20 [ 191.950705][ T7] ? strscpy+0x89/0x220 [ 191.954699][ T7] process_one_work+0x765/0xd20 [ 191.959387][ T7] worker_thread+0xaef/0x1470 [ 191.963899][ T7] kthread+0x2da/0x360 [ 191.967813][ T7] ? worker_clr_flags+0x170/0x170 [ 191.972669][ T7] ? kthread_blkcg+0xd0/0xd0 [ 191.977092][ T7] ret_from_fork+0x1f/0x30 [ 191.981337][ T7] Modules linked in: [ 191.988112][ T7] ---[ end trace eeb1f30d54d1f9bf ]--- [ 191.993566][ T7] RIP: 0010:tcf_idrinfo_destroy+0xe9/0x280 [ 191.999172][ T7] Code: ee e8 9b 9b b6 00 48 85 c0 0f 84 54 01 00 00 49 89 c6 48 8d 58 20 48 89 df be 04 00 00 00 e8 6e 55 00 fe 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 f5 00 00 00 8b 1b 31 ff 89 de e8 bf 9f [ 192.018789][ T7] RSP: 0018:ffff8881f5dbfb60 EFLAGS: 00010202 [ 192.024728][ T7] RAX: 0000000000000002 RBX: 0000000000000010 RCX: ffff8881f5d6cec0 [ 192.032462][ T7] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000ffffffff [ 192.040611][ T7] RBP: ffff8881f5dbfc30 R08: ffffffff813ae585 R09: 0000000000000003 [ 192.048530][ T7] R10: ffffffffffffffff R11: dffffc0000000001 R12: 1ffff1103ebb7f78 [ 192.056423][ T7] R13: ffff8881f5dbfbc0 R14: fffffffffffffff0 R15: dffffc0000000000 [ 192.064113][ T7] FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000 [ 192.066262][ T1243] usb 4-1: new full-speed USB device number 40 using dummy_hcd [ 192.073048][ T7] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 192.086923][ T7] CR2: 0000000000000000 CR3: 0000000005e0e000 CR4: 00000000003406a0 [ 192.094931][ T7] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 192.102787][ T7] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 192.110566][ T7] Kernel panic - not syncing: Fatal exception [ 192.116586][ T7] Kernel Offset: disabled [ 192.120708][ T7] Rebooting in 86400 seconds..