last executing test programs: 30.526735326s ago: executing program 0 (id=149): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) 30.2440384s ago: executing program 0 (id=157): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000000)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) syz_clone(0x648e7000, 0x0, 0x0, 0x0, 0x0, 0x0) 30.127898112s ago: executing program 0 (id=159): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2a, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r0, 0x29, 0x2c, &(0x7f0000000480)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @empty}}}, 0x108) 30.065973093s ago: executing program 0 (id=160): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@errors_remount}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x450, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLYgv2xF/MEPtYrGxh8tLagcvGg04WJiogc81lIIslBDayKESDUGj4a/QD2a+Bd40otRTxqvejcmxHARPZgxszsDS7tbd7tbtrCfTzLtezNv973vzLzdN/N2AhhYY/mfJGJ7RPwaESP17M0Fxur/rl29MPv31QuzSWTZG38mtXJ/Xb0wWxYtX7etyIynEenHSextUu/CufOnZqrVubNFfnLx9LuTC+fOP3vy9MyJuRNzZ6YPHz50cOqF56ef60mcO/K27vlgft/uI29dfm326OW3f/gqb+/2YntjHHWjXdc5FmM378sGT3T97hvLjoZ0MtTHhtCRSkTkh2u41v9HohI3Dt5IvPpRXxsHrKssy7LNK9ZWysRSBtzBkuh3C4D+KL/o8+vfcrmFw4++u/JS/QIoj/tasdS3DEValBledn3bS2MRcXTpn8/yJZrehwAA6K1v8vHPM83Gf2nc31Du7mJuaDQi7omInRFxb0Tsioj7ImplH4iIBzusf2xZfuX45+ctawqsTfn478Vibuvm8V85+ovRSpHbUYt/ODl+sjp3oNgn4zG8Oc9PrVLHt6/88mmrbY3jv3zJ6y/HgkU7/hhadoPu2MziTDcxN7ryYcSeoWbxJ9fnrvL/uyNizxreP99nJ5/6cl+r7f8f/yp6MM+UfRHxZP34L8Wy+EvJ6vOTk3dFde7AZHlWrPTjT5deb1V/V/H3QH78tzY9/6/HP5o0ztcudF7Hpd8+aXlNs9bzf1PyZi29qVj3/szi4tmpiE3J0sr10zdeW+bL8nn84/ub9/+dEf9+Xrxub0TkJ/FDEfFwRDxStP3RiHgsIvavEv/3Lz/+ztrjX195/Mc6Ov6dJyqnvvu6Vf3tHf9DtdR4saadz792G9jNvgMAAIDbRVr7DXySTlxPp+nERP03/Ltia1qdX1h8+vj8e2eO1X8rPxrDaXmna6ThfuhUcW+4zE8vyx+s3TfOsizbUstPzM5X12tOHWjPthb9P/d7pd+tA9ZdR/NorZ5oA25LnteEwaX/w+DS/2Fw6f8wuJr1/4sR1/rQFOAW8/0Pg0v/h8Gl/8Pg0v9hIHXzXP9qiZ1H1uud77REZWM0o+NEpBuiGWtLpBujGfXE5ohot/DFuFUN6/cnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG/8FwAA//8Hl+jb") r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00') 29.824497176s ago: executing program 0 (id=167): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x68f82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x4) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000000)={0x1, 0x0, [{0x40000002, 0x0, 0x3}]}) 29.617398189s ago: executing program 0 (id=173): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4, 0x4}, 'syz1\x00', 0x4b}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 29.52893407s ago: executing program 32 (id=173): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000080)={{0x0, 0x4, 0x4}, 'syz1\x00', 0x4b}) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x15) ioctl$UI_DEV_CREATE(r0, 0x5501) 1.083383375s ago: executing program 1 (id=1037): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)={0x14, 0x0, 0x100, 0x70bd28, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x4011}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r2, @ANYBLOB="0000000000000000240012800b0001006d616373656300001400028005000a000000000005000b"], 0x44}}, 0x0) 1.055118595s ago: executing program 1 (id=1038): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60303, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = dup(r2) ioctl$KVM_CAP_EXCEPTION_PAYLOAD(r3, 0x4068aea3, &(0x7f0000000180)) 986.602336ms ago: executing program 2 (id=1043): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd(0x100006) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000140)={0xf000, 0xeeee8000, 0x1, r2, 0xb}) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0xb03, 0x4, 0x0, r2, 0x4}) 950.475636ms ago: executing program 1 (id=1045): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x18) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 923.522867ms ago: executing program 1 (id=1046): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000fcffff0318110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r2, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000180)='i=Ov:cb2e\xdf\xff\xff\x04\x00\xff\xff\xff') 890.852697ms ago: executing program 1 (id=1047): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 873.553578ms ago: executing program 2 (id=1048): mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x19) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) 854.945778ms ago: executing program 1 (id=1050): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="12010000e2793b10d10501200010010203010902120001000000000904"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000900)={0x34, &(0x7f0000000640)={0x40, 0x3, 0x2, "cea1"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f00000001c0)={0x0, 0xa, 0x4, "e711dbc1"}, &(0x7f00000002c0)={0x0, 0xa, 0x1, 0x1}, 0x0, 0x0, 0x0}) 755.340999ms ago: executing program 4 (id=1055): r0 = socket$inet6(0x10, 0x2, 0x6) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70200001400000bb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000700)='kfree\x00', r2}, 0x18) sendto$inet6(r0, &(0x7f00000002c0)="100000001200050f0c1000000049b23e", 0x10, 0x0, 0x0, 0x0) 671.259441ms ago: executing program 4 (id=1058): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000006900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000400)={r1, 0x0, 0x0}, 0x10) 670.849621ms ago: executing program 2 (id=1059): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000818110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) 610.328871ms ago: executing program 2 (id=1060): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f0000000040)=ANY=[], 0x10132) pipe2$9p(&(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) sendfile(r2, r1, 0x0, 0x400000000000f40c) fchmod(r1, 0x40) 609.785382ms ago: executing program 3 (id=1061): r0 = socket$inet6(0xa, 0x3, 0x3c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x7}, 0x1c) r1 = socket$packet(0x11, 0x2, 0x300) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000100)="88", 0xfdef}], 0x1) ppoll(&(0x7f0000000380)=[{r0, 0x2009}, {r1, 0x201}], 0x2, 0x0, 0x0, 0x0) 582.911212ms ago: executing program 2 (id=1062): syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x1208000, 0x0, 0x1, 0x0, 0x0) syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3M1rI2UYAPAn/djtfrgW8eBtBxahhU1o+rHoreoufmCXsurBk6ZJGrKbZEqTprUnDx7Fg/+JKHjy6N/gwbM38aB4E5TMTHXrBwhNm+3294PJM++bN888b1gWnpmSAC6s+eTXn0txI65ExHREXI/IzkvFkVnPwwsRcTMiph47SsX8nxOXIuJqRNwYJc9zloq3Pr89vLX201u/fPPd5ZlrX3z9/eR2DUzaixHR3cnP97t5TFt5fFjM14btLHZXh0XM3+g+KsZpHvebW1mG/drRuloWV1r5+nRnrz+K251afRRb7e1sfqeXX7A/bB3lyT7wsLabjRvNrSy2+2kWW4d5XQeH+f9th/1BnqdR5PsoSx+DwVHM55sHzXw/O4+yWO8Nivk8b9poHozisIjF5aKedhpZHVsn+aafbG+3e3sHybC522+nvWStUn2pUr1Tru6mjeaguVqudRt3VpOFVme0rDxo1rrrrTRtdZqVetpdTBZa9Xq5Wk0W7ja32rVeUq1WVipL5bXF4ux28vr995JOI1kYxVfbvb1Bu9NPttPdJP/EYrJcWXl5MblVTd7Z2Ew2H9y7t7H57gd337//ysabrxWL/lFWsrC8tLxcri6Vl6uLF2j/nxRFj3H/cCKlSRcAcP7o/4FJOL3+f/dBxOn3/6H/H4tz1f9e9P7/FPYPJ6L/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sH6Y/fKN7GQ+H18r5p8ppp4rxqWImIqI3//FdFw6lnO6yDP7H+tn/1bDt6XIMoyucbk4rkbEenH89uxpfwsAAADw9Prq45uf5d16/jI/6YI4S/lNm6nrH44p31xEzM7/OKZsU6OX58eULPv3PRMHY8qW3cCaG1Oy/JbbzLiy/S/Tx8LcY6GUh6kzLQcAADgTxzuBs+1CAAAAOEufTroAJqMUR48yj54FZ395/9cDwSvHRgAAAMA5VJp0AQAAAMCpy/p/v/8HAAAAT7f89/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgD3bu5zZxIIoD8LPBC/tPi1Z731b2BmVsCXvcY0QBaYICciAtpAFqILeUEEGExyEQcYjksa1E3yc5k7HMjzcIDjMjDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KX7ar24vfp93TZnt28nz2gAAACAS7bVelH/M0v9r839782tn02/iIgyIi7N3Ufx6Sxz1ORUL8/fnD5fvarhLqJOOLzHpLm+RMSf5nr80fWnAAAAAB/XZrmap9l6+jMbuiD6lBZtym9/M+UVEVHNHjKllYe8X5nC6u/3OP5nSqsXsKaZwtKS2zhX2pvUP/fjqt30pClSU1582bHIbGMHAAB6NDpr+p2FAAAA0Kd/QxfAMIp43so8bgVOUtNs730+6wEAAADvUDF0AQAAAEDn6vl/T+f/7Z3/BwAAAMNI5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21XmyWq3nbnN2+nTyjAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCf25x0FQiAMwmDv+s5k7n9YadDU1KQKhI+/MRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHjzu7/8n5gaZ5K518bS80iydmpsnRp758bRH8bXrwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNiflxQIgSCIgjnjfyd9/8NKgp5BhAhoeFRRiwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvuh3v/yfmBpnkrnTxtLxSLJ21di6auw9aBw9GG//BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNi5n9c4qjgA4G9mdra2Kq5R9hARBQ96sdttbe1NPCjBg3+CENJtjd36o83BliLm4k1y7kX0KCIo8db/IecEcom3HPYQwbMyszPZyQ9w/TWzST4fePO+Owzzvm8WQr7zXgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBp9PYkTrJDZxzHxbnNvYdLWb91qM88Xtuez1oWR3UmfTK8WP0QdZtLBAAAgLMjKev7EMJOur6Q9XEnr//T8pqs5v/26XFc1vOH6/6yL2v/rP3y8+7z+wN1xuNkN725PBxcOppK6/+b5Wx75i+vaOVPPn/3kuRfSPze6nOjNH+e0dcbG++08/BcHdkCAP/ExbIvgvL3oazvN5kYAGdGq1J4l/V/0mk2JwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA6jFbDk2UchRDmW5M4s7X3cOm4/vHa9nzZrj16tBa+nNwzu0UaQri5PBxcqnU2s+3e/Qe3F4fDwd36g5dCCE2N/lYx/dsfTHFxCI08H8F/FMTFlz0r+ZyMoMEfSgAAnEpp0bK6fiddX8jORXMh/PHdwfr/1Uocpqz/dz+8tlkdq1r/92ub4ezrrdz5tHfv/oPXl+8s3hrcGnz8xuX+m/0r169evd7L35X0vDEBAADg32kXrVr/x3NH1/8vVOIwZf3/2Tf9L6pjJer/Y00W/ZrOBAAA4Gx79uXff4uOOR+12+HzxZWVu/3xcf/z5fGxgVT/tnNFq9b/yVzTWQEAAAB1GK1GB9b/b1TiMOX6/1Pfv/Bj9Z5JCOF8sf5/cemT4Y36pjPT6vhz4qbnCAAAQLPOF626/p/m+//j/S0PcQjhtVfGcfFvAKeq/5N3v/qhOlZ1//+V+qY4k+Lu+HnkfTeEVrfpjAAAADjNnihaVuz/mq4vfPTThffb9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O3PAAAA//9WwT6Z") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x84c00, 0x0, 0x0, 0x0, &(0x7f0000000000)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x1b6) rename(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./bus\x00') 557.420762ms ago: executing program 5 (id=1063): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r0}, 0x18) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = dup2(r1, r1) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r2, 0x0, 0x60, &(0x7f0000000680)={'filter\x00', 0x4, [{}, {0x0, 0x100000000000000}]}, 0x68) 540.019563ms ago: executing program 3 (id=1064): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x40004, 0x80801) ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000100)={0x0, r2}) 450.536833ms ago: executing program 5 (id=1065): r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r1, 0x65, 0x1, 0x0, 0x0) bind$can_raw(r1, &(0x7f0000000000), 0x10) dup3(r0, r1, 0x0) 450.130893ms ago: executing program 5 (id=1066): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x1, 0x0) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000004c0)={'ip6_vti0\x00', &(0x7f0000000740)={'syztnl1\x00', 0x0, 0x29, 0x0, 0x3, 0x0, 0x4e, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10, 0x7, 0x2, 0x8}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f0000000600)={'syztnl1\x00', 0x0}) 392.540315ms ago: executing program 4 (id=1067): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) r1 = timerfd_create(0x8, 0x0) read(r1, &(0x7f00000000c0)=""/252, 0xfc) timerfd_settime(r1, 0x3, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 342.899415ms ago: executing program 3 (id=1068): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000380)={'pimreg\x00', 0x5005}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0) write$tun(r0, &(0x7f00000004c0)=ANY=[@ANYBLOB="03000800ec0639000c0065f1d53c004c2f0100000000000000000000000000000000ff02000000000000000000000000000188"], 0x7e) 342.337825ms ago: executing program 5 (id=1069): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) fgetxattr(r1, &(0x7f0000000140)=@known='trusted.overlay.redirect\x00', 0x0, 0x0) 290.856846ms ago: executing program 4 (id=1070): syz_mount_image$ext4(&(0x7f0000000bc0)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f00000000c0), 0x2, 0xbd1, &(0x7f0000002380)="$eJzs3M1rHOcZAPBnRquVbKtduZRS91KVUmwoXUsuMrUp1C4uvfRQaK8Fq/LKCK0/kFRcyTqskn8gX+dALoEkJiGH+OxLQnLNJbGvCTkETFCsBEJIFGY/pI2lleR4V6PIvx+8mvedd7TP8+ywO/PC7gbwxBrJ/qQRxyLiYhJRau5PI6JY7w1G1BrHra4sTX65sjSZxNravz5LIomIBytLk63HSprbI83BYES8/9ckfvb05rhzC4szE9VqZbY5Pjl/5frJuYXFP0xfmbhcuVy5Onb6T+Onxk+PnhnvWq1ffXTu9he/+fsnta9f/ebW58+/nMS5GGrOtdfRLSMxsv6ctCtExES3g+Wkr1lPe51JYYd/SnucFAAAHaVt93C/iFL0xcbNWyne/iDX5AAAAICuWOuLWAMAAAAOuMT6HwAAAA641ucAHqwsTbZavp9I2Fv3z0fEcKP+1WZrzBSiVt8ORn9EHH6QRPvXWpPGvz22kYj4+N6ZN7IWPfoe8nZqyxHxy63Of1Kvf7j+Le7N9acRMdqF+CMPjX9M9Z/rQvy86wfgyXTnfONCtvn6l67f/8QW17/CFteuHyLv61/r/m910/3fRv19He7//rnLGDdfefFGp7ms/j/f/tvrrZbFz7aPVdQjuL8c8avCVvUn6/UnHeq/uMsYpW9vVDrN5V3/2ksRx2Pr+luS7X+f6OTUdLUy2vi7ZYzl98Zf6xQ/7/qz83+4Q/2t33/qdP6v7zLGfy5ceHPTznsb3e3rTz8tJv+u94rNPf+fmJ+fHYsoJv/YvP/U9rm0jmk9Rlb/id9u//rfqv7sPaHWfB6ytcByc5uNn3oo5l9u3XyrUz6t9V+e5/9Sh/PfXv+7hc3n/5ldxvjdO8+d6DTXvv7NWha/tRYGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJY0IoYiScvr/TQtlyOORMTP43BavTY3//upa/+7eimbixiO/nRquloZjYhSY5xk47F6f2N86qHxHyPiaES8UDpUH5cnr1Uv5V08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA645ExFAkaTki0ohYLaVpuZx3VgAAAEDXDeedAAAAANBz1v8AAABw8Fn/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0GNHf33nbhIRtbOH6i1TbM7155oZ0Gtp3gkAuenLOwEgN4W8EwBy84hrfLcLcAAlO8wPdpwZ6HouAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxfx4/duZtERO3soXrLFJtz/blmBvRa2tZPcswD2Ht9200W9i4PYO95icOTyxof2GntP7hxTO37MwM9ywkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/Weo3pK0HBHF5r5yOeInETEc/cnUdLUyGhE/jYgPS/0D2Xgs55wBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADovrmFxZmJarUym3XSaHbW9/Sg09eM3MMQvekkjbxr+yWfg90ZeHanY/4bjxmiGPui0n3ayfNdCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvMwtLM5MVKuV2bm8MwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyNrewODNRrVZme9jJu0YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLzXQAAAP//jAsGRw==") prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$VT_RELDISP(r0, 0x5605) 265.865137ms ago: executing program 5 (id=1071): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) geteuid() 170.958468ms ago: executing program 5 (id=1072): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000003c0)={[{@resgid={'resgid', 0x3d, 0xee00}}, {}, {@grpquota}, {@nobarrier}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@stripe={'stripe', 0x3d, 0x2}}]}, 0x3, 0x572, &(0x7f00000006c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwIF6kCCIWxD/Au8fiH6B/RUELRUrQg5fIbGbbbZLNJunWbJ3PB6Z9b2ayb96++b79zs4uG0BhjWT/lCJejoivk4iDbdsGI984srLf0sNrk9mSxPLyJ38mkeTrWvsn+f/788pLEfHLFxHHS2vbrS8szlSq1XQur482Zi+P1hcWT1ycrUyn0+ml8YmJU29NjL/7zts96+vr5/7+7uO7H5z66ujStz/dP3Q7iTNxIN/W3o+ncKO9MhIj+XMyFGdW7TjWg8b6SbLTB8C2DORxPhTZHHAwBvKoB/7/rkfEMlBQifiHgmrlAa1r+x5dBz83Hry/cgG0tv+DK++NxJ7mtdG+peSJK6Psene4B+1nbfz8x53b2RJd3oe43oP2AFpu3IyIk4ODa+e/JJ//tu9k883jja1uo2ivP7CT7mb5zxvr5T+lR/lPrJP/7F8ndreje/yX7vegmY6y/O+9dfPfR1PX8EBee6GZ8w0lFy5W05MR8WJEHIuh3Vl9o/s5p5buLXfa1p7/ZUvWfisXzI/j/uDuJ/9mqtKoPE2f2z24GfHK4/w3iTXz/55mrrt6/LPn41xW+PXLrm0cSe+82mlb9/63630GvPxjxGvrjv/jO1rJxvcnR5vnw2jrrFjrr1tHfuvU/tb633vZ+O/buP/DSfv92vrW2/hhzz9pp23bPf93JZ82y7vydVcrjcbcWMSu5KO168cf/22r3to/6/+xoxvPf+ud/3sj4rNN9v/W4Vsdd+2H8Z/a0vhvvXDvw8+/79T+5sb/zWbpWL5mM/PfZg/waZ47AAAAAAAA6DeliDgQSan8qFwqlcsrn+84HPtK1Vq9cfxCbf7SVDS/KzscQ6XWne6DbZ+HGMs/D9uqj6+qT0TEoYj4ZmBvs16erFWndrrzAAAAAAAAAAAAAAAAAAAA0Cf2d/j+f+b3gZ0+OuCZ85PfUFxd478Xv/QE9CWv/1Bc4h+KS/xDcYl/KC7xD8Ul/qG4xD8Ul/gHAAAAAAAAAAAAAAAAAAAAAAAAAACAnjp39my2LC89vDaZ1aeuLMzP1K6cmErrM+XZ+cnyZG3ucnm6VpuupuXJ2my3x6vWapfHxmP+6mgjrTdG6wuL52dr85ca5y/OVqbT8+nQf9IrAAAAAAAAAAAAAAAAAAAAeL7UFxZnKtVqOqfQsXA6+uIwtl1Iuo3y6fxk2NIjR14Y3PkOKjyDwg5PTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQ5t8AAAD//8nLNLM=") setxattr$trusted_overlay_upper(&(0x7f0000000280)='./file0/file0\x00', &(0x7f00000001c0), &(0x7f00000002c0)=ANY=[@ANYRES64=r0], 0x835, 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000380)='./file1\x00', &(0x7f00000001c0), &(0x7f0000001400)=ANY=[], 0x835, 0x0) truncate(&(0x7f0000000100)='./file0/file0\x00', 0x5) setxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0/file0\x00', &(0x7f0000000080), &(0x7f0000001400)=ANY=[], 0x835, 0x0) 144.123218ms ago: executing program 3 (id=1073): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22, 0x0, 0x1}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0x1, 0x0, 0x1}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0xd, 0x5, 0x4, 0x6, 0x0, r1}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f00000001c0), &(0x7f0000000300)=@udp6=r0}, 0x20) 135.842199ms ago: executing program 4 (id=1074): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000021b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 101.534239ms ago: executing program 3 (id=1075): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000040)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)='%pK \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) request_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000140)='\\\\@[*#)\x00', 0xfffffffffffffffe) 38.61548ms ago: executing program 4 (id=1076): mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x3, 0x20132, 0xffffffffffffffff, 0xb299b000) mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0xf000, 0x3, &(0x7f0000009000/0xf000)=nil) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) syz_clone(0x111, 0x0, 0x0, 0x0, 0x0, 0x0) write$P9_RREADDIR(r0, &(0x7f0000000640)={0xb, 0x29, 0x2, {0xf}}, 0xfffffc95) 37.76077ms ago: executing program 2 (id=1077): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) fcntl$setlease(r0, 0x400, 0x0) r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) fcntl$lock(r1, 0x25, &(0x7f00000002c0)) close(0x3) 0s ago: executing program 3 (id=1078): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x11) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{0x100, 0x5}, 'syz1\x00'}) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x7) ioctl$UI_DEV_CREATE(r0, 0x5501) kernel console output (not intermixed with test programs): entered blocking state [ 28.457374][ T286] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.492028][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.500039][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.507440][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.515192][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.522734][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.532284][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.539535][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.548159][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.556189][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.564225][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.571641][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.579046][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.587184][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.595527][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.615665][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.624203][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.631276][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.638662][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.647202][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.654403][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.673538][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.682710][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.690467][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.698210][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.706898][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.714161][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.722974][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.731314][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.738353][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.748961][ T283] device veth0_vlan entered promiscuous mode [ 28.764213][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 28.772339][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.780627][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.788061][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.796151][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.803904][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.823082][ T283] device veth1_macvtap entered promiscuous mode [ 28.830433][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.838876][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.847076][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.857119][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.865244][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 28.873558][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.881716][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 28.889797][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.897921][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.906471][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.924497][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 28.933042][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.941358][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.948480][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.956472][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 28.965958][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.974482][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.981539][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.989137][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 28.996823][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 29.007664][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 29.016174][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.030656][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 29.039190][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 29.047525][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 29.054588][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 29.062425][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 29.071274][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 29.079940][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 29.087017][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 29.111382][ T287] device veth0_vlan entered promiscuous mode [ 29.118001][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 29.126536][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.134972][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 29.143511][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.152169][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.160185][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.168617][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.177000][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.185460][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.194175][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.202795][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.210520][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.228475][ T287] device veth1_macvtap entered promiscuous mode [ 29.240958][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.249309][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 29.257712][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 29.266066][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 29.274549][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.282923][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 29.291131][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 29.299126][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 29.307707][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.326265][ T285] device veth0_vlan entered promiscuous mode [ 29.337301][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.345607][ T283] request_module fs-gadgetfs succeeded, but still no fs? [ 29.345879][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.362105][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 29.370171][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.384829][ T284] device veth0_vlan entered promiscuous mode [ 29.408626][ T286] device veth0_vlan entered promiscuous mode [ 29.421002][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 29.429844][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 29.439934][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.448239][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.456412][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.464490][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.472541][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 29.480119][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 29.488028][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.496965][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.505749][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.514866][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.527835][ T285] device veth1_macvtap entered promiscuous mode [ 29.550647][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.559571][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.568492][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.579526][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.593522][ T286] device veth1_macvtap entered promiscuous mode [ 29.619361][ T284] device veth1_macvtap entered promiscuous mode [ 29.642962][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 29.658917][ T344] loop1: detected capacity change from 0 to 256 [ 29.671103][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 29.682052][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 29.693190][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.705543][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.714630][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.729087][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.737650][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.749504][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.781588][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.789946][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 29.800037][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 29.813624][ T359] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 29.830716][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 29.860603][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 29.870138][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 30.150100][ T402] syz.0.27 (402) used greatest stack depth: 22304 bytes left [ 30.190625][ T410] Illegal XDP return value 65535 on prog (id 9) dev N/A, expect packet loss! [ 30.304387][ T424] loop0: detected capacity change from 0 to 512 [ 30.342550][ T426] loop3: detected capacity change from 0 to 128 [ 30.514518][ T396] loop4: detected capacity change from 0 to 40427 [ 30.549820][ T396] F2FS-fs (loop4): fault_injection options not supported [ 30.593526][ T396] F2FS-fs (loop4): invalid crc value [ 30.602785][ T396] F2FS-fs (loop4): Found nat_bits in checkpoint [ 30.611150][ T453] loop3: detected capacity change from 0 to 8192 [ 30.617902][ T453] ======================================================= [ 30.617902][ T453] WARNING: The mand mount option has been deprecated and [ 30.617902][ T453] and is ignored by this kernel. Remove the mand [ 30.617902][ T453] option from the mount to silence this warning. [ 30.617902][ T453] ======================================================= [ 30.663981][ T396] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 30.733892][ T396] syz.4.25: attempt to access beyond end of device [ 30.733892][ T396] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 30.766687][ T396] syz.4.25: attempt to access beyond end of device [ 30.766687][ T396] loop4: rw=0, sector=45096, nr_sectors = 8 limit=40427 [ 30.823759][ T287] syz-executor: attempt to access beyond end of device [ 30.823759][ T287] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 30.909219][ T467] tipc: Started in network mode [ 30.914309][ T467] tipc: Node identity ac14140f, cluster identity 4711 [ 30.923258][ T467] tipc: New replicast peer: 255.255.255.255 [ 30.929562][ T467] tipc: Enabled bearer , priority 10 [ 30.978650][ T473] random: crng reseeded on system resumption [ 31.019047][ T477] loop3: detected capacity change from 0 to 512 [ 31.043033][ T477] EXT4-fs warning (device loop3): ext4_enable_quotas:7053: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 31.058375][ T477] EXT4-fs (loop3): mount failed [ 31.060506][ T59] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 31.098567][ T486] loop2: detected capacity change from 0 to 512 [ 31.110255][ T486] EXT4-fs (loop2): orphan cleanup on readonly fs [ 31.118124][ T486] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.64: bg 0: block 248: padding at end of block bitmap is not set [ 31.137375][ T486] EXT4-fs error (device loop2): ext4_acquire_dquot:6801: comm syz.2.64: Failed to acquire dquot type 1 [ 31.164836][ T486] EXT4-fs (loop2): 1 truncate cleaned up [ 31.173010][ T486] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 31.219848][ T486] syz.2.64 (486) used greatest stack depth: 20976 bytes left [ 31.227914][ T286] EXT4-fs (loop2): unmounting filesystem. [ 31.250421][ T59] usb 1-1: Using ep0 maxpacket: 8 [ 31.262900][ T59] usb 1-1: New USB device found, idVendor=12d1, idProduct=fae2, bcdDevice=70.8b [ 31.279719][ T59] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 31.295911][ T59] usb 1-1: Product: syz [ 31.302199][ T59] usb 1-1: Manufacturer: syz [ 31.309475][ T59] usb 1-1: SerialNumber: syz [ 31.321023][ T59] usb 1-1: config 0 descriptor?? [ 31.445265][ T515] loop1: detected capacity change from 0 to 256 [ 31.459325][ T517] loop4: detected capacity change from 0 to 512 [ 31.466570][ T517] EXT4-fs: Ignoring removed bh option [ 31.472581][ T517] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem [ 31.483212][ T517] EXT4-fs (loop4): 1 truncate cleaned up [ 31.489120][ T517] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 31.492980][ T515] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xbbba8adb, utbl_chksum : 0xe619d30d) [ 31.510891][ T28] kauditd_printk_skb: 81 callbacks suppressed [ 31.510911][ T28] audit: type=1400 audit(1753768526.175:152): avc: denied { read write } for pid=516 comm="syz.4.78" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 31.548668][ T39] usb 1-1: USB disconnect, device number 2 [ 31.558843][ T287] EXT4-fs (loop4): unmounting filesystem. [ 31.567868][ T28] audit: type=1400 audit(1753768526.175:153): avc: denied { open } for pid=516 comm="syz.4.78" path="/13/file0/file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 31.594874][ T28] audit: type=1400 audit(1753768526.175:154): avc: denied { ioctl } for pid=516 comm="syz.4.78" path="/13/file0/file1" dev="loop4" ino=15 ioctlcmd=0x5829 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 31.628186][ T523] loop4: detected capacity change from 0 to 1024 [ 31.649818][ T28] audit: type=1400 audit(1753768526.315:155): avc: denied { unmount } for pid=283 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 31.671803][ T523] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 31.680902][ T523] ext4 filesystem being mounted at /14/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.684555][ T526] netlink: 236 bytes leftover after parsing attributes in process `syz.1.81'. [ 31.696980][ T523] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.80: bg 0: block 393: padding at end of block bitmap is not set [ 31.722067][ T523] EXT4-fs (loop4): Remounting filesystem read-only [ 31.740426][ T529] loop1: detected capacity change from 0 to 128 [ 31.752017][ T529] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 31.752744][ T287] EXT4-fs (loop4): unmounting filesystem. [ 31.766992][ T529] ext4 filesystem being mounted at /22/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 31.788319][ T532] loop4: detected capacity change from 0 to 512 [ 31.797383][ T28] audit: type=1400 audit(1753768526.465:156): avc: denied { create } for pid=528 comm="syz.1.82" name="encrypted_dir" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 31.820800][ T529] EXT4-fs warning (device loop1): ext4_group_extend:1894: will only finish group (8193 blocks, 8129 new) [ 31.825942][ T532] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 31.833972][ T529] EXT4-fs warning (device loop1): ext4_group_extend:1899: can't read last block, resize aborted [ 31.846958][ T532] ext4 filesystem being mounted at /15/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 31.880939][ T283] EXT4-fs (loop1): unmounting filesystem. [ 31.900403][ T303] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 31.913321][ T287] EXT4-fs (loop4): unmounting filesystem. [ 31.950501][ T28] audit: type=1400 audit(1753768526.625:157): avc: denied { create } for pid=540 comm="syz.4.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 31.972995][ T28] audit: type=1400 audit(1753768526.625:158): avc: denied { setopt } for pid=540 comm="syz.4.86" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 32.051820][ T354] tipc: Node number set to 2886997007 [ 32.055880][ T28] audit: type=1400 audit(1753768526.725:159): avc: denied { ioctl } for pid=548 comm="syz.3.89" path="socket:[17189]" dev="sockfs" ino=17189 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 32.113009][ T28] audit: type=1400 audit(1753768526.785:160): avc: denied { append } for pid=553 comm="syz.1.91" name="001" dev="devtmpfs" ino=185 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 32.140385][ T303] usb 3-1: Using ep0 maxpacket: 16 [ 32.167267][ T303] usb 3-1: config 0 interface 0 has no altsetting 0 [ 32.168390][ T560] loop4: detected capacity change from 0 to 256 [ 32.174224][ T303] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 32.241773][ T303] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.264892][ T303] usb 3-1: config 0 descriptor?? [ 32.294465][ T572] loop4: detected capacity change from 0 to 1024 [ 32.301422][ T573] loop3: detected capacity change from 0 to 1024 [ 32.315152][ T572] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 32.379597][ T573] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 32.388934][ T287] EXT4-fs (loop4): unmounting filesystem. [ 32.440589][ T28] audit: type=1400 audit(1753768527.175:161): avc: denied { setattr } for pid=571 comm="syz.3.100" path="/23/file1/file2" dev="loop3" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 32.476154][ T284] EXT4-fs (loop3): unmounting filesystem. [ 32.539467][ T569] loop0: detected capacity change from 0 to 40427 [ 32.548020][ T569] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 32.556518][ T569] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 32.567676][ T569] F2FS-fs (loop0): invalid crc value [ 32.599929][ T569] F2FS-fs (loop0): Found nat_bits in checkpoint [ 32.660353][ T356] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 32.669486][ T569] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 32.684330][ T569] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 32.692467][ T569] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 32.697086][ T303] hid (null): bogus close delimiter [ 32.757097][ T569] F2FS-fs (loop0): access invalid blkaddr:3 [ 32.764190][ T569] CPU: 0 PID: 569 Comm: syz.0.96 Not tainted 6.1.145-syzkaller-00017-g2487417fb86a #0 [ 32.773892][ T569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 32.784686][ T569] Call Trace: [ 32.788004][ T569] [ 32.791143][ T569] __dump_stack+0x21/0x24 [ 32.796659][ T569] dump_stack_lvl+0xee/0x150 [ 32.801759][ T569] ? __cfi_dump_stack_lvl+0x8/0x8 [ 32.806944][ T569] ? __cfi_f2fs_get_dnode_of_data+0x10/0x10 [ 32.813774][ T569] dump_stack+0x15/0x24 [ 32.818334][ T569] __f2fs_is_valid_blkaddr+0xda6/0x1460 [ 32.824966][ T569] f2fs_is_valid_blkaddr+0x23/0x30 [ 32.830218][ T569] f2fs_map_blocks+0xc93/0x3a60 [ 32.835378][ T569] ? __cfi_f2fs_map_blocks+0x10/0x10 [ 32.841756][ T569] ? _raw_spin_unlock_irqrestore+0x5a/0x80 [ 32.848530][ T569] ? rwsem_write_trylock+0x130/0x300 [ 32.851635][ T356] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 32.854496][ T569] ? __cfi___wake_up+0x10/0x10 [ 32.870865][ T569] f2fs_precache_extents+0x18c/0x260 [ 32.876208][ T569] ? __cfi_f2fs_precache_extents+0x10/0x10 [ 32.876387][ T356] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 32.882093][ T569] ? save_fpregs_to_fpstate+0x192/0x220 [ 32.882126][ T569] ? __kasan_check_write+0x14/0x20 [ 32.903039][ T569] ? __switch_to+0x51f/0xe30 [ 32.907681][ T569] f2fs_fiemap+0x136/0x1940 [ 32.910136][ T356] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 32.912232][ T569] ? __cfi_f2fs_fiemap+0x10/0x10 [ 32.912264][ T569] ? avc_has_extended_perms+0x95f/0xdc0 [ 32.930338][ T356] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 32.931813][ T569] ? __kasan_check_write+0x14/0x20 [ 32.944938][ T569] do_vfs_ioctl+0x13c2/0x1c80 [ 32.949853][ T569] ? __ia32_compat_sys_ioctl+0x790/0x790 [ 32.951536][ T356] usb 2-1: config 0 descriptor?? [ 32.955532][ T569] ? futex_unqueue+0x132/0x160 [ 32.965310][ T569] ? wake_up_q+0x105/0x1b0 [ 32.969765][ T569] ? __cfi_futex_wait+0x10/0x10 [ 32.974660][ T569] ? ioctl_has_perm+0x391/0x4c0 [ 32.979663][ T569] ? has_cap_mac_admin+0x330/0x330 [ 32.985169][ T569] ? slab_free_freelist_hook+0xc2/0x190 [ 32.990765][ T569] ? do_futex+0x2dc/0x420 [ 32.995229][ T569] ? selinux_file_ioctl+0x377/0x480 [ 33.000540][ T569] ? __cfi_do_futex+0x10/0x10 [ 33.005264][ T569] ? __cfi_selinux_file_ioctl+0x10/0x10 [ 33.010866][ T569] ? __fget_files+0x2d5/0x330 [ 33.016038][ T569] ? security_file_ioctl+0x95/0xc0 [ 33.021229][ T569] __se_sys_ioctl+0x9f/0x1b0 [ 33.026448][ T569] __x64_sys_ioctl+0x7b/0x90 [ 33.031097][ T569] x64_sys_call+0x58b/0x9a0 [ 33.036165][ T569] do_syscall_64+0x4c/0xa0 [ 33.040712][ T569] ? clear_bhb_loop+0x30/0x80 [ 33.046441][ T569] ? clear_bhb_loop+0x30/0x80 [ 33.051574][ T569] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 33.059513][ T569] RIP: 0033:0x7f3ca178e9a9 [ 33.065649][ T569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 33.086642][ T569] RSP: 002b:00007f3ca2612038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 33.095886][ T569] RAX: ffffffffffffffda RBX: 00007f3ca19b5fa0 RCX: 00007f3ca178e9a9 [ 33.104264][ T569] RDX: 00002000000001c0 RSI: 00000000c020660b RDI: 0000000000000004 [ 33.112258][ T569] RBP: 00007f3ca1810d69 R08: 0000000000000000 R09: 0000000000000000 [ 33.120529][ T569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 33.128699][ T569] R13: 0000000000000000 R14: 00007f3ca19b5fa0 R15: 00007fff755a9d58 [ 33.137065][ T569] [ 33.158941][ T6] usb 3-1: USB disconnect, device number 2 [ 33.373789][ T356] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 33.388100][ T356] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 33.400754][ T356] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 33.418472][ T356] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 33.433384][ T356] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 33.443016][ T356] playstation 0003:054C:0DF2.0002: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0 [ 33.453372][ T303] kernel write not supported for file /uinput (pid: 303 comm: kworker/0:2) [ 33.467313][ T617] netlink: 8 bytes leftover after parsing attributes in process `syz.4.114'. [ 33.483240][ T617] netlink: 8 bytes leftover after parsing attributes in process `syz.4.114'. [ 33.536639][ T623] loop4: detected capacity change from 0 to 2048 [ 33.582089][ T623] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 33.592948][ T623] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 33.650384][ T6] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 33.773099][ T356] playstation 0003:054C:0DF2.0002: Failed to retrieve feature with reportID 32: -71 [ 33.797458][ T356] playstation 0003:054C:0DF2.0002: Failed to retrieve DualSense firmware info: -71 [ 33.797763][ T623] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.117: bg 0: block 345: padding at end of block bitmap is not set [ 33.807840][ T356] playstation 0003:054C:0DF2.0002: Failed to get firmware info from DualSense [ 33.831623][ T623] EXT4-fs (loop4): Remounting filesystem read-only [ 33.850428][ T356] playstation 0003:054C:0DF2.0002: Failed to create dualsense. [ 33.861585][ T6] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 33.871588][ T356] playstation: probe of 0003:054C:0DF2.0002 failed with error -71 [ 33.880358][ T6] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 33.900395][ T6] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 33.901796][ T356] usb 2-1: USB disconnect, device number 2 [ 33.909503][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 33.944408][ T6] usb 1-1: SerialNumber: syz [ 33.951392][ T638] fido_id[638]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 34.049725][ T287] EXT4-fs (loop4): unmounting filesystem. [ 34.089271][ T637] loop2: detected capacity change from 0 to 40427 [ 34.104830][ T637] F2FS-fs (loop2): invalid crc value [ 34.113130][ T637] F2FS-fs (loop2): Found nat_bits in checkpoint [ 34.148932][ T637] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 34.158151][ T6] usb 1-1: 0:2 : does not exist [ 34.185296][ T6] usb 1-1: USB disconnect, device number 3 [ 34.229820][ T286] syz-executor: attempt to access beyond end of device [ 34.229820][ T286] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 34.510459][ T356] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 34.544585][ T670] loop3: detected capacity change from 0 to 1024 [ 34.552506][ T670] EXT4-fs: Ignoring removed orlov option [ 34.579289][ T670] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 34.605544][ T284] EXT4-fs (loop3): unmounting filesystem. [ 34.633757][ T666] syz.2.133 (666) used greatest stack depth: 20960 bytes left [ 34.643224][ T674] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=674 comm=syz.3.136 [ 34.656390][ T674] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=674 comm=syz.3.136 [ 34.713578][ T356] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 34.726949][ T684] mmap: syz.0.140 (684) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 34.730466][ T6] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 34.739867][ T356] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 34.763733][ T356] usb 5-1: config 0 interface 0 has no altsetting 0 [ 34.770858][ T356] usb 5-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 34.780370][ T356] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 34.795111][ T687] loop0: detected capacity change from 0 to 1024 [ 34.799326][ T688] loop3: detected capacity change from 0 to 512 [ 34.810566][ T356] usb 5-1: config 0 descriptor?? [ 34.841101][ T687] EXT4-fs: Ignoring removed orlov option [ 34.873689][ T687] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 34.899276][ T687] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 34.922643][ T6] usb 2-1: unable to get BOS descriptor or descriptor too short [ 34.931630][ T285] EXT4-fs (loop0): unmounting filesystem. [ 34.937847][ T6] usb 2-1: not running at top speed; connect to a high speed hub [ 34.950844][ T6] usb 2-1: config 4 has an invalid interface number: 147 but max is 0 [ 34.964436][ T6] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 34.975812][ T6] usb 2-1: config 4 has no interface number 0 [ 34.988567][ T6] usb 2-1: string descriptor 0 read error: -22 [ 34.995428][ T6] usb 2-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e [ 35.004801][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 35.025705][ T6] usb 2-1: Found UVC 0.00 device (04f2:b746) [ 35.040844][ T6] usb 2-1: No valid video chain found. [ 35.047137][ T697] loop2: detected capacity change from 0 to 4096 [ 35.066798][ T697] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 35.098376][ T697] EXT4-fs (loop2): shut down requested (0) [ 35.114870][ T286] EXT4-fs (loop2): unmounting filesystem. [ 35.219315][ T356] hid-steam 0003:28DE:1102.0003: unbalanced delimiter at end of report description [ 35.231147][ T356] hid-steam 0003:28DE:1102.0003: steam_probe:parse of hid interface failed [ 35.248206][ T356] hid-steam: probe of 0003:28DE:1102.0003 failed with error -22 [ 35.249521][ T6] usb 2-1: USB disconnect, device number 3 [ 35.295125][ T714] kvm [713]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010007 data 0x0 [ 35.416770][ T719] loop2: detected capacity change from 0 to 16 [ 35.436674][ T356] usb 5-1: USB disconnect, device number 2 [ 35.473794][ T719] erofs: (device loop2): mounted with root inode @ nid 36. [ 35.535608][ T727] loop2: detected capacity change from 0 to 256 [ 35.570828][ T727] FAT-fs (loop2): Directory bread(block 64) failed [ 35.580650][ T727] FAT-fs (loop2): Directory bread(block 65) failed [ 35.587273][ T727] FAT-fs (loop2): Directory bread(block 66) failed [ 35.595830][ T727] FAT-fs (loop2): Directory bread(block 67) failed [ 35.603905][ T727] FAT-fs (loop2): Directory bread(block 68) failed [ 35.610591][ T727] FAT-fs (loop2): Directory bread(block 69) failed [ 35.620455][ T727] FAT-fs (loop2): Directory bread(block 70) failed [ 35.631819][ T727] FAT-fs (loop2): Directory bread(block 71) failed [ 35.638535][ T731] loop0: detected capacity change from 0 to 512 [ 35.640803][ T727] FAT-fs (loop2): Directory bread(block 72) failed [ 35.656995][ T727] FAT-fs (loop2): Directory bread(block 73) failed [ 35.659029][ T731] EXT4-fs: Ignoring removed mblk_io_submit option [ 35.694630][ T731] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 35.697322][ T727] syz.2.158: attempt to access beyond end of device [ 35.697322][ T727] loop2: rw=2049, sector=1224, nr_sectors = 8 limit=256 [ 35.703305][ T731] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.160: attempt to clear invalid blocks 2 len 1 [ 35.730012][ T731] EXT4-fs (loop0): Remounting filesystem read-only [ 35.738305][ T731] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 35.755172][ T731] EXT4-fs (loop0): Remounting filesystem read-only [ 35.761878][ T731] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.160: invalid indirect mapped block 1819239214 (level 0) [ 35.782024][ T731] EXT4-fs (loop0): Remounting filesystem read-only [ 35.788655][ T731] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.160: invalid indirect mapped block 1819239214 (level 1) [ 35.810529][ T731] EXT4-fs (loop0): Remounting filesystem read-only [ 35.817370][ T731] EXT4-fs (loop0): 1 truncate cleaned up [ 35.823355][ T731] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 35.868226][ T285] EXT4-fs error (device loop0): htree_dirblock_to_tree:1112: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0 [ 35.896296][ T285] EXT4-fs (loop0): Remounting filesystem read-only [ 35.911630][ T285] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2195: inode #15: comm syz-executor: corrupted in-inode xattr [ 35.924392][ T285] EXT4-fs (loop0): Remounting filesystem read-only [ 35.940469][ T285] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2195: inode #15: comm syz-executor: corrupted in-inode xattr [ 35.954535][ T285] EXT4-fs (loop0): Remounting filesystem read-only [ 36.011877][ T754] loop4: detected capacity change from 0 to 4096 [ 36.032558][ T285] EXT4-fs (loop0): unmounting filesystem. [ 36.041777][ T754] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 36.112948][ T287] EXT4-fs (loop4): unmounting filesystem. [ 36.174425][ T762] loop3: detected capacity change from 0 to 512 [ 36.183501][ T762] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 36.240716][ T762] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 36.250539][ T762] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 36.289743][ T762] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.175: corrupted xattr block 19 [ 36.321190][ T762] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 36.330677][ T762] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.175: corrupted xattr block 19 [ 36.348391][ T762] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 36.352917][ T779] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.175: corrupted xattr block 19 [ 36.379501][ T779] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 36.389838][ T779] EXT4-fs error (device loop3): ext4_xattr_block_get:546: inode #15: comm syz.3.175: corrupted xattr block 19 [ 36.405244][ T779] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop3 ino=15 [ 36.409530][ T762] EXT4-fs error (device loop3): ext4_xattr_block_find:1837: inode #15: comm syz.3.175: corrupted xattr block 19 [ 36.428121][ T771] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.435768][ T771] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.444447][ T771] device bridge_slave_0 entered promiscuous mode [ 36.452296][ T284] EXT4-fs (loop3): unmounting filesystem. [ 36.459827][ T771] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.472643][ T771] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.480217][ T771] device bridge_slave_1 entered promiscuous mode [ 36.501569][ T784] process 'syz.4.182' launched './file0' with NULL argv: empty string added [ 36.598700][ T771] bridge0: port 2(bridge_slave_1) entered blocking state [ 36.605797][ T771] bridge0: port 2(bridge_slave_1) entered forwarding state [ 36.613228][ T771] bridge0: port 1(bridge_slave_0) entered blocking state [ 36.620268][ T771] bridge0: port 1(bridge_slave_0) entered forwarding state [ 36.641626][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 36.641641][ T28] audit: type=1400 audit(1753768531.375:203): avc: denied { create } for pid=803 comm="syz.4.189" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 36.680004][ T28] audit: type=1400 audit(1753768531.405:204): avc: denied { mounton } for pid=803 comm="syz.4.189" path="/48/file0" dev="tmpfs" ino=269 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 36.709040][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 36.717200][ T804] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 36.732898][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 36.740483][ T356] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 36.755631][ T804] FAT-fs (loop9): unable to read boot sector [ 36.768576][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 36.778097][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 36.778359][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 36.781913][ T28] audit: type=1400 audit(1753768531.515:205): avc: denied { unlink } for pid=287 comm="syz-executor" name="file0" dev="tmpfs" ino=269 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 36.792125][ T10] device bridge_slave_1 left promiscuous mode [ 36.792197][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 36.792713][ T10] device bridge_slave_0 left promiscuous mode [ 36.792770][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 36.793822][ T10] device veth1_macvtap left promiscuous mode [ 36.793864][ T10] device veth0_vlan left promiscuous mode [ 36.930381][ T356] usb 4-1: Using ep0 maxpacket: 8 [ 36.969044][ T28] audit: type=1400 audit(1753768531.695:206): avc: denied { ioctl } for pid=823 comm="syz.1.198" path="/dev/binderfs/binder0" dev="binder" ino=4 ioctlcmd=0x6201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 36.998758][ T356] usb 4-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 37.007955][ T356] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 37.016405][ T356] usb 4-1: Product: syz [ 37.020804][ T356] usb 4-1: Manufacturer: syz [ 37.025434][ T356] usb 4-1: SerialNumber: syz [ 37.036037][ T356] usb 4-1: config 0 descriptor?? [ 37.042166][ T822] netlink: 16 bytes leftover after parsing attributes in process `syz.4.196'. [ 37.053457][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.067206][ T771] device veth0_vlan entered promiscuous mode [ 37.084199][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 37.107002][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.120186][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.131037][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.155326][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 37.193644][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.203056][ T833] SELinux: security_context_str_to_sid (Eá…) failed with errno=-22 [ 37.215594][ T771] device veth1_macvtap entered promiscuous mode [ 37.225163][ T835] loop4: detected capacity change from 0 to 512 [ 37.245420][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 37.267809][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 37.282247][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.293152][ T835] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 37.306549][ T28] audit: type=1400 audit(1753768532.035:207): avc: denied { mount } for pid=843 comm="syz.2.207" name="/" dev="configfs" ino=13687 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 37.329087][ T835] ext4 filesystem being mounted at /53/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 37.346670][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 37.360776][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.377551][ T835] Quota error (device loop4): do_check_range: Getting dqdh_next_free 2741 out of range 0-6 [ 37.386436][ T850] syz.2.209[850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.387785][ T850] syz.2.209[850] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 37.389006][ T28] audit: type=1400 audit(1753768532.105:208): avc: denied { mounton } for pid=771 comm="syz-executor" path="/root/syzkaller.JV5pAx/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 37.447349][ T835] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 37.460257][ T835] EXT4-fs error (device loop4): ext4_acquire_dquot:6801: comm syz.4.202: Failed to acquire dquot type 0 [ 37.473598][ T28] audit: type=1400 audit(1753768532.105:209): avc: denied { read } for pid=834 comm="syz.4.202" name="file1" dev="loop4" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 37.525638][ T287] EXT4-fs (loop4): unmounting filesystem. [ 37.535954][ T28] audit: type=1400 audit(1753768532.105:210): avc: denied { rename } for pid=834 comm="syz.4.202" name="file2" dev="loop4" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 37.688589][ T874] loop5: detected capacity change from 0 to 512 [ 37.718821][ T874] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 37.744892][ T874] ext4 filesystem being mounted at /4/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 37.770771][ T874] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.221: Failed to acquire dquot type 0 [ 37.817934][ T771] EXT4-fs (loop5): unmounting filesystem. [ 37.885528][ T356] usb 4-1: USB disconnect, device number 2 [ 37.940370][ T303] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 37.986866][ T869] loop4: detected capacity change from 0 to 40427 [ 38.004232][ T869] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 38.024112][ T869] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 38.040017][ T869] F2FS-fs (loop4): invalid crc value [ 38.053626][ T869] F2FS-fs (loop4): Found nat_bits in checkpoint [ 38.100243][ T869] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 38.108049][ T869] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 38.131686][ T303] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.141447][ T906] netlink: 277 bytes leftover after parsing attributes in process `syz.2.230'. [ 38.146188][ T303] usb 2-1: config 0 interface 0 has no altsetting 0 [ 38.170897][ T303] usb 2-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.00 [ 38.180777][ T303] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 38.191157][ T869] syz.4.217: attempt to access beyond end of device [ 38.191157][ T869] loop4: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 38.217633][ T303] usb 2-1: config 0 descriptor?? [ 38.233822][ T869] syz.4.217: attempt to access beyond end of device [ 38.233822][ T869] loop4: rw=2049, sector=53256, nr_sectors = 4088 limit=40427 [ 38.249893][ T869] syz.4.217: attempt to access beyond end of device [ 38.249893][ T869] loop4: rw=2049, sector=49152, nr_sectors = 8 limit=40427 [ 38.266268][ T869] syz.4.217: attempt to access beyond end of device [ 38.266268][ T869] loop4: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 38.639837][ T945] loop4: detected capacity change from 0 to 128 [ 38.790422][ T24] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 38.822666][ T962] loop5: detected capacity change from 0 to 128 [ 38.835595][ T303] usb 2-1: USB disconnect, device number 4 [ 38.847778][ T962] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 38.856593][ T962] ext4 filesystem being mounted at /14/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 38.872564][ T962] EXT4-fs warning (device loop5): verify_group_input:151: Cannot add at group 8209 (only 1 groups) [ 38.900848][ T771] EXT4-fs (loop5): unmounting filesystem. [ 38.980505][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 38.986789][ T24] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.997971][ T24] usb 3-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 39.008684][ T24] usb 3-1: config 0 interface 0 has no altsetting 0 [ 39.015757][ T24] usb 3-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 39.026382][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.038836][ T24] usb 3-1: config 0 descriptor?? [ 39.151605][ T987] loop3: detected capacity change from 0 to 128 [ 39.159736][ T987] FAT-fs (loop3): Directory bread(block 162) failed [ 39.166693][ T987] FAT-fs (loop3): Directory bread(block 163) failed [ 39.173883][ T987] FAT-fs (loop3): Directory bread(block 164) failed [ 39.180745][ T987] FAT-fs (loop3): Directory bread(block 165) failed [ 39.188005][ T987] FAT-fs (loop3): Directory bread(block 166) failed [ 39.195175][ T987] FAT-fs (loop3): Directory bread(block 167) failed [ 39.204870][ T987] FAT-fs (loop3): Directory bread(block 168) failed [ 39.212636][ T987] FAT-fs (loop3): Directory bread(block 169) failed [ 39.221547][ T987] FAT-fs (loop3): Directory bread(block 162) failed [ 39.229952][ T987] FAT-fs (loop3): Directory bread(block 163) failed [ 39.237266][ T987] syz.3.265: attempt to access beyond end of device [ 39.237266][ T987] loop3: rw=3, sector=226, nr_sectors = 6 limit=128 [ 39.252164][ T987] syz.3.265: attempt to access beyond end of device [ 39.252164][ T987] loop3: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 39.379667][ T1001] netlink: 16 bytes leftover after parsing attributes in process `syz.1.272'. [ 39.428745][ T1005] loop3: detected capacity change from 0 to 512 [ 39.458150][ T1005] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 39.468250][ T1005] ext4 filesystem being mounted at /60/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 39.469142][ T24] steelseries_srws1 0003:1038:1410.0005: item fetching failed at offset 0/5 [ 39.500139][ T24] steelseries_srws1 0003:1038:1410.0005: parse failed [ 39.507403][ T24] steelseries_srws1: probe of 0003:1038:1410.0005 failed with error -22 [ 39.522287][ T284] EXT4-fs (loop3): unmounting filesystem. [ 39.684617][ T353] usb 3-1: USB disconnect, device number 3 [ 39.770277][ T1037] loop1: detected capacity change from 0 to 128 [ 39.873893][ T1048] loop1: detected capacity change from 0 to 2048 [ 39.890874][ T1050] device veth0 entered promiscuous mode [ 39.899101][ T1049] device veth0 left promiscuous mode [ 39.937919][ T1048] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 39.958604][ T1048] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.013046][ T1048] fs-verity: sha512 using implementation "sha512-avx2" [ 40.021235][ T1048] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.292: bg 0: block 345: padding at end of block bitmap is not set [ 40.036769][ T1048] fs-verity (loop1, inode 13): Error -117 writing Merkle tree block 0 [ 40.045248][ T1048] fs-verity (loop1, inode 13): Error -117 building Merkle tree [ 40.062675][ T283] EXT4-fs (loop1): unmounting filesystem. [ 40.134190][ T1065] loop1: detected capacity change from 0 to 512 [ 40.151116][ T1065] EXT4-fs warning (device loop1): read_mmp_block:115: Error -117 while reading MMP block 24 [ 40.202005][ T1065] loop1: detected capacity change from 0 to 629 [ 40.224017][ T1065] EXT4-fs (loop1): failed to parse options in superblock: üüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüüü [ 40.238032][ T1065] EXT4-fs (loop1): Number of reserved GDT blocks insanely large: 25443 [ 40.260638][ T353] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 40.441496][ T353] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.452589][ T353] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 40.461843][ T353] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.470571][ T353] usb 6-1: config 0 descriptor?? [ 40.491758][ T6] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 40.549690][ T1082] loop3: detected capacity change from 0 to 1024 [ 40.572173][ T1082] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 40.581387][ T1082] ext4 filesystem being mounted at /69/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 40.599248][ T1082] EXT4-fs error (device loop3): ext4_map_blocks:745: inode #15: comm syz.3.306: lblock 0 mapped to illegal pblock 0 (length 1) [ 40.612758][ T1082] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 40.625196][ T1082] EXT4-fs (loop3): This should not happen!! Data will be lost [ 40.625196][ T1082] [ 40.642393][ T284] EXT4-fs (loop3): unmounting filesystem. [ 40.666231][ T1086] loop3: detected capacity change from 0 to 256 [ 40.673720][ T1086] exfat: Deprecated parameter 'namecase' [ 40.680767][ T1086] exfat: Deprecated parameter 'namecase' [ 40.690078][ T1086] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xdf1a9a6c, utbl_chksum : 0xe619d30d) [ 40.710417][ T6] usb 3-1: Using ep0 maxpacket: 16 [ 40.719722][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 40.730916][ T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 40.741018][ T6] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 40.755178][ T6] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 40.762140][ T1088] loop3: detected capacity change from 0 to 128 [ 40.765016][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.788615][ T6] usb 3-1: config 0 descriptor?? [ 40.890500][ T353] keytouch 0003:0926:3333.0006: fixing up Keytouch IEC report descriptor [ 40.937848][ T353] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0006/input/input7 [ 41.014286][ T353] keytouch 0003:0926:3333.0006: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 41.078197][ T1110] loop4: detected capacity change from 0 to 512 [ 41.198805][ T6] koneplus 0003:1E7D:2E22.0007: unknown main item tag 0x0 [ 41.203537][ T1122] loop1: detected capacity change from 0 to 256 [ 41.229822][ T6] koneplus 0003:1E7D:2E22.0007: hidraw1: USB HID v0.00 Device [HID 1e7d:2e22] on usb-dummy_hcd.2-1/input0 [ 41.232412][ T1126] capability: warning: `syz.3.324' uses deprecated v2 capabilities in a way that may be insecure [ 41.256255][ T1122] FAT-fs (loop1): Directory bread(block 64) failed [ 41.268796][ T1122] FAT-fs (loop1): Directory bread(block 65) failed [ 41.278168][ T1122] FAT-fs (loop1): Directory bread(block 66) failed [ 41.284805][ T1122] FAT-fs (loop1): Directory bread(block 67) failed [ 41.291537][ T1122] FAT-fs (loop1): Directory bread(block 68) failed [ 41.303782][ T1122] FAT-fs (loop1): Directory bread(block 69) failed [ 41.311337][ T39] usb 6-1: USB disconnect, device number 2 [ 41.314321][ T1122] FAT-fs (loop1): Directory bread(block 70) failed [ 41.324910][ T1122] FAT-fs (loop1): Directory bread(block 71) failed [ 41.333513][ T1122] FAT-fs (loop1): Directory bread(block 72) failed [ 41.340255][ T1122] FAT-fs (loop1): Directory bread(block 73) failed [ 41.343795][ T1132] loop3: detected capacity change from 0 to 1024 [ 41.397849][ T6] koneplus 0003:1E7D:2E22.0007: couldn't init struct koneplus_device [ 41.414979][ T6] koneplus 0003:1E7D:2E22.0007: couldn't install mouse [ 41.423430][ T1132] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 41.433090][ T6] koneplus: probe of 0003:1E7D:2E22.0007 failed with error -71 [ 41.444802][ T1140] loop1: detected capacity change from 0 to 1024 [ 41.455108][ T6] usb 3-1: USB disconnect, device number 4 [ 41.471113][ T284] EXT4-fs (loop3): unmounting filesystem. [ 41.478262][ T1140] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 41.489441][ T1141] fido_id[1141]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 41.507406][ T1140] ext4 filesystem being mounted at /63/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 41.530185][ T1145] input: syz0 as /devices/virtual/input/input8 [ 41.588194][ T283] EXT4-fs (loop1): unmounting filesystem. [ 41.724577][ T28] kauditd_printk_skb: 33 callbacks suppressed [ 41.724594][ T28] audit: type=1400 audit(1753768542.458:242): avc: denied { bind } for pid=1165 comm="syz.3.341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 41.814674][ T1174] SELinux: Context w´ã—×/ã5–ƒª8!¥t7‘ë‡O÷<¶òÈa: is not valid (left unmapped). [ 41.824221][ T1174] SELinux: Context åWé½Xó®’Eë•Ó][Oü: is not valid (left unmapped). [ 41.865907][ T1182] loop3: detected capacity change from 0 to 256 [ 41.873007][ T1182] exfat: Deprecated parameter 'namecase' [ 41.879147][ T1182] exfat: Deprecated parameter 'utf8' [ 41.891507][ T1182] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xdc42f586, utbl_chksum : 0xe619d30d) [ 41.910426][ T303] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 41.925188][ T28] audit: type=1400 audit(1753768542.658:243): avc: denied { remove_name } for pid=1181 comm="syz.3.349" name="file3" dev="loop3" ino=1048616 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 41.973601][ T28] audit: type=1400 audit(1753768542.668:244): avc: denied { ioctl } for pid=1183 comm="syz.5.350" path="socket:[20755]" dev="sockfs" ino=20755 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 41.985487][ T1188] device bridge2 entered promiscuous mode [ 42.000677][ T28] audit: type=1400 audit(1753768542.688:245): avc: denied { rename } for pid=1181 comm="syz.3.349" name="file3" dev="loop3" ino=1048616 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 42.027528][ T28] audit: type=1400 audit(1753768542.688:246): avc: denied { reparent } for pid=1181 comm="syz.3.349" name="file3" dev="loop3" ino=1048616 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 42.051392][ T28] audit: type=1400 audit(1753768542.688:247): avc: denied { rmdir } for pid=1181 comm="syz.3.349" name="file0" dev="loop3" ino=1048617 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 42.121509][ T303] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.131277][ T1204] netlink: 'syz.3.359': attribute type 58 has an invalid length. [ 42.139277][ T1204] netlink: 20 bytes leftover after parsing attributes in process `syz.3.359'. [ 42.141889][ T1200] syz.2.357 (1200) used greatest stack depth: 20864 bytes left [ 42.170622][ T303] usb 2-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 42.179813][ T303] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.190769][ T1198] netlink: 28 bytes leftover after parsing attributes in process `syz.5.356'. [ 42.218502][ T303] usb 2-1: config 0 descriptor?? [ 42.322384][ T1223] loop2: detected capacity change from 0 to 2048 [ 42.392861][ T1223] loop2: p1 < > p3 [ 42.397931][ T1223] loop2: p3 size 134217728 extends beyond EOD, truncated [ 42.479036][ T1229] loop3: detected capacity change from 0 to 4096 [ 42.506844][ T1229] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 42.521798][ T1235] netlink: 89 bytes leftover after parsing attributes in process `syz.4.372'. [ 42.570708][ T1229] fs-verity: sha256 using implementation "sha256-avx2" [ 42.627160][ T303] lenovo 0003:17EF:6047.0008: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.1-1/input0 [ 42.679500][ T1233] loop5: detected capacity change from 0 to 40427 [ 42.690524][ T1233] F2FS-fs (loop5): fault_injection options not supported [ 42.703782][ T1233] F2FS-fs (loop5): invalid crc value [ 42.734230][ T1246] loop2: detected capacity change from 0 to 512 [ 42.759677][ T1246] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.376: invalid indirect mapped block 10 (level 1) [ 42.783289][ T1233] F2FS-fs (loop5): Found nat_bits in checkpoint [ 42.788862][ T284] EXT4-fs (loop3): unmounting filesystem. [ 42.803723][ T1246] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.376: invalid indirect mapped block 8 (level 1) [ 42.821605][ T1246] EXT4-fs (loop2): 1 truncate cleaned up [ 42.828104][ T1246] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 42.919532][ T286] EXT4-fs (loop2): unmounting filesystem. [ 42.929033][ T303] lenovo 0003:17EF:6047.0008: Failed to switch F7/9/11 mode: -71 [ 42.939244][ T1233] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 42.973901][ T303] lenovo 0003:17EF:6047.0008: Failed to switch middle button: -71 [ 43.009319][ T303] lenovo 0003:17EF:6047.0008: Fn-lock setting failed: -71 [ 43.040791][ T303] lenovo 0003:17EF:6047.0008: Sensitivity setting failed: -71 [ 43.061752][ T1233] SELinux: Context system_u:object_r:man_t:s0 is not valid (left unmapped). [ 43.066093][ T303] usb 2-1: USB disconnect, device number 5 [ 43.086587][ T28] audit: type=1400 audit(1753768543.818:248): avc: denied { relabelto } for pid=1232 comm="syz.5.371" name="/" dev="loop5" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 trawcon="system_u:object_r:man_t:s0" [ 43.154547][ T1269] loop2: detected capacity change from 0 to 2048 [ 43.178146][ T1272] fido_id[1272]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 43.231234][ T1269] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 43.261099][ T1269] ext4 filesystem being mounted at /66/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 43.282294][ T1263] loop4: detected capacity change from 0 to 40427 [ 43.292439][ T1263] F2FS-fs (loop4): Invalid log sectorsize (129) [ 43.298859][ T1263] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 43.322367][ T286] EXT4-fs (loop2): unmounting filesystem. [ 43.337179][ T1281] loop5: detected capacity change from 0 to 512 [ 43.350762][ T1281] EXT4-fs: Ignoring removed nobh option [ 43.357241][ T1263] F2FS-fs (loop4): invalid crc value [ 43.367993][ T1263] F2FS-fs (loop4): Found nat_bits in checkpoint [ 43.371820][ T1283] input: syz1 as /devices/virtual/input/input10 [ 43.375493][ T1281] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.389: bg 0: block 393: padding at end of block bitmap is not set [ 43.432793][ T1281] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 43.440045][ T1263] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 43.450200][ T1263] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 43.460415][ T1281] EXT4-fs (loop5): 2 truncates cleaned up [ 43.466550][ T1281] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 43.476428][ T1284] f2fs_ckpt-7:4: attempt to access beyond end of device [ 43.476428][ T1284] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 43.520408][ T28] audit: type=1400 audit(1753768544.248:249): avc: denied { create } for pid=1262 comm="syz.4.383" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 43.546455][ T771] EXT4-fs (loop5): unmounting filesystem. [ 43.625106][ T1301] loop1: detected capacity change from 0 to 256 [ 43.639419][ T1301] exfat: Deprecated parameter 'namecase' [ 43.657186][ T1301] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 43.698410][ T28] audit: type=1400 audit(1753768544.428:250): avc: denied { write } for pid=1300 comm="syz.1.396" path="/68/file0/file2" dev="loop1" ino=1048618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 43.737497][ T1307] loop2: detected capacity change from 0 to 512 [ 43.778447][ T1316] loop5: detected capacity change from 0 to 256 [ 43.805063][ T1318] loop4: detected capacity change from 0 to 256 [ 43.808184][ T1316] exfat: Deprecated parameter 'namecase' [ 43.821099][ T1318] exfat: Deprecated parameter 'utf8' [ 43.844079][ T1316] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d) [ 43.859192][ T1318] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 43.899177][ T1322] loop1: detected capacity change from 0 to 1024 [ 43.940157][ T28] audit: type=1400 audit(1753768544.668:251): avc: denied { write } for pid=1324 comm="syz.4.407" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 44.003153][ T1322] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 44.058186][ T1322] EXT4-fs (loop1): Online resizing not supported with bigalloc [ 44.089210][ T1338] input: syz0 as /devices/virtual/input/input11 [ 44.132281][ T283] EXT4-fs (loop1): unmounting filesystem. [ 44.161325][ T1332] loop2: detected capacity change from 0 to 40427 [ 44.171416][ T1332] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 44.183642][ T1332] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 44.210016][ T1332] F2FS-fs (loop2): invalid crc value [ 44.249894][ T1332] F2FS-fs (loop2): Found nat_bits in checkpoint [ 44.333106][ T1332] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 44.340197][ T1332] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 44.455001][ T1332] syz.2.409: attempt to access beyond end of device [ 44.455001][ T1332] loop2: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 44.473141][ T1370] netlink: 4 bytes leftover after parsing attributes in process `syz.1.425'. [ 44.556878][ T1332] syz.2.409: attempt to access beyond end of device [ 44.556878][ T1332] loop2: rw=2049, sector=53256, nr_sectors = 2072 limit=40427 [ 44.596861][ T1332] syz.2.409: attempt to access beyond end of device [ 44.596861][ T1332] loop2: rw=2049, sector=55328, nr_sectors = 2016 limit=40427 [ 44.614482][ T1332] syz.2.409: attempt to access beyond end of device [ 44.614482][ T1332] loop2: rw=2049, sector=49152, nr_sectors = 8 limit=40427 [ 44.628766][ T1332] syz.2.409: attempt to access beyond end of device [ 44.628766][ T1332] loop2: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 44.747255][ T1391] loop1: detected capacity change from 0 to 1024 [ 44.810022][ T1391] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 44.872845][ T283] EXT4-fs (loop1): unmounting filesystem. [ 44.995194][ T1411] netlink: 71 bytes leftover after parsing attributes in process `syz.1.443'. [ 45.006249][ T1385] loop3: detected capacity change from 0 to 40427 [ 45.034860][ T1385] F2FS-fs (loop3): invalid crc value [ 45.041923][ T1385] F2FS-fs (loop3): Found nat_bits in checkpoint [ 45.076577][ T1385] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 45.111215][ T284] syz-executor: attempt to access beyond end of device [ 45.111215][ T284] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 45.120399][ T39] usb 6-1: new full-speed USB device number 3 using dummy_hcd [ 45.341385][ T39] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 45.353596][ T39] usb 6-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.364357][ T39] usb 6-1: config 0 interface 0 has no altsetting 0 [ 45.371327][ T39] usb 6-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 45.380682][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.389807][ T39] usb 6-1: config 0 descriptor?? [ 45.536975][ T6] kernel write not supported for file /vcsa1 (pid: 6 comm: kworker/0:0) [ 45.776259][ T1486] loop1: detected capacity change from 0 to 512 [ 45.787420][ T1486] EXT4-fs (loop1): Test dummy encryption mode enabled [ 45.795811][ T1486] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 45.809324][ T1486] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 45.811254][ T39] hid-steam 0003:28DE:1102.0009: unbalanced delimiter at end of report description [ 45.822038][ T1486] EXT4-fs error (device loop1): ext4_orphan_get:1426: comm syz.1.475: bad orphan inode 131083 [ 45.829013][ T39] hid-steam 0003:28DE:1102.0009: steam_probe:parse of hid interface failed [ 45.840106][ T1486] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 45.849254][ T39] hid-steam: probe of 0003:28DE:1102.0009 failed with error -22 [ 45.885556][ T1486] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 45.911608][ T283] EXT4-fs (loop1): unmounting filesystem. [ 46.028683][ T1496] loop4: detected capacity change from 0 to 1024 [ 46.040469][ T24] usb 6-1: USB disconnect, device number 3 [ 46.049833][ T1494] loop1: detected capacity change from 0 to 40427 [ 46.058310][ T1494] F2FS-fs (loop1): Invalid segment/section count (31 != 24 * 1) [ 46.066700][ T1494] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 46.068884][ T1496] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 46.102960][ T1494] F2FS-fs (loop1): heap/no_heap options were deprecated [ 46.124521][ T1494] F2FS-fs (loop1): invalid crc value [ 46.145849][ T287] EXT4-fs (loop4): unmounting filesystem. [ 46.149060][ T1494] F2FS-fs (loop1): Found nat_bits in checkpoint [ 46.174207][ T303] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 46.178679][ T1504] loop4: detected capacity change from 0 to 512 [ 46.215670][ T1494] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 46.218949][ T1504] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 46.222876][ T1494] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 46.272352][ T283] syz-executor: attempt to access beyond end of device [ 46.272352][ T283] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 46.292650][ T1504] EXT4-fs (loop4): 1 truncate cleaned up [ 46.298363][ T1504] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 46.328647][ T287] EXT4-fs (loop4): unmounting filesystem. [ 46.363814][ T1513] netlink: 'syz.3.487': attribute type 25 has an invalid length. [ 46.370488][ T303] usb 3-1: Using ep0 maxpacket: 16 [ 46.373363][ T1513] netlink: 'syz.3.487': attribute type 7 has an invalid length. [ 46.385957][ T303] usb 3-1: config 166 has an invalid interface number: 177 but max is 1 [ 46.404832][ T303] usb 3-1: config 166 has an invalid interface number: 34 but max is 1 [ 46.413384][ T303] usb 3-1: config 166 has an invalid descriptor of length 0, skipping remainder of the config [ 46.423893][ T303] usb 3-1: config 166 has no interface number 0 [ 46.430655][ T303] usb 3-1: config 166 has no interface number 1 [ 46.454399][ T303] usb 3-1: config 166 interface 177 altsetting 4 has an invalid endpoint with address 0x0, skipping [ 46.472190][ T303] usb 3-1: config 166 interface 177 altsetting 4 has an invalid endpoint with address 0x0, skipping [ 46.488488][ T303] usb 3-1: config 166 interface 34 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 46.508211][ T303] usb 3-1: config 166 interface 177 has no altsetting 0 [ 46.515579][ T303] usb 3-1: config 166 interface 34 has no altsetting 0 [ 46.525197][ T303] usb 3-1: New USB device found, idVendor=0bda, idProduct=0138, bcdDevice=30.12 [ 46.539593][ T303] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 46.548419][ T303] usb 3-1: Product: syz [ 46.552877][ T303] usb 3-1: Manufacturer: syz [ 46.557518][ T303] usb 3-1: SerialNumber: syz [ 46.651803][ T1542] loop3: detected capacity change from 0 to 16 [ 46.680595][ T1542] erofs: (device loop3): mounted with root inode @ nid 36. [ 46.694108][ T1542] syz.3.502: attempt to access beyond end of device [ 46.694108][ T1542] loop3: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 46.713637][ T1542] syz.3.502: attempt to access beyond end of device [ 46.713637][ T1542] loop3: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 46.760860][ T28] kauditd_printk_skb: 18 callbacks suppressed [ 46.760878][ T28] audit: type=1400 audit(1753768547.498:270): avc: denied { read } for pid=1551 comm="syz.4.505" name="usbmon8" dev="devtmpfs" ino=183 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 46.811009][ T28] audit: type=1400 audit(1753768547.528:271): avc: denied { open } for pid=1551 comm="syz.4.505" path="/dev/usbmon8" dev="devtmpfs" ino=183 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 46.870541][ T28] audit: type=1400 audit(1753768547.538:272): avc: denied { write } for pid=1551 comm="syz.4.505" name="usbmon8" dev="devtmpfs" ino=183 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 46.976060][ T28] audit: type=1400 audit(1753768547.708:273): avc: denied { remount } for pid=1569 comm="syz.4.513" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 47.018005][ T28] audit: type=1400 audit(1753768547.748:274): avc: denied { unmount } for pid=287 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 47.054328][ T1574] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 47.082898][ T1574] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 47.145627][ T1554] loop5: detected capacity change from 0 to 40427 [ 47.171583][ T1554] F2FS-fs (loop5): Invalid SB checksum offset: 0 [ 47.188197][ T1554] F2FS-fs (loop5): Can't find valid F2FS filesystem in 2th superblock [ 47.195517][ T303] usb 3-1: Found UVC 0.00 device syz (0bda:0138) [ 47.212299][ T303] usb 3-1: No valid video chain found. [ 47.235334][ T1554] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 47.267172][ T28] audit: type=1400 audit(1753768547.998:275): avc: denied { read } for pid=1594 comm="syz.4.524" name="file0" dev="tmpfs" ino=581 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 47.323226][ T28] audit: type=1400 audit(1753768547.998:276): avc: denied { watch } for pid=1594 comm="syz.4.524" path="/108/file0" dev="tmpfs" ino=581 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 47.347417][ T1554] F2FS-fs (loop5): Try to recover 2th superblock, ret: 0 [ 47.357314][ T1554] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 47.395555][ T28] audit: type=1400 audit(1753768548.018:277): avc: denied { setattr } for pid=1594 comm="syz.4.524" name="file0" dev="tmpfs" ino=581 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1 [ 47.398950][ T6] usb 3-1: USB disconnect, device number 5 [ 47.461409][ T28] audit: type=1400 audit(1753768548.198:278): avc: denied { getopt } for pid=1604 comm="syz.4.528" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 47.610369][ T303] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 47.683040][ T28] audit: type=1400 audit(1753768548.418:279): avc: denied { write } for pid=1624 comm="syz.5.536" name="ip6_flowlabel" dev="proc" ino=4026533013 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 47.755193][ T1629] pim6reg0: tun_chr_ioctl cmd 1074025677 [ 47.761273][ T1629] pim6reg0: linktype set to 530 [ 47.800377][ T303] usb 4-1: Using ep0 maxpacket: 32 [ 47.811753][ T303] usb 4-1: config 0 has no interfaces? [ 47.819058][ T303] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 47.843689][ T303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.856010][ T1634] loop5: detected capacity change from 0 to 512 [ 47.864073][ T303] usb 4-1: config 0 descriptor?? [ 47.884160][ T1634] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 47.913669][ T1634] EXT4-fs (loop5): 1 truncate cleaned up [ 47.922574][ T1634] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 47.961337][ T771] EXT4-fs (loop5): unmounting filesystem. [ 48.022606][ T1645] loop5: detected capacity change from 0 to 512 [ 48.040824][ T1645] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 48.068399][ T1645] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.074383][ T6] usb 4-1: USB disconnect, device number 3 [ 48.102692][ T1645] EXT4-fs (loop5): shut down requested (2) [ 48.120469][ T1645] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=16 [ 48.131430][ T1645] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=16 [ 48.169514][ T1653] loop2: detected capacity change from 0 to 512 [ 48.177311][ T771] EXT4-fs (loop5): unmounting filesystem. [ 48.180395][ T303] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 48.198428][ T1653] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 48.219427][ T1607] loop4: detected capacity change from 0 to 131072 [ 48.231242][ T1607] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 48.233851][ T1655] loop5: detected capacity change from 0 to 1024 [ 48.242352][ T1607] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 48.263110][ T1607] F2FS-fs (loop4): invalid crc value [ 48.264657][ T1653] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 48.275235][ T1655] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 48.286405][ T1653] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 48.313228][ T771] EXT4-fs (loop5): unmounting filesystem. [ 48.325839][ T1653] EXT4-fs error (device loop2): ext4_lookup:1858: inode #12: comm syz.2.547: iget: bad i_size value: 2533274857506816 [ 48.350928][ T1607] F2FS-fs (loop4): Found nat_bits in checkpoint [ 48.375838][ T286] EXT4-fs (loop2): unmounting filesystem. [ 48.380608][ T303] usb 2-1: Using ep0 maxpacket: 8 [ 48.395566][ T303] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 48.420081][ T303] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 48.432712][ T303] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 48.441234][ T1607] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 48.445997][ T303] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 48.453972][ T1607] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 48.463499][ T303] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.493299][ T303] usb 2-1: config 0 descriptor?? [ 48.654527][ T1674] input: syz0 as /devices/virtual/input/input12 [ 48.724730][ T1672] loop2: detected capacity change from 0 to 8192 [ 48.903266][ T303] logitech 0003:046D:C29C.000A: hidraw0: USB HID v0.01 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0 [ 48.974626][ T1700] netlink: 'syz.4.564': attribute type 6 has an invalid length. [ 49.075863][ T1690] loop3: detected capacity change from 0 to 40427 [ 49.086731][ T1690] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 49.095761][ T1690] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 49.107489][ T1690] F2FS-fs (loop3): invalid crc value [ 49.114957][ T1690] F2FS-fs (loop3): Found nat_bits in checkpoint [ 49.156653][ T1690] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 49.164395][ T1690] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 49.213617][ T1690] syz.3.559: attempt to access beyond end of device [ 49.213617][ T1690] loop3: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 49.279274][ T1727] netlink: 156 bytes leftover after parsing attributes in process `syz.5.576'. [ 49.298289][ T1690] syz.3.559: attempt to access beyond end of device [ 49.298289][ T1690] loop3: rw=2049, sector=53256, nr_sectors = 2056 limit=40427 [ 49.305631][ T303] logitech 0003:046D:C29C.000A: no inputs found [ 49.313038][ T1727] netlink: 4 bytes leftover after parsing attributes in process `syz.5.576'. [ 49.335945][ T303] usb 2-1: USB disconnect, device number 6 [ 49.343952][ T1690] syz.3.559: attempt to access beyond end of device [ 49.343952][ T1690] loop3: rw=2049, sector=55312, nr_sectors = 2032 limit=40427 [ 49.379644][ T1690] syz.3.559: attempt to access beyond end of device [ 49.379644][ T1690] loop3: rw=2049, sector=49152, nr_sectors = 8 limit=40427 [ 49.381523][ T1720] loop2: detected capacity change from 0 to 40427 [ 49.421341][ T1690] syz.3.559: attempt to access beyond end of device [ 49.421341][ T1690] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 49.447216][ T1720] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 49.465182][ T1728] fido_id[1728]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 49.479750][ T1720] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 49.521134][ T1720] F2FS-fs (loop2): invalid crc_offset: 33558524 [ 49.541668][ T1720] F2FS-fs (loop2): Found nat_bits in checkpoint [ 49.609587][ T1720] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 49.622537][ T1720] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 49.714623][ T1723] loop4: detected capacity change from 0 to 40427 [ 49.723764][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.723789][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.730933][ T1723] F2FS-fs (loop4): Small segment_count (9 < 1 * 24) [ 49.748638][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.748664][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.756487][ T1723] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 49.768854][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.781549][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.790095][ T1723] F2FS-fs (loop4): Found nat_bits in checkpoint [ 49.804155][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.804179][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.820435][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.838412][ T1720] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix. [ 49.906479][ T1723] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 49.912985][ T1731] loop5: detected capacity change from 0 to 40427 [ 49.933590][ T1723] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 50.041709][ T287] syz-executor: attempt to access beyond end of device [ 50.041709][ T287] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 50.056005][ T1731] F2FS-fs (loop5): Found nat_bits in checkpoint [ 50.190653][ T1731] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 50.285670][ T771] syz-executor: attempt to access beyond end of device [ 50.285670][ T771] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 50.409406][ T1777] loop2: detected capacity change from 0 to 512 [ 50.470421][ T354] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 50.527492][ T1767] loop4: detected capacity change from 0 to 40427 [ 50.539629][ T1767] F2FS-fs (loop4): fault_type options not supported [ 50.547407][ T1767] F2FS-fs (loop4): invalid crc value [ 50.563126][ T1767] F2FS-fs (loop4): Found nat_bits in checkpoint [ 50.652930][ T354] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.664637][ T354] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.675790][ T1767] F2FS-fs (loop4): Start checkpoint disabled! [ 50.677635][ T354] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 50.695189][ T354] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 50.704730][ T354] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.705036][ T1767] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 50.722062][ T354] usb 2-1: config 0 descriptor?? [ 50.839290][ T832] kworker/u4:5: attempt to access beyond end of device [ 50.839290][ T832] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 51.041718][ T1805] loop3: detected capacity change from 0 to 40427 [ 51.060665][ T1805] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 51.068821][ T1805] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 51.080393][ T39] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 51.111298][ T1805] F2FS-fs (loop3): invalid crc_offset: 33558524 [ 51.141390][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.148858][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.158285][ T1805] F2FS-fs (loop3): Found nat_bits in checkpoint [ 51.170786][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.190408][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.197945][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.218145][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.230718][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.238343][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.248844][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.259672][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.267454][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.275316][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.280804][ T39] usb 6-1: Using ep0 maxpacket: 32 [ 51.282784][ T1805] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 51.295232][ T1805] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 51.298994][ T39] usb 6-1: config 0 has an invalid interface number: 67 but max is 0 [ 51.302970][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.330346][ T39] usb 6-1: config 0 has no interface number 0 [ 51.338010][ T39] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 51.344096][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.364200][ T39] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.364780][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.386241][ T39] usb 6-1: Product: syz [ 51.394195][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.394949][ T39] usb 6-1: Manufacturer: syz [ 51.403471][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.417519][ T1814] loop4: detected capacity change from 0 to 40427 [ 51.424229][ T39] usb 6-1: SerialNumber: syz [ 51.424976][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.430790][ T39] usb 6-1: config 0 descriptor?? [ 51.445487][ T1814] F2FS-fs (loop4): fault_type options not supported [ 51.460469][ T39] smsc95xx v2.0.0 [ 51.464439][ T1814] F2FS-fs (loop4): invalid crc value [ 51.467242][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.481682][ T1814] F2FS-fs (loop4): Found nat_bits in checkpoint [ 51.504057][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.520866][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.534221][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.541957][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.549548][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.559211][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.568009][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.578240][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.588936][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.598032][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.605810][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.610490][ T1814] F2FS-fs (loop4): Start checkpoint disabled! [ 51.621758][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.629338][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.637327][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.646504][ T1814] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 51.646508][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.654388][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.669290][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.677370][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.686369][ T354] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 51.714303][ T354] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 51.737068][ T354] plantronics 0003:047F:FFFF.000B: hiddev96,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 51.763151][ T354] usb 2-1: USB disconnect, device number 7 [ 51.796312][ T28] kauditd_printk_skb: 11 callbacks suppressed [ 51.796347][ T28] audit: type=1400 audit(1753768553.533:291): avc: denied { read } for pid=1813 comm="syz.4.611" path="/123/file1/file1" dev="loop4" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 51.820574][ T1814] syz.4.611: attempt to access beyond end of device [ 51.820574][ T1814] loop4: rw=2049, sector=77824, nr_sectors = 840 limit=40427 [ 51.879098][ T348] kworker/u4:4: attempt to access beyond end of device [ 51.879098][ T348] loop4: rw=1, sector=77824, nr_sectors = 8 limit=40427 [ 51.896474][ T28] audit: type=1400 audit(1753768553.633:292): avc: denied { unlink } for pid=1844 comm="syz.3.622" name="file0" dev="incremental-fs" ino=806 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 51.898232][ T1842] fido_id[1842]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 52.000730][ T1835] loop2: detected capacity change from 0 to 40427 [ 52.009654][ T1835] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 52.017632][ T1835] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 52.055458][ T1835] F2FS-fs (loop2): invalid crc value [ 52.101713][ T1835] F2FS-fs (loop2): Found nat_bits in checkpoint [ 52.113626][ T1860] loop3: detected capacity change from 0 to 256 [ 52.157423][ T103] udevd[103]: worker [345] terminated by signal 33 (Unknown signal 33) [ 52.166645][ T1860] exfat: Deprecated parameter 'namecase' [ 52.176041][ T103] udevd[103]: worker [345] failed while handling '/devices/virtual/block/loop3' [ 52.189727][ T1860] exfat: Deprecated parameter 'utf8' [ 52.193170][ T1835] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 52.198034][ T1860] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 52.202359][ T1835] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 52.320467][ T28] audit: type=1400 audit(1753768554.053:293): avc: denied { append } for pid=1834 comm="syz.2.619" path="/112/file0/bus" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 52.355220][ T28] audit: type=1326 audit(1753768554.083:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1878 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0b898e9a9 code=0x7ffc0000 [ 52.388752][ T28] audit: type=1326 audit(1753768554.083:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1878 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc0b898e9a9 code=0x7ffc0000 [ 52.430388][ T28] audit: type=1326 audit(1753768554.083:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1878 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc0b898e9a9 code=0x7ffc0000 [ 52.484080][ T39] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 52.512182][ T28] audit: type=1326 audit(1753768554.083:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1878 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc0b898e9e3 code=0x7ffc0000 [ 52.521735][ T1881] loop4: detected capacity change from 0 to 2048 [ 52.535787][ T39] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 52.570688][ T39] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 52.584674][ T28] audit: type=1326 audit(1753768554.323:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1878 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc0b898d45f code=0x7ffc0000 [ 52.596661][ T1881] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.625793][ T39] smsc95xx: probe of 6-1:0.67 failed with error -71 [ 52.644304][ T39] usb 6-1: USB disconnect, device number 4 [ 52.700063][ T1874] loop3: detected capacity change from 0 to 40427 [ 52.713012][ T1881] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 52.723220][ T28] audit: type=1326 audit(1753768554.463:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1878 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc0b898ea37 code=0x7ffc0000 [ 52.725126][ T1879] loop1: detected capacity change from 0 to 40427 [ 52.746830][ T28] audit: type=1326 audit(1753768554.463:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1878 comm="syz.1.634" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc0b898d310 code=0x7ffc0000 [ 52.776733][ T287] EXT4-fs (loop4): unmounting filesystem. [ 52.776771][ T1874] F2FS-fs (loop3): invalid crc value [ 52.805894][ T1879] F2FS-fs (loop1): Found nat_bits in checkpoint [ 52.813808][ T1874] F2FS-fs (loop3): Found nat_bits in checkpoint [ 52.852382][ T1879] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 52.858793][ T1874] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 52.866694][ T1879] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 53.084249][ T1913] SELinux: Context @ is not valid (left unmapped). [ 53.136797][ T1917] loop5: detected capacity change from 0 to 128 [ 53.196179][ T1923] netlink: 8 bytes leftover after parsing attributes in process `syz.1.650'. [ 53.199595][ T1927] loop4: detected capacity change from 0 to 128 [ 53.238362][ T1927] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 53.249534][ T1927] ext4 filesystem being mounted at /135/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 53.273823][ T287] EXT4-fs (loop4): unmounting filesystem. [ 53.310850][ T1937] SELinux: security_context_str_to_sid (sysadm_u) failed with errno=-22 [ 53.361601][ T1943] netlink: 96 bytes leftover after parsing attributes in process `syz.1.658'. [ 53.418035][ T1946] loop1: detected capacity change from 0 to 2048 [ 53.471562][ T1946] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 53.502079][ T1939] loop5: detected capacity change from 0 to 40427 [ 53.518723][ T1939] F2FS-fs (loop5): fault_type options not supported [ 53.525995][ T283] EXT4-fs (loop1): unmounting filesystem. [ 53.541842][ T1939] F2FS-fs (loop5): invalid crc value [ 53.554237][ T1939] F2FS-fs (loop5): Found nat_bits in checkpoint [ 53.562430][ T1955] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 53.626341][ T1939] F2FS-fs (loop5): Start checkpoint disabled! [ 53.638988][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 53.649118][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 53.657692][ T1939] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 53.688102][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 53.707344][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 53.727364][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 53.744551][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 53.775542][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 53.790882][ T348] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 53.879665][ T1961] loop1: detected capacity change from 0 to 40427 [ 53.906439][ T1961] F2FS-fs (loop1): Small segment_count (9 < 1 * 24) [ 53.926877][ T1961] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 53.994558][ T1961] F2FS-fs (loop1): Found nat_bits in checkpoint [ 54.081063][ T1961] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 54.114022][ T1961] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 54.146411][ T2001] loop5: detected capacity change from 0 to 512 [ 54.169675][ T2001] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 54.220032][ T2001] EXT4-fs (loop5): orphan cleanup on readonly fs [ 54.228004][ T2001] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.679: bg 0: block 248: padding at end of block bitmap is not set [ 54.244066][ T2001] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.679: Failed to acquire dquot type 1 [ 54.256827][ T283] bio_check_eod: 5 callbacks suppressed [ 54.256846][ T283] syz-executor: attempt to access beyond end of device [ 54.256846][ T283] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 54.279056][ T2001] EXT4-fs (loop5): 1 truncate cleaned up [ 54.286848][ T2001] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 54.323203][ T771] EXT4-fs (loop5): unmounting filesystem. [ 54.391258][ T2017] loop5: detected capacity change from 0 to 256 [ 54.445031][ T1108] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 54.538073][ T2038] loop1: detected capacity change from 0 to 512 [ 54.565579][ T2038] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 54.593504][ T2038] EXT4-fs warning (device loop1): dx_probe:869: inode #2: comm syz.1.684: Unimplemented hash flags: 0x0001 [ 54.607622][ T2038] EXT4-fs warning (device loop1): dx_probe:966: inode #2: comm syz.1.684: Corrupt directory, running e2fsck is recommended [ 54.629001][ T283] EXT4-fs (loop1): unmounting filesystem. [ 54.650447][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 54.697481][ T2053] 9p: Unknown uid 00000000004294967295 [ 54.765821][ T2066] capability: warning: `syz.1.709' uses 32-bit capabilities (legacy support in use) [ 54.798995][ T2071] loop1: detected capacity change from 0 to 1024 [ 54.806241][ T2071] EXT4-fs: Ignoring removed bh option [ 54.816310][ T2071] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 54.828064][ T2071] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 54.840383][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 54.846093][ T2071] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869) [ 54.856593][ T2071] EXT4-fs (loop1): filesystem has both journal inode and journal device! [ 54.865805][ T24] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 54.874470][ T24] usb 3-1: config 0 has no interface number 0 [ 54.883285][ T24] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 54.892677][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 54.901268][ T24] usb 3-1: Product: syz [ 54.905906][ T24] usb 3-1: Manufacturer: syz [ 54.910881][ T24] usb 3-1: SerialNumber: syz [ 54.913080][ T2080] xt_hashlimit: size too large, truncated to 1048576 [ 54.916534][ T24] usb 3-1: config 0 descriptor?? [ 54.940130][ T24] smsc95xx v2.0.0 [ 55.010473][ T2087] loop1: detected capacity change from 0 to 4096 [ 55.030635][ T356] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 55.131406][ T2094] loop1: detected capacity change from 0 to 256 [ 55.161274][ T2094] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 55.225310][ T356] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 55.237372][ T356] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 55.247728][ T356] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 55.261546][ T356] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 55.271119][ T356] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 55.284967][ T356] usb 6-1: config 0 descriptor?? [ 55.342100][ T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 55.355927][ T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 55.359204][ T2107] loop3: detected capacity change from 0 to 512 [ 55.400854][ T2107] EXT4-fs (loop3): can't mount with data_err=abort, fs mounted w/o journal [ 55.607828][ T2120] loop3: detected capacity change from 0 to 40427 [ 55.615181][ T2120] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 55.623028][ T2120] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 55.632074][ T2120] F2FS-fs (loop3): invalid crc value [ 55.639212][ T2120] F2FS-fs (loop3): Found nat_bits in checkpoint [ 55.683749][ T2120] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 55.692376][ T2120] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 55.711454][ T356] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x3 [ 55.719283][ T356] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 55.738716][ T356] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 55.740530][ T8] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 55.766153][ T8] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 55.776385][ T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 55.794570][ T24] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 55.801402][ T353] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 55.810696][ T24] usb 3-1: USB disconnect, device number 6 [ 55.981532][ T353] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 56.001434][ T353] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 56.020341][ T353] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.035712][ T353] usb 2-1: config 0 descriptor?? [ 56.049775][ T24] usb 6-1: USB disconnect, device number 5 [ 56.296298][ T2159] loop3: detected capacity change from 0 to 40427 [ 56.310276][ T2159] F2FS-fs (loop3): fault_type options not supported [ 56.326234][ T2159] F2FS-fs (loop3): invalid crc value [ 56.341912][ T2179] tipc: Started in network mode [ 56.352338][ T2159] F2FS-fs (loop3): Found nat_bits in checkpoint [ 56.366433][ T2179] tipc: Node identity , cluster identity 4711 [ 56.373494][ T2179] tipc: Failed to obtain node identity [ 56.379107][ T2179] tipc: Enabling of bearer rejected, failed to enable media [ 56.410416][ T2159] F2FS-fs (loop3): Start checkpoint disabled! [ 56.417231][ T2159] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 56.452129][ T353] keytouch 0003:0926:3333.000D: fixing up Keytouch IEC report descriptor [ 56.458581][ T2159] syz.3.749: attempt to access beyond end of device [ 56.458581][ T2159] loop3: rw=2049, sector=77824, nr_sectors = 840 limit=40427 [ 56.462430][ T353] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.000D/input/input13 [ 56.505325][ T8] kworker/u4:0: attempt to access beyond end of device [ 56.505325][ T8] loop3: rw=1, sector=77824, nr_sectors = 8 limit=40427 [ 56.519404][ T8] kworker/u4:0: attempt to access beyond end of device [ 56.519404][ T8] loop3: rw=1, sector=77952, nr_sectors = 8 limit=40427 [ 56.553326][ T353] keytouch 0003:0926:3333.000D: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 56.564633][ T2188] loop2: detected capacity change from 0 to 2048 [ 56.566084][ T8] kworker/u4:0: attempt to access beyond end of device [ 56.566084][ T8] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 56.640976][ T2188] ext4 filesystem being mounted at /125/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 56.791782][ T2186] loop5: detected capacity change from 0 to 40427 [ 56.809262][ T2186] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 56.827043][ T2186] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 56.837679][ T2186] F2FS-fs (loop5): invalid crc value [ 56.881460][ T2186] F2FS-fs (loop5): Found nat_bits in checkpoint [ 56.920700][ T6] usb 2-1: USB disconnect, device number 8 [ 56.958642][ T2186] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 56.966215][ T2186] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 57.000072][ T2186] syz.5.762: attempt to access beyond end of device [ 57.000072][ T2186] loop5: rw=10241, sector=53248, nr_sectors = 8 limit=40427 [ 57.015868][ T2221] futex_wake_op: syz.4.775 tries to shift op by 32; fix this program [ 57.062800][ T2226] netlink: 24 bytes leftover after parsing attributes in process `syz.2.777'. [ 57.078246][ T2186] syz.5.762: attempt to access beyond end of device [ 57.078246][ T2186] loop5: rw=2049, sector=53256, nr_sectors = 4024 limit=40427 [ 57.094904][ T2186] syz.5.762: attempt to access beyond end of device [ 57.094904][ T2186] loop5: rw=2049, sector=57280, nr_sectors = 64 limit=40427 [ 57.109021][ T2186] syz.5.762: attempt to access beyond end of device [ 57.109021][ T2186] loop5: rw=2049, sector=49152, nr_sectors = 8 limit=40427 [ 57.124200][ T2186] syz.5.762: attempt to access beyond end of device [ 57.124200][ T2186] loop5: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 57.147351][ T2232] loop3: detected capacity change from 0 to 2048 [ 57.191163][ T2232] EXT4-fs: Ignoring removed bh option [ 57.228155][ T2232] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 57.244752][ T2232] EXT4-fs (loop3): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 17 with error 28 [ 57.258066][ T2232] EXT4-fs (loop3): This should not happen!! Data will be lost [ 57.258066][ T2232] [ 57.268831][ T2232] EXT4-fs (loop3): Total free blocks count 0 [ 57.275276][ T2232] EXT4-fs (loop3): Free/Dirty block details [ 57.282178][ T2232] EXT4-fs (loop3): free_blocks=2415919104 [ 57.288609][ T2232] EXT4-fs (loop3): dirty_blocks=32 [ 57.294381][ T2232] EXT4-fs (loop3): Block reservation details [ 57.300958][ T2232] EXT4-fs (loop3): i_reserved_data_blocks=2 [ 57.335642][ T2248] netlink: 8 bytes leftover after parsing attributes in process `syz.4.787'. [ 57.379131][ T2250] ip_tunnel: non-ECT from 100.1.1.1 with TOS=0x92 [ 57.427704][ T28] kauditd_printk_skb: 41 callbacks suppressed [ 57.427721][ T28] audit: type=1400 audit(1753768815.157:340): avc: denied { create } for pid=2253 comm="syz.2.791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 57.498972][ T2262] loop2: detected capacity change from 0 to 128 [ 57.506941][ T28] audit: type=1400 audit(1753768815.197:341): avc: denied { getopt } for pid=2253 comm="syz.2.791" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 57.559776][ T2262] ext4 filesystem being mounted at /132/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 57.850802][ T2299] syz.5.809 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 57.927432][ T2308] loop5: detected capacity change from 0 to 512 [ 57.978792][ T2308] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.813: casefold flag without casefold feature [ 58.009770][ T2308] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.813: couldn't read orphan inode 15 (err -117) [ 58.258273][ T28] audit: type=1400 audit(1753768815.987:342): avc: denied { remount } for pid=2341 comm="syz.4.828" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 58.330574][ T2345] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 58.348842][ T832] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 58.360680][ T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 58.374062][ T832] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 58.379304][ T2329] loop2: detected capacity change from 0 to 40427 [ 58.384036][ T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 58.397932][ T832] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 58.400989][ T2329] F2FS-fs (loop2): invalid crc value [ 58.407050][ T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 58.424390][ T832] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 58.433854][ T2329] F2FS-fs (loop2): Found nat_bits in checkpoint [ 58.440928][ T832] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 58.493525][ T2329] F2FS-fs (loop2): Start checkpoint disabled! [ 58.506174][ T2329] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 58.742714][ T2373] loop2: detected capacity change from 0 to 512 [ 58.759216][ T2373] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 58.777614][ T2373] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 58.787702][ T354] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 58.796213][ T2373] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.842: invalid indirect mapped block 2683928664 (level 1) [ 58.811387][ T2373] EXT4-fs (loop2): Remounting filesystem read-only [ 58.818419][ T2373] EXT4-fs (loop2): 1 truncate cleaned up [ 58.927503][ T2390] loop1: detected capacity change from 0 to 512 [ 58.938385][ T2392] netem: change failed [ 58.947169][ T2390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.849: inode #1: comm syz.1.849: iget: illegal inode # [ 58.963617][ T2390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.849: error while reading EA inode 1 err=-117 [ 58.976422][ T2390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.849: inode #1: comm syz.1.849: iget: illegal inode # [ 58.990760][ T354] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 59.002193][ T2390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.849: error while reading EA inode 1 err=-117 [ 59.009215][ T28] audit: type=1400 audit(1753768816.737:343): avc: denied { relabelfrom } for pid=2395 comm="syz.2.853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 59.014521][ T354] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 59.037714][ T2396] netlink: 12 bytes leftover after parsing attributes in process `syz.4.852'. [ 59.044075][ T354] usb 4-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 59.044107][ T354] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 59.053841][ T2390] EXT4-fs (loop1): 1 orphan inode deleted [ 59.062665][ T28] audit: type=1400 audit(1753768816.767:344): avc: denied { relabelto } for pid=2395 comm="syz.2.853" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 59.095707][ T354] usb 4-1: config 0 descriptor?? [ 59.109655][ T2396] netlink: 104 bytes leftover after parsing attributes in process `syz.4.852'. [ 59.205470][ T2411] loop2: detected capacity change from 0 to 256 [ 59.212641][ T2411] exfat: Deprecated parameter 'namecase' [ 59.220567][ T2411] exfat: Deprecated parameter 'namecase' [ 59.237352][ T2411] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 59.401013][ T2437] loop2: detected capacity change from 0 to 256 [ 59.405549][ T2439] loop5: detected capacity change from 0 to 512 [ 59.422006][ T2437] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 59.442909][ T28] audit: type=1400 audit(1753768817.177:345): avc: denied { rename } for pid=2436 comm="syz.2.872" name="file1" dev="loop2" ino=1048629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 59.485255][ T2439] ext4 filesystem being mounted at /103/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 59.509492][ T354] elo 0003:04E7:0030.000E: item fetching failed at offset 2/3 [ 59.520401][ T28] audit: type=1400 audit(1753768817.247:346): avc: denied { lock } for pid=2438 comm="syz.5.871" path="/103/bus/file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 59.546641][ T28] audit: type=1400 audit(1753768817.257:347): avc: denied { link } for pid=2438 comm="syz.5.871" name="file1" dev="loop5" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 59.550137][ T354] elo 0003:04E7:0030.000E: parse failed [ 59.579148][ T354] elo: probe of 0003:04E7:0030.000E failed with error -22 [ 59.614976][ T2448] loop5: detected capacity change from 0 to 2048 [ 59.622026][ T2448] EXT4-fs: Ignoring removed bh option [ 59.655865][ T2448] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 59.671864][ T2448] EXT4-fs (loop5): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 17 with error 28 [ 59.690385][ T2448] EXT4-fs (loop5): This should not happen!! Data will be lost [ 59.690385][ T2448] [ 59.700179][ T2448] EXT4-fs (loop5): Total free blocks count 0 [ 59.714563][ T2448] EXT4-fs (loop5): Free/Dirty block details [ 59.730860][ T2448] EXT4-fs (loop5): free_blocks=2415919104 [ 59.746043][ T2448] EXT4-fs (loop5): dirty_blocks=32 [ 59.755066][ T354] usb 4-1: USB disconnect, device number 4 [ 59.760496][ T2448] EXT4-fs (loop5): Block reservation details [ 59.767930][ T2448] EXT4-fs (loop5): i_reserved_data_blocks=2 [ 59.970015][ T28] audit: type=1400 audit(1753768817.697:348): avc: denied { watch_reads } for pid=2513 comm="syz.2.884" path="/157" dev="tmpfs" ino=834 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 60.035974][ T2504] loop5: detected capacity change from 0 to 8192 [ 60.104817][ T2504] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 60.127433][ T2531] input: syz0 as /devices/virtual/input/input14 [ 60.347572][ T2553] netlink: 24 bytes leftover after parsing attributes in process `syz.5.892'. [ 60.415475][ T28] audit: type=1326 audit(1753768818.147:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2559 comm="syz.5.895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f3c78585967 code=0x7ffc0000 [ 60.689164][ T2585] loop1: detected capacity change from 0 to 2048 [ 60.696163][ T2585] EXT4-fs: Ignoring removed bh option [ 60.705587][ T2542] loop2: detected capacity change from 0 to 40427 [ 60.736307][ T2585] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 60.751674][ T2542] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 60.759477][ T2542] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 60.760445][ T2585] EXT4-fs (loop1): Delayed block allocation failed for inode 16 at logical offset 16 with max blocks 17 with error 28 [ 60.781042][ T354] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 60.792958][ T2542] F2FS-fs (loop2): invalid crc value [ 60.801841][ T2585] EXT4-fs (loop1): This should not happen!! Data will be lost [ 60.801841][ T2585] [ 60.839571][ T2585] EXT4-fs (loop1): Total free blocks count 0 [ 60.846469][ T2542] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 60.859873][ T2585] EXT4-fs (loop1): Free/Dirty block details [ 60.866404][ T2585] EXT4-fs (loop1): free_blocks=2415919104 [ 60.874003][ T2542] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 60.884079][ T2585] EXT4-fs (loop1): dirty_blocks=32 [ 60.893781][ T2585] EXT4-fs (loop1): Block reservation details [ 60.910096][ T2585] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 60.940784][ T2542] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 60.950415][ T2542] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 60.971466][ T354] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 61.000851][ T354] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 61.028790][ T2599] loop1: detected capacity change from 0 to 512 [ 61.035284][ T354] usb 6-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 61.044972][ T354] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.064092][ T2599] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 61.081739][ T354] usb 6-1: config 0 descriptor?? [ 61.088953][ T2599] EXT4-fs (loop1): invalid inodes per group: 4 [ 61.088953][ T2599] [ 61.172490][ T2602] netlink: 277 bytes leftover after parsing attributes in process `syz.1.906'. [ 61.502122][ T354] hid-led 0003:0FC5:B080.000F: unknown main item tag 0x0 [ 61.509857][ T354] hid-led 0003:0FC5:B080.000F: unknown main item tag 0x0 [ 61.519503][ T354] hid-led 0003:0FC5:B080.000F: unknown main item tag 0x0 [ 62.052457][ T2715] syz.4.956[2715] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.052542][ T2715] syz.4.956[2715] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.114515][ T2725] fuse: Bad value for 'fd' [ 62.121893][ T24] usb 6-1: USB disconnect, device number 6 [ 62.198583][ T2734] incfs: Options parsing error. -22 [ 62.204332][ T2734] incfs: mount failed -22 [ 62.204709][ T2737] loop2: detected capacity change from 0 to 512 [ 62.220426][ T6] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 62.232163][ T2737] ext4 filesystem being mounted at /187/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 62.324268][ T2757] loop1: detected capacity change from 0 to 16 [ 62.341045][ T2757] erofs: (device loop1): mounted with root inode @ nid 36. [ 62.416172][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 62.434599][ T2772] loop1: detected capacity change from 0 to 256 [ 62.448202][ T6] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 62.468189][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 62.486693][ T6] usb 4-1: config 0 descriptor?? [ 62.503279][ T2782] syz.2.987[2782] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.503362][ T2782] syz.2.987[2782] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 62.576684][ T2521] Bluetooth: hci0: Frame reassembly failed (-84) [ 62.639321][ T28] kauditd_printk_skb: 26 callbacks suppressed [ 62.639338][ T28] audit: type=1400 audit(1753768820.365:376): avc: denied { bind } for pid=2800 comm="syz.4.996" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 62.809171][ T2804] loop5: detected capacity change from 0 to 40427 [ 62.821564][ T2804] F2FS-fs (loop5): invalid crc value [ 62.845856][ T2804] F2FS-fs (loop5): Found nat_bits in checkpoint [ 62.886634][ T2804] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 62.894740][ T354] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 62.915305][ T6] keytouch 0003:0926:3333.0010: fixing up Keytouch IEC report descriptor [ 62.932098][ T6] input: HID 0926:3333 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0926:3333.0010/input/input15 [ 62.989370][ T2825] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 63.013813][ T6] keytouch 0003:0926:3333.0010: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.3-1/input0 [ 63.100209][ T354] usb 2-1: Using ep0 maxpacket: 16 [ 63.118829][ T354] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 63.138719][ T354] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 63.149621][ T354] usb 2-1: config 0 interface 0 has no altsetting 0 [ 63.159278][ T354] usb 2-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 63.168991][ T354] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.182339][ T354] usb 2-1: config 0 descriptor?? [ 63.355284][ T19] usb 4-1: USB disconnect, device number 5 [ 63.360167][ T39] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 63.551226][ T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 97, changing to 10 [ 63.562841][ T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24929, setting to 1024 [ 63.574639][ T39] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 63.584246][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 63.593094][ T354] hid (null): invalid report_size -1004342442 [ 63.593747][ T39] usb 6-1: config 0 descriptor?? [ 63.606338][ T354] hid (null): unknown global tag 0x8c [ 63.611834][ T354] hid (null): unknown global tag 0xf5 [ 63.617419][ T354] hid (null): report_id 0 is invalid [ 63.623484][ T354] hid (null): report_id 0 is invalid [ 63.628954][ T354] hid (null): unknown global tag 0x1f [ 63.638458][ T354] kye 0003:0458:5013.0011: unknown main item tag 0x0 [ 63.645464][ T354] kye 0003:0458:5013.0011: invalid report_size -1004342442 [ 63.656489][ T354] kye 0003:0458:5013.0011: item 0 4 1 7 parsing failed [ 63.663683][ T354] kye 0003:0458:5013.0011: parse failed [ 63.669455][ T354] kye: probe of 0003:0458:5013.0011 failed with error -22 [ 63.796288][ T24] usb 2-1: USB disconnect, device number 9 [ 64.008500][ T39] keytouch 0003:0926:3333.0012: fixing up Keytouch IEC report descriptor [ 64.029267][ T39] input: HID 0926:3333 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:0926:3333.0012/input/input16 [ 64.045465][ T2847] loop3: detected capacity change from 0 to 512 [ 64.062053][ T2847] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 64.071782][ T2847] EXT4-fs (loop3): 1 truncate cleaned up [ 64.087726][ T2847] incfs: Options parsing error. -22 [ 64.096894][ T2847] incfs: mount failed -22 [ 64.113774][ T39] keytouch 0003:0926:3333.0012: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.5-1/input0 [ 64.207605][ T2854] loop3: detected capacity change from 0 to 512 [ 64.230493][ T2854] EXT4-fs (loop3): failed to open journal device unknown-block(0,0) -6 [ 64.244414][ C1] usb 6-1: input irq status -75 received [ 64.292774][ T2860] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 64.311234][ T28] audit: type=1400 audit(1753768822.046:377): avc: denied { connect } for pid=2853 comm="syz.3.1017" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 64.342230][ T2862] loop1: detected capacity change from 0 to 128 [ 64.359468][ T28] audit: type=1400 audit(1753768822.046:378): avc: denied { write } for pid=2853 comm="syz.3.1017" path="socket:[27380]" dev="sockfs" ino=27380 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 64.384125][ T2862] ext4 filesystem being mounted at /192/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 64.445306][ T39] usb 6-1: USB disconnect, device number 7 [ 64.629820][ T2793] Bluetooth: hci0: command 0x1003 tx timeout [ 64.636100][ T1933] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 64.643345][ T2792] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 64.730791][ T2913] device veth1_macvtap left promiscuous mode [ 64.736838][ T2913] device macsec0 entered promiscuous mode [ 64.778293][ T2913] device veth1_macvtap entered promiscuous mode [ 64.785899][ T2913] device macsec0 left promiscuous mode [ 64.972313][ T28] audit: type=1400 audit(1753768822.706:379): avc: denied { nlmsg_read } for pid=2934 comm="syz.4.1055" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 64.972864][ T2939] loop3: detected capacity change from 0 to 16 [ 65.020147][ T2939] erofs: (device loop3): mounted with root inode @ nid 36. [ 65.149671][ T354] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 65.305994][ T28] audit: type=1400 audit(1753768823.036:380): avc: denied { wake_alarm } for pid=2960 comm="syz.4.1067" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 65.332897][ T2949] loop2: detected capacity change from 0 to 40427 [ 65.357836][ T2963] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 65.366073][ T2949] F2FS-fs (loop2): invalid crc value [ 65.369666][ T354] usb 2-1: Using ep0 maxpacket: 16 [ 65.377407][ T2949] F2FS-fs (loop2): Found nat_bits in checkpoint [ 65.389391][ T354] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 65.438915][ T354] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 65.456417][ T354] usb 2-1: Product: syz [ 65.465249][ T354] usb 2-1: Manufacturer: syz [ 65.471052][ T354] usb 2-1: SerialNumber: syz [ 65.475958][ T2949] F2FS-fs (loop2): Start checkpoint disabled! [ 65.481506][ T354] usb 2-1: config 0 descriptor?? [ 65.499828][ T354] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 65.502490][ T2949] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 65.511694][ T354] usb 2-1: Detected FT-X [ 65.533011][ T2974] loop5: detected capacity change from 0 to 1024 [ 65.555183][ T2974] EXT4-fs: Ignoring removed orlov option [ 65.601044][ T2974] EXT4-fs mount: 26 callbacks suppressed [ 65.601063][ T2974] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 65.618456][ T28] audit: type=1400 audit(1753768823.356:381): avc: denied { rename } for pid=2948 comm="syz.2.1062" name="file0" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 65.668098][ T28] audit: type=1400 audit(1753768823.356:382): avc: denied { rmdir } for pid=2948 comm="syz.2.1062" name="bus" dev="loop2" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 65.691134][ T39] ================================================================== [ 65.699349][ T39] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480 [ 65.706969][ T39] Write of size 8 at addr ffff88811077ca00 by task kworker/1:1/39 [ 65.715568][ T39] [ 65.717901][ T39] CPU: 1 PID: 39 Comm: kworker/1:1 Not tainted 6.1.145-syzkaller-00017-g2487417fb86a #0 [ 65.728143][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 65.738480][ T39] Workqueue: wg-crypt-wg0 wg_packet_tx_worker [ 65.746177][ T39] Call Trace: [ 65.749605][ T39] [ 65.753194][ T39] __dump_stack+0x21/0x24 [ 65.760133][ T39] dump_stack_lvl+0xee/0x150 [ 65.765044][ T39] ? __cfi_dump_stack_lvl+0x8/0x8 [ 65.770948][ T39] ? enqueue_timer+0xae/0x480 [ 65.777928][ T39] print_address_description+0x71/0x210 [ 65.784115][ T39] print_report+0x4a/0x60 [ 65.790362][ T39] kasan_report+0x122/0x150 [ 65.796724][ T39] ? enqueue_timer+0xae/0x480 [ 65.802743][ T39] __asan_report_store8_noabort+0x17/0x20 [ 65.814316][ T39] enqueue_timer+0xae/0x480 [ 65.819489][ T39] __mod_timer+0x79f/0xb30 [ 65.826208][ T39] mod_timer+0x1f/0x30 [ 65.830996][ T39] ? wg_timers_any_authenticated_packet_traversal+0x81/0x1a0 [ 65.838845][ T39] wg_timers_any_authenticated_packet_traversal+0x133/0x1a0 [ 65.846284][ T39] wg_packet_tx_worker+0x15e/0x4e0 [ 65.851518][ T39] process_one_work+0x71f/0xc40 [ 65.856477][ T39] worker_thread+0xa29/0x11f0 [ 65.861785][ T39] ? _raw_spin_lock_irqsave+0xb0/0x110 [ 65.867269][ T39] kthread+0x281/0x320 [ 65.871433][ T39] ? __cfi_worker_thread+0x10/0x10 [ 65.876744][ T39] ? __cfi_kthread+0x10/0x10 [ 65.881339][ T39] ret_from_fork+0x1f/0x30 [ 65.885752][ T39] [ 65.888765][ T39] [ 65.891084][ T39] Allocated by task 2792: [ 65.895409][ T39] kasan_set_track+0x4b/0x70 [ 65.900181][ T39] kasan_save_alloc_info+0x25/0x30 [ 65.905570][ T39] __kasan_kmalloc+0x95/0xb0 [ 65.910153][ T39] __kmalloc+0xb1/0x1e0 [ 65.914308][ T39] hci_alloc_dev_priv+0x27/0x1bd0 [ 65.919417][ T39] hci_uart_tty_ioctl+0x3d6/0xa20 [ 65.924448][ T39] tty_ioctl+0x8ef/0xc60 [ 65.928984][ T39] __se_sys_ioctl+0x12f/0x1b0 [ 65.933724][ T39] __x64_sys_ioctl+0x7b/0x90 [ 65.938423][ T39] x64_sys_call+0x58b/0x9a0 [ 65.943121][ T39] do_syscall_64+0x4c/0xa0 [ 65.947662][ T39] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 65.953568][ T39] [ 65.955887][ T39] Freed by task 2792: [ 65.959871][ T39] kasan_set_track+0x4b/0x70 [ 65.964623][ T39] kasan_save_free_info+0x31/0x50 [ 65.969706][ T39] ____kasan_slab_free+0x132/0x180 [ 65.975076][ T39] __kasan_slab_free+0x11/0x20 [ 65.979840][ T39] slab_free_freelist_hook+0xc2/0x190 [ 65.985211][ T39] __kmem_cache_free+0xb7/0x1b0 [ 65.990077][ T39] kfree+0x6f/0xf0 [ 65.993914][ T39] hci_release_dev+0x12a3/0x13b0 [ 65.999093][ T39] bt_host_release+0x82/0x90 [ 66.004247][ T39] device_release+0xa4/0x1d0 [ 66.009980][ T39] kobject_put+0x19d/0x280 [ 66.014405][ T39] put_device+0x1f/0x30 [ 66.018886][ T39] hci_dev_cmd+0x265/0x720 [ 66.023311][ T39] hci_sock_ioctl+0x41e/0x7f0 [ 66.028345][ T39] sock_do_ioctl+0x101/0x310 [ 66.033311][ T39] sock_ioctl+0x4d8/0x6e0 [ 66.038264][ T39] __se_sys_ioctl+0x12f/0x1b0 [ 66.043409][ T39] __x64_sys_ioctl+0x7b/0x90 [ 66.048616][ T39] x64_sys_call+0x58b/0x9a0 [ 66.054493][ T39] do_syscall_64+0x4c/0xa0 [ 66.058991][ T39] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 66.065870][ T39] [ 66.068295][ T39] Last potentially related work creation: [ 66.075456][ T39] kasan_save_stack+0x3a/0x60 [ 66.080373][ T39] __kasan_record_aux_stack+0xb6/0xc0 [ 66.086124][ T39] kasan_record_aux_stack_noalloc+0xb/0x10 [ 66.092749][ T39] insert_work+0x51/0x300 [ 66.097627][ T39] __queue_work+0x9b1/0xd30 [ 66.102240][ T39] queue_work_on+0xd2/0x140 [ 66.107257][ T39] __hci_cmd_sync_sk+0xa3e/0xcf0 [ 66.112913][ T39] hci_cmd_sync_status+0x53/0x120 [ 66.119000][ T39] hci_dev_cmd+0x628/0x720 [ 66.123427][ T39] hci_sock_ioctl+0x41e/0x7f0 [ 66.128111][ T39] sock_do_ioctl+0x101/0x310 [ 66.132718][ T39] sock_ioctl+0x4d8/0x6e0 [ 66.137150][ T39] __se_sys_ioctl+0x12f/0x1b0 [ 66.141844][ T39] __x64_sys_ioctl+0x7b/0x90 [ 66.146445][ T39] x64_sys_call+0x58b/0x9a0 [ 66.150978][ T39] do_syscall_64+0x4c/0xa0 [ 66.155396][ T39] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 66.161310][ T39] [ 66.163811][ T39] Second to last potentially related work creation: [ 66.170618][ T39] kasan_save_stack+0x3a/0x60 [ 66.175396][ T39] __kasan_record_aux_stack+0xb6/0xc0 [ 66.180988][ T39] kasan_record_aux_stack_noalloc+0xb/0x10 [ 66.186921][ T39] insert_work+0x51/0x300 [ 66.191888][ T39] __queue_work+0x9b1/0xd30 [ 66.196409][ T39] queue_work_on+0xd2/0x140 [ 66.201003][ T39] hci_cmd_timeout+0x191/0x200 [ 66.206336][ T39] process_one_work+0x71f/0xc40 [ 66.211376][ T39] worker_thread+0xa29/0x11f0 [ 66.216160][ T39] kthread+0x281/0x320 [ 66.220507][ T39] ret_from_fork+0x1f/0x30 [ 66.225552][ T39] [ 66.228120][ T39] The buggy address belongs to the object at ffff88811077c000 [ 66.228120][ T39] which belongs to the cache kmalloc-8k of size 8192 [ 66.242362][ T39] The buggy address is located 2560 bytes inside of [ 66.242362][ T39] 8192-byte region [ffff88811077c000, ffff88811077e000) [ 66.255990][ T39] [ 66.258312][ T39] The buggy address belongs to the physical page: [ 66.264722][ T39] page:ffffea000441de00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x110778 [ 66.274985][ T39] head:ffffea000441de00 order:3 compound_mapcount:0 compound_pincount:0 [ 66.283398][ T39] flags: 0x4000000000010200(slab|head|zone=1) [ 66.289739][ T39] raw: 4000000000010200 dead000000000100 dead000000000122 ffff888100043500 [ 66.298689][ T39] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 66.307357][ T39] page dumped because: kasan: bad access detected [ 66.313784][ T39] page_owner tracks the page as allocated [ 66.319489][ T39] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 285, tgid 285 (syz-executor), ts 28420065891, free_ts 28309511235 [ 66.341812][ T39] post_alloc_hook+0x1f5/0x210 [ 66.346615][ T39] prep_new_page+0x1c/0x110 [ 66.351390][ T39] get_page_from_freelist+0x2c7b/0x2cf0 [ 66.356954][ T39] __alloc_pages+0x19e/0x3a0 [ 66.361752][ T39] alloc_slab_page+0x6e/0xf0 [ 66.366397][ T39] new_slab+0x98/0x3d0 [ 66.370596][ T39] ___slab_alloc+0x6f6/0xb50 [ 66.375195][ T39] __slab_alloc+0x5e/0xa0 [ 66.379646][ T39] __kmem_cache_alloc_node+0x203/0x2c0 [ 66.385205][ T39] __kmalloc_node+0xa1/0x1e0 [ 66.389806][ T39] kvmalloc_node+0x294/0x480 [ 66.394483][ T39] pfifo_fast_init+0x112/0x7a0 [ 66.399355][ T39] qdisc_create_dflt+0x150/0x3b0 [ 66.404462][ T39] dev_activate+0x2cf/0x1040 [ 66.409060][ T39] __dev_open+0x3ce/0x4f0 [ 66.413531][ T39] __dev_change_flags+0x21b/0x6b0 [ 66.418549][ T39] page last free stack trace: [ 66.423223][ T39] free_unref_page_prepare+0x742/0x750 [ 66.428696][ T39] free_unref_page+0x8f/0x530 [ 66.433461][ T39] __free_pages+0x67/0x100 [ 66.437978][ T39] __free_slab+0xca/0x1a0 [ 66.442325][ T39] __unfreeze_partials+0x160/0x190 [ 66.447452][ T39] put_cpu_partial+0xa9/0x100 [ 66.452127][ T39] __slab_free+0x1c4/0x280 [ 66.456541][ T39] ___cache_free+0xbf/0xd0 [ 66.460950][ T39] qlist_free_all+0xc6/0x140 [ 66.465539][ T39] kasan_quarantine_reduce+0x14a/0x170 [ 66.471026][ T39] __kasan_slab_alloc+0x24/0x80 [ 66.475956][ T39] slab_post_alloc_hook+0x4f/0x2d0 [ 66.481281][ T39] kmem_cache_alloc_node+0x181/0x340 [ 66.486703][ T39] __alloc_skb+0xea/0x4b0 [ 66.491047][ T39] alloc_skb_with_frags+0xa8/0x620 [ 66.496168][ T39] sock_alloc_send_pskb+0x853/0x980 [ 66.501367][ T39] [ 66.503695][ T39] Memory state around the buggy address: [ 66.509342][ T39] ffff88811077c900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.517406][ T39] ffff88811077c980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.525458][ T39] >ffff88811077ca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.533609][ T39] ^ [ 66.537708][ T39] ffff88811077ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.545777][ T39] ffff88811077cb00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 66.553941][ T39] ================================================================== [ 66.562002][ T39] Disabling lock debugging due to kernel taint [ 66.573618][ T2482] bio_check_eod: 1 callbacks suppressed [ 66.573633][ T2482] kworker/u4:26: attempt to access beyond end of device [ 66.573633][ T2482] loop2: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 66.593658][ T2987] input: syz1 as /devices/virtual/input/input17 [ 66.600075][ T354] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 66.647107][ T771] EXT4-fs (loop5): unmounting filesystem. [ 66.709348][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 66.722356][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 66.733048][ C1] CPU: 1 PID: 286 Comm: syz-executor Tainted: G B 6.1.145-syzkaller-00017-g2487417fb86a #0 [ 66.744597][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 66.755014][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 66.760423][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 d3 28 00 4c 89 ff e8 d0 29 a9 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 7c 2f 6d 00 49 8b 7d 00 e8 b3 25 [ 66.780259][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 66.786624][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881116dd100 [ 66.794903][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 66.803211][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 66.811222][ C1] R10: ffffed10220ef939 R11: 1ffff110220ef939 R12: dffffc0000000000 [ 66.819222][ C1] R13: 0000000000000000 R14: ffff88811077c9c8 R15: 0000000000000008 [ 66.827306][ C1] FS: 000055556ea55500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 66.836267][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 66.842991][ C1] CR2: 000055556ea784e8 CR3: 000000012fe30000 CR4: 00000000003506a0 [ 66.851158][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 66.859161][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 66.867303][ C1] Call Trace: [ 66.870611][ C1] [ 66.873484][ C1] delayed_work_timer_fn+0x61/0x80 [ 66.878723][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 66.884597][ C1] call_timer_fn+0x46/0x2a0 [ 66.889234][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 66.895158][ C1] __run_timers+0x667/0x9a0 [ 66.899678][ C1] ? calc_index+0x200/0x200 [ 66.904198][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 66.909524][ C1] run_timer_softirq+0x6a/0xf0 [ 66.914331][ C1] handle_softirqs+0x1d7/0x600 [ 66.919124][ C1] __irq_exit_rcu+0x52/0xf0 [ 66.923734][ C1] irq_exit_rcu+0x9/0x10 [ 66.928000][ C1] sysvec_apic_timer_interrupt+0xa9/0xc0 [ 66.933667][ C1] [ 66.936630][ C1] [ 66.939625][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 66.945633][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp2+0x0/0x90 [ 66.952431][ C1] Code: 11 10 48 89 74 11 18 48 89 44 11 20 5d c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 90 90 90 90 90 90 b8 99 05 e2 1f <55> 48 89 e5 48 8b 45 08 65 48 8b 15 90 6b 92 7e 65 8b 0d 91 6b 92 [ 66.972248][ C1] RSP: 0018:ffffc9000da2fa70 EFLAGS: 00000246 [ 66.978344][ C1] RAX: 0000000000000000 RBX: 0000000000000081 RCX: ffff8881116dd100 [ 66.986348][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 66.994345][ C1] RBP: ffffc9000da2fab0 R08: ffff8881116dd100 R09: 0000000000000002 [ 67.002331][ C1] R10: 000000000000002f R11: 0000000000000000 R12: 1ffff1102644c35f [ 67.010327][ C1] R13: 000000000000000b R14: ffff888132261af8 R15: ffff888132261afa [ 67.018335][ C1] ? inode_permission+0x74/0x4b0 [ 67.023306][ C1] link_path_walk+0x280/0xe50 [ 67.028091][ C1] ? handle_lookup_down+0x130/0x130 [ 67.033371][ C1] __filename_parentat+0x201/0x610 [ 67.038534][ C1] ? vfs_path_parent_lookup+0x60/0x60 [ 67.043963][ C1] ? kasan_save_alloc_info+0x25/0x30 [ 67.049269][ C1] ? __kasan_slab_alloc+0x72/0x80 [ 67.054320][ C1] do_rmdir+0xbf/0x6a0 [ 67.058415][ C1] ? __cfi_do_rmdir+0x10/0x10 [ 67.063119][ C1] __x64_sys_unlinkat+0xc7/0xf0 [ 67.068004][ C1] x64_sys_call+0x79f/0x9a0 [ 67.072558][ C1] do_syscall_64+0x4c/0xa0 [ 67.077087][ C1] ? clear_bhb_loop+0x30/0x80 [ 67.081811][ C1] ? clear_bhb_loop+0x30/0x80 [ 67.086968][ C1] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 67.093169][ C1] RIP: 0033:0x7fcc3738df87 [ 67.097813][ C1] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.117974][ C1] RSP: 002b:00007ffc17563798 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 67.126497][ C1] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fcc3738df87 [ 67.134511][ C1] RDX: 0000000000000200 RSI: 00007ffc17564940 RDI: 00000000ffffff9c [ 67.142507][ C1] RBP: 00007fcc37410b55 R08: 000055556ea7050b R09: 0000000000000000 [ 67.150671][ C1] R10: 0000000000001000 R11: 0000000000000207 R12: 00007ffc17564940 [ 67.158657][ C1] R13: 00007fcc37410b55 R14: 0000000000010061 R15: 00007ffc17565a10 [ 67.166641][ C1] [ 67.169688][ C1] Modules linked in: [ 67.173612][ C1] ---[ end trace 0000000000000000 ]--- [ 67.179086][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 67.184495][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 a8 d3 28 00 4c 89 ff e8 d0 29 a9 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 7c 2f 6d 00 49 8b 7d 00 e8 b3 25 [ 67.204138][ C1] RSP: 0018:ffffc900001b0c70 EFLAGS: 00010046 [ 67.210214][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff8881116dd100 [ 67.218210][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 67.226232][ C1] RBP: ffffc900001b0d08 R08: fffffffffffffffb R09: 0000000000000007 [ 67.234234][ C1] R10: ffffed10220ef939 R11: 1ffff110220ef939 R12: dffffc0000000000 [ 67.242227][ C1] R13: 0000000000000000 R14: ffff88811077c9c8 R15: 0000000000000008 [ 67.250255][ C1] FS: 000055556ea55500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 67.259506][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.266108][ C1] CR2: 000055556ea784e8 CR3: 000000012fe30000 CR4: 00000000003506a0 [ 67.274091][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 67.282076][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 67.290064][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 67.297613][ C1] Kernel Offset: disabled [ 67.301946][ C1] Rebooting in 86400 seconds..