last executing test programs: 23.159879804s ago: executing program 4 (id=54): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'gretap0\x00', 0x0}) setsockopt$packet_add_memb(r0, 0x107, 0x1, &(0x7f0000000040)={r2, 0x1, 0x6, @local}, 0x10) close(r0) 23.131974514s ago: executing program 4 (id=55): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42}, 0x10) r1 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f00000001c0)={0x8000042}, 0x10) sendmsg$tipc(r0, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) 23.068878435s ago: executing program 4 (id=57): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000bfe000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000002c0)={0x0, 0x0}) syz_kvm_setup_cpu$x86(r1, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text64={0x40, 0x0}], 0x1, 0x2, &(0x7f0000000280), 0x0) 22.932632307s ago: executing program 4 (id=61): syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000440)=ANY=[], 0x1, 0x1268, &(0x7f0000002500)="$eJzs3U9rI2UcB/Bf2vTv2qbquroL4oNeFCFue/DkpcguiAWl2gUVhFmbamialCYUIuLWkyfBlyHq0ZsgvoFevHgWBJFePO5BHGmT1aZJu7ptU5HP5zIPzzzfeWYyzMCE+TF7L32+sb7WLK9lrRgpFKK4ORbFuylSjMRodOzEc7d+/OnJN956+9XFpaUbyyndXHxz/sWU0uxT373z0ddPf9+6dOub2W8nYnfu3b3fFn7evbJ7de+Pr6LaTNVmqjdaKUu3G41WdrtWSavV5no5pddrlaxZSdV6s7LVs36t1tjcbKesvjozvblVaTZTVm+n9Uo7tQqptdVO2ftZtZ7K5XKamQ5OY+XLu3meR+T5WIxHnuf5VEzHpXgoZmI2SjEXD8cj8WhcjsfiSjweT8TVg1EXvd8AAAAAAAAAAAAAAAAAAADw/3Kf+v+C+n8AAAAAAAAAAAAAAAAAAAA4f0fr/4sRvv8PAAAAAAAAAAAAAAAAAAAAQ3af7/8fqf9/Xv0/AAAAAAAAAAAAAAAAAAAAnIfJzmI5pcmIjU+3V7ZXOstO/+JaVKMWlbgepfg9Dqr/Ozrtm68s3bieDszFCxt3uvk72yujvfn5sVLMFQbm5zv51JufiOnD+YUoxeXB8y8MzE/Gs8/s5z/p5MtRih/ei0bUYjWi0D36g/zH8ym9/NrSVG/+2v64Y42e82kBAACAs1ROf+l/ft/pDhq4vrOq+3yeuiMLJ/w/cOT5vBjXihd11NzTbH+4ntVqla0HbIwfv53x0225r1GIiCwO98xO/7K8P/mZTfGgjdGhTjp28phTnNMo/gd+zDNo/PrFoZ7JGO7sI91LIqvt3z//WSp28vxcd2zgxThxUur4e0ZhCPclhuPvk37RewIAAAAAAAAAAMC/MfDtv6mI6Hsf8IO+nnuvh/fG+7d8/OyfDeEIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mQHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFcBAAD///ME0UM=") open(&(0x7f00000001c0)='./bus\x00', 0x64842, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x147842, 0x0) preadv2(r0, &(0x7f0000000040)=[{&(0x7f0000001200)=""/4096, 0xfffffdef}], 0x1, 0x0, 0x0, 0x7) 22.7720981s ago: executing program 4 (id=65): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x4, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_getoverrun(r2) 22.575665833s ago: executing program 4 (id=68): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="1003feffe4ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 22.485670964s ago: executing program 32 (id=68): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'ip6_vti0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000180)="1003feffe4ff020002004788aa96a13bb100001100007fca1a00", 0x1000a, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) 7.512894921s ago: executing program 5 (id=435): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000480)={0x56, 0xfffe, 0x0, {0x0, 0x1}, {0x80, 0x2}, @const={0x0, {0x1000, 0x0, 0xfffc}}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) ioctl$EVIOCGKEY(r0, 0x80404518, &(0x7f0000000100)=""/240) 7.492421681s ago: executing program 5 (id=436): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0x40, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x2}, {0xffff, 0xffff}, {0x4, 0x9}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0xc, 0x2, [@TCA_FQ_CODEL_FLOWS={0x8, 0x5, 0x1}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[], 0xb4}}, 0x0) 7.475002871s ago: executing program 5 (id=437): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10) ioctl$USBDEVFS_REAPURB(r0, 0x4008550c, &(0x7f0000000700)) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f0000000140)=@urb_type_control={0x2, {}, 0x20000009, 0x0, &(0x7f0000000240)={0x0, 0x0, 0xfffc, 0x360}, 0x8, 0x7, 0x80, 0x0, 0x1, 0x101, 0x0}) 7.348431223s ago: executing program 5 (id=440): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x20c006, &(0x7f0000000480)={[{@grpjquota}, {@mblk_io_submit}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x68}}, {@lazytime}, {@discard}, {@grpquota}]}, 0x1, 0x446, &(0x7f0000000d40)="$eJzs28tvG8UfAPDv2kn6/P1qqvLoAwgURMQjadJSeuACAokDSEhwKMeQpFWo26AmSLSKICBUjqgSd8QRib+AE1wQcELiCndUqUK5tMDFaOPdxHbttA5ONtSfj7TJzO44M1/vjj07kw2gbw2nP5KIvRHxa0Tsq2ebCwzXf91cXpz6c3lxKola7Y0/kpVyN5YXp/Ki+ev25JmBiNInSRxuU+/8pcvnJqvVmYtZfmzh/Ltj85cuPzN7fvLszNmZCxOnTp04Pv7cyYlnexJnGteNQx/MHTn4yltXX5s6ffXtH79O8vhb4uiR4fUOPl6r9bi6Yv2vIZ0MFNgQulKud9MYXOn/+6IcaydvX7z8caGNAzZVrVar3df58FINuIslUXQLgGLkX/Tp/W++bdHQY1u4/kL9BiiN+2a21Y8MRCkrM9hyf9tLwxFxeumvL9ItNmceAgCgybfp+OfpbPzXtPBTisZ5of9nayiViLgnIvZHxMmIOBAR90aslL0/Ih7osv7WRZJbxz+la13+ya6k47/ns7Wt5vFfPvqLSjni73y4XInB5MxsdeZY9p6MxOCOND++Th3fvfTLZ52ONY7/0i2tPx8LZu24NrCj+TXTkwuT/ybmRtc/ijg00C7+ZHUlIL0sDkbEoQ3WMfvkV0c6Hbt9/M2GGjM9WGeqfRnxRP38L0VL/Llk/fXJsZ1RnTk2ll8Vt/rp5yuvd6q/2/h7LT3/u9te/6vxV5LG9dr57uu48tunHe9pNnr9DyVvNu17f3Jh4eJ4xFDyar3RjfsnWspNrJVP4x852r7/74+1d+JwRKQX8YMR8VBEPJy1/ZGIeDQijq4T/w8vPvZO856ki/g3Vxr/dFfnfy0xFK172ifK577/pqnSSnQRf3r+T6ykRrI9d/L5dyft2tjVDAAAAP89pYjYG0lpdDVdKo2O1v+H/0DsLlXn5heeOjP33oXp+jMClRgs5TNd9fng+nzoeHZbn+cnWvLHs3njz8u7VvKjU3PV6aKDhz63p0P/T/1eLrp1wKbzvBb0L/0f+pf+D/1L/4f+1ab/7yqiHcDWa/f9/2EB7QC2Xkv/t+wHfcT9P/Qv/R/6l/4PfWl+V9z+Ifntmti5PZrRn4koFVd7PkNV+JtwFycK/mACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADokX8CAAD//2Ts5lU=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.time\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f00000003c0)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x4}) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 7.022715908s ago: executing program 5 (id=445): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x2009}, 0xff3f) bind$bt_sco(r0, &(0x7f0000000400), 0x8) listen(r0, 0x0) shutdown(r0, 0x0) 6.452428676s ago: executing program 5 (id=447): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 6.310578668s ago: executing program 33 (id=447): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x10, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.584737716s ago: executing program 0 (id=565): setresgid(0xee00, 0xee01, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000002040)='./file0\x00', &(0x7f0000002200), 0x1000000, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r0, 0x10001, 0x0) 1.518155108s ago: executing program 0 (id=567): mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000080)={&(0x7f00006c6000/0x400000)=nil, &(0x7f0000685000/0x4000)=nil, 0x400000, 0x3, 0x18100}) 1.452491918s ago: executing program 0 (id=569): syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_CONNINFO(r0, 0x6, 0x2, &(0x7f0000000040)={0x3, "077087"}, 0x6) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 1.446558099s ago: executing program 0 (id=579): syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000040)='./bus\x00', 0x2008410, &(0x7f0000000500)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c84268030000000000000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRES16], 0x1, 0x553b, &(0x7f000000ac00)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0x839352b8218490eb) fchown(r0, 0x0, r2) 1.154833253s ago: executing program 1 (id=572): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000680)={'veth0_to_bridge\x00', 0x0}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={0x2c, r3, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_FEATURES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r1}]}, @ETHTOOL_A_FEATURES_WANTED={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x2c}}, 0x20000850) 1.095550484s ago: executing program 1 (id=573): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0xfffeffff) 1.095241174s ago: executing program 1 (id=574): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = inotify_init() inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020) 1.040062944s ago: executing program 1 (id=576): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x553, &(0x7f0000001080)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") mkdir(&(0x7f0000000300)='./bus\x00', 0x5c) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000008) renameat2(0xffffffffffffff9c, &(0x7f0000000200)='./file0/file0\x00', 0xffffffffffffff9c, &(0x7f0000000280)='./bus\x00', 0x2) 981.661355ms ago: executing program 0 (id=577): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty, 0x9}, 0x1c) listen(r0, 0x3) syz_emit_ethernet(0x5a, &(0x7f0000000440)={@local, @link_local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "2a8435", 0x24, 0x6, 0xff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x4, 0x9, 0xc2, 0x2, 0x0, 0x0, {[@window={0x3, 0x3, 0x3}, @generic={0x5, 0xb, "d85c4b98d5aa772f9d"}]}}}}}}}}, 0x0) 866.341687ms ago: executing program 1 (id=583): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000b80)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'tunl0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x4}]}}]}, 0x38}}, 0x0) 667.49158ms ago: executing program 0 (id=587): r0 = socket$inet6(0xa, 0x3, 0x8) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, @void, @value}, 0x28) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000)=0x7c, 0x4) sendmmsg$inet6(r0, &(0x7f0000004580)=[{{&(0x7f0000000080)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002'], 0x28}}], 0x1, 0x0) recvmmsg(r0, &(0x7f00000011c0)=[{{0x0, 0x0, 0x0}, 0x2}], 0x1, 0x40001100, 0x0) 630.229221ms ago: executing program 1 (id=589): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x11c0, 0x5506, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x0, 0xa, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xc4, 0x0, 0x1, {0x22, 0x2}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0x3}}}}}]}}]}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000001c0)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000100)={0x20, 0x1f, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 419.097044ms ago: executing program 3 (id=600): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r0}, 0x10) socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0)) 418.758793ms ago: executing program 2 (id=602): syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_int(r1, &(0x7f0000000200)=0xfffffffffffffffb, 0xfe9e) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000080)={0x81, 0x100000000, 0x9}) 418.642324ms ago: executing program 3 (id=603): syz_mount_image$vfat(&(0x7f0000000340), &(0x7f0000000040)='./file1\x00', 0x280809a, &(0x7f0000000000)=ANY=[], 0x1, 0x2b2, &(0x7f00000006c0)="$eJzs3U9rY1UUAPDz0jR9OosUcaMIPtCFqzJ166ZRRhC7UiKoCw3ODEgSBqYQmArGruYTuPR7+BHcuPEbDLgV3E0XlSfvX/7ga402VXR+v9Xh3nfuPXm3TbLJeZ+/Mh3ffZDE2dMnkaZJdI7iKM6T2I9ONL6JbgAA/x/neR6/5mWY5JUNM7udGy0MALgx1ef/X/rgBwD+4z78+JP3B8fHdz7IsjRe6j+eDZOImD6eDav5wf34MiZxL25HPy4i8oUqfve94zvRzQr78fp0PhsWmdPPfqzXH/wSUeYfRj/22/MPs8pK/nw23I3nI4vB/d2m1H682J7/Zkt+DHvxxmsr9R9EP376Ih7EJO5GkbvM//owy97Jv3361afFNkV+0onhXnldKfcFCQAAAAAAAAAAAAAAAAAAAACA7TrIsqRq31P27ymG6v47Oxfl/EHW2F/vz1PlJ81CVX+gvOmWM8/ju6a/zu0sy/L6wmV+N17uerAAAAAAAAAAAAAAAAAAAAAAFE4ePbk1mkzuPTx5dDq+dtB0A2h+1v931zlaGXk1TsejncsX3Nt8r9VuA0WtV14c3W5s6ba0B2eLkeeKera+xV4sRj6KKmgOZqt7vfB2tejpeJTVU81NHo+SP9srbQ7u+9WpXly3sLz8k7jI1880XZS6ntXb0t3o3Wqd+i3P883Weevn6ozqkaRssbHZ7rt10PoCiyAtziJd/OMXUz9cvuClbxk7137TAQAAAAAAAAAAAAAAAAAAWi1/9NsyeXZlaufGigIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf9jy+f9NkEbE+sgfgnmdfNU1ddCLhyf/8ksEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgGfB7AAAA//8rlFqg") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1801000000000000000000004b84ffec850000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1db) writev(r1, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x100000}], 0x1) 370.992554ms ago: executing program 3 (id=605): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4) bind$inet(r0, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000000200)=[{0x6}]}, 0x10) listen(r0, 0x0) 316.211705ms ago: executing program 3 (id=607): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fdfdfff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040000010000400404000001000000b7050000050000006a0a00fe00000000850000000a000000b70000000000000095000000000000009cc6b3fcd62c7d376238975d43a4505f80fc88943c4f0cf08e467b592f868ee30a0e8c1bf176db2a6b2feb4b6fd3d5707bfd2d84aaa3b1d4e984c46ea7e2a447a36f5662403e1b2be4cc7c2683908a0d411a9872061ce618117c56f0979bd10b97163c953ab1abda4589e9cbe8d0d26b5069f8a98f7dc8f76b74635fc9f9de9ca3c00cb9bf4e418d07fa22f0610a70f2bdf4000000000000b0c2940dd8e263aa743f7555193161f45346d2014006000000e1ffff8816326d7d35c32aac1c7d5b5be399f6609876b5887437a172751151b633fbc02a74067529194e533583412dff048f0000000000000000b2728a04816cfb851cd364ff19ffcafe3e64be033c9d2f002cc93c1c13ceec04a347383420336bec88c24a9fb6a6991ddb737d527d6acb15426415b6e8b14fdfa2c6e94bd0339454c13ad30000000000170022626165866c156a25148972700000b515a1000000000000000eb2e9c15b6c8f6198282d0000000000c2ccf3f69cfcf1e15ea7a9e57aee78e12a2caebaada42811754e19a7e9b531636794a718b4766d2c7c61c3dba128c7fcd1f97989ccf1d55de496eae46c590c2d0225f9cd07005ac7f76d9d560a08c9fd0caafd9d095cb9db0099014cd0d4df62af52b088b01adeadc4c5225a6cd8486b03f83805dffe90dbf7ad042012b7213a2b03e3b1634ddfc9d6f570c4990fbbc7306871d9a52a157fb1a10fa2868df06faf83a8420e9ce62567043ce7e56d1ebe81"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0xffff0000, 0x40f, 0x0, &(0x7f0000001a40)="2b206d074843b397737ea49da2aa", 0x0, 0xf000, 0x720e, 0x0, 0x0, 0x0, 0x0}, 0x48) 236.280216ms ago: executing program 2 (id=609): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x3c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) mkdir(&(0x7f0000000200)='./bus\x00', 0x0) mount$incfs(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)='./bus\x00', &(0x7f00000000c0), 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000080)='./bus\x00', 0x0, 0x820, 0x0) 215.185796ms ago: executing program 2 (id=610): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100000abd92de000000000000ea04850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000540)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 214.663646ms ago: executing program 6 (id=611): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x5}}}, 0x24}}, 0x0) 200.002326ms ago: executing program 3 (id=612): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f0000000140)="be38", 0xffdf}], 0x1, &(0x7f0000000c80)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414ca00000000000000001c0000000000000000000000070000004404730001000000"], 0x40}, 0x0) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) read$FUSE(r1, &(0x7f0000006d00)={0x2020}, 0x2020) 126.630208ms ago: executing program 2 (id=613): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000240), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000080)=0x4) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r0, &(0x7f0000000180)=[{&(0x7f0000000300)="00214717a70700000000030600710a5e31163ceb9d0471200000000500000000000000ffff0342844d50e7182ce0ab6d00000846df930d0ab9cc127d0dc450de49c204a803166580ac899c081cb49f1930e7d07fbdf3", 0x56}], 0x1, 0x8, 0x1) 126.390938ms ago: executing program 3 (id=614): r0 = syz_usb_connect$cdc_ncm(0x0, 0x76, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000402505a1a4400001021d010902640002010000000904010001020d0000052406000105240000000d240f0100000800000000000006241a00000008241c00000008000905810300020000000904010000020d00000904010102020d0000090582020002000000090503"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000007c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x0, 0xb, 0x0, 0x1, 0x4, 0x7, 0x40, 0x2, 0xe, 0x0, 0x1000}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 126.240808ms ago: executing program 6 (id=615): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000003000000000000000000000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0) 109.956528ms ago: executing program 6 (id=616): unshare(0x22020600) ioctl$KDGETLED(0xffffffffffffffff, 0x4b31, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[]) fadvise64(0xffffffffffffffff, 0x1f00, 0x7f, 0x1000000) 95.360718ms ago: executing program 6 (id=617): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x0, 0x4, 0xefffffff, 0x0, [{0x82, 0x8, 0xfc, '\x00', 0x3}, {0x3, 0x9, 0xfc, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0x1}, {0x11, 0xb, 0x0, '\x00', 0xea}, {0x0, 0x0, 0x0, '\x00', 0xfc}, {0x0, 0x0, 0x4, '\x00', 0x2}, {0x1f, 0x1, 0x2}, {0xfd, 0x0, 0x0, '\x00', 0x2}, {0x0, 0xf, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x11}, {0xb}, {0x1, 0x89, 0x42, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x1}, {0x2, 0x0, 0x6}, {0xc2, 0x0, 0x0, '\x00', 0x49}, {0x1, 0x21, 0x80}, {0x3, 0x0, 0x0, '\x00', 0x80}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x4, 0xd, '\x00', 0xfd}, {0x8, 0xc0, 0x3}, {0x0, 0x12, 0x3, '\x00', 0x35}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x2, 0x5, 0x9}, {0x80, 0xff, 0x3, '\x00', 0x7}]}}) 52.981249ms ago: executing program 2 (id=618): r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bpf$PROG_LOAD(0x5, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x1400000, 0x0, 0xc3072, 0xffffffffffffffff, 0x0) r1 = dup(r0) setsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000b80)={{{@in, @in=@multicast2, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x65}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, {{@in=@multicast2}, 0x0, @in6=@dev}}, 0xe8) 52.536469ms ago: executing program 2 (id=619): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0x2a, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) syz_usb_connect(0x0, 0x10b, &(0x7f0000000000)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904"], 0x0) 18.699679ms ago: executing program 6 (id=620): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bridge0\x00', 0x0}) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4) sendto$packet(r0, &(0x7f00000000c0)="3f031c000302140006001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063382a0c1511fdf9435e3ffe46", 0xe90c, 0x0, &(0x7f0000000540)={0xc9, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14) recvmmsg(r0, &(0x7f0000006e40)=[{{0x0, 0x0, &(0x7f0000005300)=[{&(0x7f00000051c0)=""/73, 0x49}], 0x1}, 0x7}, {{0x0, 0x0, &(0x7f00000054c0), 0x0, &(0x7f0000005500)=""/167, 0xa7}}, {{0x0, 0x0, 0x0}, 0x2}], 0x3, 0x2, 0x0) 0s ago: executing program 6 (id=621): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x512, &(0x7f0000000c40)="$eJzs3W1rZFcdAPD/vcmk2d3UTFVkLdgWW9ktujNJY9so0lYQfVVQ6/s1JpMQMsmEzKRuQtEsfgBBRAU/gG8EP4Ag+xFEWND3oqKI7upL3St35kbzMJMMySSzTn4/OJlz7sP5n3PJ3LkPh3sDuLJeioh3ImIsIl6NiOlielqk2OukfLnHjz5YzFMSWfbe35JIimn7deXl8Yi4Uaw2GRFf/0rEt5LjcZs7u2sL9XptqyhXW+ub1ebO7p3V9YWV2kptY25u9o35N+dfn5/JCufqZzki3vrSn370/Z99+a1ffebbv7/7l9vfyZv1hY912h0Ri+cK0EOn7lJ7W+zLt9HWRQQbkrw/pbFhtwIAgH7kx/gfjohPto//p2OsfTQHAAAAjJLs7an4VxKRAQAAACMrjYipSNJKMRZgKtK0UumM4f1oXE/rjWbr08uN7Y2lfF5EOUrp8mq9NlOMFS5HKcnLs8UY2/3ya0fKcxHxXET8cPpau1xZbNSXhn3xAwAAAK6IGy8ePv//53TazgMAAAAjptyzAAAAAIwKp/wAAAAw+pz/AwAAwEj76rvv5inbf4/30vs722uN9+8s1ZprlfXtxcpiY2uzstJorLSf2bd+Wn31RmPzs7Gxfa/aqjVb1ebO7t31xvZG6+7qoVdgAwAAAJfouRcf/C6JiL3PX2unKJ4DCHDIH4fdAGCQxobdAGBoxofdAGBoSqcuYQ8Boy45Zf7xwTuda4Xx64tpDwAAMHi3Pn78/v9EMe/0awPA/zNjfQDg6nF3D66u0llHAN4cdEuAYflQ5+OZXvN7Pryjj/v/nWsMWXamhgEAAAMz1U5JWimO06ciTSuViGfbrwUoJcur9dpMcX7w2+nSM3l5tr1mcuqYYQAAAAAAAAAAAAAAAAAAAAAAAACgI8uSyAAAAICRFpH+OWk/zT/i1vQrU4evDhx569dP3/vxvYVWa2s2YiL5+3Q+aSIiWj8ppr+WeSUAAAAAPAU65+nF5+ywWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn86IPF/XSZcf/6xYgod4s/HpPtz8koRcT1fyQxfmC9JCLGBhB/735E3OwWP4knWZaVi1Z0i3/tguOX25ume/w0Im4MID5cZQ/y/c873b5/abzU/uz+/Rsv0nn13v+l/93/jfXY/zx7pNzL8w9/Ue0Z/37E8+Pd9z/78ZNO/EMh8sLLffbxm9/Y3e0640CV3eIfjFVtrW9Wmzu7d1bXF1ZqK7WNubnZN+bfnH99fqa6vFqvFX+7hvnBJ3755KT+X+8Rv3y4/8e2/yt99T6Lfz+89+gjnUKpW/zbL3f//b3ZI35a/PZ9qsjn82/t5/c6+YNe+PlvXjip/0s9+j95Sv9v99X/+NyrX/veH7rOObY1AIDL0NzZXVuo12tbJ2Qm+1jmkjNvPx3NGGAmno5mDCuTfbfz/3i+es65+rFMdp7Vx2MAzZg49j0di7NWmETs5XX1+Q8JAACMmP8d9J90BwkAAAAAAAAAAAAAAAAAAAC4SGd8LNlkRPS98NGYe8PpKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAif4TAAD//4RX0Xo=") bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000fcffffff850000002d000000850000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='block_plug\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.187' (ED25519) to the list of known hosts. [ 24.513627][ T28] audit: type=1400 audit(1747227430.479:64): avc: denied { mounton } for pid=274 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 24.515061][ T274] cgroup: Unknown subsys name 'net' [ 24.539058][ T28] audit: type=1400 audit(1747227430.479:65): avc: denied { mount } for pid=274 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.570083][ T28] audit: type=1400 audit(1747227430.509:66): avc: denied { unmount } for pid=274 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 24.570285][ T274] cgroup: Unknown subsys name 'devices' [ 24.720545][ T274] cgroup: Unknown subsys name 'hugetlb' [ 24.728310][ T274] cgroup: Unknown subsys name 'rlimit' [ 24.832814][ T28] audit: type=1400 audit(1747227430.799:67): avc: denied { setattr } for pid=274 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=258 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 24.859597][ T28] audit: type=1400 audit(1747227430.799:68): avc: denied { mounton } for pid=274 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 24.891763][ T28] audit: type=1400 audit(1747227430.799:69): avc: denied { mount } for pid=274 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 Setting up swapspace version 1, size = 127995904 bytes [ 24.928504][ T276] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 24.939397][ T28] audit: type=1400 audit(1747227430.909:70): avc: denied { relabelto } for pid=276 comm="mkswap" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 24.952962][ T274] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 24.970318][ T28] audit: type=1400 audit(1747227430.909:71): avc: denied { write } for pid=276 comm="mkswap" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.011395][ T28] audit: type=1400 audit(1747227430.909:72): avc: denied { read } for pid=274 comm="syz-executor" name="swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.038974][ T28] audit: type=1400 audit(1747227430.909:73): avc: denied { open } for pid=274 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=2025 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t" [ 25.775598][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.783498][ T282] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.792508][ T282] device bridge_slave_0 entered promiscuous mode [ 25.801231][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.809582][ T282] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.817348][ T282] device bridge_slave_1 entered promiscuous mode [ 25.868914][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 25.877029][ T283] bridge0: port 1(bridge_slave_0) entered disabled state [ 25.885223][ T283] device bridge_slave_0 entered promiscuous mode [ 25.896015][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 25.903928][ T283] bridge0: port 2(bridge_slave_1) entered disabled state [ 25.912456][ T283] device bridge_slave_1 entered promiscuous mode [ 26.024026][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.031629][ T287] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.039780][ T287] device bridge_slave_0 entered promiscuous mode [ 26.056991][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.065877][ T287] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.075603][ T287] device bridge_slave_1 entered promiscuous mode [ 26.096297][ T284] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.104576][ T284] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.114205][ T284] device bridge_slave_0 entered promiscuous mode [ 26.134290][ T284] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.144011][ T284] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.153224][ T284] device bridge_slave_1 entered promiscuous mode [ 26.267022][ T282] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.274584][ T282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.282778][ T282] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.291536][ T282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.305502][ T290] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.313975][ T290] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.323107][ T290] device bridge_slave_0 entered promiscuous mode [ 26.331525][ T290] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.339617][ T290] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.347682][ T290] device bridge_slave_1 entered promiscuous mode [ 26.420821][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.429574][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.437843][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.445805][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.519541][ T287] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.527790][ T287] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.535860][ T287] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.544421][ T287] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.572953][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.582506][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.591944][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.600097][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.608078][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 26.617179][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 26.626600][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.635859][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.672754][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.682212][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.691633][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.700891][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.710074][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.720666][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.728361][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.768284][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.778077][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.785821][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.794237][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.804661][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.814364][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 26.824989][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 26.833925][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.843842][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.854238][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.862229][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 26.871573][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 26.880861][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 26.908275][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 26.916672][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 26.925614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 26.935344][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 26.945329][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 26.953418][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 26.961569][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 26.971752][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 26.981787][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 26.991446][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.000410][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.009137][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.017375][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.026644][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.035388][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.044989][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.055337][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 27.064805][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.075673][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.085133][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.093060][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.114210][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.123973][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.135576][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.143404][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.155338][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.165203][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.177225][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.189429][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.211564][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.226128][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.235106][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.245897][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.258757][ T282] device veth0_vlan entered promiscuous mode [ 27.272054][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 27.281610][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 27.291587][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.303761][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.314171][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 27.323301][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 27.333951][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 27.342080][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 27.350366][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 27.364186][ T283] device veth0_vlan entered promiscuous mode [ 27.378361][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.388891][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.398764][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 27.408695][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 27.417693][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 27.425320][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 27.433803][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.441885][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.469282][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 27.480518][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.492046][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 27.502546][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.512154][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 27.521518][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 27.531438][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.540149][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.553719][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 27.562662][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.573940][ T282] device veth1_macvtap entered promiscuous mode [ 27.584543][ T283] device veth1_macvtap entered promiscuous mode [ 27.593331][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.603427][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 27.612831][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.629788][ T284] device veth0_vlan entered promiscuous mode [ 27.644742][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.653946][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.662923][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.673835][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.682688][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.695042][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 27.705381][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 27.716999][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 27.728059][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.754934][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.765086][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.774408][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.782991][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 27.792835][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.802552][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.812129][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 27.821614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 27.831524][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 27.846534][ T287] device veth0_vlan entered promiscuous mode [ 27.859473][ T284] device veth1_macvtap entered promiscuous mode [ 27.867800][ T283] request_module fs-gadgetfs succeeded, but still no fs? [ 27.886917][ T290] device veth0_vlan entered promiscuous mode [ 27.897551][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 27.910760][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 27.933431][ T287] device veth1_macvtap entered promiscuous mode [ 27.945495][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 27.972442][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 27.974041][ T310] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 27.981943][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.012035][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.022808][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 28.038681][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.046392][ T312] loop1: detected capacity change from 0 to 512 [ 28.049427][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 28.062550][ T312] ======================================================= [ 28.062550][ T312] WARNING: The mand mount option has been deprecated and [ 28.062550][ T312] and is ignored by this kernel. Remove the mand [ 28.062550][ T312] option from the mount to silence this warning. [ 28.062550][ T312] ======================================================= [ 28.109697][ T290] device veth1_macvtap entered promiscuous mode [ 28.127766][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 28.138414][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.148505][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.155732][ T312] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 28.157385][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.176739][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.185870][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.188250][ T312] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 28.196732][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.206179][ T312] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 28.252741][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.273136][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.285917][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 28.295795][ T312] SELinux: Context system_u:object_r:hwdata_t:s0 is not valid (left unmapped). [ 28.302652][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.309816][ T312] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 28.316146][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.340476][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.350533][ T282] EXT4-fs (loop1): unmounting filesystem. [ 28.454996][ T332] loop2: detected capacity change from 0 to 512 [ 28.511350][ T332] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 28.536679][ T332] EXT4-fs (loop2): orphan cleanup on readonly fs [ 28.560486][ T332] EXT4-fs warning (device loop2): ext4_enable_quotas:7024: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 28.577401][ T343] Zero length message leads to an empty skb [ 28.586506][ T321] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 28.600438][ T332] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 28.620144][ T332] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #16: comm syz.2.3: iget: immutable or append flags not allowed on symlinks [ 28.652004][ T332] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.3: couldn't read orphan inode 16 (err -117) [ 28.667692][ T332] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 28.698248][ T290] EXT4-fs (loop2): unmounting filesystem. [ 28.756094][ T350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16'. [ 28.778111][ T321] usb 5-1: Using ep0 maxpacket: 16 [ 28.787070][ T321] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 28.807975][ T350] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16'. [ 28.827992][ T321] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 28.839244][ T321] usb 5-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 28.863453][ T321] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 28.893337][ T321] usb 5-1: config 0 descriptor?? [ 28.907104][ T362] loop2: detected capacity change from 0 to 1024 [ 28.921918][ T362] EXT4-fs: dax option not supported [ 28.934164][ T365] tun0: tun_chr_ioctl cmd 1074025675 [ 28.956212][ T365] tun0: persist enabled [ 28.962635][ T365] tun0: tun_chr_ioctl cmd 1074025675 [ 28.975002][ T365] tun0: persist enabled [ 29.311871][ T321] input: HID 05ac:8241 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:05AC:8241.0001/input/input4 [ 29.334977][ T410] loop3: detected capacity change from 0 to 1024 [ 29.342662][ T410] EXT4-fs: Ignoring removed oldalloc option [ 29.359813][ T410] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 29.414394][ T321] appleir 0003:05AC:8241.0001: input,hiddev96,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.4-1/input0 [ 29.434677][ T410] EXT4-fs (loop3): Online defrag not supported with bigalloc [ 29.454831][ T287] EXT4-fs (loop3): unmounting filesystem. [ 29.527941][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 29.541534][ T321] usb 5-1: USB disconnect, device number 2 [ 29.555377][ T28] kauditd_printk_skb: 64 callbacks suppressed [ 29.555394][ T28] audit: type=1400 audit(1747227435.519:138): avc: denied { name_bind } for pid=422 comm="syz.1.46" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 29.617069][ T28] audit: type=1400 audit(1747227435.559:139): avc: denied { ioctl } for pid=424 comm="syz.1.47" path="socket:[16589]" dev="sockfs" ino=16589 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 29.620852][ T418] fido_id[418]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 29.645126][ T28] audit: type=1400 audit(1747227435.559:140): avc: denied { write } for pid=424 comm="syz.1.47" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 29.682456][ T28] audit: type=1400 audit(1747227435.559:141): avc: denied { read write } for pid=426 comm="syz.3.48" name="rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 29.709097][ T28] audit: type=1400 audit(1747227435.569:142): avc: denied { open } for pid=426 comm="syz.3.48" path="/dev/rtc0" dev="devtmpfs" ino=263 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 29.749257][ T28] audit: type=1400 audit(1747227435.719:143): avc: denied { read write } for pid=430 comm="syz.1.50" name="ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 29.758042][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 29.777442][ T28] audit: type=1400 audit(1747227435.719:144): avc: denied { open } for pid=430 comm="syz.1.50" path="/dev/ppp" dev="devtmpfs" ino=158 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 29.786414][ T24] usb 3-1: config 135 has an invalid interface number: 230 but max is 0 [ 29.807541][ T28] audit: type=1400 audit(1747227435.749:145): avc: denied { ioctl } for pid=430 comm="syz.1.50" path="/dev/ppp" dev="devtmpfs" ino=158 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 29.822950][ T24] usb 3-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 29.861506][ T24] usb 3-1: config 135 has no interface number 0 [ 29.868907][ T24] usb 3-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 29.886876][ T24] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 29.896794][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.905523][ T24] usb 3-1: Product: syz [ 29.918296][ T24] usb 3-1: Manufacturer: syz [ 29.923322][ T24] usb 3-1: SerialNumber: syz [ 29.930373][ T24] usb 3-1: Found UVC 0.00 device syz (18ec:3288) [ 29.937721][ T24] usb 3-1: No valid video chain found. [ 30.092459][ T440] device gretap0 entered promiscuous mode [ 30.100454][ T440] device gretap0 left promiscuous mode [ 30.120703][ T28] audit: type=1400 audit(1747227436.089:146): avc: denied { setopt } for pid=441 comm="syz.4.55" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 30.204290][ T321] usb 3-1: USB disconnect, device number 2 [ 30.280584][ T28] audit: type=1400 audit(1747227436.249:147): avc: denied { create } for pid=450 comm="syz.0.59" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 30.359877][ T455] loop4: detected capacity change from 0 to 8192 [ 30.378333][ T460] loop0: detected capacity change from 0 to 256 [ 30.404706][ T460] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.416309][ T460] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.452365][ T460] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.465328][ T459] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.474668][ T283] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 30.478442][ T460] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.499280][ T459] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.499802][ T283] FAT-fs (loop4): Filesystem has been set read-only [ 30.511079][ T460] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.529552][ T283] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 0) [ 30.531837][ T459] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.551682][ T460] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.563071][ T459] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 30.650259][ T283] syz-executor (283) used greatest stack depth: 21760 bytes left [ 30.770904][ T474] netlink: 'syz.3.72': attribute type 4 has an invalid length. [ 30.791208][ T474] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.72'. [ 31.165124][ T496] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.173785][ T496] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.182609][ T496] device bridge_slave_0 entered promiscuous mode [ 31.200967][ T496] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.231828][ T496] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.240364][ T496] device bridge_slave_1 entered promiscuous mode [ 31.253765][ T513] netlink: 104 bytes leftover after parsing attributes in process `syz.2.89'. [ 31.333159][ T10] device bridge_slave_1 left promiscuous mode [ 31.340245][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.355391][ T10] device bridge_slave_0 left promiscuous mode [ 31.365277][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.376122][ T10] device veth1_macvtap left promiscuous mode [ 31.382997][ T10] device veth0_vlan left promiscuous mode [ 31.418117][ T525] loop1: detected capacity change from 0 to 512 [ 31.425927][ T525] EXT4-fs: Ignoring removed mblk_io_submit option [ 31.435195][ T525] EXT4-fs: Ignoring removed mblk_io_submit option [ 31.443009][ T525] EXT4-fs (loop1): Test dummy encryption mode enabled [ 31.450340][ T525] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 31.471680][ T525] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 31.489877][ T525] EXT4-fs (loop1): 1 truncate cleaned up [ 31.496541][ T525] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 31.580533][ T523] bridge0: port 3(syz_tun) entered blocking state [ 31.587712][ T523] bridge0: port 3(syz_tun) entered disabled state [ 31.596355][ T523] device syz_tun entered promiscuous mode [ 31.604668][ T523] bridge0: port 3(syz_tun) entered blocking state [ 31.612449][ T523] bridge0: port 3(syz_tun) entered forwarding state [ 31.623419][ T525] netlink: 8 bytes leftover after parsing attributes in process `syz.1.93'. [ 31.658761][ T282] EXT4-fs (loop1): unmounting filesystem. [ 31.715889][ T541] netlink: 96 bytes leftover after parsing attributes in process `syz.1.98'. [ 31.790821][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 31.806644][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 31.826781][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 31.838223][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 31.847190][ T320] bridge0: port 1(bridge_slave_0) entered blocking state [ 31.854864][ T320] bridge0: port 1(bridge_slave_0) entered forwarding state [ 31.866253][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 31.876340][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 31.885660][ T320] bridge0: port 2(bridge_slave_1) entered blocking state [ 31.893949][ T320] bridge0: port 2(bridge_slave_1) entered forwarding state [ 31.902545][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 31.912010][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 31.922925][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 31.940731][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 31.955087][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 31.966789][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 31.975615][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 31.989544][ T496] device veth0_vlan entered promiscuous mode [ 32.001892][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 32.013250][ T496] device veth1_macvtap entered promiscuous mode [ 32.025944][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 32.038699][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 32.067223][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 32.086020][ T320] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 32.225478][ T576] netlink: 16 bytes leftover after parsing attributes in process `syz.5.111'. [ 32.238831][ T578] syz.3.112[578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 32.238910][ T578] syz.3.112[578] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 32.286186][ T580] netlink: 44 bytes leftover after parsing attributes in process `syz.5.114'. [ 32.309999][ T582] loop3: detected capacity change from 0 to 256 [ 32.327998][ T285] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.343359][ T582] FAT-fs (loop3): Directory bread(block 64) failed [ 32.353250][ T582] FAT-fs (loop3): Directory bread(block 65) failed [ 32.361156][ T582] FAT-fs (loop3): Directory bread(block 66) failed [ 32.368661][ T582] FAT-fs (loop3): Directory bread(block 67) failed [ 32.377100][ T582] FAT-fs (loop3): Directory bread(block 68) failed [ 32.385021][ T285] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.385022][ T582] FAT-fs (loop3): Directory bread(block 69) failed [ 32.385084][ T582] FAT-fs (loop3): Directory bread(block 70) failed [ 32.408381][ T582] FAT-fs (loop3): Directory bread(block 71) failed [ 32.420656][ T582] FAT-fs (loop3): Directory bread(block 72) failed [ 32.430067][ T582] FAT-fs (loop3): Directory bread(block 73) failed [ 32.477980][ T304] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.568184][ T304] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.571568][ T598] loop2: detected capacity change from 0 to 256 [ 32.606490][ T598] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 32.627336][ T598] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 32.640736][ T602] device veth0 entered promiscuous mode [ 32.649781][ T304] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.663192][ T601] device veth0 left promiscuous mode [ 32.670641][ T606] device veth1_to_bond entered promiscuous mode [ 32.678847][ T598] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 32.679566][ T604] device veth1_to_bond left promiscuous mode [ 32.708230][ T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.778351][ T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.828033][ T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.905733][ T634] tmpfs: Unknown parameter 'fow' [ 32.913706][ T636] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 32.928042][ T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 32.982619][ T640] loop1: detected capacity change from 0 to 256 [ 33.008046][ T24] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 33.099238][ T649] syz.2.145 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 33.149003][ T631] loop0: detected capacity change from 0 to 40427 [ 33.170021][ T631] F2FS-fs (loop0): Found nat_bits in checkpoint [ 33.237941][ T631] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 33.252870][ T631] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 33.311144][ T321] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 33.338971][ T284] syz-executor: attempt to access beyond end of device [ 33.338971][ T284] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 33.508134][ T681] SELinux: Context system_u:object_r:iptables_unit_file_t:s0 is not valid (left unmapped). [ 33.524117][ T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 33.537429][ T683] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 33.551366][ T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 33.563526][ T321] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 33.582097][ T321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 33.591974][ T321] usb 4-1: config 0 descriptor?? [ 33.750941][ T702] loop0: detected capacity change from 0 to 512 [ 33.811519][ T702] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #16: comm syz.0.168: corrupted inode contents [ 33.825661][ T702] EXT4-fs error (device loop0): ext4_dirty_inode:6091: inode #16: comm syz.0.168: mark_inode_dirty error [ 33.841536][ T702] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #16: comm syz.0.168: corrupted inode contents [ 33.855966][ T702] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz.0.168: mark_inode_dirty error [ 33.870710][ T702] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #16: comm syz.0.168: corrupted inode contents [ 33.888659][ T702] EXT4-fs error (device loop0) in ext4_orphan_del:305: Corrupt filesystem [ 33.913697][ T702] EXT4-fs error (device loop0): ext4_do_update_inode:5226: inode #16: comm syz.0.168: corrupted inode contents [ 33.970005][ T702] EXT4-fs error (device loop0): ext4_truncate:4313: inode #16: comm syz.0.168: mark_inode_dirty error [ 34.004586][ T321] kone 0003:1E7D:2CED.0002: hidraw0: USB HID v0.00 Device [HID 1e7d:2ced] on usb-dummy_hcd.3-1/input0 [ 34.020217][ T702] EXT4-fs error (device loop0) in ext4_process_orphan:347: Corrupt filesystem [ 34.040528][ T702] EXT4-fs (loop0): 1 truncate cleaned up [ 34.058133][ T10] EXT4-fs error (device loop0): ext4_release_dquot:6812: comm kworker/u4:1: Failed to release dquot type 1 [ 34.071578][ T702] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 34.093300][ T702] ext4 filesystem being mounted at /28/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 34.145429][ T731] Driver unsupported XDP return value 0 on prog (id 99) dev N/A, expect packet loss! [ 34.184720][ T284] EXT4-fs (loop0): unmounting filesystem. [ 34.211784][ T24] usb 4-1: USB disconnect, device number 2 [ 34.450331][ T759] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=759 comm=syz.2.189 [ 34.561086][ T28] kauditd_printk_skb: 70 callbacks suppressed [ 34.561102][ T28] audit: type=1400 audit(1747227440.529:217): avc: denied { write } for pid=764 comm="syz.5.193" path="socket:[18108]" dev="sockfs" ino=18108 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 34.658504][ T28] audit: type=1400 audit(1747227440.569:218): avc: denied { read } for pid=764 comm="syz.5.193" laddr=172.20.20.10 lport=1 faddr=172.20.20.187 fport=20002 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 34.696814][ T28] audit: type=1400 audit(1747227440.599:219): avc: denied { setopt } for pid=770 comm="syz.0.196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 34.718182][ T28] audit: type=1400 audit(1747227440.599:220): avc: denied { ioctl } for pid=770 comm="syz.0.196" path="socket:[18123]" dev="sockfs" ino=18123 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 34.805370][ T788] syz.0.204[788] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.805449][ T788] syz.0.204[788] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.827319][ T28] audit: type=1400 audit(1747227440.609:221): avc: denied { bind } for pid=770 comm="syz.0.196" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 34.832453][ T793] loop3: detected capacity change from 0 to 512 [ 34.848244][ T28] audit: type=1400 audit(1747227440.769:222): avc: denied { mount } for pid=790 comm="syz.2.205" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 34.922198][ T28] audit: type=1400 audit(1747227440.769:223): avc: denied { mounton } for pid=790 comm="syz.2.205" path="/55/file0" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=dir permissive=1 [ 34.965428][ T793] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 34.999528][ T793] EXT4-fs (loop3): can't mount with data=, fs mounted w/o journal [ 35.010359][ T28] audit: type=1400 audit(1747227440.869:224): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 35.037350][ T28] audit: type=1400 audit(1747227440.959:225): avc: denied { getopt } for pid=802 comm="syz.5.210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 35.093290][ T28] audit: type=1400 audit(1747227441.059:226): avc: denied { nlmsg_read } for pid=813 comm="syz.1.214" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 35.094162][ T814] netlink: 104 bytes leftover after parsing attributes in process `syz.1.214'. [ 35.141361][ T285] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 35.196216][ T826] loop2: detected capacity change from 0 to 128 [ 35.215458][ T826] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 35.225477][ T826] ext4 filesystem being mounted at /60/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 35.266420][ T290] EXT4-fs (loop2): unmounting filesystem. [ 35.304533][ T838] netem: change failed [ 35.326416][ T841] netlink: 80 bytes leftover after parsing attributes in process `syz.1.225'. [ 35.337922][ T285] usb 1-1: Using ep0 maxpacket: 8 [ 35.344796][ T285] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 35.363147][ T841] netlink: 80 bytes leftover after parsing attributes in process `syz.1.225'. [ 35.373757][ T285] usb 1-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e [ 35.385595][ T841] netlink: 80 bytes leftover after parsing attributes in process `syz.1.225'. [ 35.396285][ T285] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 35.416684][ T285] usb 1-1: config 0 descriptor?? [ 35.427320][ T285] usb 1-1: bad CDC descriptors [ 35.505035][ T853] netlink: 20 bytes leftover after parsing attributes in process `syz.3.231'. [ 35.538287][ T853] netlink: 20 bytes leftover after parsing attributes in process `syz.3.231'. [ 35.634896][ T285] usb 1-1: USB disconnect, device number 2 [ 35.635393][ T843] loop2: detected capacity change from 0 to 40427 [ 35.663846][ T843] F2FS-fs (loop2): Small segment_count (9 < 1 * 24) [ 35.680228][ T843] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 35.713136][ T843] F2FS-fs (loop2): Found nat_bits in checkpoint [ 35.792471][ T843] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 35.799959][ T843] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 35.861906][ T855] loop1: detected capacity change from 0 to 40427 [ 35.887055][ T855] F2FS-fs (loop1): heap/no_heap options were deprecated [ 35.887948][ T855] F2FS-fs (loop1): invalid crc value [ 35.889002][ T855] F2FS-fs (loop1): Found nat_bits in checkpoint [ 35.944376][ T290] syz-executor: attempt to access beyond end of device [ 35.944376][ T290] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 35.972158][ T855] F2FS-fs (loop1): Start checkpoint disabled! [ 35.981578][ T855] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 36.095557][ T855] syz.1.232: attempt to access beyond end of device [ 36.095557][ T855] loop1: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 36.204460][ T320] kworker/u4:4: attempt to access beyond end of device [ 36.204460][ T320] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 36.449501][ T910] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 36.478177][ T910] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 36.676948][ T902] loop2: detected capacity change from 0 to 40427 [ 36.706115][ T902] F2FS-fs (loop2): fault_injection options not supported [ 36.731552][ T902] F2FS-fs (loop2): invalid crc value [ 36.759705][ T902] F2FS-fs (loop2): Found nat_bits in checkpoint [ 36.785519][ T940] loop1: detected capacity change from 0 to 8192 [ 36.841728][ T902] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 36.899404][ T290] syz-executor: attempt to access beyond end of device [ 36.899404][ T290] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 36.922180][ T950] loop1: detected capacity change from 0 to 4096 [ 36.965601][ T950] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 37.015738][ T282] EXT4-fs (loop1): unmounting filesystem. [ 37.038012][ T285] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 37.122914][ T6] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 37.144368][ T6] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 37.156730][ T966] loop1: detected capacity change from 0 to 1024 [ 37.198657][ T966] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 37.226173][ T282] EXT4-fs (loop1): unmounting filesystem. [ 37.239865][ T285] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 37.262539][ T285] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 37.295606][ T285] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 37.306557][ T285] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.316771][ T285] usb 4-1: Product: syz [ 37.322355][ T285] usb 4-1: Manufacturer: syz [ 37.328175][ T285] usb 4-1: SerialNumber: syz [ 37.487914][ T304] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 37.526363][ T984] loop0: detected capacity change from 0 to 40427 [ 37.540868][ T984] F2FS-fs (loop0): fault_injection options not supported [ 37.555851][ T285] usb 4-1: 0:2 : does not exist [ 37.566938][ T285] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 37.574715][ T984] F2FS-fs (loop0): invalid crc value [ 37.588232][ T984] F2FS-fs (loop0): Found nat_bits in checkpoint [ 37.600562][ T285] usb 4-1: USB disconnect, device number 3 [ 37.687759][ T984] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 37.695064][ T1012] netlink: 8 bytes leftover after parsing attributes in process `syz.1.296'. [ 37.708158][ T304] usb 3-1: config 0 has an invalid interface number: 156 but max is 0 [ 37.710304][ T1012] netlink: 8 bytes leftover after parsing attributes in process `syz.1.296'. [ 37.725432][ T304] usb 3-1: config 0 has no interface number 0 [ 37.736879][ T304] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 37.750196][ T304] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 37.754698][ T1012] netlink: 8 bytes leftover after parsing attributes in process `syz.1.296'. [ 37.761624][ T304] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 37.771444][ T1012] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 37.822336][ T304] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 37.842526][ T304] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 37.852685][ T284] syz-executor: attempt to access beyond end of device [ 37.852685][ T284] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 37.879122][ T304] usb 3-1: config 0 descriptor?? [ 37.896247][ T304] usb 3-1: MIDIStreaming interface descriptor not found [ 37.936390][ T1023] loop5: detected capacity change from 0 to 1024 [ 37.946562][ T304] snd-usb-audio: probe of 3-1:0.156 failed with error -12 [ 37.950383][ T1023] EXT4-fs: Ignoring removed nobh option [ 37.963429][ T1023] EXT4-fs: Ignoring removed bh option [ 38.018850][ T1023] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 38.040228][ T316] udevd[316]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.156/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 38.157945][ T6] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 38.167768][ T1023] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 38.173783][ T304] usb 3-1: USB disconnect, device number 3 [ 38.296964][ T496] EXT4-fs (loop5): unmounting filesystem. [ 38.378960][ T6] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 38.397930][ T6] usb 2-1: config 1 has no interface number 0 [ 38.405286][ T6] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 38.434273][ T6] usb 2-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 38.458875][ T6] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 38.472178][ T6] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 38.486196][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=29 [ 38.495538][ T6] usb 2-1: Product: syz [ 38.500446][ T6] usb 2-1: Manufacturer: syz [ 38.506283][ T6] usb 2-1: SerialNumber: syz [ 38.537825][ T1033] loop3: detected capacity change from 0 to 40427 [ 38.559672][ T1033] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 38.569404][ T1033] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 38.598910][ T1033] F2FS-fs (loop3): invalid crc value [ 38.620142][ T1033] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 38.635151][ T1033] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 38.662388][ T1033] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 38.670626][ T1033] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 38.734709][ T1065] syz.5.320[1065] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.734817][ T1065] syz.5.320[1065] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 38.772079][ T1068] xt_bpf: check failed: parse error [ 39.001830][ T1078] loop2: detected capacity change from 0 to 40427 [ 39.011136][ T1078] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 39.020524][ T1078] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 39.053061][ T1090] loop5: detected capacity change from 0 to 8192 [ 39.096140][ T1078] F2FS-fs (loop2): Found nat_bits in checkpoint [ 39.166393][ T1078] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 39.174623][ T1078] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 40.097869][ C0] sched: RT throttling activated [ 40.119980][ T6] cdc_ncm 2-1:1.1: bind() failure [ 40.169202][ T1107] netlink: 8 bytes leftover after parsing attributes in process `syz.0.340'. [ 40.182854][ T1105] loop5: detected capacity change from 0 to 1024 [ 40.207591][ T1107] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 40.239977][ T1105] EXT4-fs: Ignoring removed i_version option [ 40.284296][ T1105] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 2: comm syz.5.337: lblock 2 mapped to illegal pblock 2 (length 1) [ 40.301754][ T1105] __quota_error: 41 callbacks suppressed [ 40.301772][ T1105] Quota error (device loop5): qtree_write_dquot: dquota write failed [ 40.320337][ T1105] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 48: comm syz.5.337: lblock 0 mapped to illegal pblock 48 (length 1) [ 40.347042][ T1105] Quota error (device loop5): v2_write_file_info: Can't write info structure [ 40.358645][ T1105] EXT4-fs error (device loop5): ext4_acquire_dquot:6789: comm syz.5.337: Failed to acquire dquot type 0 [ 40.375063][ T321] usb 2-1: USB disconnect, device number 2 [ 40.381489][ T1105] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5887: Corrupt filesystem [ 40.399802][ T1105] EXT4-fs error (device loop5): ext4_evict_inode:279: inode #11: comm syz.5.337: mark_inode_dirty error [ 40.418705][ T1105] EXT4-fs warning (device loop5): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 40.449227][ T1105] EXT4-fs (loop5): 1 orphan inode deleted [ 40.456542][ T1105] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 40.470510][ T10] EXT4-fs error (device loop5): ext4_map_blocks:634: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 40.518875][ T10] Quota error (device loop5): remove_tree: Can't read quota data block 1 [ 40.537477][ T10] EXT4-fs error (device loop5): ext4_release_dquot:6812: comm kworker/u4:1: Failed to release dquot type 0 [ 40.575376][ T496] EXT4-fs (loop5): unmounting filesystem. [ 40.589232][ T496] EXT4-fs error (device loop5): __ext4_get_inode_loc:4508: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 40.624103][ T496] EXT4-fs error (device loop5) in ext4_reserve_inode_write:5887: Corrupt filesystem [ 40.630454][ T28] audit: type=1400 audit(1747227446.599:268): avc: denied { ioctl } for pid=1117 comm="syz.3.343" path="/dev/uinput" dev="devtmpfs" ino=262 ioctlcmd=0x5564 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 40.646964][ T496] EXT4-fs error (device loop5): ext4_quota_off:7078: inode #3: comm syz-executor: mark_inode_dirty error [ 40.668820][ T1118] input: syz1 as /devices/virtual/input/input6 [ 40.692242][ T1116] loop2: detected capacity change from 0 to 40427 [ 40.700041][ T28] audit: type=1400 audit(1747227446.659:269): avc: denied { read } for pid=87 comm="acpid" name="event3" dev="devtmpfs" ino=689 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.700671][ T1116] F2FS-fs (loop2): heap/no_heap options were deprecated [ 40.750276][ T1116] F2FS-fs (loop2): heap/no_heap options were deprecated [ 40.763076][ T1116] F2FS-fs (loop2): invalid crc value [ 40.769302][ T28] audit: type=1400 audit(1747227446.659:270): avc: denied { open } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=689 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.795285][ T28] audit: type=1400 audit(1747227446.659:271): avc: denied { ioctl } for pid=87 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=689 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 40.823241][ T1116] F2FS-fs (loop2): Found nat_bits in checkpoint [ 40.871207][ T1116] F2FS-fs (loop2): Start checkpoint disabled! [ 40.879138][ T1116] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 40.941890][ T1116] syz.2.341: attempt to access beyond end of device [ 40.941890][ T1116] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 40.993580][ T743] kworker/u4:5: attempt to access beyond end of device [ 40.993580][ T743] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 41.093786][ T1134] loop0: detected capacity change from 0 to 512 [ 41.115446][ T1134] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 41.140246][ T1134] EXT4-fs (loop0): 1 truncate cleaned up [ 41.146651][ T1134] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 41.268944][ T284] EXT4-fs (loop0): unmounting filesystem. [ 41.388362][ T1147] netlink: 'syz.2.354': attribute type 4 has an invalid length. [ 41.422926][ T1147] netlink: 'syz.2.354': attribute type 4 has an invalid length. [ 41.463805][ T1143] loop3: detected capacity change from 0 to 40427 [ 41.476620][ T1147] syz.2.354 (1147) used greatest stack depth: 20800 bytes left [ 41.492498][ T1143] F2FS-fs (loop3): invalid crc value [ 41.525585][ T1143] F2FS-fs (loop3): Found nat_bits in checkpoint [ 41.571595][ T1143] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 41.635192][ T1143] syz.3.352: attempt to access beyond end of device [ 41.635192][ T1143] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 41.674935][ T28] audit: type=1400 audit(1747227447.639:272): avc: denied { mounton } for pid=1162 comm="syz.2.359" path="/77/file0" dev="tmpfs" ino=418 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 41.701196][ T1163] 9pnet: p9_errstr2errno: server reported unknown error ‌@يخ‚ح(للي«Qے0x0000000000000004 [ 41.701637][ T1165] syz.5.360[1165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.735179][ T1165] syz.5.360[1165] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.811917][ T28] audit: type=1400 audit(1747227447.779:273): avc: denied { read write } for pid=284 comm="syz-executor" name="loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 41.886154][ T28] audit: type=1400 audit(1747227447.779:274): avc: denied { open } for pid=284 comm="syz-executor" path="/dev/loop0" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 41.950683][ T1181] loop1: detected capacity change from 0 to 256 [ 41.965175][ T1181] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 42.011196][ T1185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.369'. [ 42.112606][ T1199] loop3: detected capacity change from 0 to 16 [ 42.138424][ T321] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 42.142726][ T1199] erofs: (device loop3): mounted with root inode @ nid 36. [ 42.264167][ T1201] loop3: detected capacity change from 0 to 1024 [ 42.292833][ T1201] EXT4-fs (loop3): Test dummy encryption mode enabled [ 42.321696][ T1201] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 42.339030][ T321] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 42.362112][ T321] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 42.377925][ T321] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 42.387700][ T321] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 42.413277][ T287] EXT4-fs (loop3): unmounting filesystem. [ 42.422896][ T321] usb 1-1: config 0 descriptor?? [ 42.445471][ T1208] loop2: detected capacity change from 0 to 256 [ 42.834647][ T321] pyra 0003:1E7D:2CF6.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.0-1/input0 [ 42.935965][ T1250] loop2: detected capacity change from 0 to 1024 [ 42.943906][ T1250] EXT4-fs: Ignoring removed orlov option [ 42.960558][ T1250] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 42.993750][ T290] EXT4-fs (loop2): unmounting filesystem. [ 43.009428][ T304] usb 4-1: new full-speed USB device number 4 using dummy_hcd [ 43.034692][ T1253] loop5: detected capacity change from 0 to 512 [ 43.042242][ T1253] EXT4-fs: Ignoring removed oldalloc option [ 43.052188][ T1253] EXT4-fs error (device loop5): ext4_xattr_inode_iget:400: comm syz.5.400: Parent and EA inode have the same ino 15 [ 43.071492][ T1253] EXT4-fs (loop5): Remounting filesystem read-only [ 43.078790][ T1253] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2809: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 43.093661][ T1253] EXT4-fs error (device loop5): ext4_xattr_inode_iget:400: comm syz.5.400: Parent and EA inode have the same ino 15 [ 43.108892][ T1253] EXT4-fs (loop5): Remounting filesystem read-only [ 43.117570][ T1253] EXT4-fs (loop5): 1 orphan inode deleted [ 43.124031][ T1253] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 43.151436][ T496] EXT4-fs (loop5): unmounting filesystem. [ 43.209639][ T304] usb 4-1: config 0 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 43.228424][ T304] usb 4-1: config 0 interface 0 altsetting 10 endpoint 0x81 has invalid wMaxPacketSize 0 [ 43.246893][ T304] usb 4-1: config 0 interface 0 has no altsetting 0 [ 43.260090][ T304] usb 4-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 43.263892][ T1260] input: syz1 as /devices/virtual/input/input7 [ 43.270345][ T304] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 43.298175][ T304] usb 4-1: config 0 descriptor?? [ 43.328124][ T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 43.434963][ T321] pyra 0003:1E7D:2CF6.0004: couldn't init struct pyra_device [ 43.449799][ T321] pyra 0003:1E7D:2CF6.0004: couldn't install mouse [ 43.464418][ T321] pyra: probe of 0003:1E7D:2CF6.0004 failed with error -71 [ 43.477675][ T321] usb 1-1: USB disconnect, device number 3 [ 43.513650][ T1267] fido_id[1267]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 43.538037][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 43.545574][ T24] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 43.554570][ T24] usb 3-1: config 0 has no interface number 0 [ 43.565952][ T24] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 43.576392][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 43.585312][ T24] usb 3-1: Product: syz [ 43.590192][ T24] usb 3-1: Manufacturer: syz [ 43.595217][ T24] usb 3-1: SerialNumber: syz [ 43.610837][ T24] usb 3-1: config 0 descriptor?? [ 43.622576][ T24] smsc95xx v2.0.0 [ 43.746821][ T304] betop 0003:11C0:5506.0005: item fetching failed at offset 0/2 [ 43.756828][ T304] betop 0003:11C0:5506.0005: parse failed [ 43.763656][ T304] betop: probe of 0003:11C0:5506.0005 failed with error -22 [ 43.772263][ T39] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 43.868106][ T19] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 43.960239][ T321] usb 4-1: USB disconnect, device number 4 [ 43.963561][ T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 43.979171][ T39] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 43.990024][ T39] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 44.004576][ T39] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 44.015860][ T39] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.026047][ T39] usb 6-1: config 0 descriptor?? [ 44.069341][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 44.087365][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 44.101129][ T19] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 44.111159][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 44.127131][ T19] usb 2-1: config 0 descriptor?? [ 44.163531][ T1283] netlink: 16 bytes leftover after parsing attributes in process `syz.0.412'. [ 44.175626][ T1283] netlink: 16 bytes leftover after parsing attributes in process `syz.0.412'. [ 44.414533][ T1285] loop0: detected capacity change from 0 to 40427 [ 44.422841][ T1285] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 44.429714][ T1285] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 44.440491][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.448639][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.449137][ T1285] F2FS-fs (loop0): invalid crc value [ 44.456712][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.465526][ T1285] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 44.471996][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.472028][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.472051][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.514607][ T1285] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 44.524539][ T1285] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 44.531104][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.550709][ T1291] loop3: detected capacity change from 0 to 512 [ 44.574248][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.582922][ T1291] EXT4-fs: Ignoring removed nobh option [ 44.585139][ T1285] syz.0.413: attempt to access beyond end of device [ 44.585139][ T1285] loop0: rw=0, sector=77824, nr_sectors = 8 limit=40427 [ 44.589981][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.613640][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.618731][ T1291] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 44.622125][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.637263][ T1291] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.414: invalid indirect mapped block 256 (level 2) [ 44.643709][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.660010][ T284] syz-executor: attempt to access beyond end of device [ 44.660010][ T284] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 44.677497][ T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 44.697264][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.698966][ T1291] EXT4-fs (loop3): 2 truncates cleaned up [ 44.706346][ T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 44.723580][ T1291] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 44.734751][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.769455][ T1291] EXT4-fs error (device loop3): ext4_check_dx_root:2266: inode #2: comm syz.3.414: Corrupt dir, invalid name_len for '.', running e2fsck is recommended [ 44.774531][ T39] plantronics 0003:047F:FFFF.0006: unknown main item tag 0x0 [ 44.804505][ T24] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 44.818136][ T24] smsc95xx: probe of 3-1:0.67 failed with error -71 [ 44.827543][ T24] usb 3-1: USB disconnect, device number 4 [ 44.839759][ T1298] input: syz0 as /devices/virtual/input/input8 [ 44.847497][ T287] EXT4-fs (loop3): unmounting filesystem. [ 44.848429][ T39] plantronics 0003:047F:FFFF.0006: No inputs registered, leaving [ 44.883213][ T39] plantronics 0003:047F:FFFF.0006: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 44.925930][ T39] usb 6-1: USB disconnect, device number 2 [ 44.938979][ C0] raw-gadget.3 gadget.1: ignoring, device is not running [ 44.948933][ C0] raw-gadget.3 gadget.1: ignoring, device is not running [ 44.958578][ C0] raw-gadget.3 gadget.1: ignoring, device is not running [ 44.966618][ C0] raw-gadget.3 gadget.1: ignoring, device is not running [ 44.975230][ C0] raw-gadget.3 gadget.1: ignoring, device is not running [ 44.983788][ C0] raw-gadget.3 gadget.1: ignoring, device is not running [ 44.991634][ C0] raw-gadget.3 gadget.1: ignoring, device is not running [ 44.999828][ T19] uclogic 0003:256C:006D.0007: interface is invalid, ignoring [ 45.020668][ T19] usb 2-1: USB disconnect, device number 3 [ 45.040001][ T1307] loop0: detected capacity change from 0 to 512 [ 45.042528][ T1304] fido_id[1304]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 45.095484][ T1307] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 45.107394][ T1307] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 45.130107][ T1307] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.419: corrupted xattr block 32 [ 45.148701][ T1307] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 45.161283][ T1307] EXT4-fs error (device loop0): ext4_xattr_block_get:546: inode #15: comm syz.0.419: corrupted xattr block 32 [ 45.175460][ T1307] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=15 [ 45.198502][ T284] EXT4-fs (loop0): unmounting filesystem. [ 45.272074][ T1321] loop3: detected capacity change from 0 to 512 [ 45.293435][ T1321] ext4: Unknown parameter 'subj_user' [ 45.350072][ T28] kauditd_printk_skb: 61 callbacks suppressed [ 45.350087][ T28] audit: type=1400 audit(1747227451.319:336): avc: denied { create } for pid=1325 comm="syz.2.426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 45.392938][ T28] audit: type=1400 audit(1747227451.359:337): avc: denied { write } for pid=1325 comm="syz.2.426" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 45.417675][ T1326] netlink: 10 bytes leftover after parsing attributes in process `syz.2.426'. [ 45.434456][ T1329] loop5: detected capacity change from 0 to 128 [ 45.434792][ T1326] netlink: 10 bytes leftover after parsing attributes in process `syz.2.426'. [ 45.443244][ T1329] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 45.517713][ T1334] loop2: detected capacity change from 0 to 1024 [ 45.526942][ T1334] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 45.551805][ T1334] EXT4-fs (loop2): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 45.566007][ T1334] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (53380!=20869) [ 45.577120][ T1334] EXT4-fs error (device loop2): ext4_get_journal_inode:5710: comm syz.2.429: inode #1: comm syz.2.429: iget: illegal inode # [ 45.578062][ T305] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 45.612157][ T1334] EXT4-fs (loop2): no journal found [ 45.665933][ T28] audit: type=1400 audit(1747227451.629:338): avc: denied { ioctl } for pid=1340 comm="syz.5.432" path="socket:[19413]" dev="sockfs" ino=19413 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 45.787093][ T1355] syz.2.438[1355] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.787177][ T1355] syz.2.438[1355] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 45.798029][ T305] usb 4-1: Using ep0 maxpacket: 16 [ 45.833955][ T305] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.854087][ T305] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.867660][ T305] usb 4-1: config 0 interface 0 has no altsetting 0 [ 45.899900][ T305] usb 4-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 45.917034][ T305] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.929534][ T1361] loop5: detected capacity change from 0 to 512 [ 45.941164][ T305] usb 4-1: config 0 descriptor?? [ 45.961442][ T1361] EXT4-fs: Ignoring removed mblk_io_submit option [ 45.971111][ T1361] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 45.995599][ T1361] EXT4-fs (loop5): 1 truncate cleaned up [ 46.017137][ T1361] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 46.033509][ T1364] loop2: detected capacity change from 0 to 1024 [ 46.042548][ T1364] EXT4-fs: Ignoring removed nobh option [ 46.052342][ T28] audit: type=1400 audit(1747227452.019:339): avc: denied { append } for pid=1360 comm="syz.5.440" path="/82/file0/blkio.bfq.time" dev="loop5" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 46.060255][ T1364] EXT4-fs: Ignoring removed bh option [ 46.094802][ T1364] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 46.095310][ T1361] EXT4-fs (loop5): shut down requested (0) [ 46.116927][ T28] audit: type=1400 audit(1747227452.079:340): avc: denied { read } for pid=84 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1 [ 46.162376][ T1361] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=12 [ 46.171018][ T28] audit: type=1400 audit(1747227452.079:341): avc: denied { search } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 46.187705][ T1361] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=12 [ 46.206022][ T1364] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 46.221127][ T496] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=11 [ 46.222011][ T1372] 9pnet: p9_errstr2errno: server reported unknown error ‌@ے0x0000000000000004 [ 46.232092][ T496] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=11 [ 46.262835][ T496] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=11 [ 46.295372][ T1364] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3841: comm syz.2.441: Allocating blocks 497-513 which overlap fs metadata [ 46.298038][ T496] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=11 [ 46.321920][ T496] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=11 [ 46.333712][ T496] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=11 [ 46.352301][ T1374] loop0: detected capacity change from 0 to 256 [ 46.353918][ T1364] EXT4-fs (loop2): pa ffff8881165a39d8: logic 256, phys. 385, len 8 [ 46.369330][ T28] audit: type=1400 audit(1747227452.079:342): avc: denied { write } for pid=84 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 46.369363][ T28] audit: type=1400 audit(1747227452.079:343): avc: denied { add_name } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 46.369388][ T28] audit: type=1400 audit(1747227452.079:344): avc: denied { create } for pid=84 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 46.369412][ T28] audit: type=1400 audit(1747227452.079:345): avc: denied { append open } for pid=84 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 46.398856][ T1364] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4881: group 0, [ 46.458914][ T496] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=11 [ 46.477983][ T1364] free 0, pa_free 1 [ 46.516775][ T305] hid (null): usage index exceeded [ 46.523673][ T305] hid (null): report_id 1370256935 is invalid [ 46.523872][ T496] SELinux: inode_doinit_use_xattr: getxattr returned 5 for dev=loop5 ino=11 [ 46.535202][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.550969][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.560306][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.568913][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.577838][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.586412][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.595955][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.600500][ T1374] FAT-fs (loop0): Directory bread(block 64) failed [ 46.605482][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.624168][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.625936][ T1374] FAT-fs (loop0): Directory bread(block 65) failed [ 46.633294][ T305] hid-generic 0003:060B:500A.0008: unknown main item tag 0x0 [ 46.649599][ T305] hid-generic 0003:060B:500A.0008: collection stack underflow [ 46.658553][ T1374] FAT-fs (loop0): Directory bread(block 66) failed [ 46.660140][ T305] hid-generic 0003:060B:500A.0008: item 0 0 0 12 parsing failed [ 46.676575][ T305] hid-generic: probe of 0003:060B:500A.0008 failed with error -22 [ 46.679701][ T1374] FAT-fs (loop0): Directory bread(block 67) failed [ 46.702006][ T496] EXT4-fs (loop5): unmounting filesystem. [ 46.749244][ T1374] FAT-fs (loop0): Directory bread(block 68) failed [ 46.767468][ T1374] FAT-fs (loop0): Directory bread(block 69) failed [ 46.783903][ T1374] FAT-fs (loop0): Directory bread(block 70) failed [ 46.798490][ T1374] FAT-fs (loop0): Directory bread(block 71) failed [ 46.837780][ T39] usb 4-1: USB disconnect, device number 5 [ 46.848548][ T1374] FAT-fs (loop0): Directory bread(block 72) failed [ 46.859618][ T1374] FAT-fs (loop0): Directory bread(block 73) failed [ 46.861950][ T290] EXT4-fs (loop2): unmounting filesystem. [ 47.005342][ T1388] loop0: detected capacity change from 0 to 128 [ 47.020417][ T1388] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 47.030103][ T1388] ext4 filesystem being mounted at /91/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 47.099599][ T1394] loop1: detected capacity change from 0 to 256 [ 47.169241][ T1394] incfs: Can't find or create .index dir in ./file0 [ 47.171568][ T284] EXT4-fs (loop0): unmounting filesystem. [ 47.176775][ T1394] incfs: mount failed -22 [ 47.233830][ T1404] loop1: detected capacity change from 0 to 512 [ 47.247382][ T1404] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.459: invalid indirect mapped block 256 (level 2) [ 47.263839][ T1404] EXT4-fs (loop1): 2 truncates cleaned up [ 47.271650][ T1391] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.272527][ T1404] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 47.297158][ T1404] EXT4-fs error (device loop1): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz.1.459: path /79/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 47.312951][ T1391] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.324545][ T1404] EXT4-fs error (device loop1): ext4_inlinedir_to_tree:1432: inode #12: block 7: comm syz.1.459: path /79/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=259, inode=4278190093, rec_len=255, size=60 fake=0 [ 47.360053][ T1391] device bridge_slave_0 entered promiscuous mode [ 47.372873][ T1391] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.381502][ T1391] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.389874][ T1391] device bridge_slave_1 entered promiscuous mode [ 47.393583][ T282] EXT4-fs (loop1): unmounting filesystem. [ 47.429467][ T1413] loop1: detected capacity change from 0 to 1024 [ 47.442343][ T1413] EXT4-fs: Ignoring removed nobh option [ 47.450334][ T1413] EXT4-fs: Ignoring removed bh option [ 47.459656][ T1413] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 47.501005][ T1413] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 47.521938][ T1423] loop3: detected capacity change from 0 to 128 [ 47.531187][ T1423] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 47.542897][ T1423] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 47.558566][ T743] device bridge_slave_1 left promiscuous mode [ 47.572268][ T287] EXT4-fs (loop3): unmounting filesystem. [ 47.580227][ T743] bridge0: port 2(bridge_slave_1) entered disabled state [ 47.592356][ T743] device bridge_slave_0 left promiscuous mode [ 47.599636][ T743] bridge0: port 1(bridge_slave_0) entered disabled state [ 47.612895][ T743] device veth1_macvtap left promiscuous mode [ 47.620820][ T743] device veth0_vlan left promiscuous mode [ 47.644862][ T1413] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3841: comm syz.1.461: Allocating blocks 497-513 which overlap fs metadata [ 47.697423][ T1413] EXT4-fs (loop1): pa ffff8881165a32a0: logic 256, phys. 385, len 8 [ 47.707350][ T1413] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 47.783907][ T1439] loop2: detected capacity change from 0 to 512 [ 47.797406][ T1439] ext4: Unknown parameter 'subj_user' [ 47.854350][ T1443] capability: warning: `syz.3.475' uses deprecated v2 capabilities in a way that may be insecure [ 47.869210][ T282] EXT4-fs (loop1): unmounting filesystem. [ 47.901172][ T1446] loop3: detected capacity change from 0 to 256 [ 47.909976][ T1447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.476'. [ 47.927428][ T1447] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 47.941302][ T1446] FAT-fs (loop3): Directory bread(block 64) failed [ 47.949712][ T1446] FAT-fs (loop3): Directory bread(block 65) failed [ 47.957899][ T1446] FAT-fs (loop3): Directory bread(block 66) failed [ 47.966810][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 47.975759][ T1446] FAT-fs (loop3): Directory bread(block 67) failed [ 47.982705][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 47.984118][ T1446] FAT-fs (loop3): Directory bread(block 68) failed [ 48.001792][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 48.003908][ T1446] FAT-fs (loop3): Directory bread(block 69) failed [ 48.019752][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 48.019782][ T1446] FAT-fs (loop3): Directory bread(block 70) failed [ 48.034049][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.040495][ T1446] FAT-fs (loop3): Directory bread(block 71) failed [ 48.049305][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.052005][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 48.058835][ T1446] FAT-fs (loop3): Directory bread(block 72) failed [ 48.073678][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 48.092457][ T305] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 48.100368][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.100813][ T1446] FAT-fs (loop3): Directory bread(block 73) failed [ 48.110184][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.110985][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 48.144807][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 48.161467][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 48.200757][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 48.220018][ T1391] device veth0_vlan entered promiscuous mode [ 48.230540][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 48.249955][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 48.258671][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 48.278307][ T1391] device veth1_macvtap entered promiscuous mode [ 48.286316][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 48.308014][ T305] usb 3-1: Using ep0 maxpacket: 16 [ 48.308608][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 48.324437][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 48.324992][ T305] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 48.333745][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 48.358755][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 48.368474][ T305] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 48.387907][ T305] usb 3-1: config 0 interface 0 has no altsetting 0 [ 48.398917][ T1463] syz.3.483[1463] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.398996][ T1463] syz.3.483[1463] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.412727][ T305] usb 3-1: New USB device found, idVendor=060b, idProduct=500a, bcdDevice= 0.00 [ 48.438268][ T305] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 48.449254][ T305] usb 3-1: config 0 descriptor?? [ 48.519729][ T1467] loop6: detected capacity change from 0 to 8192 [ 48.539860][ T1472] loop3: detected capacity change from 0 to 1024 [ 48.547489][ T1467] FAT-fs (loop6): Unrecognized mount option "017777777777777777777770x0000000000000000" or missing value [ 48.555742][ T1472] EXT4-fs: Ignoring removed nobh option [ 48.575672][ T1472] EXT4-fs: Ignoring removed bh option [ 48.588577][ T1472] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 48.611777][ T1472] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 48.657698][ T1472] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3841: comm syz.3.486: Allocating blocks 497-513 which overlap fs metadata [ 48.676454][ T1472] EXT4-fs (loop3): pa ffff8881165a3690: logic 256, phys. 385, len 8 [ 48.685497][ T1472] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 48.790397][ T287] EXT4-fs (loop3): unmounting filesystem. [ 48.834733][ T1485] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 48.872437][ T305] hid (null): usage index exceeded [ 48.886415][ T305] hid (null): report_id 1370256935 is invalid [ 48.905589][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 48.923929][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 48.937232][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 48.949374][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 48.960145][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 48.968345][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 48.976676][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 48.986275][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 48.994741][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 49.003243][ T305] hid-generic 0003:060B:500A.0009: unknown main item tag 0x0 [ 49.024930][ T305] hid-generic 0003:060B:500A.0009: collection stack underflow [ 49.039423][ T305] hid-generic 0003:060B:500A.0009: item 0 0 0 12 parsing failed [ 49.054446][ T305] hid-generic: probe of 0003:060B:500A.0009 failed with error -22 [ 49.069086][ T305] usb 3-1: USB disconnect, device number 5 [ 49.077661][ T1497] SELinux: Context system_u:object_r:fsadm_exec_t:s0 is not valid (left unmapped). [ 49.152403][ T1507] loop0: detected capacity change from 0 to 1024 [ 49.161853][ T1507] EXT4-fs: Ignoring removed nobh option [ 49.191922][ T1507] EXT4-fs: Ignoring removed bh option [ 49.206629][ T1507] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 49.229720][ T1507] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 49.257057][ T1507] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:3841: comm syz.0.501: Allocating blocks 497-513 which overlap fs metadata [ 49.284782][ T1507] EXT4-fs (loop0): pa ffff8881006ce7e0: logic 256, phys. 385, len 8 [ 49.293816][ T1507] EXT4-fs error (device loop0): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 49.350489][ T1519] loop1: detected capacity change from 0 to 256 [ 49.374726][ T1519] FAT-fs (loop1): Directory bread(block 64) failed [ 49.383486][ T1519] FAT-fs (loop1): Directory bread(block 65) failed [ 49.386103][ T284] EXT4-fs (loop0): unmounting filesystem. [ 49.391945][ T1519] FAT-fs (loop1): Directory bread(block 66) failed [ 49.405616][ T1519] FAT-fs (loop1): Directory bread(block 67) failed [ 49.413106][ T1519] FAT-fs (loop1): Directory bread(block 68) failed [ 49.421141][ T1519] FAT-fs (loop1): Directory bread(block 69) failed [ 49.429043][ T1519] FAT-fs (loop1): Directory bread(block 70) failed [ 49.436448][ T1519] FAT-fs (loop1): Directory bread(block 71) failed [ 49.445993][ T1519] FAT-fs (loop1): Directory bread(block 72) failed [ 49.456137][ T1519] FAT-fs (loop1): Directory bread(block 73) failed [ 49.631187][ T1536] futex_wake_op: syz.2.512 tries to shift op by -1; fix this program [ 49.702644][ T1544] loop0: detected capacity change from 0 to 128 [ 49.745873][ T1544] process 'syz.0.514' launched '/dev/fd/4' with NULL argv: empty string added [ 49.780164][ T1528] loop1: detected capacity change from 0 to 40427 [ 49.789142][ T1528] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 49.805299][ T1528] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 49.881402][ T1528] F2FS-fs (loop1): Found nat_bits in checkpoint [ 49.891106][ T1563] loop2: detected capacity change from 0 to 1024 [ 49.948406][ T1563] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 49.968287][ T1528] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 49.986498][ T1528] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 50.054316][ T290] EXT4-fs (loop2): unmounting filesystem. [ 50.212870][ T320] Bluetooth: hci0: Frame reassembly failed (-84) [ 50.329690][ T1601] loop6: detected capacity change from 0 to 256 [ 50.479564][ T1611] loop1: detected capacity change from 0 to 512 [ 50.504983][ T1611] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.541: corrupted inode contents [ 50.520696][ T1611] EXT4-fs error (device loop1): ext4_dirty_inode:6091: inode #16: comm syz.1.541: mark_inode_dirty error [ 50.533858][ T1611] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.541: corrupted inode contents [ 50.547619][ T1611] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.541: mark_inode_dirty error [ 50.590352][ T1611] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.541: corrupted inode contents [ 50.607908][ T321] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 50.608204][ T1611] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 50.650837][ T1611] EXT4-fs error (device loop1): ext4_do_update_inode:5226: inode #16: comm syz.1.541: corrupted inode contents [ 50.717770][ T1611] EXT4-fs error (device loop1): ext4_truncate:4313: inode #16: comm syz.1.541: mark_inode_dirty error [ 50.738204][ T1611] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 50.749300][ T1611] EXT4-fs (loop1): 1 truncate cleaned up [ 50.756857][ T1611] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 50.774621][ T1611] ext4 filesystem being mounted at /98/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 50.797911][ T321] usb 7-1: Using ep0 maxpacket: 16 [ 50.810228][ T321] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.834054][ T321] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.846281][ T321] usb 7-1: config 0 interface 0 has no altsetting 0 [ 50.854813][ T321] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 50.866349][ T321] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.876898][ T313] __quota_error: 62 callbacks suppressed [ 50.876915][ T313] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 50.877133][ T321] usb 7-1: config 0 descriptor?? [ 50.889176][ T313] EXT4-fs error (device loop1): ext4_release_dquot:6812: comm kworker/u4:3: Failed to release dquot type 1 [ 50.916932][ T282] EXT4-fs (loop1): unmounting filesystem. [ 50.995247][ T28] audit: type=1400 audit(1747227457.962:408): avc: denied { read } for pid=1623 comm="syz.0.546" name="usbmon7" dev="devtmpfs" ino=180 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 51.028092][ T28] audit: type=1400 audit(1747227457.962:409): avc: denied { open } for pid=1623 comm="syz.0.546" path="/dev/usbmon7" dev="devtmpfs" ino=180 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 51.055762][ T28] audit: type=1400 audit(1747227457.962:410): avc: denied { ioctl } for pid=1623 comm="syz.0.546" path="/dev/usbmon7" dev="devtmpfs" ino=180 ioctlcmd=0x9207 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1 [ 51.092472][ T28] audit: type=1400 audit(1747227457.992:411): avc: denied { setattr } for pid=1621 comm="syz.1.545" name="vcsa" dev="devtmpfs" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 51.119969][ T28] audit: type=1400 audit(1747227458.002:412): avc: denied { unmount } for pid=290 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 51.142801][ T28] audit: type=1400 audit(1747227458.012:413): avc: denied { ioctl } for pid=1625 comm="syz.1.548" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=22022 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 51.273042][ T28] audit: type=1400 audit(1747227458.242:414): avc: denied { connect } for pid=1634 comm="syz.1.550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 51.322140][ T321] hid (null): invalid report_size 24934 [ 51.330358][ T321] hid (null): unknown global tag 0x9e [ 51.337062][ T321] hid (null): unknown global tag 0xc [ 51.343832][ T321] hid (null): unknown global tag 0xd [ 51.359709][ T321] hid (null): bogus close delimiter [ 51.406069][ T1646] loop1: detected capacity change from 0 to 128 [ 51.422771][ T1646] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 51.532520][ T19] usb 7-1: USB disconnect, device number 2 [ 51.671005][ T1655] loop1: detected capacity change from 0 to 40427 [ 51.698284][ T1655] F2FS-fs (loop1): invalid crc value [ 51.704483][ T28] audit: type=1400 audit(1747227458.672:415): avc: denied { unmount } for pid=284 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 51.764098][ T1655] F2FS-fs (loop1): Found nat_bits in checkpoint [ 51.827991][ T1655] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 51.892023][ T282] syz-executor: attempt to access beyond end of device [ 51.892023][ T282] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 51.960844][ T1681] loop0: detected capacity change from 0 to 40427 [ 51.979627][ T1681] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 51.995571][ T1681] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 52.016045][ T1681] F2FS-fs (loop0): Found nat_bits in checkpoint [ 52.065420][ T1689] loop6: detected capacity change from 0 to 1024 [ 52.073722][ T1689] EXT4-fs: Ignoring removed nobh option [ 52.080489][ T1689] EXT4-fs: Ignoring removed bh option [ 52.092054][ T1689] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 52.097026][ T1681] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 52.115969][ T1681] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 52.153636][ T1689] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 52.164084][ T28] audit: type=1400 audit(1747227459.122:416): avc: denied { watch watch_reads } for pid=1699 comm="syz.1.574" path="/112" dev="tmpfs" ino=603 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 52.220372][ T1705] loop1: detected capacity change from 0 to 1024 [ 52.221881][ T1689] EXT4-fs error (device loop6): ext4_mb_mark_diskspace_used:3841: comm syz.6.570: Allocating blocks 497-513 which overlap fs metadata [ 52.245114][ T1689] EXT4-fs (loop6): pa ffff8881006ce000: logic 256, phys. 385, len 8 [ 52.253686][ T1689] EXT4-fs error (device loop6): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 52.268103][ T1592] Bluetooth: hci0: command 0x1003 tx timeout [ 52.275726][ T1168] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 52.284821][ T1589] Bluetooth: hci0: Opcode 0x0c20 failed: -22 [ 52.298202][ T1705] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 52.382956][ T282] EXT4-fs (loop1): unmounting filesystem. [ 52.411798][ T1715] loop3: detected capacity change from 0 to 1024 [ 52.448483][ T1715] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 52.473068][ T1715] EXT4-fs error (device loop3): ext4_get_journal_inode:5710: inode #32: comm syz.3.582: iget: special inode unallocated [ 52.487910][ T1715] EXT4-fs (loop3): no journal found [ 52.493968][ T1715] EXT4-fs (loop3): can't get journal size [ 52.506680][ T1391] EXT4-fs (loop6): unmounting filesystem. [ 52.513776][ T1715] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e12d, mo2=0002] [ 52.550678][ T1715] EXT4-fs error (device loop3): ext4_protect_reserved_inode:160: inode #32: comm syz.3.582: iget: special inode unallocated [ 52.566765][ T1717] netlink: 'syz.1.583': attribute type 6 has an invalid length. [ 52.578807][ T1715] EXT4-fs (loop3): failed to initialize system zone (-117) [ 52.586991][ T1715] EXT4-fs (loop3): mount failed [ 52.705677][ T1744] SELinux: Context system_u:object_r:dhcp_state_t:s0 is not valid (left unmapped). [ 52.820824][ T1760] loop3: detected capacity change from 0 to 256 [ 52.839067][ T1760] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 52.855364][ T1760] FAT-fs (loop3): Filesystem has been set read-only [ 52.884187][ T1758] loop2: detected capacity change from 0 to 8192 [ 52.893136][ T305] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 53.049967][ T1776] netlink: 4 bytes leftover after parsing attributes in process `syz.6.611'. [ 53.104921][ T305] usb 2-1: config 0 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 53.117654][ T305] usb 2-1: config 0 interface 0 altsetting 10 endpoint 0x81 has invalid wMaxPacketSize 0 [ 53.134893][ T305] usb 2-1: config 0 interface 0 has no altsetting 0 [ 53.153922][ T305] usb 2-1: New USB device found, idVendor=11c0, idProduct=5506, bcdDevice= 0.00 [ 53.171678][ T305] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 53.185294][ T305] usb 2-1: config 0 descriptor?? [ 53.253016][ T1798] loop6: detected capacity change from 0 to 512 [ 53.271141][ T1798] EXT4-fs (loop6): 1 orphan inode deleted [ 53.278607][ T1798] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 53.288850][ T320] EXT4-fs error (device loop6): ext4_release_dquot:6812: comm kworker/u4:4: Failed to release dquot type 1 [ 53.298057][ T24] ================================================================== [ 53.302076][ T1798] ext4 filesystem being mounted at /29/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 53.310483][ T24] BUG: KASAN: use-after-free in enqueue_timer+0xae/0x480 [ 53.310523][ T24] Write of size 8 at addr ffff88811fa54a00 by task kworker/1:0/24 [ 53.310541][ T24] [ 53.310547][ T24] CPU: 1 PID: 24 Comm: kworker/1:0 Not tainted 6.1.134-syzkaller-00013-g53b26534cce7 #0 [ 53.310570][ T24] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 53.363575][ T24] Workqueue: usb_hub_wq hub_event [ 53.369198][ T24] Call Trace: [ 53.372933][ T24] [ 53.376223][ T24] __dump_stack+0x21/0x24 [ 53.381271][ T24] dump_stack_lvl+0xee/0x150 [ 53.386430][ T24] ? __cfi_dump_stack_lvl+0x8/0x8 [ 53.391706][ T24] ? enqueue_timer+0xae/0x480 [ 53.396646][ T24] print_address_description+0x71/0x210 [ 53.402648][ T24] print_report+0x4a/0x60 [ 53.407700][ T24] kasan_report+0x122/0x150 [ 53.412664][ T24] ? enqueue_timer+0xae/0x480 [ 53.418016][ T24] __asan_report_store8_noabort+0x17/0x20 [ 53.424126][ T24] enqueue_timer+0xae/0x480 [ 53.429934][ T24] __mod_timer+0x79f/0xb30 [ 53.434737][ T24] schedule_timeout+0x127/0x2e0 [ 53.440389][ T24] ? __cfi_schedule_timeout+0x10/0x10 [ 53.446687][ T24] ? __cfi_process_timeout+0x10/0x10 [ 53.452475][ T24] ? __cfi__raw_spin_lock+0x10/0x10 [ 53.458652][ T24] ? _raw_spin_lock+0x8e/0xe0 [ 53.464576][ T24] wait_for_common+0x354/0x620 [ 53.470226][ T24] ? usb_hcd_giveback_urb+0x351/0x410 [ 53.476252][ T24] ? wait_for_completion+0x20/0x20 [ 53.481973][ T24] ? usb_submit_urb+0x122d/0x1900 [ 53.487716][ T24] wait_for_completion_timeout+0xe/0x10 [ 53.493638][ T24] usb_start_wait_urb+0x166/0x2f0 [ 53.499502][ T24] ? usb_api_blocking_completion+0xb0/0xb0 [ 53.506405][ T24] ? usb_alloc_urb+0x44/0x140 [ 53.512259][ T24] ? __kasan_check_write+0x14/0x20 [ 53.518240][ T24] usb_control_msg+0x241/0x3f0 [ 53.523580][ T24] hub_ext_port_status+0x100/0x6b0 [ 53.529296][ T24] hub_port_reset+0x652/0x16e0 [ 53.535202][ T24] hub_port_init+0x2ad/0x2880 [ 53.541539][ T24] ? __cfi_queue_work_on+0x10/0x10 [ 53.546936][ T24] ? __kasan_check_write+0x14/0x20 [ 53.553051][ T24] ? __cfi_mutex_unlock+0x10/0x10 [ 53.558459][ T24] ? _find_next_zero_bit+0x8d/0x140 [ 53.565001][ T24] hub_event+0x2643/0x4680 [ 53.570002][ T24] ? __cfi_hub_event+0x10/0x10 [ 53.575224][ T24] ? __kasan_check_write+0x14/0x20 [ 53.581048][ T24] ? _raw_spin_lock_irq+0x8f/0xe0 [ 53.586796][ T24] ? __kasan_check_read+0x11/0x20 [ 53.592635][ T24] ? read_word_at_a_time+0x12/0x20 [ 53.598256][ T24] ? strscpy+0x9b/0x290 [ 53.602608][ T24] process_one_work+0x71f/0xc40 [ 53.608172][ T24] worker_thread+0xa29/0x11f0 [ 53.614276][ T24] kthread+0x281/0x320 [ 53.619528][ T24] ? __cfi_worker_thread+0x10/0x10 [ 53.625897][ T24] ? __cfi_kthread+0x10/0x10 [ 53.631134][ T24] ret_from_fork+0x1f/0x30 [ 53.636016][ T24] [ 53.639255][ T24] [ 53.642003][ T24] Allocated by task 1589: [ 53.646719][ T24] kasan_set_track+0x4b/0x70 [ 53.652703][ T24] kasan_save_alloc_info+0x25/0x30 [ 53.658379][ T24] __kasan_kmalloc+0x95/0xb0 [ 53.663608][ T24] __kmalloc+0xb1/0x1e0 [ 53.668466][ T24] hci_alloc_dev_priv+0x27/0x1bd0 [ 53.674319][ T24] hci_uart_tty_ioctl+0x3c8/0xa00 [ 53.680574][ T24] tty_ioctl+0x8ef/0xc60 [ 53.685969][ T24] __se_sys_ioctl+0x12f/0x1b0 [ 53.692311][ T24] __x64_sys_ioctl+0x7b/0x90 [ 53.697556][ T24] x64_sys_call+0x58b/0x9a0 [ 53.702819][ T24] do_syscall_64+0x4c/0xa0 [ 53.707708][ T24] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 53.714474][ T24] [ 53.717182][ T24] Freed by task 1589: [ 53.721347][ T24] kasan_set_track+0x4b/0x70 [ 53.726481][ T24] kasan_save_free_info+0x31/0x50 [ 53.731697][ T24] ____kasan_slab_free+0x132/0x180 [ 53.737578][ T24] __kasan_slab_free+0x11/0x20 [ 53.742955][ T24] slab_free_freelist_hook+0xc2/0x190 [ 53.748690][ T24] __kmem_cache_free+0xb7/0x1b0 [ 53.753827][ T24] kfree+0x6f/0xf0 [ 53.757710][ T24] hci_release_dev+0x13ad/0x1500 [ 53.764893][ T24] bt_host_release+0x82/0x90 [ 53.770208][ T24] device_release+0xa4/0x1d0 [ 53.775791][ T24] kobject_put+0x19d/0x280 [ 53.780696][ T24] put_device+0x1f/0x30 [ 53.785527][ T24] hci_dev_cmd+0x265/0x720 [ 53.790483][ T24] hci_sock_ioctl+0x41e/0x7f0 [ 53.796222][ T24] sock_do_ioctl+0x101/0x310 [ 53.801559][ T24] sock_ioctl+0x4d8/0x6e0 [ 53.806261][ T24] __se_sys_ioctl+0x12f/0x1b0 [ 53.811920][ T24] __x64_sys_ioctl+0x7b/0x90 [ 53.816859][ T24] x64_sys_call+0x58b/0x9a0 [ 53.823690][ T24] do_syscall_64+0x4c/0xa0 [ 53.828550][ T24] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 53.834782][ T24] [ 53.837280][ T24] Last potentially related work creation: [ 53.844987][ T24] kasan_save_stack+0x3a/0x60 [ 53.850454][ T24] __kasan_record_aux_stack+0xb6/0xc0 [ 53.856275][ T24] kasan_record_aux_stack_noalloc+0xb/0x10 [ 53.863755][ T24] insert_work+0x51/0x300 [ 53.869319][ T24] __queue_work+0x9b1/0xd30 [ 53.875766][ T24] queue_work_on+0xd2/0x140 [ 53.881174][ T24] __hci_cmd_sync_sk+0xa3e/0xcf0 [ 53.886865][ T24] hci_cmd_sync_status+0x53/0x120 [ 53.892434][ T24] hci_dev_cmd+0x628/0x720 [ 53.897881][ T24] hci_sock_ioctl+0x41e/0x7f0 [ 53.903617][ T24] sock_do_ioctl+0x101/0x310 [ 53.908692][ T24] sock_ioctl+0x4d8/0x6e0 [ 53.914431][ T24] __se_sys_ioctl+0x12f/0x1b0 [ 53.919757][ T24] __x64_sys_ioctl+0x7b/0x90 [ 53.924735][ T24] x64_sys_call+0x58b/0x9a0 [ 53.929893][ T24] do_syscall_64+0x4c/0xa0 [ 53.934522][ T24] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 53.940960][ T24] [ 53.943904][ T24] Second to last potentially related work creation: [ 53.952962][ T24] kasan_save_stack+0x3a/0x60 [ 53.958088][ T24] __kasan_record_aux_stack+0xb6/0xc0 [ 53.964217][ T24] kasan_record_aux_stack_noalloc+0xb/0x10 [ 53.971988][ T24] insert_work+0x51/0x300 [ 53.977181][ T24] __queue_work+0x9b1/0xd30 [ 53.982657][ T24] queue_work_on+0xd2/0x140 [ 53.988035][ T24] hci_cmd_timeout+0x191/0x200 [ 53.993517][ T24] process_one_work+0x71f/0xc40 [ 53.998732][ T24] worker_thread+0xa29/0x11f0 [ 54.004561][ T24] kthread+0x281/0x320 [ 54.008827][ T24] ret_from_fork+0x1f/0x30 [ 54.013603][ T24] [ 54.015932][ T24] The buggy address belongs to the object at ffff88811fa54000 [ 54.015932][ T24] which belongs to the cache kmalloc-8k of size 8192 [ 54.031557][ T24] The buggy address is located 2560 bytes inside of [ 54.031557][ T24] 8192-byte region [ffff88811fa54000, ffff88811fa56000) [ 54.047534][ T24] [ 54.050256][ T24] The buggy address belongs to the physical page: [ 54.057794][ T24] page:ffffea00047e9400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11fa50 [ 54.069130][ T24] head:ffffea00047e9400 order:3 compound_mapcount:0 compound_pincount:0 [ 54.079021][ T24] flags: 0x4000000000010200(slab|head|zone=1) [ 54.085599][ T24] raw: 4000000000010200 ffffea000475c400 dead000000000002 ffff888100043500 [ 54.095655][ T24] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000 [ 54.106192][ T24] page dumped because: kasan: bad access detected [ 54.114031][ T24] page_owner tracks the page as allocated [ 54.120507][ T24] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 193, tgid 193 (sshd), ts 9909766660, free_ts 0 [ 54.139966][ T24] post_alloc_hook+0x1f5/0x210 [ 54.145367][ T24] prep_new_page+0x1c/0x110 [ 54.150703][ T24] get_page_from_freelist+0x2c6e/0x2ce0 [ 54.157476][ T24] __alloc_pages+0x19e/0x3a0 [ 54.162871][ T24] alloc_slab_page+0x6e/0xf0 [ 54.168216][ T24] new_slab+0x98/0x3d0 [ 54.173689][ T24] ___slab_alloc+0x6f6/0xb50 [ 54.181701][ T24] __slab_alloc+0x5e/0xa0 [ 54.186560][ T24] __kmem_cache_alloc_node+0x203/0x2c0 [ 54.193075][ T24] kmalloc_trace+0x29/0xb0 [ 54.198123][ T24] audit_log_d_path+0xc6/0x240 [ 54.203870][ T24] common_lsm_audit+0x327/0x16d0 [ 54.210340][ T24] slow_avc_audit+0x1ac/0x220 [ 54.215464][ T24] avc_has_perm+0x1e6/0x240 [ 54.220445][ T24] file_has_perm+0x4a1/0x640 [ 54.226006][ T24] match_file+0xc8/0x130 [ 54.230817][ T24] page_owner free stack trace missing [ 54.236638][ T24] [ 54.239258][ T24] Memory state around the buggy address: [ 54.245703][ T24] ffff88811fa54900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.254693][ T24] ffff88811fa54980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.264321][ T24] >ffff88811fa54a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.273247][ T24] ^ [ 54.278103][ T24] ffff88811fa54a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.287753][ T24] ffff88811fa54b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 54.296777][ T24] ================================================================== [ 54.306125][ T24] Disabling lock debugging due to kernel taint [ 54.337926][ C1] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 54.351296][ C1] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 54.361036][ C1] CPU: 1 PID: 102 Comm: udevd Tainted: G B 6.1.134-syzkaller-00013-g53b26534cce7 #0 [ 54.374412][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 54.385679][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 54.391363][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 58 ce 28 00 4c 89 ff e8 30 8d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 6c 20 6d 00 49 8b 7d 00 e8 13 89 [ 54.413855][ C1] RSP: 0000:ffffc900007b7bb0 EFLAGS: 00010046 [ 54.421000][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88810fd39440 [ 54.429699][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 54.438668][ C1] RBP: ffffc900007b7c48 R08: fffffffffffffffb R09: 0000000000000007 [ 54.447746][ C1] R10: ffffed1023f4a939 R11: 1ffff11023f4a939 R12: dffffc0000000000 [ 54.456706][ C1] R13: 0000000000000000 R14: ffff88811fa549c8 R15: 0000000000000008 [ 54.465659][ C1] FS: 00007fc17c150880(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 54.480819][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.487880][ C1] CR2: 00007fc17b80f000 CR3: 000000011047b000 CR4: 00000000003506a0 [ 54.496826][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.505444][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.514104][ C1] Call Trace: [ 54.517663][ C1] [ 54.520740][ C1] delayed_work_timer_fn+0x61/0x80 [ 54.526069][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 54.532466][ C1] call_timer_fn+0x46/0x2a0 [ 54.537297][ C1] ? __cfi_delayed_work_timer_fn+0x10/0x10 [ 54.543228][ C1] __run_timers+0x667/0x9a0 [ 54.547937][ C1] ? calc_index+0x200/0x200 [ 54.552907][ C1] ? kvm_sched_clock_read+0x18/0x40 [ 54.558653][ C1] run_timer_softirq+0x6a/0xf0 [ 54.564141][ C1] handle_softirqs+0x1d7/0x600 [ 54.569103][ C1] __irq_exit_rcu+0x52/0xf0 [ 54.574610][ C1] irq_exit_rcu+0x9/0x10 [ 54.579937][ C1] sysvec_apic_timer_interrupt+0x58/0xc0 [ 54.586818][ C1] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 54.593369][ C1] RIP: 0033:0x7fc17bab9f06 [ 54.598294][ C1] Code: 00 0f 1f 00 48 85 ff 0f 84 7f 01 00 00 41 57 41 56 41 55 41 54 55 48 8d 6f f0 53 48 83 ec 28 4c 8b 25 d6 6e 13 00 48 8b 47 f8 <64> 45 8b 2c 24 a8 02 0f 85 ed 00 00 00 4c 8b 35 56 6e 13 00 64 49 [ 54.621114][ C1] RSP: 002b:00007ffcceb37440 EFLAGS: 00000202 [ 54.627809][ C1] RAX: 0000000000000021 RBX: 0000555996267090 RCX: 000000055599625c [ 54.636592][ C1] RDX: 000055599625bae0 RSI: 0000000000000000 RDI: 0000555996262200 [ 54.645535][ C1] RBP: 00005559962621f0 R08: 0000000000000040 R09: 00007ffcceb374b0 [ 54.654407][ C1] R10: 0000000000000000 R11: a3634b303f4f1684 R12: fffffffffffffe68 [ 54.663854][ C1] R13: 0000555996265790 R14: 0000000000000000 R15: 0000000000000000 [ 54.672796][ C1] [ 54.676197][ C1] Modules linked in: [ 54.680572][ C1] ---[ end trace 0000000000000000 ]--- [ 54.686641][ C1] RIP: 0010:__queue_work+0x575/0xd30 [ 54.692207][ C1] Code: 39 2b 0f 84 b9 00 00 00 e8 58 ce 28 00 4c 89 ff e8 30 8d a8 03 49 bc 00 00 00 00 00 fc ff df 4c 8b 6d d0 4c 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ef e8 6c 20 6d 00 49 8b 7d 00 e8 13 89 [ 54.713565][ C1] RSP: 0000:ffffc900007b7bb0 EFLAGS: 00010046 [ 54.720314][ C1] RAX: 0000000000000000 RBX: 000000007fffffff RCX: ffff88810fd39440 [ 54.729392][ C1] RDX: 0000000000000100 RSI: 000000007fffffff RDI: 000000007fffffff [ 54.738504][ C1] RBP: ffffc900007b7c48 R08: fffffffffffffffb R09: 0000000000000007 [ 54.747368][ C1] R10: ffffed1023f4a939 R11: 1ffff11023f4a939 R12: dffffc0000000000 [ 54.756742][ C1] R13: 0000000000000000 R14: ffff88811fa549c8 R15: 0000000000000008 [ 54.765430][ C1] FS: 00007fc17c150880(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 54.775350][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 54.782547][ C1] CR2: 00007fc17b80f000 CR3: 000000011047b000 CR4: 00000000003506a0 [ 54.790890][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 54.799371][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 54.808413][ C1] Kernel panic - not syncing: Fatal exception in interrupt [ 54.816682][ C1] Kernel Offset: disabled [ 54.821884][ C1] Rebooting in 86400 seconds..