last executing test programs: 9.985003831s ago: executing program 4 (id=2263): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000404c05f20dafd60000000109022400010000000009040000010300010009210101000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="000657"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000e40)={0x84, &(0x7f0000000180)=ANY=[@ANYBLOB="001e1400000009"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="20014000000020"], 0x0}) 7.635189028s ago: executing program 4 (id=2355): r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = timerfd_create(0x0, 0x0) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/30, 0x1e}], 0x1) 6.787960242s ago: executing program 4 (id=2379): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000ac0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) umount2(&(0x7f0000000740)='./file0\x00', 0xe) 6.764277662s ago: executing program 4 (id=2381): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000700"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc7b, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000500)='percpu_free_percpu\x00', r0}, 0x10) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000140)=@base={0x6, 0x4, 0x8000, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x48) 6.667143284s ago: executing program 4 (id=2385): rt_sigprocmask(0x0, &(0x7f0000000200)={[0xfffff7feffff7ffd]}, 0x0, 0x8) r0 = gettid() tkill(r0, 0x12) io_setup(0x401, &(0x7f00000001c0)=0x0) io_pgetevents(r1, 0x4, 0x4a6d730c7316a803, &(0x7f0000000240)=[{}, {}, {}, {}], &(0x7f0000000080)={0x0, 0x989680}, &(0x7f0000000000)={&(0x7f00000000c0), 0x8}) 6.578494505s ago: executing program 4 (id=2390): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r0, 0x400455c8, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 1.970923059s ago: executing program 0 (id=2536): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003500)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4e0664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68af2ad0810000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900000000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b6c7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48fc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa7666b5ded16ee7025f38400be7c1f001b2cd317902f19e385be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890decacec55bf404e4e1f74b7eed82571be54c72d978cf906df0042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb5aac518a75f9e7d7101da841735e186c489b3a06fb99e0347f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f91e358c3b3a2327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e669261192899d4562db0e22d564ae09bb6d163118e401e024fd452277c3887d6116c6cc9d8046c216c1f895778cb26e22a2a998de44aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99a3594191e104d417e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b6000000000000a1fec9000000d694210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137ab79a404abde7750898b59270bb29b81367ac91bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f00fb8191bbab2dc591dda61f0868afc4294859323e7a45319f18101288a0268893373750d1a8fe64680b0a3fc22dd704e4214d00000000d6c98cd1a9fbe1e7d58c08acaf30065b928a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ce21d69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821a00e8c5c39609ff854356cb490000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d0b3bc19faa5449209b085f3c334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c471c7868e7da7eaa69eb7f7f80572fdd11bb1d070080fbc22bf73468788df51710eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331ff5e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba830d3f474b079b407000000deff000040430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71b967ce7daac4be290159f6bcd75f0dda9de5532e66ae9e48b0ed1254a81faae79b6af6fbb869604d51de44c4e0973171ad47d6c00ebc7603093f000000fdec743af930cd6db49a47613808bad959719c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f15d6533f78a1f4e2df4ca23d867693fd42de9b49a1b36d48a44ba6a4530e59bec53e876dc660dd63bed8d31c31c37a373d4efd89f80a4377b1b1292a893a516dab183ee65744fb8fc4f9ce2242e0f00000000010000000000000000000057d77480e0345effff6413258d1f6eb190aa28cbb4bafe3436b176c7ed4b132fb805d5edd9d188daf28d89c014c3ecca10ae55704544673e1fa03b84f63e022fe755f4007a4a899eaf52c4f491d8e97c862e29e4570600000091c691faee1e0c8fe056a07474e6e5490a7d3c3402000000b60600d837c6befc63ddf2f594ad7cbc56a1e44d218c956a5392a995f1fae8e9f206efbb33854dc70104d74dc07748f9745cb796da2dfb714a0500000000000000faed94fc39acfb3fd25dfa8116a154cd1226e1bb72b59fed817072a0da60160761fd3dffda0f7c592eabd8ab68334d2a1693cb187539049e331272bf5135044df8161400211b8012b6eb1ed5656e83f65509bb4b323c5bd61bff949d3bade2f6ffda1360c2786e16937ab61d6dcafed319c716357d0885f9c6d1f442954c167dd9b4acd9468ce3674c82bbb2e31389179b025dbe063b7f906217b2cf8410c7023aa3e5cc3ba1000000000000000000000000000000006ae6301a2da44394275c582a6516bb92ea1980a0a659f2f1811c8b281c209647c4241f292b20508b215dde27bb2487a6cd28cf28fe2ee593e2b5e4a8ccfab90c23827ef06cbe364073005f8a6d1456aaeb85ffb7858f24eced67a67ab825e863928ed64c83f62ffdaa997657335b63c6b4163aff094059e626766845fd779c9e6cdbbd64c24936615ee68538e8fddd0d90f3a7579579a142c0f7b318264d5c13c31cf475829528267ead38523cab7e1664e8426cfce471fef821c8a02a7e7d954d05b68a9c28f79429b09e2bb3681ae2b831e27c735123361c191355391771f19b199d371ec6bfada7cd370e3fdd3cd980fa1e145fd3f3e96b1feb53c865e1ada08f5d16ed652ee0c7f45352222692fbd679212c225d097aa90f7e1fb1f983415f43e75a19ecf7fd21bfa150ef563aa72ba1c43c5f3d9be128ec26b691f31f9cab931631606a81622f120675c962be2d3b5e95f74f0b209e42e6bdd76e6e725295b1d78d928f6f63c41cbde2ba66ad81168070c8c6e18a6e452a31bde34ad3e16304d06a234f5f9311ef0f78924b68dbb4712efdb6974667bdb54f16fd2061b9ba93638dd177227e94e4ebd0ec1d437db948062bf41742000000000000000000305f70dd02fa0c61d5fe6d8ff35389246037e18d34c1375ae04f44f0c2543c772c5ccb137be7dc1874c514b37c668554d77d4ea5ed144a648257f4a0301067bbcd9b91072659d872f26b796e2b81025edb5f45f785e2c2602b248ecdd80f019ca659be7e8ae953325a27564f33c9d458a60be3dab38baab7eb1a66ab1ffd6308f7fd51beb356fe75eb985b7581bb5584c53984ba9c7340f97e8d3825681c53de5f554e595b00000000000000006a8fa9f05d64c4be42f981f00051a39938613067dbd1427e01bfec016e51844cefa8a855bf23ac887b4a88eed6d9443857242f28e31a41d20105fbf3394ff910e734b4d9101265ff729c426e01c1ab13dda8c388b9e6626f19eecb87e39175e85e17000000000000000000009431807e43886903526074e6b40244c938a4c68a38c25ddd7c143b3f14eafe4b28ec66815cf8d1f56aa1424bc9b5d58790298e5b310969e50c222563b54e60854e1bfeef448aca8c5ccbf5546ce4c3cd5a733fec25fb94e1e0f966bcbd28a4d8fe4f556eaa1104a793006619700798354c6ae05025040965e3083562bfa20968c04007d21dc02c9fd1f75e1ff40f439bdde4e784012e52049b483d02f81b88f5f57816b3fecec79cfca8d37203e769759d6b6a56b7605ced8ee18475a77ff0963a565fb6021d216c01b1098e40550a1cfd80e918d685a7b099a4f8ed654cd76ca61fe5ad8a31ec558fdbfa706d5e738bceae81fe777c307d5bc72183a4c2d35732ab916a781b9912160a3fd2a2e74dd690c57bdfdc1f069f9491bca7a8c59363799be70018c25ece5ad7307dc7a95c51bc25a8bbe2cf5ddf6aa161693782b0e7feb8a768f391b49d4c978c96dbb52f21c122eba9f17c8bed10591958cf06321a248b5f76ceedfe0d080d6aeadc11b237b3326dd04b86ac37c0d131544888db9e128d059761ad9a393e96c3b41c13c5a381bff187a75de560ba6eb3faa5ff8d2bb3c88f8de5efc2fb2200cfda6d07ceae22577064334fbf76a23e62e6059211d995b879f6b7d3f7fcf03652b81e6b7cdeff947ad185d3c6269ca247b429c3b872a8f1ef60407d29a874f4ec31c9effed55543a65a6b4d778cebcd43b7905f3960140bd783540a7353014bda8e9c7a34a5f428fd1f8eb11e837dd9d586487fdebcb1ecd3a003ff0fda4be617fecf1ff0ef2cdfb7fea73ca18874664d60a4b9423f3297bc8eb91b4ee1d73272abbef3e7a828a7d7ab055a8eb58fe379de85338304e26e3620941b463e9049fd105c74c91cc4d71b0f76e2c2e4825106aa7ce2a3adbbc7a0443ece58e752b47e6f677ec97c5c568a89d6e36b165c39132a0f2708e09ae8268dcc15411483b8506386aa0ece2a94c320b002c77f82662675a7713c7067081cac15994698c41ff4754268ae2676384ff799783f55d7e5a1a092a01b965dc99cb7a9d98440c355927629f2bcf9dc2396eb2f5d25829715b24327642ac48f1201014a95e0e65e12cdf27e19043e3c5d3e798375cead35b9a93190a52cdecaaccc854a1d41ef365303f0e9b4fc969c9dab6df5e8a795b140fcc09e8a7b694d12932917facd8ceaa4e2d0d16bb0b95387fcd5ff136d8abddf94daf442bbff744591931872a36cf921ad69f2127386e8b0f9afee4da8d3fbec809fbb3ca0fded2859cf25d4c6155d396c5b9bd1a928923123f63f4c40688eae4c697bfc674e03231c42f7eaaf5166bbc4653c71805f9448416e379cc1c40f8f866c9b319a849dd00ff9b84857436ed362c4632bfc3fa7357c24f15bbb07bd91893e61df7eb6dc5e071a9cc2faa7a32a91c4d982f5cfb725dca80b23874877a4980dbd70cda040b1ce527e7188159df77b493efbbd7bfe2680bf44e49eb68e5e33a0a5726072b2699d6244cd5c4a82bf18c668a3d43cec78c5fe1f12283d5dde6d0ea0b1b81ee7c065c938577e4ec93f22f1e6106f337625b7f7798011a6"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffd4d, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x41) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000540)={0x0, 0xffffffb3, &(0x7f00000005c0)={&(0x7f0000000080)=@ipv6_delrule={0x28, 0x21, 0x121, 0x70bd28, 0x0, {0xa, 0x80}}, 0x28}}, 0x0) 1.91928832s ago: executing program 0 (id=2540): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0xca02}) r1 = socket$netlink(0x10, 0x3, 0x0) preadv(r0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/122, 0x6}], 0x3e8, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) 1.851807921s ago: executing program 2 (id=2547): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc)=0x4, 0x10b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) exit(0x0) 1.716637853s ago: executing program 0 (id=2549): r0 = fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) fsmount(r0, 0x0, 0xf) syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="120100001964d408861a92e03f5301020301090224"], 0x0) fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000040)='silent\x00', 0x0, 0x0) 1.363636598s ago: executing program 1 (id=2553): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r0}, 0x18) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x1, 0x100006, 0x220104, 0xe2a4, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240), &(0x7f0000001940), 0x2000cc0, r1}, 0x38) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x1b, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000240), 0x0, 0x2, r1}, 0x38) 1.148712702s ago: executing program 1 (id=2554): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001140), 0x8200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000f89000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0xaaaaaaaaaaaab24, 0x38, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.148434462s ago: executing program 1 (id=2555): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000580)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000b63000/0x3000)=nil, 0x400000, 0x3, 0x2}) mlock(&(0x7f0000b76000/0xd000)=nil, 0xd000) 1.132683623s ago: executing program 1 (id=2556): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0}, 0x3) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0x10) symlink(0x0, &(0x7f0000000100)='./file1\x00') 1.120674312s ago: executing program 1 (id=2557): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) getpeername$inet(r0, 0x0, &(0x7f0000000880)) 1.056749624s ago: executing program 1 (id=2558): r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x12, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}]}}]}}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello') 1.005788885s ago: executing program 2 (id=2559): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000440)={'#! ', './file0'}, 0xb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x17) 712.187529ms ago: executing program 2 (id=2560): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r0}, 0x18) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) getrlimit(0x2, &(0x7f0000000280)) 578.859681ms ago: executing program 2 (id=2562): r0 = socket(0x200000000000011, 0x2, 0x0) bind$packet(r0, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14) r1 = socket(0x200000000000011, 0x2, 0x0) bind$packet(r1, &(0x7f0000000080)={0x11, 0x800, 0x0, 0x1, 0x0, 0x6, @random="933c547ecfa7"}, 0x14) syz_emit_ethernet(0x36, &(0x7f0000000440)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x2f}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0xffff}}}}}}, 0x0) 523.661692ms ago: executing program 2 (id=2564): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xb, &(0x7f0000000c00)=ANY=[@ANYBLOB="18000000000000000000000023ed0000180100002820702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6(0xa, 0x3, 0x8000000003c) connect$inet6(r1, &(0x7f0000000300)={0xa, 0x4ea3, 0x0, @loopback}, 0x1c) sendmsg(r1, &(0x7f00000000c0)={0x0, 0x9588, &(0x7f0000000100)=[{&(0x7f0000000000)="2c10", 0xfff2}], 0x1, 0x0, 0x0, 0x2c}, 0x44004) 422.913054ms ago: executing program 2 (id=2568): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f0000000000000000850000006d000000850000000800000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) shutdown(r1, 0x0) recvmmsg(r1, &(0x7f00000055c0), 0x400023c, 0x300, 0x0) 300.142336ms ago: executing program 3 (id=2569): r0 = socket$igmp6(0xa, 0x3, 0x2) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f00000020c0)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x80, r2}) ioctl$sock_inet6_SIOCDIFADDR(r0, 0x8936, &(0x7f0000000140)={@loopback, 0x80, r2}) 299.620096ms ago: executing program 3 (id=2570): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = socket(0x840000000002, 0x3, 0xff) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000040)='gre0\x00', 0x10) sendmmsg$inet(r1, &(0x7f0000000440)=[{{&(0x7f00000001c0)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001980)=[{&(0x7f0000000200)="a9050000000074640000000000003552bde5", 0x12}, {&(0x7f0000000340)="1746", 0x2}], 0x2}}], 0x1, 0x0) 282.145676ms ago: executing program 3 (id=2571): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) close_range(r1, 0xffffffffffffffff, 0x0) 263.877796ms ago: executing program 3 (id=2572): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x10, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000140)=@raw={'raw\x00', 0x8, 0x3, 0x490, 0x360, 0xa, 0x148, 0x360, 0x60, 0x3f8, 0x2a8, 0x2a8, 0x3f8, 0x2a8, 0x3, 0x0, {[{{@ip={@multicast2, @multicast2, 0x0, 0x0, 'bridge0\x00', 'rose0\x00'}, 0x0, 0x2f8, 0x360, 0x0, {0x200003ae, 0x7f00}, [@common=@inet=@hashlimit1={{0x58}, {'veth1_to_team\x00', {0x0, 0x0, 0x2, 0x0, 0x4, 0xffffffff, 0x7}}}, @common=@unspec=@bpf1={{0x230, 'bpf\x00', 0x0}, @pinned={0x1, 0x8601, 0x6, './file0\x00'}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x1, 0x6, 0x3, 0x81, 'snmp_trap\x00', 'syz0\x00', {0x30f6a663}}}}, {{@ip={@empty, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth0_to_team\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}], {{'\x00', 0xc8, 0x70, 0x98}, {0x28}}}}, 0x4f0) 243.360507ms ago: executing program 3 (id=2573): mkdir(&(0x7f0000000400)='./file0\x00', 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, 0x0) chdir(&(0x7f00000003c0)='./file0\x00') rename(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 211.402577ms ago: executing program 3 (id=2574): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x18) uname(&(0x7f00000006c0)=""/11) 86.865099ms ago: executing program 0 (id=2575): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x19, &(0x7f0000000140)=0xa80, 0x4) setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x5, 0x4) sendmmsg$inet6(r0, &(0x7f0000006b80)=[{{&(0x7f0000000040)={0xa, 0x4e24, 0x0, @local}, 0x1c, 0x0}}], 0x1, 0x0) recvfrom$inet6(r0, 0x0, 0x0, 0x12020, 0x0, 0x0) 39.10818ms ago: executing program 0 (id=2576): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x5) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x2, 0x2172, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000cc0)='\x00\x00\x03\x06\x00\x00\x00\x01\x00x\x92\x12\xbc\x00\x00\xbb\x0642@\xb8\xd1\xcbx\xb0\xd6\x1e\x10gQ\xca\x0e;\xf7\'\x8c\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc3\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn\x05\x00\x00\x00-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5U\x80\xc0\xb4a \xac\xc4K\x03\xfa\x13Vz\xbf\xe3c\x8d \x0f\xb1\xe9\xf2oci(\xcb\x82\x05\xfe[H\xaf\x01\x13\xc8\xdc\x00\x00\x00\x00\x00\x00\x00\xa7\xf7\xafd%\xf1\xdbjE\x01\xd1sD5h/41\x99\'\xd0\x1e}\x89\xff\x8c\x851Y9OB\xdeB\xe1\x02-&\"1hS\x92\xe4$-\x02\x00\xaf\x03\x9bWwh\xca\xf5d\x8di\xe7\xc4\xdbx\xbc\xe4\x8e\"\x85\xc9x\xef\x81E.r\x89\xe5\x00\x9e\x97\x96\xb8j\x81\xf0\xdca\xfb\xa6\xff\xff\xff\xff\x00\x00\x00\x00d\xf0\xf1j\x11\x12\xc0\xbb\xfdq~#\xf7\xa8\"$,\xf4\x84|\x89o\x00<\xa6-\xb0\xd3\x80\xbe\xcf\a\x00\xfc\xa6\xb1\x05\x94\x84l\xbfA\xeb\xd8\t\x00\x00\x00CvNhx461\x04N<\xedV\xcet\xaa~\xf3j\x94\xec\x92\x86uY\xf6NR\x13\x84~\xa67\\\xb9\xc9K\xf8\x9d\x96\xc0\xb5\xc7wF\x99\x12\x97T\x90.\x9c\xe3\x9a\xf1\xb9\x9c\x13\xbc\x19\xde/\xaa\x868hB+\x97\a03\xcd\xb3\xc8\xd5l\x14!\xf9Xg2\x1d\xeeB\xccT\x0e\xd8\xef\xc8\xe9\xb4\xf3l\xc3\xf2\x998\xc8\xc2|2\xee\xb4W\x99v.\xeb\xe9\x05\xcbkz3+\xdd\xe1*8\x95@0t0\xad\xe3#\xd7\x19\xe7Q\xdfmI\xe5\x1e\xe4\x87\xc9\x8f\xa7\xe0\xd9v\xf6\x01\x9d\x8f`,\x1a8\x81I\x86l\x8f2\r:\xc1\x02\xd6Z%\xa7Ks\x8bUolS\x05\xbe\x97\x1fGe\x94\x02\x7f\xc4T\xa5\xc1,*\x8d\xf6\x1f\xbe\x10\x04\x97\x9d+\x81\xbb8|\xf3\x8bo\xa5\xf9\xab[-t\xdf6H\xc1\xb1\b\b\xcc\xbf\xb0c\xe8S\xea6\xf5\xd0\xda/\xbf\xe5p\x82\xb8V\xe9g[\x8d\x14e;\x11o\v\xb8\xb6\x0f\xd3\x16\x82\xc5$\xce\xe2\xab\a\x1c\x8c\x843\xf4\xbb\xc8\xd3\xf5R\xb5\x8dZ\xb7Jql\x05+i{\xc5w\xfcD\x1fE\xcc]\xb7~\xd3\x99\xde\x1dX\xdc}C,|\bf\x80&WeT\x98X\xeb\xef(\x1c9\x00'/623) 0s ago: executing program 0 (id=2577): r0 = syz_io_uring_setup(0x1eb1, &(0x7f0000000480)={0x0, 0x100000, 0x1, 0x1}, &(0x7f0000000080)=0x0, &(0x7f0000000040)) pselect6(0x2000, &(0x7f0000000040), 0x0, &(0x7f0000000100)={0x8}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x40, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_complete(r1) io_uring_enter(r0, 0x8a4, 0x0, 0x1, 0x0, 0x0) kernel console output (not intermixed with test programs): : auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2597 comm="syz.4.992" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 52.291508][ T501] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 52.341506][ T316] Bluetooth: hci0: command 0x1001 tx timeout [ 52.347363][ T2448] Bluetooth: hci0: sending frame failed (-49) [ 52.423956][ T30] audit: type=1326 audit(52.455:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.1.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 52.447759][ T30] audit: type=1326 audit(52.455:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.1.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 52.470923][ T30] audit: type=1326 audit(52.455:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.1.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 52.494443][ T30] audit: type=1326 audit(52.455:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.1.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 52.517657][ T30] audit: type=1326 audit(52.455:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.1.998" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 52.541518][ T501] usb 5-1: Using ep0 maxpacket: 16 [ 52.663776][ T501] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 52.672693][ T501] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 52.682415][ T501] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 52.692171][ T501] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 52.701960][ T501] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 52.711876][ T501] usb 5-1: config 1 interface 0 has no altsetting 0 [ 52.718315][ T501] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 52.727624][ T501] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 52.791993][ T501] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 52.829789][ T2637] SELinux: failed to load policy [ 52.966851][ T2657] loop1: detected capacity change from 0 to 512 [ 52.994452][ T2657] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 53.003709][ T2657] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 53.023925][ T501] scsi host1: usb-storage 5-1:1.0 [ 53.030517][ T2657] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 53.043126][ T2657] System zones: 0-2, 18-18, 34-34 [ 53.048803][ T2657] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1054: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 53.063677][ T2657] EXT4-fs (loop1): 1 truncate cleaned up [ 53.069150][ T2657] EXT4-fs (loop1): mounted filesystem without journal. Opts: min_batch_time=0x000000000000a04d,errors=continue,,errors=continue. Quota mode: none. [ 53.106567][ T2668] loop0: detected capacity change from 0 to 512 [ 53.137762][ T2670] SELinux: ebitmap: map size 0 does not match my size 64 (high bit was 0) [ 53.148521][ T2670] SELinux: failed to load policy [ 53.152305][ T2668] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 53.162696][ T2668] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 53.175694][ T2668] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.1023: iget: bad extended attribute block 19 [ 53.188587][ T2668] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.1023: couldn't read orphan inode 15 (err -117) [ 53.200655][ T2668] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 53.216311][ T2607] UDC core: couldn't find an available UDC or it's busy: -16 [ 53.227446][ T2607] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 54.021556][ T6] Bluetooth: hci1: command 0x1001 tx timeout [ 54.027438][ T2448] Bluetooth: hci1: sending frame failed (-49) [ 54.102142][ T39] scsi 1:0:0:0: Direct-Access Sandisk ImageMate SDDR09 0177 PQ: 0 ANSI: 0 [ 54.352883][ T501] usb 5-1: USB disconnect, device number 2 [ 54.371580][ T2662] sddr09: could not read card info [ 54.376686][ T196] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B) [ 54.383582][ T196] sd 1:0:0:0: [sdb] 0-byte physical blocks [ 54.389382][ T196] sd 1:0:0:0: [sdb] Write Protect is off [ 54.395057][ T196] sd 1:0:0:0: [sdb] Asking for cache data failed [ 54.401300][ T196] sd 1:0:0:0: [sdb] Assuming drive cache: write through [ 54.411181][ T196] sd 1:0:0:0: [sdb] Attached SCSI removable disk [ 54.422219][ T6] Bluetooth: hci0: command 0x1009 tx timeout [ 54.755218][ T314] udevd[314]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory [ 54.932027][ T2685] SELinux: failed to load policy [ 55.172027][ T2695] loop0: detected capacity change from 0 to 40427 [ 55.193583][ T2695] F2FS-fs (loop0): invalid crc value [ 55.245261][ T2695] F2FS-fs (loop0): Found nat_bits in checkpoint [ 55.274049][ T2711] loop1: detected capacity change from 0 to 128 [ 55.291813][ T2695] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 55.334474][ T291] attempt to access beyond end of device [ 55.334474][ T291] loop0: rw=2049, want=45104, limit=40427 [ 55.388768][ T2717] syz.1.1042[2717] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 55.388854][ T2717] syz.1.1042[2717] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 55.498747][ T2732] loop1: detected capacity change from 0 to 2048 [ 55.542902][ T2732] Alternate GPT is invalid, using primary GPT. [ 55.549080][ T2732] loop1: p1 p2 p3 [ 55.574449][ T100] Alternate GPT is invalid, using primary GPT. [ 55.582262][ T100] loop1: p1 p2 p3 [ 55.612989][ T2743] loop4: detected capacity change from 0 to 512 [ 55.646785][ T2745] loop1: detected capacity change from 0 to 1024 [ 55.656525][ T2743] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 55.669907][ T2743] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.1053: corrupted xattr block 32 [ 55.681985][ T2743] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 55.691034][ T2743] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.1053: corrupted xattr block 32 [ 55.704003][ T2743] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 55.713715][ T2743] EXT4-fs error (device loop4): ext4_xattr_block_get:546: inode #15: comm syz.4.1053: corrupted xattr block 32 [ 55.741373][ T2752] loop0: detected capacity change from 0 to 1024 [ 55.742001][ T2743] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop4 ino=15 [ 55.756216][ T362] udevd[362]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 55.767126][ T565] udevd[565]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 55.778372][ T458] udevd[458]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 55.791064][ T2745] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,,errors=continue. Quota mode: none. [ 55.792904][ T2743] EXT4-fs error (device loop4): ext4_get_verity_descriptor_location:338: inode #15: comm syz.4.1053: verity file corrupted; can't find descriptor [ 55.817399][ T2743] fs-verity (loop4, inode 15): Error -117 getting verity descriptor size [ 55.858765][ T2757] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1057'. [ 55.872022][ T2752] EXT4-fs (loop0): Ignoring removed orlov option [ 55.878208][ T2752] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 55.906035][ T2762] loop1: detected capacity change from 0 to 16 [ 55.913218][ T2752] EXT4-fs (loop0): Ignoring removed bh option [ 55.922692][ T2762] erofs: (device loop1): mounted with root inode @ nid 36. [ 55.935272][ T2752] EXT4-fs (loop0): mounted filesystem without journal. Opts: delalloc,data_err=abort,noload,jqfmt=vfsv1,jqfmt=vfsv0,max_dir_size_kb=0x00000000004007b3,orlov,mblk_io_submit,max_batch_time=0x0000000000000002,user_xattr,bh,mb_optimize_scan=0x0000000000000001,noload,,errors=continue. Quota mode: none. [ 56.051258][ T2772] loop0: detected capacity change from 0 to 1024 [ 56.087449][ T2772] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 56.104423][ T1877] Bluetooth: hci1: command 0x1009 tx timeout [ 56.104802][ T2781] loop1: detected capacity change from 0 to 512 [ 56.117484][ T2772] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 56.132863][ T2772] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 1 with error 28 [ 56.145111][ T2772] EXT4-fs (loop0): This should not happen!! Data will be lost [ 56.145111][ T2772] [ 56.154031][ T2781] EXT4-fs warning (device loop1): ext4_enable_quotas:6423: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 56.154608][ T2772] EXT4-fs (loop0): Total free blocks count 0 [ 56.170287][ T2781] EXT4-fs (loop1): mount failed [ 56.176779][ T2772] EXT4-fs (loop0): Free/Dirty block details [ 56.185133][ T2772] EXT4-fs (loop0): free_blocks=68451041280 [ 56.190850][ T2772] EXT4-fs (loop0): dirty_blocks=32 [ 56.195847][ T2772] EXT4-fs (loop0): Block reservation details [ 56.201715][ T2772] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 56.894705][ T2867] sit: Dst spoofed 0.0.0.0/400:: -> 0.0.0.0/2002:9476:b3ad:dfab:8150:7b25:977f:5d53 [ 56.907270][ T30] kauditd_printk_skb: 64 callbacks suppressed [ 56.907289][ T30] audit: type=1326 audit(56.935:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2864 comm="syz.1.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 56.942332][ T30] audit: type=1326 audit(56.935:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2864 comm="syz.1.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 56.990210][ T30] audit: type=1326 audit(56.935:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2864 comm="syz.1.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=297 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 57.012759][ T30] audit: type=1326 audit(56.935:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2864 comm="syz.1.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 57.035850][ T30] audit: type=1326 audit(56.935:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2864 comm="syz.1.1104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 57.058426][ T30] audit: type=1326 audit(56.995:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2870 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 57.087075][ T30] audit: type=1326 audit(56.995:988): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2870 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 57.110507][ T30] audit: type=1326 audit(56.995:989): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2870 comm="syz.1.1107" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 57.135588][ T30] audit: type=1400 audit(57.015:990): avc: denied { connect } for pid=2872 comm="syz.1.1108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 57.223000][ T30] audit: type=1400 audit(57.255:991): avc: denied { write } for pid=2887 comm="syz.1.1114" name="snapshot" dev="devtmpfs" ino=90 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 57.389976][ T2894] input: syz0 as /devices/virtual/input/input7 [ 57.588638][ T2911] loop4: detected capacity change from 0 to 512 [ 57.682433][ T2911] EXT4-fs (loop4): Test dummy encryption mode enabled [ 57.713016][ T2911] EXT4-fs error (device loop4): __ext4_iget:4903: inode #11: block 1: comm syz.4.1124: invalid block [ 57.734419][ T2911] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.1124: couldn't read orphan inode 11 (err -117) [ 57.755206][ T2911] EXT4-fs (loop4): mounted filesystem without journal. Opts: noauto_da_alloc,dioread_lock,max_dir_size_kb=0x0000000000000004,bsddf,nodiscard,sysvgroups,nojournal_checksum,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: none. [ 57.845061][ T2911] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 57.887401][ T2911] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters [ 58.392850][ T2959] loop0: detected capacity change from 0 to 40427 [ 58.435683][ T2959] F2FS-fs (loop0): invalid crc value [ 58.452891][ T2959] F2FS-fs (loop0): Found nat_bits in checkpoint [ 58.498364][ T2959] F2FS-fs (loop0): Cannot turn on quotas: -2 on 0 [ 58.505687][ T2959] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 58.546846][ T291] attempt to access beyond end of device [ 58.546846][ T291] loop0: rw=2049, want=45104, limit=40427 [ 58.626771][ T2995] tipc: Enabling of bearer rejected, media not registered [ 58.714206][ T3001] loop0: detected capacity change from 0 to 256 [ 58.746451][ T3005] input: syz0 as /devices/virtual/input/input8 [ 58.864992][ T3020] loop0: detected capacity change from 0 to 512 [ 58.925357][ T3020] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,quota,,errors=continue. Quota mode: writeback. [ 59.292868][ T3064] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1191'. [ 59.568247][ T3043] loop0: detected capacity change from 0 to 131072 [ 59.580523][ T3043] F2FS-fs (loop0): Invalid log_blocksize (32), supports only 12 [ 59.588970][ T3043] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 59.607063][ T3043] F2FS-fs (loop0): Found nat_bits in checkpoint [ 59.651213][ T3043] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 59.658653][ T3043] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 59.720194][ T3080] loop2: detected capacity change from 0 to 40427 [ 59.748673][ T3080] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504) [ 59.755751][ T3080] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 59.768191][ T3080] F2FS-fs (loop2): invalid crc value [ 59.774826][ T3080] F2FS-fs (loop2): Found nat_bits in checkpoint [ 59.819574][ T3080] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 59.831617][ T3080] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 59.881092][ T293] attempt to access beyond end of device [ 59.881092][ T293] loop2: rw=2049, want=45104, limit=40427 [ 60.144262][ T26] hid-generic C990:0003:0000.0006: unknown main item tag 0x0 [ 60.151958][ T26] hid-generic C990:0003:0000.0006: unknown main item tag 0x0 [ 60.160554][ T26] hid-generic C990:0003:0000.0006: hidraw0: HID v0.00 Device [syz0] on syz1 [ 60.215655][ T3113] loop0: detected capacity change from 0 to 256 [ 60.216605][ T3099] loop2: detected capacity change from 0 to 40427 [ 60.252381][ T3099] F2FS-fs (loop2): fault_injection options not supported [ 60.273745][ T3118] SELinux: Context : is not valid (left unmapped). [ 60.281880][ T3099] F2FS-fs (loop2): invalid crc value [ 60.291993][ T3113] exfat: Deprecated parameter 'utf8' [ 60.302597][ T3099] F2FS-fs (loop2): Found nat_bits in checkpoint [ 60.318834][ T3113] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011e3e, chksum : 0x38c882e6, utbl_chksum : 0xe619d30d) [ 60.348705][ T3124] loop3: detected capacity change from 0 to 2048 [ 60.396195][ T3131] loop1: detected capacity change from 0 to 16 [ 60.406762][ T3132] incfs: Error accessing: ./file0. [ 60.409678][ T3099] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 60.412256][ T3132] incfs: mount failed -20 [ 60.443604][ T3131] erofs: (device loop1): mounted with root inode @ nid 36. [ 60.498850][ T3124] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 60.580979][ T3148] overlayfs: missing 'lowerdir' [ 60.589053][ T3151] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3151 comm=syz.1.1222 [ 60.645072][ T3151] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=3151 comm=syz.1.1222 [ 60.708034][ T3161] loop2: detected capacity change from 0 to 512 [ 60.780395][ T3176] loop1: detected capacity change from 0 to 1024 [ 60.802692][ T3161] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 60.822744][ T3176] EXT4-fs (loop1): Ignoring removed bh option [ 60.837278][ T3176] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 60.851760][ T3161] EXT4-fs (loop2): 1 truncate cleaned up [ 60.857334][ T3161] EXT4-fs (loop2): mounted filesystem without journal. Opts: debug_want_extra_isize=0x000000000000002e,min_batch_time=0x0000000000000fff,inode_readahead_blks=0x0000000000000080,stripe=0x0000000000004000,errors=remount-ro,max_batch_time=0x0000000000000004,. Quota mode: none. [ 60.984654][ T3176] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,dioread_lock,errors=remount-ro,max_dir_size_kb=0x00000000004007b1,discard,grpquota,dioread_lock,user_xattr,bh,dioread_nolock,. Quota mode: writeback. [ 61.304336][ T3231] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on. [ 61.400189][ T3238] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1263'. [ 61.564194][ T3248] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1267'. [ 61.908792][ T3256] loop0: detected capacity change from 0 to 128 [ 61.972123][ T3256] EXT4-fs (loop0): error: could not find journal device path: error -2 [ 62.107089][ T30] kauditd_printk_skb: 109 callbacks suppressed [ 62.107107][ T30] audit: type=1326 audit(62.135:1101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3262 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 62.137044][ T30] audit: type=1326 audit(62.155:1102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3262 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 62.159760][ T30] audit: type=1326 audit(62.165:1103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3262 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 62.249908][ T30] audit: type=1326 audit(62.275:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3262 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 62.321238][ T30] audit: type=1326 audit(62.275:1105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3262 comm="syz.0.1274" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 62.349263][ T30] audit: type=1107 audit(62.335:1106): pid=3275 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='Ä' [ 62.376782][ T3281] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 62.413523][ T3282] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 62.473660][ T30] audit: type=1400 audit(62.505:1107): avc: denied { name_bind } for pid=3285 comm="syz.2.1284" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 62.520809][ T30] audit: type=1400 audit(62.505:1108): avc: denied { node_bind } for pid=3285 comm="syz.2.1284" saddr=::1 src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 62.573961][ T30] audit: type=1400 audit(62.535:1109): avc: denied { ioctl } for pid=3287 comm="syz.1.1285" path="socket:[26260]" dev="sockfs" ino=26260 ioctlcmd=0x48d3 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 62.654420][ T3305] loop0: detected capacity change from 0 to 1024 [ 62.673352][ T3311] loop2: detected capacity change from 0 to 512 [ 62.713394][ T3311] EXT4-fs (loop2): Ignoring removed nobh option [ 62.718331][ T3305] EXT4-fs (loop0): Ignoring removed orlov option [ 62.732141][ T3305] EXT4-fs (loop0): Ignoring removed oldalloc option [ 62.742198][ T3311] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 62.771112][ T3311] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2219: inode #15: comm syz.2.1296: corrupted in-inode xattr [ 62.784485][ T3305] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodioread_nolock,bsddf,abort,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,oldalloc,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 62.809455][ T3311] EXT4-fs error (device loop2): ext4_orphan_get:1406: comm syz.2.1296: couldn't read orphan inode 15 (err -117) [ 62.842340][ T3311] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobh,prjquota,auto_da_alloc,mblk_io_submit,acl,,errors=continue. Quota mode: writeback. [ 62.878735][ T3330] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 62.893485][ T3334] netlink: 'syz.3.1306': attribute type 5 has an invalid length. [ 63.102162][ T30] audit: type=1400 audit(63.135:1110): avc: denied { create } for pid=3357 comm="syz.0.1317" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=udp_socket permissive=1 [ 63.409934][ T3406] loop4: detected capacity change from 0 to 1024 [ 63.532342][ T3424] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1347'. [ 63.800532][ T3457] loop4: detected capacity change from 0 to 256 [ 63.912181][ T3457] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 63.927551][ T3457] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 63.943874][ T3457] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 64.117678][ T3459] loop3: detected capacity change from 0 to 40427 [ 64.169673][ T3486] netlink: 'syz.4.1376': attribute type 12 has an invalid length. [ 64.170644][ T3488] syz.0.1377[3488] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.177781][ T3488] syz.0.1377[3488] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 64.185831][ T3486] netlink: 'syz.4.1376': attribute type 29 has an invalid length. [ 64.211671][ T3459] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 64.231567][ T3459] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 64.264248][ T3486] netlink: 148 bytes leftover after parsing attributes in process `syz.4.1376'. [ 64.280239][ T3459] F2FS-fs (loop3): Found nat_bits in checkpoint [ 64.321673][ T3486] netlink: 'syz.4.1376': attribute type 1 has an invalid length. [ 64.377817][ T3459] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 64.398300][ T3459] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 64.560731][ T3526] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 64.671371][ T3534] loop0: detected capacity change from 0 to 1024 [ 64.726472][ T3534] EXT4-fs (loop0): Ignoring removed nomblk_io_submit option [ 64.746737][ T3538] loop3: detected capacity change from 0 to 256 [ 64.753056][ T3534] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 64.789064][ T3538] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011bf5, chksum : 0xcea91b8a, utbl_chksum : 0xe619d30d) [ 64.790620][ T3534] EXT4-fs (loop0): can't mount with journal_async_commit, fs mounted w/o journal [ 64.810391][ T3538] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 64.836575][ T3538] exFAT-fs (loop3): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930445) [ 64.836575][ T3538] [ 64.849048][ T3538] exFAT-fs (loop3): Filesystem has been set read-only [ 64.856179][ T3538] exFAT-fs (loop3): error, failed to bmap (inode : ffff8881286e6350 iblock : 0, err : -5) [ 65.066235][ T3562] netem: change failed [ 65.118839][ T3566] loop1: detected capacity change from 0 to 128 [ 65.145830][ T3568] loop3: detected capacity change from 0 to 512 [ 65.177836][ T3572] loop4: detected capacity change from 0 to 1024 [ 65.202469][ T3568] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 65.211082][ T3568] EXT4-fs (loop3): orphan cleanup on readonly fs [ 65.221810][ T3572] EXT4-fs (loop4): Ignoring removed orlov option [ 65.229084][ T3572] EXT4-fs (loop4): Ignoring removed oldalloc option [ 65.236528][ T3568] EXT4-fs error (device loop3): ext4_acquire_dquot:6188: comm syz.3.1411: Failed to acquire dquot type 1 [ 65.249283][ T3568] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.1411: bg 0: block 40: padding at end of block bitmap is not set [ 65.264115][ T3568] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 65.273438][ T3568] EXT4-fs (loop3): 1 truncate cleaned up [ 65.279129][ T3568] EXT4-fs (loop3): mounted filesystem without journal. Opts: nolazytime,,errors=continue. Quota mode: writeback. [ 65.293144][ T3572] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,bsddf,abort,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,oldalloc,stripe=0x0000000000000001,,errors=continue. Quota mode: none. [ 65.514331][ T3603] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1425'. [ 65.774396][ T3647] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1446'. [ 65.784288][ T3647] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1446'. [ 65.931882][ T39] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 66.009189][ T3669] loop0: detected capacity change from 0 to 256 [ 66.074404][ T3669] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 66.124278][ T3669] exFAT-fs (loop0): hint_cluster is invalid (1) [ 66.130893][ T3669] exFAT-fs (loop0): error, invalid access to exfat cache (entry 0x00000000) [ 66.139721][ T3669] exFAT-fs (loop0): Filesystem has been set read-only [ 66.146681][ T3669] exFAT-fs (loop0): error, failed to bmap (inode : ffff8881286e6bf0 iblock : 9, err : -5) [ 66.156716][ T3669] exFAT-fs (loop0): error, tried to truncate zeroed cluster. [ 66.164117][ T3669] attempt to access beyond end of device [ 66.164117][ T3669] loop0: rw=2049, want=34359738496, limit=256 [ 66.303855][ T39] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 66.323015][ T39] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 66.421551][ T39] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 66.435650][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 66.457022][ T39] usb 2-1: SerialNumber: syz [ 66.484389][ T3692] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1466'. [ 66.493349][ T3692] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 66.754533][ T39] usb 2-1: 0:2 : does not exist [ 66.777114][ T39] usb 2-1: USB disconnect, device number 5 [ 67.320860][ T30] kauditd_printk_skb: 145 callbacks suppressed [ 67.320877][ T30] audit: type=1326 audit(2000000004.060:1254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.352341][ T30] audit: type=1326 audit(2000000004.060:1255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.378892][ T30] audit: type=1326 audit(2000000004.100:1256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.402639][ T30] audit: type=1326 audit(2000000004.100:1257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.426363][ T30] audit: type=1326 audit(2000000004.100:1258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.449853][ T30] audit: type=1326 audit(2000000004.120:1259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.478476][ T30] audit: type=1326 audit(2000000004.120:1260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.502163][ T30] audit: type=1326 audit(2000000004.120:1261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.525625][ T30] audit: type=1326 audit(2000000004.120:1262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.549514][ T30] audit: type=1326 audit(2000000004.120:1263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3741 comm="syz.2.1486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6b8acb5169 code=0x7ffc0000 [ 67.596824][ T3751] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=3751 comm=syz.2.1491 [ 67.609575][ T3751] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3751 comm=syz.2.1491 [ 67.766110][ T3771] device pim6reg1 entered promiscuous mode [ 68.133239][ T26] kernel write not supported for file bpf-prog (pid: 26 comm: kworker/1:0) [ 68.232646][ T6] kernel write not supported for file bpf-prog (pid: 6 comm: kworker/0:0) [ 68.359774][ T3860] overlayfs: upper fs does not support file handles, falling back to index=off. [ 68.376199][ T3860] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 69.017958][ T3927] loop0: detected capacity change from 0 to 256 [ 69.229659][ T3919] loop3: detected capacity change from 0 to 40427 [ 69.329319][ T3938] netlink: 'syz.1.1579': attribute type 4 has an invalid length. [ 69.337477][ T3919] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504) [ 69.370873][ T3919] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 69.381036][ T3919] F2FS-fs (loop3): fault_injection options not supported [ 69.389322][ T3919] F2FS-fs (loop3): fault_type options not supported [ 69.435091][ T3919] F2FS-fs (loop3): invalid crc value [ 69.463331][ T3950] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1583'. [ 69.483303][ T3919] F2FS-fs (loop3): Found nat_bits in checkpoint [ 69.592131][ T3919] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 69.599080][ T3919] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 69.611633][ T316] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 69.640362][ T3919] attempt to access beyond end of device [ 69.640362][ T3919] loop3: rw=2049, want=45112, limit=40427 [ 69.642240][ T3966] loop2: detected capacity change from 0 to 512 [ 69.711008][ T3970] loop1: detected capacity change from 0 to 512 [ 69.746124][ T3970] EXT4-fs (loop1): Unrecognized mount option "obj_type=" or missing value [ 69.792893][ T3966] EXT4-fs (loop2): mounted filesystem without journal. Opts: usrquota,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback. [ 69.816641][ T3966] ext4 filesystem being mounted at /270/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.968326][ T3985] loop1: detected capacity change from 0 to 128 [ 69.970301][ T3933] loop4: detected capacity change from 0 to 131072 [ 69.991604][ T316] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 70.015749][ T3985] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 70.034453][ T3933] F2FS-fs (loop4): Invalid log_blocksize (32), supports only 12 [ 70.042144][ T3933] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 70.058185][ T3933] F2FS-fs (loop4): Found nat_bits in checkpoint [ 70.081566][ T316] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 70.090446][ T316] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 70.099216][ T316] usb 1-1: SerialNumber: syz [ 70.132436][ T3933] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 70.139483][ T3933] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 70.451498][ T6] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 70.505191][ T4024] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1612'. [ 70.514599][ T4024] device gretap0 entered promiscuous mode [ 70.524319][ T4024] netlink: 5 bytes leftover after parsing attributes in process `syz.4.1612'. [ 70.533407][ T4024] 0ªX¹¦D: renamed from gretap0 [ 70.539189][ T4024] device 30ªX¹¦D left promiscuous mode [ 70.545408][ T4024] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 70.811692][ T6] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 70.823888][ T316] cdc_ether 1-1:1.0 eth1: register 'cdc_ether' at usb-dummy_hcd.0-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 70.839300][ T6] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 70.931638][ T6] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 70.942988][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 70.950875][ T6] usb 3-1: SerialNumber: syz [ 70.968017][ T4057] loop4: detected capacity change from 0 to 512 [ 70.977688][ T4060] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1625'. [ 70.987294][ T4060] device gretap0 entered promiscuous mode [ 71.003527][ T4060] netlink: 5 bytes leftover after parsing attributes in process `syz.3.1625'. [ 71.026707][ T4060] 0ªX¹¦D: renamed from gretap0 [ 71.032287][ T4060] device 30ªX¹¦D left promiscuous mode [ 71.038339][ T4060] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 71.081021][ T4057] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 71.094425][ T4070] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1627'. [ 71.109443][ T4057] ext4 filesystem being mounted at /463/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 71.134073][ T4057] EXT4-fs error (device loop4): ext4_do_update_inode:5205: inode #2: comm syz.4.1626: corrupted inode contents [ 71.150236][ T4074] overlayfs: failed to resolve './file2': -2 [ 71.154138][ T4057] EXT4-fs error (device loop4): ext4_dirty_inode:6041: inode #2: comm syz.4.1626: mark_inode_dirty error [ 71.167746][ T4057] EXT4-fs error (device loop4): ext4_do_update_inode:5205: inode #2: comm syz.4.1626: corrupted inode contents [ 71.180164][ T4057] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.1626: mark_inode_dirty error [ 71.224097][ T1877] usb 1-1: USB disconnect, device number 3 [ 71.232618][ T6] usb 3-1: 0:2 : does not exist [ 71.257927][ T1877] cdc_ether 1-1:1.0 eth1: unregister 'cdc_ether' usb-dummy_hcd.0-1, CDC Ethernet Device [ 71.269507][ T6] usb 3-1: USB disconnect, device number 2 [ 71.432030][ T4113] netlink: 244 bytes leftover after parsing attributes in process `syz.3.1642'. [ 71.461940][ T4113] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1642'. [ 71.482183][ T565] udevd[565]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 71.614423][ T4146] loop3: detected capacity change from 0 to 512 [ 71.649064][ T4152] loop4: detected capacity change from 0 to 1024 [ 71.656024][ T4150] raw_sendmsg: syz.1.1652 forgot to set AF_INET. Fix it! [ 71.664298][ T4146] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,bsddf,. Quota mode: writeback. [ 71.676905][ T4146] ext4 filesystem being mounted at /311/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 71.677124][ T4152] EXT4-fs (loop4): Ignoring removed nobh option [ 71.709038][ T4152] EXT4-fs (loop4): Ignoring removed bh option [ 71.722281][ T4152] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 71.763292][ T4163] futex_wake_op: syz.0.1657 tries to shift op by -1; fix this program [ 71.780798][ T4166] syz.1.1658[4166] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.780886][ T4166] syz.1.1658[4166] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 71.798530][ T4152] EXT4-fs (loop4): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,journal_dev=0x0000000000000006,errors=remount-ro,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,noload,bh,dioread_nolock,. Quota mode: writeback. [ 71.853772][ T4169] loop0: detected capacity change from 0 to 4096 [ 71.906703][ T4177] loop2: detected capacity change from 0 to 512 [ 71.959062][ T4169] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 72.039609][ T4195] loop4: detected capacity change from 0 to 256 [ 72.052981][ T4177] EXT4-fs (loop2): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue. Quota mode: writeback. [ 72.067964][ T4177] ext4 filesystem being mounted at /281/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.083208][ T4195] exfat: Deprecated parameter 'namecase' [ 72.109827][ T4195] exfat: Deprecated parameter 'namecase' [ 72.128035][ T4209] loop0: detected capacity change from 0 to 512 [ 72.144131][ T4195] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 72.158710][ T4213] loop1: detected capacity change from 0 to 16 [ 72.168458][ T4195] incfs: ino conflict with backing FS 1 [ 72.175655][ T4209] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 72.192883][ T4213] erofs: (device loop1): mounted with root inode @ nid 36. [ 72.195129][ T4209] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ce018, mo2=0002] [ 72.221584][ T4209] System zones: 1-12 [ 72.226604][ T4209] EXT4-fs (loop0): 1 truncate cleaned up [ 72.240839][ T4209] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,nouid32,debug,nobarrier,quota,,errors=continue. Quota mode: writeback. [ 72.261183][ T4209] EXT4-fs warning (device loop0): verify_group_input:147: Cannot add at group 5001287 (only 1 groups) [ 72.386985][ T30] kauditd_printk_skb: 120 callbacks suppressed [ 72.387002][ T30] audit: type=1400 audit(2000000009.130:1384): avc: denied { write } for pid=4230 comm="syz.0.1683" laddr=::1 lport=1 faddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 72.456679][ T30] audit: type=1400 audit(2000000009.170:1385): avc: denied { read } for pid=4237 comm="syz.3.1688" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 72.504870][ T30] audit: type=1400 audit(2000000009.170:1386): avc: denied { open } for pid=4237 comm="syz.3.1688" path="/dev/kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 72.559403][ T30] audit: type=1400 audit(2000000009.180:1387): avc: denied { ioctl } for pid=4237 comm="syz.3.1688" path="/dev/kvm" dev="devtmpfs" ino=82 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 72.603949][ T30] audit: type=1400 audit(2000000009.200:1388): avc: denied { read write } for pid=293 comm="syz-executor" name="loop2" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 72.636509][ T30] audit: type=1400 audit(2000000009.200:1389): avc: denied { open } for pid=293 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=114 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 72.661168][ T30] audit: type=1400 audit(2000000009.200:1390): avc: denied { ioctl } for pid=293 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=114 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 72.698558][ T30] audit: type=1400 audit(2000000009.230:1391): avc: denied { append } for pid=82 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=6 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 72.703033][ T4260] loop1: detected capacity change from 0 to 2048 [ 72.737147][ T4263] syz.2.1697[4263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 72.737232][ T4263] syz.2.1697[4263] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 72.796497][ T30] audit: type=1400 audit(2000000009.230:1392): avc: denied { create } for pid=4240 comm="syz.2.1689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 72.827657][ T30] audit: type=1400 audit(2000000009.230:1393): avc: denied { setopt } for pid=4240 comm="syz.2.1689" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 72.857323][ T4273] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1702'. [ 72.866962][ T4273] device gretap0 entered promiscuous mode [ 72.875235][ T4260] Alternate GPT is invalid, using primary GPT. [ 72.878499][ T4273] netlink: 5 bytes leftover after parsing attributes in process `syz.2.1702'. [ 72.887109][ T4260] loop1: p1 p2 p3 [ 72.891315][ T4273] 0ªX¹¦D: renamed from gretap0 [ 72.899468][ T4273] device 30ªX¹¦D left promiscuous mode [ 72.906243][ T4273] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 72.925434][ T100] Alternate GPT is invalid, using primary GPT. [ 72.937033][ T100] loop1: p1 p2 p3 [ 73.071529][ T458] udevd[458]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 73.076695][ T2755] udevd[2755]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 73.086113][ T4285] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1707'. [ 73.094380][ T565] udevd[565]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 73.159705][ T2755] udevd[2755]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 73.159732][ T458] udevd[458]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 73.183055][ T565] udevd[565]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 73.253281][ T4299] netlink: 9 bytes leftover after parsing attributes in process `syz.0.1714'. [ 73.255906][ T4300] loop4: detected capacity change from 0 to 512 [ 73.273227][ T4299] device gretap0 entered promiscuous mode [ 73.285285][ T4299] 0ªX¹¦D: renamed from gretap0 [ 73.299789][ T4299] device 30ªX¹¦D left promiscuous mode [ 73.314825][ T4299] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 73.398473][ T4300] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrquota,grpjquota=,nodelalloc,,errors=continue. Quota mode: writeback. [ 73.420932][ T4300] ext4 filesystem being mounted at /477/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 73.448274][ T893] Bluetooth: hci0: Frame reassembly failed (-84) [ 73.477108][ T893] Bluetooth: hci1: Frame reassembly failed (-84) [ 73.881659][ T4338] loop4: detected capacity change from 0 to 256 [ 73.965836][ T4338] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 73.982881][ T4338] exFAT-fs (loop4): hint_cluster is invalid (17) [ 74.081393][ T4346] loop4: detected capacity change from 0 to 256 [ 74.160884][ T4346] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d) [ 74.244858][ T4355] loop4: detected capacity change from 0 to 512 [ 74.273456][ T4355] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5 [ 74.273456][ T4355] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 74.273456][ T4355] [ 74.291473][ T4355] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 74.300731][ T4355] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 74.313276][ T4355] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=80026019, mo2=0000] [ 74.323595][ T4355] EXT4-fs (loop4): 1 truncate cleaned up [ 74.329059][ T4355] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,noblock_validity,nombcache,acl,barrier=0x000000000000000c,noacl,nodiscard,jqfmt=vfsold,resgid=0x00000000000000002,errors=continue. Quota mode: writeback. [ 74.350818][ T893] EXT4-fs error (device loop4): ext4_release_dquot:6211: comm kworker/u4:5: Failed to release dquot type 1 [ 74.368280][ T4355] EXT4-fs error (device loop4): __ext4_new_inode:1286: comm syz.4.1738: failed to insert inode 15: doubly allocated? [ 74.391691][ T893] EXT4-fs error (device loop4): ext4_release_dquot:6211: comm kworker/u4:5: Failed to release dquot type 1 [ 74.421335][ T4362] loop1: detected capacity change from 0 to 512 [ 74.484348][ T4362] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.1740: inode #1: comm syz.1.1740: iget: illegal inode # [ 74.497596][ T4362] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1740: error while reading EA inode 1 err=-117 [ 74.511823][ T4362] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.1740: inode #1: comm syz.1.1740: iget: illegal inode # [ 74.524945][ T4362] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.1740: error while reading EA inode 1 err=-117 [ 74.537570][ T4362] EXT4-fs (loop1): 1 orphan inode deleted [ 74.543242][ T4362] EXT4-fs (loop1): mounted filesystem without journal. Opts: sysvgroups,journal_dev=0x0000000000008000,debug_want_extra_isize=0x000000000000005c,resgid=0x0000000000000000,nojournal_checksum,grpquota,usrjquota=,,errors=continue. Quota mode: writeback. [ 74.721535][ T6] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 74.844506][ T1877] kernel write not supported for file bpf-prog (pid: 1877 comm: kworker/0:5) [ 74.929153][ T4403] bridge0: port 3(vlan2) entered blocking state [ 74.935434][ T4403] bridge0: port 3(vlan2) entered disabled state [ 74.942449][ T4403] device vlan2 entered promiscuous mode [ 74.948137][ T4403] bridge0: mtu less than device minimum [ 75.028293][ T4401] loop3: detected capacity change from 0 to 40427 [ 75.048980][ T4427] netlink: 'syz.1.1765': attribute type 13 has an invalid length. [ 75.060437][ T4427] gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 75.068068][ T4427] device gretap1 entered promiscuous mode [ 75.088399][ T4401] F2FS-fs (loop3): invalid crc value [ 75.091798][ T6] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 75.108919][ T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 75.118912][ T4401] F2FS-fs (loop3): Found nat_bits in checkpoint [ 75.137552][ T4432] loop1: detected capacity change from 0 to 8192 [ 75.157445][ T4401] F2FS-fs (loop3): Start checkpoint disabled! [ 75.164244][ T4401] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 75.176329][ T4432] loop1: p2 p3 p4 [ 75.180890][ T4432] loop1: p2 size 130943 extends beyond EOD, truncated [ 75.189265][ T4432] loop1: p3 size 16776960 extends beyond EOD, truncated [ 75.196440][ T6] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 75.205779][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 75.214555][ T4432] loop1: p4 size 3599499392 extends beyond EOD, truncated [ 75.221975][ T6] usb 5-1: SerialNumber: syz [ 75.291671][ T893] attempt to access beyond end of device [ 75.291671][ T893] loop3: rw=2049, want=40968, limit=40427 [ 75.378914][ T2755] udevd[2755]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory [ 75.378939][ T458] udevd[458]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 75.380846][ T362] udevd[362]: inotify_add_watch(7, /dev/loop1p4, 10) failed: No such file or directory [ 75.428855][ T4436] loop1: detected capacity change from 0 to 256 [ 75.461538][ T316] Bluetooth: hci0: command 0x1003 tx timeout [ 75.469203][ T2448] Bluetooth: hci0: sending frame failed (-49) [ 75.477903][ T4441] loop3: detected capacity change from 0 to 256 [ 75.499429][ T4443] device gretap0 entered promiscuous mode [ 75.502388][ T6] usb 5-1: 0:2 : does not exist [ 75.509500][ T4443] 0ªX¹¦D: renamed from gretap0 [ 75.512634][ T4441] exfat: Deprecated parameter 'namecase' [ 75.519990][ T6] usb 5-1: USB disconnect, device number 3 [ 75.520475][ T4443] device 30ªX¹¦D left promiscuous mode [ 75.531868][ T4443] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 75.542325][ T316] Bluetooth: hci1: command 0x1003 tx timeout [ 75.553337][ T2448] Bluetooth: hci1: sending frame failed (-49) [ 75.557583][ T4441] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 76.036316][ T4481] loop4: detected capacity change from 0 to 8192 [ 76.083465][ T4483] SELinux: Context system_u:object_r:public_content_rw_t:s0 is not valid (left unmapped). [ 76.093020][ T4481] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 76.261535][ T6] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 76.501531][ T6] usb 2-1: Using ep0 maxpacket: 8 [ 76.661799][ T6] usb 2-1: unable to get BOS descriptor or descriptor too short [ 76.741552][ T6] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 76.931685][ T6] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=6a.e5 [ 76.940570][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 76.948404][ T6] usb 2-1: Product: syz [ 76.952364][ T6] usb 2-1: Manufacturer: syz [ 76.956771][ T6] usb 2-1: SerialNumber: syz [ 77.135540][ T4510] __nla_validate_parse: 5 callbacks suppressed [ 77.135555][ T4510] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1801'. [ 77.205009][ T4479] loop1: detected capacity change from 0 to 1024 [ 77.282550][ T4479] EXT4-fs (loop1): Ignoring removed orlov option [ 77.303066][ T4479] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv1,resgid=0x0000000000000000,nodioread_nolock,norecovery,debug_want_extra_isize=0x0000000000000080,resgid=0x0000000000000000,errors=remount-ro,grpid,orlov,. Quota mode: none. [ 77.381663][ T6] snd-usb-audio: probe of 2-1:8.0 failed with error -2 [ 77.392373][ T6] usb 2-1: USB disconnect, device number 6 [ 77.551591][ T316] Bluetooth: hci0: command 0x1001 tx timeout [ 77.557503][ T2448] Bluetooth: hci0: sending frame failed (-49) [ 77.631523][ T6] Bluetooth: hci1: command 0x1001 tx timeout [ 77.637430][ T2448] Bluetooth: hci1: sending frame failed (-49) [ 77.880574][ T30] kauditd_printk_skb: 1908 callbacks suppressed [ 77.880591][ T30] audit: type=1400 audit(2000000270.613:3300): avc: denied { create } for pid=4525 comm="syz.1.1806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 77.915325][ T30] audit: type=1400 audit(2000000270.653:3301): avc: denied { write } for pid=4525 comm="syz.1.1806" path="socket:[30516]" dev="sockfs" ino=30516 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 77.940274][ T30] audit: type=1400 audit(2000000270.653:3302): avc: denied { nlmsg_read } for pid=4525 comm="syz.1.1806" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 77.970772][ T30] audit: type=1400 audit(2000000270.703:3303): avc: denied { block_suspend } for pid=4521 comm="syz.4.1805" capability=36 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 77.992517][ T4534] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 78.001700][ T30] audit: type=1400 audit(2000000270.733:3304): avc: denied { name_bind } for pid=4533 comm="syz.3.1809" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1 [ 78.047644][ T30] audit: type=1400 audit(2000000270.733:3305): avc: denied { node_bind } for pid=4533 comm="syz.3.1809" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 78.082112][ T4532] loop1: detected capacity change from 0 to 8192 [ 78.088402][ T30] audit: type=1326 audit(2000000270.813:3306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4537 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 78.088863][ T4540] loop4: detected capacity change from 0 to 256 [ 78.117948][ T30] audit: type=1326 audit(2000000270.813:3307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4537 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 78.146838][ T30] audit: type=1326 audit(2000000270.813:3308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4537 comm="syz.3.1811" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 78.197848][ T4543] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4543 comm=syz.3.1814 [ 78.206486][ T4540] attempt to access beyond end of device [ 78.206486][ T4540] loop4: rw=2049, want=268, limit=256 [ 78.259808][ T30] audit: type=1326 audit(2000000270.993:3309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4550 comm="syz.1.1816" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 78.326760][ T4557] loop1: detected capacity change from 0 to 512 [ 78.383193][ T4557] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 78.391352][ T4557] EXT4-fs (loop1): invalid journal inode [ 78.411580][ T4557] EXT4-fs (loop1): can't get journal size [ 78.438379][ T4568] loop3: detected capacity change from 0 to 16 [ 78.444872][ T4557] EXT4-fs (loop1): 1 truncate cleaned up [ 78.450493][ T4557] EXT4-fs (loop1): mounted filesystem without journal. Opts: norecovery,max_batch_time=0x0000000000000003,,errors=continue. Quota mode: none. [ 78.467626][ T4557] EXT4-fs warning (device loop1): verify_group_input:147: Cannot add at group 3 (only 1 groups) [ 78.496260][ T4568] erofs: (device loop3): erofs_read_inode: unsupported i_format 264 of nid 36 [ 78.633451][ T4582] loop4: detected capacity change from 0 to 256 [ 78.683003][ T4579] loop3: detected capacity change from 0 to 2048 [ 78.712818][ T4579] Alternate GPT is invalid, using primary GPT. [ 78.718972][ T4579] loop3: p1 p2 p3 [ 78.750990][ T100] Alternate GPT is invalid, using primary GPT. [ 78.757181][ T100] loop3: p1 p2 p3 [ 78.842697][ T2755] udevd[2755]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 78.853786][ T565] udevd[565]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 78.864748][ T458] udevd[458]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 79.081496][ T315] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 79.137720][ T4585] loop1: detected capacity change from 0 to 131072 [ 79.157559][ T4585] F2FS-fs (loop1): Invalid segment/section count (31, 24 x 150994945) [ 79.166827][ T4585] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 79.176095][ T4585] F2FS-fs (loop1): invalid crc value [ 79.183043][ T4585] F2FS-fs (loop1): Found nat_bits in checkpoint [ 79.225365][ T4585] F2FS-fs (loop1): Cannot turn on quotas: -2 on 2 [ 79.232490][ T4585] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 79.239427][ T4585] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 79.395034][ T4595] loop3: detected capacity change from 0 to 131072 [ 79.471819][ T315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 79.485486][ T4595] F2FS-fs (loop3): Test dummy encryption mode enabled [ 79.492289][ T315] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 79.503036][ T315] usb 5-1: New USB device found, idVendor=05ac, idProduct=4262, bcdDevice= 0.00 [ 79.512853][ T4595] F2FS-fs (loop3): invalid crc value [ 79.522221][ T315] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.530902][ T315] usb 5-1: config 0 descriptor?? [ 79.543060][ T4595] F2FS-fs (loop3): Found nat_bits in checkpoint [ 79.587824][ T4595] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 79.621613][ T6] Bluetooth: hci0: command 0x1009 tx timeout [ 79.701547][ T6] Bluetooth: hci1: command 0x1009 tx timeout [ 79.874969][ T4620] loop3: detected capacity change from 0 to 512 [ 79.934265][ T4620] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1845: invalid indirect mapped block 256 (level 2) [ 79.947926][ T4620] EXT4-fs (loop3): 2 truncates cleaned up [ 79.953514][ T4620] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 79.967954][ T4620] EXT4-fs error (device loop3): ext4_validate_block_bitmap:429: comm syz.3.1845: bg 0: block 5: invalid block bitmap [ 79.980570][ T4620] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3355443200 > max in inode 15 [ 79.990725][ T4620] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3355443201 > max in inode 15 [ 80.012744][ T315] hid-generic 0003:05AC:4262.0007: unbalanced delimiter at end of report description [ 80.022732][ T315] hid-generic: probe of 0003:05AC:4262.0007 failed with error -22 [ 80.051174][ T4624] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1846'. [ 80.181307][ T4640] loop3: detected capacity change from 0 to 256 [ 80.218514][ T315] usb 5-1: USB disconnect, device number 4 [ 80.517518][ T4654] tmpfs: Unknown parameter 'usrquota·' [ 80.559841][ T4658] syz.3.1863[4658] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.559929][ T4658] syz.3.1863[4658] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.858716][ T4700] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4700 comm=syz.1.1879 [ 80.912810][ T4702] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1883'. [ 80.936705][ T4704] xt_CT: No such helper "pptp" [ 81.127772][ T4731] loop4: detected capacity change from 0 to 128 [ 81.219669][ T4731] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 81.240294][ T4731] ext4 filesystem being mounted at /520/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 81.773078][ T4727] loop1: detected capacity change from 0 to 131072 [ 81.830840][ T4740] loop4: detected capacity change from 0 to 40427 [ 81.841624][ T4727] F2FS-fs (loop1): Test dummy encryption mode enabled [ 81.849630][ T4727] F2FS-fs (loop1): invalid crc value [ 81.861020][ T4727] F2FS-fs (loop1): Found nat_bits in checkpoint [ 81.876205][ T4740] F2FS-fs (loop4): fault_injection options not supported [ 81.897400][ T4740] F2FS-fs (loop4): invalid crc value [ 81.910661][ T4740] F2FS-fs (loop4): Found nat_bits in checkpoint [ 81.931574][ T4727] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 81.973926][ T4740] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 82.120457][ T289] attempt to access beyond end of device [ 82.120457][ T289] loop4: rw=2049, want=45104, limit=40427 [ 82.138551][ T4755] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 82.147981][ T4755] SELinux: security_context_str_to_sid(user_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 82.463769][ T4784] loop3: detected capacity change from 0 to 128 [ 82.489873][ T4786] Illegal XDP return value 864059096, expect packet loss! [ 82.523419][ T4784] EXT4-fs (loop3): Ignoring removed nobh option [ 82.536077][ T4784] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobh,nouid32,,errors=continue. Quota mode: none. [ 82.548573][ T4784] ext4 filesystem being mounted at /407/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.755689][ T4816] loop1: detected capacity change from 0 to 256 [ 82.818377][ T4806] loop4: detected capacity change from 0 to 40427 [ 82.866138][ T4806] F2FS-fs (loop4): fault_injection options not supported [ 82.881041][ T4806] F2FS-fs (loop4): invalid crc value [ 82.889316][ T4806] F2FS-fs (loop4): Found nat_bits in checkpoint [ 82.910878][ T30] kauditd_printk_skb: 157 callbacks suppressed [ 82.910895][ T30] audit: type=1400 audit(2000000275.643:3467): avc: denied { bind } for pid=4819 comm="syz.1.1932" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 82.981937][ T4806] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 83.051099][ T289] attempt to access beyond end of device [ 83.051099][ T289] loop4: rw=2049, want=45104, limit=40427 [ 83.232291][ T4822] loop1: detected capacity change from 0 to 40427 [ 83.326612][ T4822] F2FS-fs (loop1): invalid crc value [ 83.342466][ T4822] F2FS-fs (loop1): Found nat_bits in checkpoint [ 83.366985][ T4829] loop4: detected capacity change from 0 to 512 [ 83.403394][ T4822] F2FS-fs (loop1): Start checkpoint disabled! [ 83.410161][ T4822] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 83.443268][ T4822] attempt to access beyond end of device [ 83.443268][ T4822] loop1: rw=2049, want=45104, limit=40427 [ 83.461338][ T4829] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,inode_readahead_blks=0x0000000000000800,grpid,,errors=continue. Quota mode: writeback. [ 83.492761][ T10] attempt to access beyond end of device [ 83.492761][ T10] loop1: rw=2049, want=40976, limit=40427 [ 83.501599][ T4829] ext4 filesystem being mounted at /535/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 83.647186][ T4836] netem: change failed [ 83.708199][ T4846] loop1: detected capacity change from 0 to 256 [ 83.749081][ T4852] loop4: detected capacity change from 0 to 512 [ 83.760916][ T4854] loop3: detected capacity change from 0 to 512 [ 83.782669][ T4852] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 83.790617][ T4852] System zones: 0-2, 18-18, 34-35 [ 83.801786][ T4854] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 83.812749][ T4852] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 83.824380][ T30] audit: type=1326 audit(2000000276.573:3468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 83.824937][ T4852] ext4 filesystem being mounted at /538/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 83.859481][ T4854] EXT4-fs (loop3): 1 truncate cleaned up [ 83.895670][ T30] audit: type=1326 audit(2000000276.573:3469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 83.919760][ T30] audit: type=1326 audit(2000000276.593:3470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 83.943197][ T4854] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000020000,mb_optimize_scan=0x0000000000000001,inlinecrypt,debug_want_extra_isize=0x0000000000000080,nombcache,max_dir_size_kb=0x0000000000000006,,errors=continue. Quota mode: none. [ 83.946686][ T30] audit: type=1326 audit(2000000276.593:3471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 83.993099][ T30] audit: type=1326 audit(2000000276.593:3472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 84.018034][ T30] audit: type=1326 audit(2000000276.593:3473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 84.041552][ T30] audit: type=1326 audit(2000000276.603:3474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 84.065212][ T30] audit: type=1326 audit(2000000276.663:3475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 84.090454][ T30] audit: type=1326 audit(2000000276.763:3476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4857 comm="syz.1.1946" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f484142b169 code=0x7ffc0000 [ 84.286601][ T4880] loop4: detected capacity change from 0 to 8192 [ 84.477007][ T4913] loop3: detected capacity change from 0 to 1024 [ 84.546592][ T4900] loop1: detected capacity change from 0 to 40427 [ 84.552999][ T316] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 84.791538][ T316] usb 1-1: Using ep0 maxpacket: 16 [ 86.061431][ C0] sched: RT throttling activated [ 86.081561][ T316] usb 1-1: config 0 has an invalid interface number: 251 but max is 0 [ 86.089612][ T316] usb 1-1: config 0 has no interface number 0 [ 86.095560][ T316] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 86.105230][ T316] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 86.131737][ T4913] EXT4-fs (loop3): Ignoring removed orlov option [ 86.141827][ T4913] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 86.149914][ T4900] F2FS-fs (loop1): invalid crc value [ 86.177109][ T4900] F2FS-fs (loop1): Found nat_bits in checkpoint [ 86.187401][ T4923] IPv6: NLM_F_CREATE should be specified when creating new route [ 86.203528][ T4913] EXT4-fs (loop3): mounted filesystem without journal. Opts: noblock_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 86.239180][ T4900] F2FS-fs (loop1): Start checkpoint disabled! [ 86.246046][ T4900] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 86.311599][ T316] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 86.320521][ T316] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.328965][ T316] usb 1-1: Product: syz [ 86.333271][ T316] usb 1-1: Manufacturer: syz [ 86.337717][ T316] usb 1-1: SerialNumber: syz [ 86.346569][ T316] usb 1-1: config 0 descriptor?? [ 86.361596][ T4889] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 86.368220][ T893] attempt to access beyond end of device [ 86.368220][ T893] loop1: rw=2049, want=40968, limit=40427 [ 86.368420][ T4889] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 86.491534][ T39] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 86.541493][ T6] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 86.610105][ T4889] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 86.617224][ T4889] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 86.851562][ T39] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.871495][ T39] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D is Bulk; changing to Interrupt [ 86.881223][ T39] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 86.911489][ T39] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 86.920342][ T39] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.931547][ T6] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.941907][ T6] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21 [ 86.955363][ T39] usb 5-1: config 0 descriptor?? [ 86.955450][ T6] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 86.969768][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.977730][ T4923] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 86.986273][ T6] usb 3-1: config 0 descriptor?? [ 87.022709][ T6] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 87.052030][ T4889] UDC core: couldn't find an available UDC or it's busy: -16 [ 87.059324][ T4889] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 87.071869][ T316] asix 1-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 87.091524][ T316] asix: probe of 1-1:0.251 failed with error -524 [ 87.227132][ T4929] UDC core: couldn't find an available UDC or it's busy: -16 [ 87.247273][ T4929] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 87.275861][ T39] usb 1-1: USB disconnect, device number 4 [ 87.333199][ T501] usb 3-1: USB disconnect, device number 3 [ 87.693733][ T501] usb 5-1: USB disconnect, device number 5 [ 87.730851][ T4959] loop4: detected capacity change from 0 to 8192 [ 87.882980][ T4967] loop4: detected capacity change from 0 to 256 [ 87.924024][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 87.924053][ T30] audit: type=1400 audit(2000000000.170:3510): avc: denied { unmount } for pid=289 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 87.986882][ T30] audit: type=1400 audit(2000000000.200:3511): avc: denied { execute } for pid=4971 comm="syz.2.1994" name="file0" dev="tmpfs" ino=1576 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 88.051278][ T4977] fuse: Bad value for 'fd' [ 88.186188][ T4975] loop4: detected capacity change from 0 to 40427 [ 88.230783][ T4986] loop0: detected capacity change from 0 to 1024 [ 88.240375][ T4975] F2FS-fs (loop4): invalid crc value [ 88.257544][ T4975] F2FS-fs (loop4): Found nat_bits in checkpoint [ 88.281926][ T30] audit: type=1400 audit(2000000000.530:3512): avc: denied { write } for pid=4994 comm="syz.2.2004" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1 [ 88.301111][ T4986] EXT4-fs (loop0): Test dummy encryption mode enabled [ 88.326331][ T4986] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 88.362525][ T4999] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2006'. [ 88.373325][ T4999] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2006'. [ 88.382699][ T4975] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 88.398038][ T4986] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,data_err=ignore,resuid=0x0000000000000000,grpquota,dioread_nolock,bsddf,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 88.462263][ T5009] loop3: detected capacity change from 0 to 16 [ 88.487674][ T5005] loop2: detected capacity change from 0 to 8192 [ 88.511802][ T5009] erofs: Unknown parameter '»MÇt;s¹ðtÁP¤2~-QwLJ¡#$¾òÚ¨¹•uB—]t6Fù¹%©Tlk÷íÎ&ÛSOøÌÅû' [ 88.543421][ T5010] attempt to access beyond end of device [ 88.543421][ T5010] loop4: rw=2049, want=78080, limit=40427 [ 88.603833][ T30] audit: type=1400 audit(2000000000.850:3513): avc: denied { write } for pid=5011 comm="syz.3.2011" name="ppp" dev="devtmpfs" ino=150 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 88.650985][ T5015] loop0: detected capacity change from 0 to 256 [ 88.736476][ T289] attempt to access beyond end of device [ 88.736476][ T289] loop4: rw=2049, want=45104, limit=40427 [ 88.772497][ T5024] netlink: 'syz.3.2014': attribute type 16 has an invalid length. [ 88.793131][ T5024] netlink: 'syz.3.2014': attribute type 17 has an invalid length. [ 88.834158][ T5024] device veth1_to_batadv entered promiscuous mode [ 88.873531][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 88.887042][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 88.902002][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 88.936150][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 88.944917][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 88.953272][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 88.971359][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 88.996803][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 89.019726][ T5031] netlink: 'syz.0.2019': attribute type 10 has an invalid length. [ 89.059466][ T5039] loop3: detected capacity change from 0 to 4096 [ 89.071279][ T5041] loop2: detected capacity change from 0 to 1024 [ 89.110869][ T30] audit: type=1400 audit(2000000001.350:3514): avc: denied { mount } for pid=5047 comm="syz.0.2026" name="/" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=filesystem permissive=1 [ 89.157267][ T5041] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=continue,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,noblock_validity,noinit_itable,barrier=0x0000000000000001,max_batch_time=0x0000000000000004,data_err=abort,auto_da_alloc=0x0000000000000008,,errors=continue. Quota mode: writeback. [ 89.190582][ T5035] loop1: detected capacity change from 0 to 40427 [ 89.196908][ T30] audit: type=1400 audit(2000000001.440:3515): avc: denied { lock } for pid=5040 comm="syz.2.2024" path="/313/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 89.221637][ T30] audit: type=1400 audit(2000000001.440:3516): avc: denied { link } for pid=5040 comm="syz.2.2024" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 89.247587][ T5051] loop4: detected capacity change from 0 to 256 [ 89.254257][ T5039] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 89.265572][ T5035] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 89.276239][ T5035] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 89.289460][ T30] audit: type=1400 audit(2000000001.530:3517): avc: denied { append } for pid=5038 comm="syz.3.2023" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 89.313539][ T5035] F2FS-fs (loop1): invalid crc value [ 89.344501][ T5035] F2FS-fs (loop1): Found nat_bits in checkpoint [ 89.411900][ T5035] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 89.424110][ T5035] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 89.499098][ T30] audit: type=1400 audit(2000000001.740:3518): avc: denied { write } for pid=5071 comm="syz.4.2035" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 89.569398][ T30] audit: type=1400 audit(2000000001.810:3519): avc: denied { accept } for pid=5074 comm="syz.4.2036" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 89.765573][ T5061] loop2: detected capacity change from 0 to 40427 [ 89.838894][ T290] attempt to access beyond end of device [ 89.838894][ T290] loop1: rw=2049, want=45104, limit=40427 [ 89.872027][ T5061] F2FS-fs (loop2): invalid crc value [ 89.872812][ T5070] futex_wake_op: syz.0.2034 tries to shift op by -1; fix this program [ 89.891140][ T5070] loop0: detected capacity change from 0 to 512 [ 89.906928][ T5061] F2FS-fs (loop2): Found nat_bits in checkpoint [ 89.932834][ T5070] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 89.973222][ T5070] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters [ 89.993906][ T5070] EXT4-fs error (device loop0): ext4_acquire_dquot:6188: comm syz.0.2034: Failed to acquire dquot type 1 [ 90.011633][ T5061] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 90.013909][ T5070] EXT4-fs (loop0): 1 truncate cleaned up [ 90.025601][ T5070] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrjquota=,noblock_validity,max_dir_size_kb=0x000000000181fffc,inlinecrypt,journal_ioprio=0x0000000000000007,discard,nobarrier,dioread_nolock,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 90.178499][ T5110] attempt to access beyond end of device [ 90.178499][ T5110] loop2: rw=2049, want=78080, limit=40427 [ 90.284792][ T5119] loop0: detected capacity change from 0 to 512 [ 90.295612][ T1872] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 90.307352][ T293] attempt to access beyond end of device [ 90.307352][ T293] loop2: rw=2049, want=45104, limit=40427 [ 90.338045][ T5119] EXT4-fs (loop0): 1 orphan inode deleted [ 90.363578][ T5119] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 90.390273][ T5119] ext4 filesystem being mounted at /278/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 90.682400][ T1872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 90.713420][ T1872] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 90.731054][ T1872] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 90.770438][ T1872] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 90.779815][ T1872] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.793440][ T1872] usb 5-1: config 0 descriptor?? [ 90.973224][ T5172] loop2: detected capacity change from 0 to 1024 [ 90.992664][ T5172] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 91.009995][ T5172] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 91.052541][ T5172] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,grpquota,grpjquota=,barrier,dioread_nolock,nodiscard,nomblk_io_submit,nodiscard,,errors=continue. Quota mode: writeback. [ 91.210465][ T5128] loop1: detected capacity change from 0 to 131072 [ 91.262602][ T1872] plantronics 0003:047F:FFFF.0008: unknown main item tag 0xd [ 91.287254][ T1872] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 91.296764][ T5128] F2FS-fs (loop1): invalid crc value [ 91.305965][ T1872] plantronics 0003:047F:FFFF.0008: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 91.329482][ T5128] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 91.337726][ T5199] loop2: detected capacity change from 0 to 4096 [ 91.369853][ T5128] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 91.396393][ T5128] syz.1.2055 (pid 5128) is setting deprecated v1 encryption policy; recommend upgrading to v2. [ 91.422897][ T5199] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 91.555651][ T1872] usb 5-1: USB disconnect, device number 6 [ 91.679818][ T5227] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=5227 comm=syz.3.2098 [ 91.955325][ T5249] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev ?, type ?) errno=-22 [ 91.965878][ T5249] SELinux: security_context_str_to_sid(unconfined_u) failed for (dev incremental-fs, type incremental-fs) errno=-22 [ 92.386568][ T5291] binder: 5290:5291 ioctl c0306201 200000000240 returned -14 [ 92.417283][ T5296] loop1: detected capacity change from 0 to 1024 [ 92.492470][ T5296] EXT4-fs (loop1): Test dummy encryption mode enabled [ 92.499116][ T5296] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 92.543462][ T5303] netlink: 35 bytes leftover after parsing attributes in process `syz.4.2132'. [ 92.554175][ T5296] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,data_err=ignore,resuid=0x0000000000000000,grpquota,dioread_nolock,bsddf,noauto_da_alloc,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 92.571533][ T5303] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2132'. [ 92.708510][ T5309] syz.4.2135[5309] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.708592][ T5309] syz.4.2135[5309] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.812855][ T5316] netlink: 'syz.3.2139': attribute type 16 has an invalid length. [ 92.854016][ T5316] netlink: 'syz.3.2139': attribute type 17 has an invalid length. [ 92.985338][ T30] kauditd_printk_skb: 58 callbacks suppressed [ 92.985360][ T30] audit: type=1326 audit(2000000005.230:3574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5321 comm="syz.0.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.060180][ T30] audit: type=1326 audit(2000000005.260:3575): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5314 comm="syz.0.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f34b5f46359 code=0x7ffc0000 [ 93.111234][ T30] audit: type=1326 audit(2000000005.260:3576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5314 comm="syz.0.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.158425][ T30] audit: type=1326 audit(2000000005.260:3577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5314 comm="syz.0.2138" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.218903][ T30] audit: type=1326 audit(2000000005.380:3578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5344 comm="syz.0.2150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.252183][ T5350] incfs: iterate_incfs_dir / -22 [ 93.271190][ T30] audit: type=1326 audit(2000000005.380:3579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5344 comm="syz.0.2150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.330134][ T5354] loop0: detected capacity change from 0 to 128 [ 93.346626][ T30] audit: type=1326 audit(2000000005.390:3580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5344 comm="syz.0.2150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.391596][ T30] audit: type=1326 audit(2000000005.390:3581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5344 comm="syz.0.2150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.402055][ T5354] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 93.432652][ T30] audit: type=1326 audit(2000000005.390:3582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5344 comm="syz.0.2150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.456769][ T30] audit: type=1326 audit(2000000005.390:3583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5344 comm="syz.0.2150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 93.480522][ T5354] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 93.516539][ T5243] loop2: detected capacity change from 0 to 131072 [ 93.597882][ T5243] F2FS-fs (loop2): invalid crc value [ 93.650175][ T5243] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 93.780660][ T5243] F2FS-fs (loop2): Mounted with checkpoint version = 753bd00b [ 93.876555][ T5391] syz.1.2170[5391] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 93.876633][ T5391] syz.1.2170[5391] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 93.923473][ T5396] loop4: detected capacity change from 0 to 1024 [ 94.007941][ T5400] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev ?, type ?) errno=-22 [ 94.052170][ T5400] SELinux: security_context_str_to_sid(sysadm_u) failed for (dev devpts, type devpts) errno=-22 [ 94.065475][ T5396] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,,errors=continue. Quota mode: none. [ 94.212868][ T5417] SELinux: security_context_str_to_sid(user_u) failed for (dev ?, type ?) errno=-22 [ 94.411872][ T5431] overlayfs: missing 'lowerdir' [ 94.836146][ T5423] loop0: detected capacity change from 0 to 131072 [ 94.883734][ T5423] F2FS-fs (loop0): invalid crc value [ 94.890438][ T5423] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 94.915536][ T5423] F2FS-fs (loop0): Mounted with checkpoint version = 753bd00b [ 95.385377][ T5479] device batadv_slave_1 entered promiscuous mode [ 95.397059][ T5478] device batadv_slave_1 left promiscuous mode [ 95.425871][ T5482] loop0: detected capacity change from 0 to 16 [ 95.464625][ T5482] erofs: (device loop0): mounted with root inode @ nid 36. [ 95.525174][ T5490] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2211'. [ 95.637751][ T5500] loop0: detected capacity change from 0 to 256 [ 95.715204][ T5500] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d) [ 95.751100][ T5500] exFAT-fs (loop0): hint_cluster is invalid (17) [ 95.797660][ T5496] futex_wake_op: syz.4.2213 tries to shift op by -1; fix this program [ 95.815136][ T5496] loop4: detected capacity change from 0 to 512 [ 95.842925][ T5504] loop0: detected capacity change from 0 to 128 [ 95.874448][ T5496] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 95.913497][ T5496] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters [ 95.936763][ T5496] EXT4-fs error (device loop4): ext4_acquire_dquot:6188: comm syz.4.2213: Failed to acquire dquot type 1 [ 95.955617][ T5496] EXT4-fs (loop4): 1 truncate cleaned up [ 95.963318][ T5496] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=,noblock_validity,max_dir_size_kb=0x000000000181fffc,inlinecrypt,journal_ioprio=0x0000000000000007,discard,nobarrier,dioread_nolock,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 96.002429][ T5509] loop0: detected capacity change from 0 to 128 [ 96.098774][ T5509] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 96.113416][ T5509] ext4 filesystem being mounted at /312/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 98.117026][ T30] kauditd_printk_skb: 60 callbacks suppressed [ 98.117065][ T30] audit: type=1326 audit(2000000010.360:3640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.208848][ T30] audit: type=1326 audit(2000000010.390:3641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.276200][ T30] audit: type=1326 audit(2000000010.390:3642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.319667][ T30] audit: type=1326 audit(2000000010.390:3643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.366135][ T30] audit: type=1326 audit(2000000010.390:3644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.439716][ T30] audit: type=1326 audit(2000000010.390:3645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.471391][ T5549] loop4: detected capacity change from 0 to 1024 [ 98.491705][ T5551] netlink: 'syz.0.2236': attribute type 15 has an invalid length. [ 98.524915][ T30] audit: type=1326 audit(2000000010.390:3646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.576443][ T5549] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,resuid=0x0000000000000000,nodelalloc,acl,abort,,errors=continue. Quota mode: none. [ 98.614290][ T5557] loop1: detected capacity change from 0 to 512 [ 98.620718][ T30] audit: type=1326 audit(2000000010.390:3647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=316 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.693510][ T5549] EXT4-fs (loop4): shut down requested (0) [ 98.706071][ T30] audit: type=1326 audit(2000000010.390:3648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5527 comm="syz.4.2226" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcc10088169 code=0x7ffc0000 [ 98.737002][ T5557] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -13 [ 98.753476][ T5557] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 98.771581][ T5557] EXT4-fs warning (device loop1): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 98.795410][ T30] audit: type=1326 audit(2000000010.660:3649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5542 comm="syz.0.2233" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f34b5faa169 code=0x7ffc0000 [ 98.797064][ T5557] EXT4-fs (loop1): 1 truncate cleaned up [ 98.878154][ T5571] loop4: detected capacity change from 0 to 256 [ 98.942452][ T5557] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,stripe=0x000000000000ffff,sysvgroups,jqfmt=vfsold,nouid32,grpjquota=.,errors=continue. Quota mode: writeback. [ 98.967288][ T5571] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 99.000797][ T5581] loop2: detected capacity change from 0 to 1024 [ 99.013172][ T5571] exFAT-fs (loop4): hint_cluster is invalid (17) [ 99.030115][ T5557] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 99.042380][ T5557] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 99.071413][ T5581] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 99.082219][ T5581] ext4 filesystem being mounted at /335/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 99.212893][ T5609] xt_hashlimit: max too large, truncated to 1048576 [ 99.213930][ T5615] loop1: detected capacity change from 0 to 256 [ 99.232068][ T1872] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 99.244342][ T5615] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 99.262720][ T5615] exFAT-fs (loop1): hint_cluster is invalid (17) [ 99.334861][ T5622] loop0: detected capacity change from 0 to 512 [ 99.372016][ T5628] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2269'. [ 99.382805][ T5622] EXT4-fs (loop0): Ignoring removed bh option [ 99.389392][ T5622] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 99.400184][ T5622] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 0 not in group (block 2)! [ 99.410185][ T5622] EXT4-fs (loop0): group descriptors corrupted! [ 99.444215][ T5634] loop1: detected capacity change from 0 to 512 [ 99.487881][ T5638] input: syz0 as /devices/virtual/input/input11 [ 99.501708][ T6] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 99.512407][ T5634] EXT4-fs (loop1): Ignoring removed bh option [ 99.521111][ T5634] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 99.533792][ T5634] EXT4-fs (loop1): 1 truncate cleaned up [ 99.539294][ T5634] EXT4-fs (loop1): mounted filesystem without journal. Opts: bh,resuid=0x000000000000ee01,debug_want_extra_isize=0x0000000000000068,minixdf,journal_dev=0x0000000000000004,quota,,errors=continue. Quota mode: writeback. [ 99.631674][ T1872] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 99.721602][ T1872] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 99.730669][ T1872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 99.738607][ T1872] usb 4-1: SerialNumber: syz [ 99.881677][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.894180][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.904702][ T6] usb 5-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 99.913839][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.923327][ T6] usb 5-1: config 0 descriptor?? [ 100.392909][ T6] playstation 0003:054C:0DF2.0009: unknown main item tag 0x0 [ 100.402356][ T6] playstation 0003:054C:0DF2.0009: unknown main item tag 0x0 [ 100.410732][ T6] playstation 0003:054C:0DF2.0009: unknown main item tag 0x0 [ 100.428295][ T6] playstation 0003:054C:0DF2.0009: unknown main item tag 0x0 [ 100.439841][ T1872] cdc_ether 4-1:1.0 eth1: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 100.461508][ T6] playstation 0003:054C:0DF2.0009: unknown main item tag 0x0 [ 100.470873][ T6] playstation 0003:054C:0DF2.0009: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.4-1/input0 [ 100.844186][ T316] usb 4-1: USB disconnect, device number 4 [ 100.850861][ T5752] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 100.871970][ T316] cdc_ether 4-1:1.0 eth1: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device [ 100.983915][ T5773] loop0: detected capacity change from 0 to 512 [ 101.033367][ T5773] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.2328: casefold flag without casefold feature [ 101.051718][ T6] playstation 0003:054C:0DF2.0009: Failed to retrieve feature with reportID 5: -71 [ 101.061671][ T5773] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.2328: couldn't read orphan inode 15 (err -117) [ 101.074908][ T6] playstation 0003:054C:0DF2.0009: Failed to retrieve DualSense calibration info: -71 [ 101.090799][ T5773] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 101.125532][ T6] playstation 0003:054C:0DF2.0009: Failed to get calibration data from DualSense [ 101.150828][ T6] playstation 0003:054C:0DF2.0009: Failed to create dualsense. [ 101.161952][ T6] playstation: probe of 0003:054C:0DF2.0009 failed with error -71 [ 101.171150][ T6] usb 5-1: USB disconnect, device number 7 [ 101.262678][ T5820] loop2: detected capacity change from 0 to 256 [ 101.461572][ T315] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 101.513303][ T5844] overlayfs: failed to resolve './file2': -2 [ 101.709811][ T5848] loop3: detected capacity change from 0 to 40427 [ 101.782574][ T5848] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 101.785496][ T5861] loop2: detected capacity change from 0 to 40427 [ 101.792738][ T5848] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 101.805661][ T5848] F2FS-fs (loop3): invalid crc value [ 101.812508][ T5848] F2FS-fs (loop3): Found nat_bits in checkpoint [ 101.821771][ T315] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 101.834582][ T315] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 101.856905][ T5848] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 101.864036][ T5848] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 101.875517][ T5861] F2FS-fs (loop2): invalid crc value [ 101.883310][ T5848] attempt to access beyond end of device [ 101.883310][ T5848] loop3: rw=10241, want=45104, limit=40427 [ 101.885309][ T5861] F2FS-fs (loop2): Found nat_bits in checkpoint [ 101.905178][ T196] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 101.914470][ T196] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 101.940137][ T196] attempt to access beyond end of device [ 101.940137][ T196] loop3: rw=1, want=45112, limit=40427 [ 101.942773][ T5861] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 101.990760][ T293] attempt to access beyond end of device [ 101.990760][ T293] loop2: rw=2049, want=45104, limit=40427 [ 102.001889][ T315] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 102.010873][ T315] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.019614][ T315] usb 1-1: Product: syz [ 102.024949][ T315] usb 1-1: Manufacturer: syz [ 102.029641][ T315] usb 1-1: SerialNumber: syz [ 102.082217][ T315] cdc_ncm 1-1:1.0: skipping garbage [ 102.323706][ T5906] loop1: detected capacity change from 0 to 128 [ 102.348966][ T5906] EXT4-fs (loop1): mounted filesystem without journal. Opts: delalloc,nouid32,,errors=continue. Quota mode: none. [ 102.361088][ T5906] ext4 filesystem being mounted at /532/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 102.546612][ T5927] loop2: detected capacity change from 0 to 512 [ 102.563354][ T5927] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 102.574880][ T5927] EXT4-fs (loop2): 1 truncate cleaned up [ 102.580639][ T5927] EXT4-fs (loop2): mounted filesystem without journal. Opts: minixdf,max_dir_size_kb=0x00000000000001ff,resuid=0x0000000000000000,noblock_validity,debug_want_extra_isize=0x0000000000000008,,errors=continue. Quota mode: none. [ 102.619534][ T45] Bluetooth: hci0: Frame reassembly failed (-84) [ 102.828621][ T5947] loop2: detected capacity change from 0 to 40427 [ 102.941923][ T5947] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 102.949566][ T5947] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 102.959202][ T5947] F2FS-fs (loop2): invalid crc value [ 102.966084][ T5947] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 102.978030][ T5947] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 102.999990][ T5947] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 103.006996][ T5947] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 103.170192][ T5962] netlink: 'syz.1.2400': attribute type 16 has an invalid length. [ 103.181013][ T5962] netlink: 'syz.1.2400': attribute type 17 has an invalid length. [ 103.189076][ T315] cdc_ncm 1-1:1.0: bind() failure [ 103.196009][ T5962] bridge0: port 2(bridge_slave_1) entered blocking state [ 103.202929][ T5962] bridge0: port 2(bridge_slave_1) entered forwarding state [ 103.210167][ T5962] bridge0: port 1(bridge_slave_0) entered blocking state [ 103.217139][ T5962] bridge0: port 1(bridge_slave_0) entered forwarding state [ 103.224183][ T315] cdc_ncm: probe of 1-1:1.1 failed with error -71 [ 103.240428][ T30] kauditd_printk_skb: 71 callbacks suppressed [ 103.240443][ T30] audit: type=1326 audit(2000000015.480:3721): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.3.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 103.241565][ T315] cdc_mbim: probe of 1-1:1.1 failed with error -71 [ 103.269818][ T30] audit: type=1326 audit(2000000015.490:3722): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.3.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 103.287383][ T315] usb 1-1: USB disconnect, device number 5 [ 103.311602][ T5962] bridge0: port 3(vlan2) entered blocking state [ 103.317723][ T5962] bridge0: port 3(vlan2) entered forwarding state [ 103.324546][ T30] audit: type=1326 audit(2000000015.490:3723): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.3.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 103.347999][ T5962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 103.358671][ T5964] xt_hashlimit: max too large, truncated to 1048576 [ 103.359597][ T5962] IPv6: ADDRCONF(NETDEV_CHANGE): vlan2: link becomes ready [ 103.380889][ T30] audit: type=1326 audit(2000000015.490:3724): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.3.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 103.404473][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 103.415292][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 103.427877][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 103.436360][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 103.444978][ T30] audit: type=1326 audit(2000000015.490:3725): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5968 comm="syz.3.2403" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 103.469378][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 103.490244][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 103.500411][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 103.508402][ T30] audit: type=1400 audit(2000000015.660:3726): avc: denied { relabelfrom } for pid=5970 comm="syz.3.2404" name="" dev="pipefs" ino=36073 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 103.520605][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 103.544178][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 103.553030][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 103.616242][ T5962] syz.1.2400 (5962) used greatest stack depth: 19424 bytes left [ 103.707639][ T30] audit: type=1400 audit(2000000015.950:3727): avc: denied { read } for pid=5986 comm="syz.0.2412" name="loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 103.771520][ T30] audit: type=1400 audit(2000000015.950:3728): avc: denied { open } for pid=5986 comm="syz.0.2412" path="/dev/loop-control" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 103.826706][ T30] audit: type=1400 audit(2000000015.990:3729): avc: denied { ioctl } for pid=5986 comm="syz.0.2412" path="/dev/loop-control" dev="devtmpfs" ino=111 ioctlcmd=0x4c82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 103.889033][ T30] audit: type=1400 audit(2000000016.130:3730): avc: denied { mounton } for pid=5996 comm="syz.3.2416" path="/511/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 103.916942][ T5983] loop2: detected capacity change from 0 to 40427 [ 103.976191][ T5983] F2FS-fs (loop2): fault_injection options not supported [ 103.988975][ T5983] F2FS-fs (loop2): invalid crc value [ 104.008849][ T5983] F2FS-fs (loop2): Found nat_bits in checkpoint [ 104.021208][ T6020] loop3: detected capacity change from 0 to 512 [ 104.028179][ T6018] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2425'. [ 104.049861][ T6018] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2425'. [ 104.074082][ T5983] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 104.110921][ T293] attempt to access beyond end of device [ 104.110921][ T293] loop2: rw=2049, want=45112, limit=40427 [ 104.150953][ T6020] EXT4-fs (loop3): 1 truncate cleaned up [ 104.156534][ T6020] EXT4-fs (loop3): mounted filesystem without journal. Opts: bsdgroups,grpquota,debug_want_extra_isize=0x000000000000005c,noauto_da_alloc,nolazytime,discard,grpjquota=,errors=remount-ro,nobarrier,. Quota mode: writeback. [ 104.470659][ T6071] loop1: detected capacity change from 0 to 512 [ 104.502457][ T6071] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 104.513148][ T6071] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c118, mo2=0002] [ 104.522011][ T6071] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2219: inode #15: comm syz.1.2448: corrupted in-inode xattr [ 104.534373][ T6071] EXT4-fs error (device loop1): ext4_orphan_get:1406: comm syz.1.2448: couldn't read orphan inode 15 (err -117) [ 104.546481][ T6071] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,max_batch_time=0x0000000000000001,debug,noload,jqfmt=vfsv1,noblock_validity,init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000002,usrjquota=,,errors=continue. Quota mode: none. [ 104.639284][ T6085] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 104.664060][ T1877] Bluetooth: hci0: command 0x1003 tx timeout [ 104.669964][ T47] Bluetooth: hci0: sending frame failed (-49) [ 104.699935][ T6096] loop3: detected capacity change from 0 to 512 [ 104.790577][ T6096] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13 [ 104.806917][ T6096] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 104.833927][ T6096] EXT4-fs warning (device loop3): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 104.844379][ T6096] EXT4-fs (loop3): 1 truncate cleaned up [ 104.851262][ T6096] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,stripe=0x000000000000ffff,sysvgroups,jqfmt=vfsold,nouid32,grpjquota=.,errors=continue. Quota mode: writeback. [ 104.860438][ T6113] tipc: Started in network mode [ 104.876746][ T6096] fscrypt (loop3, inode 2): Error -61 getting encryption context [ 104.886236][ T6113] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 104.895053][ T6113] tipc: New replicast peer: fc02:0000:0000:0000:0000:0000:0000:0000 [ 104.903364][ T6113] tipc: Enabled bearer , priority 10 [ 104.921951][ T6096] fscrypt (loop3, inode 2): Error -61 getting encryption context [ 104.989091][ T6127] syz.2.2473[6127] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.989177][ T6127] syz.2.2473[6127] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 105.128773][ T6147] loop2: detected capacity change from 0 to 512 [ 105.171275][ T6147] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -13 [ 105.182295][ T6147] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279945729 > max in inode 13 [ 105.196652][ T6147] EXT4-fs warning (device loop2): ext4_block_to_path:107: block 3279945730 > max in inode 13 [ 105.220889][ T6147] EXT4-fs (loop2): 1 truncate cleaned up [ 105.226472][ T6147] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,stripe=0x000000000000ffff,sysvgroups,jqfmt=vfsold,nouid32,grpjquota=.,errors=continue. Quota mode: writeback. [ 105.251319][ T6147] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 105.260762][ T6147] fscrypt (loop2, inode 2): Error -61 getting encryption context [ 105.359652][ T6158] loop2: detected capacity change from 0 to 128 [ 105.435507][ T6158] EXT4-fs (loop2): mounted filesystem without journal. Opts: delalloc,nouid32,,errors=continue. Quota mode: none. [ 105.447529][ T6158] ext4 filesystem being mounted at /420/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 105.571497][ T1877] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 105.764755][ T39] kernel write not supported for file bpf-prog (pid: 39 comm: kworker/1:1) [ 105.911486][ T316] tipc: Node number set to 1 [ 105.981552][ T1877] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 105.999282][ T1877] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 106.060211][ T315] kernel write not supported for file bpf-prog (pid: 315 comm: kworker/1:3) [ 106.132402][ T6197] tmpfs: Unknown parameter 'nolazytimeÿÿ' [ 106.171645][ T1877] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 106.174085][ T6201] IPv6: NLM_F_CREATE should be specified when creating new route [ 106.184926][ T1877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.200170][ T1877] usb 2-1: Product: syz [ 106.205555][ T1877] usb 2-1: Manufacturer: syz [ 106.210085][ T1877] usb 2-1: SerialNumber: syz [ 106.266478][ T6215] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2511'. [ 106.332395][ T6227] loop2: detected capacity change from 0 to 128 [ 106.425516][ T6227] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 106.436026][ T6227] ext4 filesystem being mounted at /438/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 106.501751][ T6] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 106.551631][ T1877] usb 2-1: 0:2 : does not exist [ 106.593461][ T1877] usb 2-1: USB disconnect, device number 7 [ 106.751498][ T1872] Bluetooth: hci0: command 0x1001 tx timeout [ 106.757420][ T47] Bluetooth: hci0: sending frame failed (-49) [ 106.802329][ T565] udevd[565]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 106.901566][ T6] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 106.911786][ T6] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D is Bulk; changing to Interrupt [ 106.921547][ T6] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 106.934148][ T6] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 106.942975][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.951739][ T6] usb 4-1: config 0 descriptor?? [ 106.971534][ T6201] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 106.981241][ T6233] tipc: Started in network mode [ 106.986197][ T6233] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711 [ 106.995137][ T6233] tipc: New replicast peer: fc02:0000:0000:0000:0000:0000:0000:0000 [ 107.003508][ T6233] tipc: Enabled bearer , priority 10 [ 107.048479][ T6243] loop1: detected capacity change from 0 to 128 [ 107.062555][ T6243] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 107.074315][ T6243] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,. Quota mode: none. [ 107.076411][ T6246] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2524'. [ 107.085248][ T6243] ext2 filesystem being mounted at /565/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 107.242692][ T6273] x_tables: duplicate underflow at hook 4 [ 107.243191][ T6269] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2536'. [ 107.328210][ T6288] loop1: detected capacity change from 0 to 1024 [ 107.362774][ T6288] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a000c018, mo2=0002] [ 107.370801][ T6288] System zones: 0-1, 3-12 [ 107.375565][ T6288] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,bsddf,barrier=0x0000000000000000,inode_readahead_blks=0x0000000000000040,debug_want_extra_isize=0x000000000000007c,lazytime,nodelalloc,acl,debug,,errors=continue. Quota mode: none. [ 107.604188][ T6306] loop1: detected capacity change from 0 to 40427 [ 107.701633][ T39] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 107.704477][ T6306] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504) [ 107.713185][ T501] usb 4-1: USB disconnect, device number 5 [ 107.715831][ T6306] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 107.730247][ T6306] F2FS-fs (loop1): fault_injection options not supported [ 107.737645][ T6306] F2FS-fs (loop1): fault_type options not supported [ 107.745733][ T6306] F2FS-fs (loop1): invalid crc value [ 107.752770][ T6306] F2FS-fs (loop1): Found nat_bits in checkpoint [ 107.786647][ T6306] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 107.793648][ T6306] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 107.824586][ T290] attempt to access beyond end of device [ 107.824586][ T290] loop1: rw=2049, want=45104, limit=40427 [ 107.922026][ T6315] syz.1.2553[6315] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.922089][ T6315] syz.1.2553[6315] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 107.941490][ T39] usb 1-1: Using ep0 maxpacket: 8 [ 108.071567][ T39] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 108.081726][ T39] usb 1-1: config 0 has no interfaces? [ 108.121567][ T26] tipc: Node number set to 1 [ 108.241582][ T39] usb 1-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 108.250489][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.258550][ T39] usb 1-1: Product: syz [ 108.262794][ T39] usb 1-1: Manufacturer: syz [ 108.267223][ T39] usb 1-1: SerialNumber: syz [ 108.284819][ T39] usb 1-1: config 0 descriptor?? [ 108.309153][ T6329] loop2: detected capacity change from 0 to 40427 [ 108.361514][ T501] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 108.393429][ T6329] F2FS-fs (loop2): invalid crc value [ 108.400510][ T6329] F2FS-fs (loop2): Found nat_bits in checkpoint [ 108.433447][ T6329] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 108.457845][ T6329] attempt to access beyond end of device [ 108.457845][ T6329] loop2: rw=10241, want=53256, limit=40427 [ 108.475487][ T293] attempt to access beyond end of device [ 108.475487][ T293] loop2: rw=2049, want=45104, limit=40427 [ 108.523671][ T26] usb 1-1: USB disconnect, device number 6 [ 108.572726][ T6335] syz.2.2560[6335] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.572811][ T6335] syz.2.2560[6335] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 108.622839][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 108.622855][ T30] audit: type=1326 audit(2000000020.870:3790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6338 comm="syz.3.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 108.673404][ T30] audit: type=1326 audit(2000000020.870:3791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6338 comm="syz.3.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 108.697724][ T30] audit: type=1326 audit(2000000020.880:3792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6338 comm="syz.3.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 108.721576][ T501] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 108.731261][ T30] audit: type=1326 audit(2000000020.880:3793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6338 comm="syz.3.2563" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f60a1286169 code=0x7ffc0000 [ 108.772909][ T30] audit: type=1400 audit(2000000021.020:3794): avc: denied { shutdown } for pid=6350 comm="syz.2.2568" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 108.802625][ T30] audit: type=1400 audit(2000000021.020:3795): avc: denied { read } for pid=6350 comm="syz.2.2568" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 108.821655][ T26] Bluetooth: hci0: command 0x1009 tx timeout [ 108.828117][ T501] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 108.840567][ T501] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 108.848747][ T501] usb 2-1: SerialNumber: syz [ 108.951745][ T30] audit: type=1400 audit(2000000021.200:3796): avc: denied { rename } for pid=6360 comm="syz.3.2573" name="file0" dev="incremental-fs" ino=2816 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 108.977058][ T292] ------------[ cut here ]------------ [ 108.982674][ T292] WARNING: CPU: 0 PID: 292 at fs/inode.c:332 drop_nlink+0xc1/0x110 [ 108.990495][ T292] Modules linked in: [ 108.994428][ T292] CPU: 0 PID: 292 Comm: syz-executor Not tainted 5.15.178-syzkaller-00385-ga8a88afaecee #0 [ 109.004473][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.014743][ T292] RIP: 0010:drop_nlink+0xc1/0x110 [ 109.019653][ T292] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 d7 f5 f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 6f 88 ae ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c [ 109.039429][ T292] RSP: 0018:ffffc90000a97c88 EFLAGS: 00010293 [ 109.045487][ T292] RAX: ffffffff81c1ecf1 RBX: 0000000000000000 RCX: ffff88810acbe2c0 [ 109.053478][ T292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 109.061313][ T292] RBP: ffffc90000a97cb0 R08: ffffffff81c1ec74 R09: 0000000000000003 [ 109.069631][ T292] R10: fffff52000152f80 R11: dffffc0000000001 R12: dffffc0000000000 [ 109.083701][ T292] R13: 1ffff1102615cbee R14: ffff888130ae5f28 R15: ffff888130ae5f70 [ 109.092056][ T292] FS: 0000555570642500(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 109.102662][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.109118][ T292] CR2: 00007ff0cff8c9e0 CR3: 000000012606c000 CR4: 00000000003506b0 [ 109.118562][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 109.127660][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 109.142352][ T292] Call Trace: [ 109.145741][ T292] [ 109.148739][ T292] ? show_regs+0x58/0x60 [ 109.155372][ T292] ? __warn+0x160/0x2f0 [ 109.159611][ T292] ? drop_nlink+0xc1/0x110 [ 109.164292][ T292] ? report_bug+0x3d9/0x5b0 [ 109.169010][ T292] ? drop_nlink+0xc1/0x110 [ 109.173491][ T292] ? handle_bug+0x41/0x70 [ 109.177644][ T292] ? exc_invalid_op+0x1b/0x50 [ 109.182823][ T292] ? asm_exc_invalid_op+0x1b/0x20 [ 109.187933][ T292] ? drop_nlink+0x44/0x110 [ 109.194157][ T292] ? drop_nlink+0xc1/0x110 [ 109.199562][ T292] ? drop_nlink+0xc1/0x110 [ 109.204143][ T292] ? drop_nlink+0xc1/0x110 [ 109.208959][ T292] shmem_rmdir+0x59/0x90 [ 109.213256][ T292] vfs_rmdir+0x324/0x470 [ 109.217333][ T292] incfs_kill_sb+0x113/0x230 [ 109.222141][ T292] deactivate_locked_super+0xad/0x110 [ 109.227418][ T292] deactivate_super+0xbe/0xf0 [ 109.232098][ T292] cleanup_mnt+0x45c/0x510 [ 109.236348][ T292] __cleanup_mnt+0x19/0x20 [ 109.240645][ T292] task_work_run+0x129/0x190 [ 109.245452][ T292] exit_to_user_mode_loop+0xc4/0xe0 [ 109.251049][ T292] exit_to_user_mode_prepare+0x5a/0xa0 [ 109.256621][ T292] syscall_exit_to_user_mode+0x26/0x160 [ 109.267984][ T292] do_syscall_64+0x47/0xb0 [ 109.272402][ T292] ? clear_bhb_loop+0x35/0x90 [ 109.276904][ T292] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 109.282895][ T292] RIP: 0033:0x7f60a1287497 [ 109.287184][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 109.307058][ T292] RSP: 002b:00007ffd6bfde258 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 109.315489][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f60a1287497 [ 109.323478][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6bfde310 [ 109.331309][ T292] RBP: 00007ffd6bfde310 R08: 0000000000000000 R09: 0000000000000000 [ 109.339305][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6bfdf3a0 [ 109.347261][ T292] R13: 00007f60a130777c R14: 000000000001a988 R15: 00007ffd6bfdf3e0 [ 109.355243][ T292] [ 109.358118][ T292] ---[ end trace afffc6763aab84e9 ]--- [ 109.363755][ T292] ================================================================== [ 109.371630][ T292] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 109.377703][ T292] Write of size 4 at addr 0000000000000170 by task syz-executor/292 [ 109.385519][ T292] [ 109.387687][ T292] CPU: 0 PID: 292 Comm: syz-executor Tainted: G W 5.15.178-syzkaller-00385-ga8a88afaecee #0 [ 109.398982][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.408867][ T292] Call Trace: [ 109.411986][ T292] [ 109.414765][ T292] dump_stack_lvl+0x151/0x1c0 [ 109.419282][ T292] ? io_uring_drop_tctx_refs+0x190/0x190 [ 109.424745][ T292] ? _raw_spin_lock+0xa4/0x1b0 [ 109.429349][ T292] ? _raw_spin_trylock_bh+0x190/0x190 [ 109.434556][ T292] kasan_report+0x16f/0x1c0 [ 109.438897][ T292] ? ihold+0x20/0x60 [ 109.442630][ T292] ? ihold+0x20/0x60 [ 109.446361][ T292] kasan_check_range+0x293/0x2a0 [ 109.451133][ T292] __kasan_check_write+0x14/0x20 [ 109.455908][ T292] ihold+0x20/0x60 [ 109.459595][ T292] vfs_rmdir+0x201/0x470 [ 109.463723][ T292] incfs_kill_sb+0x113/0x230 [ 109.468093][ T292] deactivate_locked_super+0xad/0x110 [ 109.473297][ T292] deactivate_super+0xbe/0xf0 [ 109.477806][ T292] cleanup_mnt+0x45c/0x510 [ 109.482061][ T292] __cleanup_mnt+0x19/0x20 [ 109.486315][ T292] task_work_run+0x129/0x190 [ 109.490740][ T292] exit_to_user_mode_loop+0xc4/0xe0 [ 109.495775][ T292] exit_to_user_mode_prepare+0x5a/0xa0 [ 109.501068][ T292] syscall_exit_to_user_mode+0x26/0x160 [ 109.506455][ T292] do_syscall_64+0x47/0xb0 [ 109.510702][ T292] ? clear_bhb_loop+0x35/0x90 [ 109.515215][ T292] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 109.520946][ T292] RIP: 0033:0x7f60a1287497 [ 109.525198][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 109.544641][ T292] RSP: 002b:00007ffd6bfde258 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 109.552884][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f60a1287497 [ 109.560693][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6bfde310 [ 109.563761][ T501] cdc_ether 2-1:1.0 eth1: register 'cdc_ether' at usb-dummy_hcd.1-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 109.568503][ T292] RBP: 00007ffd6bfde310 R08: 0000000000000000 R09: 0000000000000000 [ 109.568523][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6bfdf3a0 [ 109.568538][ T292] R13: 00007f60a130777c R14: 000000000001a988 R15: 00007ffd6bfdf3e0 [ 109.603321][ T292] [ 109.606178][ T292] ================================================================== [ 109.614074][ T292] Disabling lock debugging due to kernel taint [ 109.622066][ T292] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 109.629694][ T292] #PF: supervisor write access in kernel mode [ 109.635593][ T292] #PF: error_code(0x0002) - not-present page [ 109.641413][ T292] PGD 128964067 P4D 128964067 PUD 0 [ 109.646532][ T292] Oops: 0002 [#1] PREEMPT SMP KASAN [ 109.651568][ T292] CPU: 1 PID: 292 Comm: syz-executor Tainted: G B W 5.15.178-syzkaller-00385-ga8a88afaecee #0 [ 109.662764][ T292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 109.672659][ T292] RIP: 0010:ihold+0x25/0x60 [ 109.676994][ T292] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 81 80 ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 c0 ed f0 ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 04 84 ae [ 109.696438][ T292] RSP: 0018:ffffc90000a97cc8 EFLAGS: 00010246 [ 109.702338][ T292] RAX: ffff88810acbe200 RBX: 0000000000000001 RCX: ffff88810acbe2c0 [ 109.710150][ T292] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff [ 109.717963][ T292] RBP: ffffc90000a97cd8 R08: ffffffff8141b28b R09: 0000000000000003 [ 109.725771][ T292] R10: fffffbfff0e9aa4c R11: dffffc0000000001 R12: dffffc0000000000 [ 109.733708][ T292] R13: ffff888128645000 R14: 0000000000000000 R15: 1ffff110250c8a06 [ 109.741614][ T292] FS: 0000555570642500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 109.750373][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.756796][ T292] CR2: 0000000000000170 CR3: 000000012606c000 CR4: 00000000003506a0 [ 109.764607][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 109.772415][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 109.780231][ T292] Call Trace: [ 109.783352][ T292] [ 109.786132][ T292] ? __die_body+0x62/0xb0 [ 109.790297][ T292] ? __die+0x7e/0x90 [ 109.794028][ T292] ? page_fault_oops+0x7f9/0xa90 [ 109.798804][ T292] ? _raw_spin_unlock+0x4d/0x70 [ 109.803491][ T292] ? kernelmode_fixup_or_oops+0xd0/0xd0 [ 109.808871][ T292] ? __schedule+0xcd4/0x1590 [ 109.813304][ T292] ? exc_page_fault+0x510/0x7f0 [ 109.817992][ T292] ? asm_exc_page_fault+0x27/0x30 [ 109.822848][ T292] ? check_panic_on_warn+0x5b/0xb0 [ 109.827791][ T292] ? ihold+0x25/0x60 [ 109.831525][ T292] ? ihold+0x20/0x60 [ 109.835259][ T292] vfs_rmdir+0x201/0x470 [ 109.839338][ T292] incfs_kill_sb+0x113/0x230 [ 109.843762][ T292] deactivate_locked_super+0xad/0x110 [ 109.848969][ T292] deactivate_super+0xbe/0xf0 [ 109.853492][ T292] cleanup_mnt+0x45c/0x510 [ 109.857736][ T292] __cleanup_mnt+0x19/0x20 [ 109.861990][ T292] task_work_run+0x129/0x190 [ 109.866416][ T292] exit_to_user_mode_loop+0xc4/0xe0 [ 109.871447][ T292] exit_to_user_mode_prepare+0x5a/0xa0 [ 109.876743][ T292] syscall_exit_to_user_mode+0x26/0x160 [ 109.882124][ T292] do_syscall_64+0x47/0xb0 [ 109.886375][ T292] ? clear_bhb_loop+0x35/0x90 [ 109.890888][ T292] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 109.896620][ T292] RIP: 0033:0x7f60a1287497 [ 109.900872][ T292] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 109.920315][ T292] RSP: 002b:00007ffd6bfde258 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 109.928556][ T292] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f60a1287497 [ 109.936368][ T292] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd6bfde310 [ 109.944283][ T292] RBP: 00007ffd6bfde310 R08: 0000000000000000 R09: 0000000000000000 [ 109.952092][ T292] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd6bfdf3a0 [ 109.959909][ T292] R13: 00007f60a130777c R14: 000000000001a988 R15: 00007ffd6bfdf3e0 [ 109.967722][ T292] [ 109.970579][ T292] Modules linked in: [ 109.974329][ T292] CR2: 0000000000000170 [ 109.978314][ T292] ---[ end trace afffc6763aab84ea ]--- [ 109.983606][ T292] RIP: 0010:ihold+0x25/0x60 [ 109.987939][ T292] Code: 00 00 00 00 00 55 48 89 e5 41 56 53 49 89 fe e8 81 80 ae ff 49 8d be 70 01 00 00 be 04 00 00 00 e8 c0 ed f0 ff bb 01 00 00 00 41 0f c1 9e 70 01 00 00 ff c3 bf 02 00 00 00 89 de e8 04 84 ae [ 110.007382][ T292] RSP: 0018:ffffc90000a97cc8 EFLAGS: 00010246 [ 110.013278][ T292] RAX: ffff88810acbe200 RBX: 0000000000000001 RCX: ffff88810acbe2c0 [ 110.021090][ T292] RDX: 0000000000000000 RSI: 0000000000000286 RDI: 00000000ffffffff [ 110.028904][ T292] RBP: ffffc90000a97cd8 R08: ffffffff8141b28b R09: 0000000000000003 [ 110.036722][ T292] R10: fffffbfff0e9aa4c R11: dffffc0000000001 R12: dffffc0000000000 [ 110.044526][ T292] R13: ffff888128645000 R14: 0000000000000000 R15: 1ffff110250c8a06 [ 110.052338][ T292] FS: 0000555570642500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 110.061103][ T292] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 110.067528][ T292] CR2: 0000000000000170 CR3: 000000012606c000 CR4: 00000000003506a0 [ 110.075339][ T292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 110.083151][ T292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 110.090971][ T292] Kernel panic - not syncing: Fatal exception [ 110.097072][ T292] Kernel Offset: disabled [ 110.101201][ T292] Rebooting in 86400 seconds..