gset_refault_file 0
[ 2263.146269][ T7957] workingset_activate_anon 0
[ 2263.146269][ T7957] workingset_activate_file 0
[ 2263.146269][ T7957] workingset_restore_anon 0
[ 2263.146269][ T7957] workingset_restore_file 0
[ 2263.146269][ T7957] workingset_nodereclaim 0
[ 2263.146269][ T7957] pgscan 49
[ 2263.146269][ T7957] pgsteal 49
[ 2263.146269][ T7957] pgscan_kswapd 0
[ 2263.146269][ T7957] pgscan_direct 49
[ 2263.146269][ T7957] pgscan_khugepaged 0
[ 2263.146269][ T7957] pgsteal_kswapd 0
12:16:47 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r2}, 0x10)
sendfile(r0, r1, 0x0, 0xf800)

[ 2263.146269][ T7957] pgsteal_direct 49
[ 2263.146269][ T7957] pgsteal_khugepaged 0
[ 2263.146269][ T7957] pgfault 1093285
[ 2263.146269][ T7957] pgmajfault 422
[ 2263.146269][ T7957] pgrefill 150
[ 2263.146269][ T7957] pgactivate 161
[ 2263.146269][ T7957] pgdeactivate 0
[ 2263.146269][ T7957] pglazyfree 0
[ 2263.146269][ T7957] pglazyfreed 0
[ 2263.146269][ T7957] zswpin 0
[ 2263.146269][ T7957] zswpout 0
[ 2263.340828][   T27] audit: type=1804 audit(1680178608.139:1090): pid=7968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2139/bus" dev="sda1" ino=1167 res=1 errno=0
[ 2263.363508][ T7957] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7957,uid=0
[ 2263.385711][ T7957] Memory cgroup out of memory: Killed process 7957 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2263.403521][ T5556] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2263.406805][   T27] audit: type=1800 audit(1680178608.179:1091): pid=7968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1167 res=0 errno=0
[ 2263.413036][ T5556] usb 1-1: config 1 has no interface number 1
[ 2263.474883][ T5556] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping
[ 2263.494337][ T5556] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2263.511971][ T5556] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2263.692337][ T5556] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2263.701490][ T5556] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2263.715317][ T5556] usb 1-1: Product: syz
[ 2263.719529][ T5556] usb 1-1: Manufacturer: syz
[ 2263.726351][ T5556] usb 1-1: SerialNumber: syz
[ 2264.092698][ T5556] usb 1-1: USB disconnect, device number 47
[ 2264.121682][ T7971] udevd[7971]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
12:16:49 executing program 0:
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f00000006c0)='!\x00', 0x0)

12:16:49 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539e8fb02b0898356", 0x1e}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

12:16:49 executing program 2:
io_setup(0xe77, &(0x7f0000000200))

12:16:49 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, 0x0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:49 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:49 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r2}, 0x10)
sendfile(r0, r1, 0x0, 0xf800)

[ 2264.518932][   T27] audit: type=1804 audit(1680178609.319:1092): pid=7978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2140/bus" dev="sda1" ino=1171 res=1 errno=0
12:16:49 executing program 5:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:49 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x16, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4e}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)

12:16:49 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f", 0x14}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

[ 2264.569637][   T27] audit: type=1800 audit(1680178609.359:1093): pid=7978 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1171 res=0 errno=0
12:16:49 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg$unix(r0, &(0x7f0000000380)={0x0, 0x29, &(0x7f00000000c0), 0x59}, 0x0)
sendmsg$inet(r1, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0)

12:16:49 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:49 executing program 5:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:49 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f", 0x14}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

[ 2264.758148][ T7976] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2264.789504][ T7976] CPU: 0 PID: 7976 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2264.799395][ T7976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2264.809592][ T7976] Call Trace:
[ 2264.812917][ T7976]  <TASK>
[ 2264.815899][ T7976]  dump_stack_lvl+0x136/0x150
[ 2264.820675][ T7976]  dump_header+0x10a/0xd70
[ 2264.825169][ T7976]  oom_kill_process+0x25d/0x600
[ 2264.830108][ T7976]  out_of_memory+0x35c/0x1650
[ 2264.834871][ T7976]  ? find_held_lock+0x2d/0x110
[ 2264.839697][ T7976]  ? oom_killer_disable+0x2b0/0x2b0
[ 2264.845065][ T7976]  ? rcu_read_unlock+0x9/0x60
[ 2264.849801][ T7976]  ? find_held_lock+0x2d/0x110
12:16:49 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f", 0x14}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

12:16:49 executing program 5:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

[ 2264.854634][ T7976]  mem_cgroup_out_of_memory+0x206/0x270
[ 2264.860257][ T7976]  ? mem_cgroup_margin+0x130/0x130
[ 2264.865434][ T7976]  ? lock_downgrade+0x690/0x690
[ 2264.870373][ T7976]  try_charge_memcg+0xf99/0x13a0
[ 2264.875392][ T7976]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2264.881452][ T7976]  ? lock_downgrade+0x690/0x690
[ 2264.886369][ T7976]  ? trace_lock_acquire+0x12d/0x180
[ 2264.891629][ T7976]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2264.897248][ T7976]  ? lock_acquire+0x32/0xc0
[ 2264.901818][ T7976]  charge_memcg+0x90/0x3b0
[ 2264.906392][ T7976]  __mem_cgroup_charge+0x2b/0x90
[ 2264.911405][ T7976]  ? copy_mc_to_kernel+0x3e/0x90
[ 2264.916411][ T7976]  do_wp_page+0x8ac/0x3510
[ 2264.920957][ T7976]  ? lock_sync+0x190/0x190
[ 2264.925441][ T7976]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2264.930885][ T7976]  ? rcu_is_watching+0x12/0xb0
[ 2264.935727][ T7976]  ? do_raw_spin_lock+0x124/0x2b0
[ 2264.940826][ T7976]  ? spin_bug+0x1c0/0x1c0
[ 2264.945227][ T7976]  ? lock_acquire+0x32/0xc0
[ 2264.949804][ T7976]  ? __handle_mm_fault+0x1334/0x4180
12:16:49 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00'}, 0x10)
sendfile(r0, r1, 0x0, 0xf800)

[ 2264.955176][ T7976]  __handle_mm_fault+0x1547/0x4180
[ 2264.960377][ T7976]  ? vm_iomap_memory+0x190/0x190
[ 2264.965424][ T7976]  handle_mm_fault+0x2c0/0x9c0
[ 2264.970274][ T7976]  do_user_addr_fault+0x2ed/0x1240
[ 2264.975452][ T7976]  ? rcu_is_watching+0x12/0xb0
[ 2264.980292][ T7976]  exc_page_fault+0x98/0x170
[ 2264.984958][ T7976]  asm_exc_page_fault+0x26/0x30
[ 2264.989864][ T7976] RIP: 0033:0x7f47dd2364bd
[ 2264.994329][ T7976] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2265.013992][ T7976] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2265.020121][ T7976] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 0000000000000571
[ 2265.026314][   T27] audit: type=1804 audit(1680178609.799:1094): pid=8006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2141/bus" dev="sda1" ino=1171 res=1 errno=0
[ 2265.028112][ T7976] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2265.028138][ T7976] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2265.028162][ T7976] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2265.028184][ T7976] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2265.068633][   T27] audit: type=1800 audit(1680178609.799:1095): pid=8006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1171 res=0 errno=0
[ 2265.069767][ T7976]  </TASK>
[ 2265.161578][ T7976] memory: usage 307200kB, limit 307200kB, failcnt 9586
[ 2265.172503][ T7976] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2265.185113][ T7976] Memory cgroup stats for /syz1:
[ 2265.185397][ T7976] anon 147456
[ 2265.185397][ T7976] file 312406016
[ 2265.185397][ T7976] kernel 2019328
[ 2265.185397][ T7976] kernel_stack 65536
[ 2265.185397][ T7976] pagetables 81920
[ 2265.185397][ T7976] sec_pagetables 0
[ 2265.185397][ T7976] percpu 4864
[ 2265.185397][ T7976] sock 0
[ 2265.185397][ T7976] vmalloc 0
[ 2265.185397][ T7976] shmem 312406016
[ 2265.185397][ T7976] zswap 0
[ 2265.185397][ T7976] zswapped 0
[ 2265.185397][ T7976] file_mapped 380928
[ 2265.185397][ T7976] file_dirty 0
[ 2265.185397][ T7976] file_writeback 0
[ 2265.185397][ T7976] swapcached 0
[ 2265.185397][ T7976] anon_thp 0
[ 2265.185397][ T7976] file_thp 0
[ 2265.185397][ T7976] shmem_thp 0
[ 2265.185397][ T7976] inactive_anon 62951424
[ 2265.185397][ T7976] active_anon 172032
[ 2265.185397][ T7976] inactive_file 0
[ 2265.185397][ T7976] active_file 0
[ 2265.185397][ T7976] unevictable 249430016
[ 2265.185397][ T7976] slab_reclaimable 964920
[ 2265.185397][ T7976] slab_unreclaimable 868808
[ 2265.185397][ T7976] slab 1833728
[ 2265.185397][ T7976] workingset_refault_anon 0
[ 2265.185397][ T7976] workingset_refault_file 0
[ 2265.185397][ T7976] workingset_activate_anon 0
[ 2265.185397][ T7976] workingset_activate_file 0
[ 2265.185397][ T7976] workingset_restore_anon 0
[ 2265.185397][ T7976] workingset_restore_file 0
[ 2265.185397][ T7976] workingset_nodereclaim 0
[ 2265.185397][ T7976] pgscan 49
[ 2265.185397][ T7976] pgsteal 49
[ 2265.185397][ T7976] pgscan_kswapd 0
[ 2265.185397][ T7976] pgscan_direct 49
[ 2265.185397][ T7976] pgscan_khugepaged 0
[ 2265.185397][ T7976] pgsteal_kswapd 0
[ 2265.185397][ T7976] pgsteal_direct 49
[ 2265.185397][ T7976] pgsteal_khugepaged 0
[ 2265.185397][ T7976] pgfault 1093346
[ 2265.185397][ T7976] pgmajfault 422
[ 2265.185397][ T7976] pgrefill 150
[ 2265.185397][ T7976] pgactivate 161
[ 2265.185397][ T7976] pgdeactivate 0
[ 2265.185397][ T7976] pglazyfree 0
[ 2265.185397][ T7976] pglazyfreed 0
[ 2265.185397][ T7976] zswpin 0
[ 2265.185397][ T7976] zswpout 0
[ 2265.377497][ T7976] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=7976,uid=0
12:16:50 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:50 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:50 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:50 executing program 2:
syz_clone(0x40040200, &(0x7f00000000c0)="15d698b14f3a5f3c5cb787c7b32c89392dd46885b88ed286824b07e3ae8fc0072d2a6fb7864c609d289484864bdc11a640f5325889f1d0b58dc8cbaca7652cce68210e729ab1cb5a5b7c60c93e9a4191cc2bf77c0003a9e9634cec2e1536934a68edd8da46263b321a6a36086e9a13532dd5fdfc60fc698015f210af3a4f4e4773fc0e86cb2abd62e55dac251f3ab9146568f01dee99", 0x96, 0x0, &(0x7f0000000200), 0x0)

12:16:50 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539e8fb", 0x19}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

[ 2265.397374][ T7976] Memory cgroup out of memory: Killed process 7976 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:50 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:50 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:50 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f", 0x14}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

12:16:50 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:50 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:50 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f", 0x14}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

[ 2265.680056][ T8020] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2265.715938][ T8020] CPU: 0 PID: 8020 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2265.725825][ T8020] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2265.735937][ T8020] Call Trace:
[ 2265.739261][ T8020]  <TASK>
[ 2265.742236][ T8020]  dump_stack_lvl+0x136/0x150
[ 2265.746985][ T8020]  dump_header+0x10a/0xd70
[ 2265.751478][ T8020]  oom_kill_process+0x25d/0x600
[ 2265.756406][ T8020]  out_of_memory+0x35c/0x1650
[ 2265.761171][ T8020]  ? find_held_lock+0x2d/0x110
[ 2265.765998][ T8020]  ? oom_killer_disable+0x2b0/0x2b0
[ 2265.771276][ T8020]  ? rcu_read_unlock+0x9/0x60
[ 2265.776011][ T8020]  ? find_held_lock+0x2d/0x110
[ 2265.780838][ T8020]  mem_cgroup_out_of_memory+0x206/0x270
[ 2265.786445][ T8020]  ? mem_cgroup_margin+0x130/0x130
[ 2265.791617][ T8020]  ? lock_downgrade+0x690/0x690
[ 2265.796566][ T8020]  try_charge_memcg+0xf99/0x13a0
[ 2265.801591][ T8020]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2265.807658][ T8020]  ? lock_downgrade+0x690/0x690
[ 2265.812568][ T8020]  ? trace_lock_acquire+0x12d/0x180
[ 2265.817827][ T8020]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2265.823434][ T8020]  ? lock_acquire+0x32/0xc0
[ 2265.828034][ T8020]  charge_memcg+0x90/0x3b0
[ 2265.832531][ T8020]  __mem_cgroup_charge+0x2b/0x90
[ 2265.837534][ T8020]  ? copy_mc_to_kernel+0x3e/0x90
[ 2265.842548][ T8020]  do_wp_page+0x8ac/0x3510
[ 2265.847041][ T8020]  ? lock_sync+0x190/0x190
[ 2265.851518][ T8020]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2265.856951][ T8020]  ? rcu_is_watching+0x12/0xb0
[ 2265.861778][ T8020]  ? do_raw_spin_lock+0x124/0x2b0
[ 2265.866871][ T8020]  ? spin_bug+0x1c0/0x1c0
[ 2265.871263][ T8020]  ? lock_acquire+0x32/0xc0
[ 2265.875828][ T8020]  ? __handle_mm_fault+0x1334/0x4180
[ 2265.881187][ T8020]  __handle_mm_fault+0x1547/0x4180
[ 2265.886420][ T8020]  ? vm_iomap_memory+0x190/0x190
[ 2265.891460][ T8020]  handle_mm_fault+0x2c0/0x9c0
[ 2265.896326][ T8020]  do_user_addr_fault+0x2ed/0x1240
[ 2265.901501][ T8020]  ? rcu_is_watching+0x12/0xb0
[ 2265.906360][ T8020]  exc_page_fault+0x98/0x170
[ 2265.911028][ T8020]  asm_exc_page_fault+0x26/0x30
[ 2265.915961][ T8020] RIP: 0033:0x7f47dd2364bd
[ 2265.920424][ T8020] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2265.940088][ T8020] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2265.946199][ T8020] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000005cf
[ 2265.954228][ T8020] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 00000000b4a86bdd
[ 2265.962252][ T8020] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 00000000b4a86be1
[ 2265.970267][ T8020] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
12:16:50 executing program 0:
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

[ 2265.978280][ T8020] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2265.986328][ T8020]  </TASK>
[ 2266.007956][ T8020] memory: usage 307200kB, limit 307200kB, failcnt 9668
[ 2266.014984][ T8020] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2266.028106][ T8020] Memory cgroup stats for /syz1:
[ 2266.028400][ T8020] anon 147456
[ 2266.028400][ T8020] file 312406016
[ 2266.028400][ T8020] kernel 2019328
[ 2266.028400][ T8020] kernel_stack 65536
[ 2266.028400][ T8020] pagetables 81920
[ 2266.028400][ T8020] sec_pagetables 0
[ 2266.028400][ T8020] percpu 4864
[ 2266.028400][ T8020] sock 0
[ 2266.028400][ T8020] vmalloc 0
[ 2266.028400][ T8020] shmem 312406016
[ 2266.028400][ T8020] zswap 0
[ 2266.028400][ T8020] zswapped 0
[ 2266.028400][ T8020] file_mapped 380928
[ 2266.028400][ T8020] file_dirty 0
[ 2266.028400][ T8020] file_writeback 0
[ 2266.028400][ T8020] swapcached 0
[ 2266.028400][ T8020] anon_thp 0
[ 2266.028400][ T8020] file_thp 0
[ 2266.028400][ T8020] shmem_thp 0
[ 2266.028400][ T8020] inactive_anon 62951424
[ 2266.028400][ T8020] active_anon 172032
[ 2266.028400][ T8020] inactive_file 0
[ 2266.028400][ T8020] active_file 0
[ 2266.028400][ T8020] unevictable 249430016
[ 2266.028400][ T8020] slab_reclaimable 964920
[ 2266.028400][ T8020] slab_unreclaimable 868808
[ 2266.028400][ T8020] slab 1833728
[ 2266.028400][ T8020] workingset_refault_anon 0
[ 2266.028400][ T8020] workingset_refault_file 0
[ 2266.028400][ T8020] workingset_activate_anon 0
[ 2266.028400][ T8020] workingset_activate_file 0
[ 2266.028400][ T8020] workingset_restore_anon 0
[ 2266.028400][ T8020] workingset_restore_file 0
[ 2266.028400][ T8020] workingset_nodereclaim 0
[ 2266.028400][ T8020] pgscan 49
[ 2266.028400][ T8020] pgsteal 49
[ 2266.028400][ T8020] pgscan_kswapd 0
[ 2266.028400][ T8020] pgscan_direct 49
[ 2266.028400][ T8020] pgscan_khugepaged 0
[ 2266.028400][ T8020] pgsteal_kswapd 0
[ 2266.028400][ T8020] pgsteal_direct 49
[ 2266.028400][ T8020] pgsteal_khugepaged 0
[ 2266.028400][ T8020] pgfault 1093407
[ 2266.028400][ T8020] pgmajfault 422
[ 2266.028400][ T8020] pgrefill 150
[ 2266.028400][ T8020] pgactivate 161
[ 2266.028400][ T8020] pgdeactivate 0
[ 2266.028400][ T8020] pglazyfree 0
[ 2266.028400][ T8020] pglazyfreed 0
[ 2266.028400][ T8020] zswpin 0
[ 2266.028400][ T8020] zswpout 0
12:16:51 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:51 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:51 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f", 0x14}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

12:16:51 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00'}, 0x10)
sendfile(r0, r1, 0x0, 0xf800)

12:16:51 executing program 2:
syz_clone(0x40040200, &(0x7f00000000c0)="15d698b14f3a5f3c5cb787c7b32c89392dd46885b88ed286824b07e3ae8fc0072d2a6fb7864c609d289484864bdc11a640f5325889f1d0b58dc8cbaca7652cce68210e729ab1cb5a5b7c60c93e9a4191cc2bf77c0003a9e9634cec2e1536934a68edd8da46263b321a6a36086e9a13532dd5fdfc60fc698015f210af3a4f4e4773fc0e86cb2abd62e55dac251f3ab9146568f01dee99", 0x96, 0x0, &(0x7f0000000200), 0x0)

12:16:51 executing program 0:
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

[ 2266.224202][ T8020] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8020,uid=0
[ 2266.239963][ T8020] Memory cgroup out of memory: Killed process 8020 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:51 executing program 0:
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:51 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

[ 2266.318010][   T27] audit: type=1804 audit(1680178611.119:1096): pid=8044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2142/bus" dev="sda1" ino=1158 res=1 errno=0
12:16:51 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539", 0x17}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

[ 2266.379908][   T27] audit: type=1800 audit(1680178611.119:1097): pid=8044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1158 res=0 errno=0
12:16:51 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:51 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:51 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

[ 2266.641059][ T8050] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2266.681487][ T8050] CPU: 1 PID: 8050 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2266.691400][ T8050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2266.701507][ T8050] Call Trace:
[ 2266.704871][ T8050]  <TASK>
[ 2266.707851][ T8050]  dump_stack_lvl+0x136/0x150
[ 2266.712607][ T8050]  dump_header+0x10a/0xd70
[ 2266.717132][ T8050]  oom_kill_process+0x25d/0x600
[ 2266.722084][ T8050]  out_of_memory+0x35c/0x1650
[ 2266.726841][ T8050]  ? find_held_lock+0x2d/0x110
[ 2266.731670][ T8050]  ? oom_killer_disable+0x2b0/0x2b0
[ 2266.736947][ T8050]  ? rcu_read_unlock+0x9/0x60
[ 2266.741689][ T8050]  ? find_held_lock+0x2d/0x110
[ 2266.746550][ T8050]  mem_cgroup_out_of_memory+0x206/0x270
[ 2266.752161][ T8050]  ? mem_cgroup_margin+0x130/0x130
[ 2266.757336][ T8050]  ? lock_downgrade+0x690/0x690
[ 2266.762269][ T8050]  try_charge_memcg+0xf99/0x13a0
[ 2266.767284][ T8050]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2266.773349][ T8050]  ? lock_downgrade+0x690/0x690
[ 2266.778268][ T8050]  ? trace_lock_acquire+0x12d/0x180
[ 2266.783525][ T8050]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2266.789125][ T8050]  ? lock_acquire+0x32/0xc0
[ 2266.793684][ T8050]  charge_memcg+0x90/0x3b0
[ 2266.798159][ T8050]  __mem_cgroup_charge+0x2b/0x90
[ 2266.803147][ T8050]  do_wp_page+0x8ac/0x3510
[ 2266.807619][ T8050]  ? lock_sync+0x190/0x190
[ 2266.812072][ T8050]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2266.817494][ T8050]  ? rcu_is_watching+0x12/0xb0
[ 2266.822303][ T8050]  ? do_raw_spin_lock+0x124/0x2b0
[ 2266.827365][ T8050]  ? spin_bug+0x1c0/0x1c0
[ 2266.831727][ T8050]  ? lock_acquire+0x32/0xc0
[ 2266.836272][ T8050]  ? __handle_mm_fault+0x1334/0x4180
[ 2266.841629][ T8050]  __handle_mm_fault+0x1547/0x4180
[ 2266.846799][ T8050]  ? vm_iomap_memory+0x190/0x190
[ 2266.851809][ T8050]  handle_mm_fault+0x2c0/0x9c0
[ 2266.856646][ T8050]  do_user_addr_fault+0x2ed/0x1240
[ 2266.861795][ T8050]  ? rcu_is_watching+0x12/0xb0
[ 2266.866620][ T8050]  exc_page_fault+0x98/0x170
[ 2266.871260][ T8050]  asm_exc_page_fault+0x26/0x30
[ 2266.876144][ T8050] RIP: 0033:0x7f47dd2395a0
[ 2266.880583][ T8050] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2266.900222][ T8050] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2266.906316][ T8050] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2266.914313][ T8050] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2266.922311][ T8050] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2266.930308][ T8050] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2266.938307][ T8050] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2266.946305][ T8050]  ? build_open_flags+0x76/0x720
[ 2266.951301][ T8050]  </TASK>
[ 2266.974825][ T8050] memory: usage 307200kB, limit 307200kB, failcnt 9750
[ 2266.987838][ T8050] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2267.000893][ T8050] Memory cgroup stats for /syz1:
[ 2267.001172][ T8050] anon 131072
[ 2267.001172][ T8050] file 312406016
[ 2267.001172][ T8050] kernel 2035712
[ 2267.001172][ T8050] kernel_stack 65536
[ 2267.001172][ T8050] pagetables 81920
[ 2267.001172][ T8050] sec_pagetables 0
[ 2267.001172][ T8050] percpu 4928
[ 2267.001172][ T8050] sock 0
[ 2267.001172][ T8050] vmalloc 0
[ 2267.001172][ T8050] shmem 312406016
[ 2267.001172][ T8050] zswap 0
[ 2267.001172][ T8050] zswapped 0
[ 2267.001172][ T8050] file_mapped 380928
[ 2267.001172][ T8050] file_dirty 0
[ 2267.001172][ T8050] file_writeback 0
[ 2267.001172][ T8050] swapcached 0
[ 2267.001172][ T8050] anon_thp 0
[ 2267.001172][ T8050] file_thp 0
[ 2267.001172][ T8050] shmem_thp 0
[ 2267.001172][ T8050] inactive_anon 62951424
[ 2267.001172][ T8050] active_anon 155648
[ 2267.001172][ T8050] inactive_file 0
[ 2267.001172][ T8050] active_file 0
[ 2267.001172][ T8050] unevictable 249430016
[ 2267.001172][ T8050] slab_reclaimable 964920
[ 2267.001172][ T8050] slab_unreclaimable 880720
[ 2267.001172][ T8050] slab 1845640
[ 2267.001172][ T8050] workingset_refault_anon 0
[ 2267.001172][ T8050] workingset_refault_file 0
[ 2267.001172][ T8050] workingset_activate_anon 0
[ 2267.001172][ T8050] workingset_activate_file 0
[ 2267.001172][ T8050] workingset_restore_anon 0
[ 2267.001172][ T8050] workingset_restore_file 0
[ 2267.001172][ T8050] workingset_nodereclaim 0
[ 2267.001172][ T8050] pgscan 49
[ 2267.001172][ T8050] pgsteal 49
[ 2267.001172][ T8050] pgscan_kswapd 0
[ 2267.001172][ T8050] pgscan_direct 49
[ 2267.001172][ T8050] pgscan_khugepaged 0
[ 2267.001172][ T8050] pgsteal_kswapd 0
[ 2267.001172][ T8050] pgsteal_direct 49
[ 2267.001172][ T8050] pgsteal_khugepaged 0
[ 2267.001172][ T8050] pgfault 1093458
[ 2267.001172][ T8050] pgmajfault 422
[ 2267.001172][ T8050] pgrefill 150
[ 2267.001172][ T8050] pgactivate 161
[ 2267.001172][ T8050] pgdeactivate 0
[ 2267.001172][ T8050] pglazyfree 0
[ 2267.001172][ T8050] pglazyfreed 0
[ 2267.001172][ T8050] zswpin 0
[ 2267.001172][ T8050] zswpout 0
[ 2267.204025][ T8050] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8050,uid=0
12:16:52 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:52 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539", 0x17}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

12:16:52 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:52 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:52 executing program 2:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0)
write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "0040001e1d113c00000068c0c400"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TCFLSH(r1, 0x540b, 0x2)

12:16:52 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00'}, 0x10)
sendfile(r0, r1, 0x0, 0xf800)

[ 2267.236704][ T8050] Memory cgroup out of memory: Killed process 8050 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:52 executing program 0:
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:52 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539", 0x17}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

[ 2267.304889][   T27] audit: type=1804 audit(1680178612.109:1098): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2143/bus" dev="sda1" ino=1178 res=1 errno=0
12:16:52 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

[ 2267.393179][   T27] audit: type=1800 audit(1680178612.109:1099): pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1178 res=0 errno=0
12:16:52 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, 0x0)
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:52 executing program 0:
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:52 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539e8", 0x18}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

[ 2267.542865][ T8077] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2267.573169][ T8077] CPU: 0 PID: 8077 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2267.583064][ T8077] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2267.593173][ T8077] Call Trace:
[ 2267.596512][ T8077]  <TASK>
[ 2267.599488][ T8077]  dump_stack_lvl+0x136/0x150
[ 2267.604249][ T8077]  dump_header+0x10a/0xd70
[ 2267.608738][ T8077]  oom_kill_process+0x25d/0x600
[ 2267.613678][ T8077]  out_of_memory+0x35c/0x1650
[ 2267.618436][ T8077]  ? find_held_lock+0x2d/0x110
[ 2267.623254][ T8077]  ? oom_killer_disable+0x2b0/0x2b0
[ 2267.628526][ T8077]  ? rcu_read_unlock+0x9/0x60
[ 2267.633270][ T8077]  ? find_held_lock+0x2d/0x110
[ 2267.638117][ T8077]  mem_cgroup_out_of_memory+0x206/0x270
[ 2267.643700][ T8077]  ? mem_cgroup_margin+0x130/0x130
[ 2267.648858][ T8077]  ? lock_downgrade+0x690/0x690
[ 2267.653782][ T8077]  try_charge_memcg+0xf99/0x13a0
[ 2267.658774][ T8077]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2267.664820][ T8077]  ? lock_downgrade+0x690/0x690
[ 2267.669707][ T8077]  ? trace_lock_acquire+0x12d/0x180
[ 2267.674943][ T8077]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2267.680540][ T8077]  ? lock_acquire+0x32/0xc0
[ 2267.685099][ T8077]  charge_memcg+0x90/0x3b0
[ 2267.689580][ T8077]  __mem_cgroup_charge+0x2b/0x90
[ 2267.694567][ T8077]  do_wp_page+0x8ac/0x3510
[ 2267.699054][ T8077]  ? lock_sync+0x190/0x190
[ 2267.703509][ T8077]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2267.708946][ T8077]  ? rcu_is_watching+0x12/0xb0
[ 2267.713751][ T8077]  ? do_raw_spin_lock+0x124/0x2b0
[ 2267.718847][ T8077]  ? spin_bug+0x1c0/0x1c0
[ 2267.723229][ T8077]  ? lock_acquire+0x32/0xc0
[ 2267.727766][ T8077]  ? __handle_mm_fault+0x1334/0x4180
[ 2267.733120][ T8077]  __handle_mm_fault+0x1547/0x4180
[ 2267.738292][ T8077]  ? vm_iomap_memory+0x190/0x190
[ 2267.743296][ T8077]  handle_mm_fault+0x2c0/0x9c0
[ 2267.748119][ T8077]  do_user_addr_fault+0x2ed/0x1240
[ 2267.753273][ T8077]  ? rcu_is_watching+0x12/0xb0
[ 2267.758082][ T8077]  exc_page_fault+0x98/0x170
[ 2267.762732][ T8077]  asm_exc_page_fault+0x26/0x30
[ 2267.767637][ T8077] RIP: 0033:0x7f47dd2395a0
[ 2267.772073][ T8077] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2267.791794][ T8077] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2267.797882][ T8077] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2267.805895][ T8077] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2267.813895][ T8077] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2267.821889][ T8077] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2267.829879][ T8077] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2267.837888][ T8077]  ? build_open_flags+0x76/0x720
[ 2267.842874][ T8077]  </TASK>
[ 2267.882885][ T8077] memory: usage 307200kB, limit 307200kB, failcnt 9850
[ 2267.928229][ T8077] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2267.947603][ T8077] Memory cgroup stats for /syz1:
[ 2267.948006][ T8077] anon 131072
[ 2267.948006][ T8077] file 312406016
[ 2267.948006][ T8077] kernel 2035712
[ 2267.948006][ T8077] kernel_stack 65536
[ 2267.948006][ T8077] pagetables 81920
[ 2267.948006][ T8077] sec_pagetables 0
[ 2267.948006][ T8077] percpu 4928
[ 2267.948006][ T8077] sock 0
[ 2267.948006][ T8077] vmalloc 0
[ 2267.948006][ T8077] shmem 312406016
[ 2267.948006][ T8077] zswap 0
[ 2267.948006][ T8077] zswapped 0
[ 2267.948006][ T8077] file_mapped 380928
[ 2267.948006][ T8077] file_dirty 0
[ 2267.948006][ T8077] file_writeback 0
[ 2267.948006][ T8077] swapcached 0
[ 2267.948006][ T8077] anon_thp 0
[ 2267.948006][ T8077] file_thp 0
[ 2267.948006][ T8077] shmem_thp 0
[ 2267.948006][ T8077] inactive_anon 62951424
[ 2267.948006][ T8077] active_anon 155648
[ 2267.948006][ T8077] inactive_file 0
[ 2267.948006][ T8077] active_file 0
[ 2267.948006][ T8077] unevictable 249430016
[ 2267.948006][ T8077] slab_reclaimable 964920
[ 2267.948006][ T8077] slab_unreclaimable 880720
[ 2267.948006][ T8077] slab 1845640
[ 2267.948006][ T8077] workingset_refault_anon 0
[ 2267.948006][ T8077] workingset_refault_file 0
[ 2267.948006][ T8077] workingset_activate_anon 0
[ 2267.948006][ T8077] workingset_activate_file 0
[ 2267.948006][ T8077] workingset_restore_anon 0
[ 2267.948006][ T8077] workingset_restore_file 0
[ 2267.948006][ T8077] workingset_nodereclaim 0
[ 2267.948006][ T8077] pgscan 49
[ 2267.948006][ T8077] pgsteal 49
[ 2267.948006][ T8077] pgscan_kswapd 0
[ 2267.948006][ T8077] pgscan_direct 49
[ 2267.948006][ T8077] pgscan_khugepaged 0
[ 2267.948006][ T8077] pgsteal_kswapd 0
[ 2267.948006][ T8077] pgsteal_direct 49
[ 2267.948006][ T8077] pgsteal_khugepaged 0
[ 2267.948006][ T8077] pgfault 1093511
[ 2267.948006][ T8077] pgmajfault 422
[ 2267.948006][ T8077] pgrefill 150
[ 2267.948006][ T8077] pgactivate 161
[ 2267.948006][ T8077] pgdeactivate 0
[ 2267.948006][ T8077] pglazyfree 0
[ 2267.948006][ T8077] pglazyfreed 0
[ 2267.948006][ T8077] zswpin 0
[ 2267.948006][ T8077] zswpout 0
12:16:53 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:53 executing program 0:
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f00000002c0)={{0x1, 0x0, 0x0, 0x3}})

12:16:53 executing program 5:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:53 executing program 2:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x24001, 0x0)

12:16:53 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539", 0x17}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

12:16:53 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r2}, 0x10)
sendfile(0xffffffffffffffff, r1, 0x0, 0xf800)

[ 2268.164153][ T8077] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8077,uid=0
[ 2268.187570][ T8077] Memory cgroup out of memory: Killed process 8077 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:53 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, 0x0)

12:16:53 executing program 5:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

[ 2268.263086][   T27] audit: type=1804 audit(1680178613.069:1100): pid=8099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2144/bus" dev="sda1" ino=1181 res=1 errno=0
12:16:53 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539", 0x17}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

[ 2268.333600][   T27] audit: type=1800 audit(1680178613.099:1101): pid=8099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1181 res=0 errno=0
12:16:53 executing program 5:
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:53 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, 0x0)

12:16:53 executing program 2:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x24001, 0x0)

[ 2268.466940][ T8103] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2268.509739][ T8103] CPU: 1 PID: 8103 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2268.519632][ T8103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2268.529744][ T8103] Call Trace:
[ 2268.533067][ T8103]  <TASK>
[ 2268.536045][ T8103]  dump_stack_lvl+0x136/0x150
[ 2268.540793][ T8103]  dump_header+0x10a/0xd70
[ 2268.545283][ T8103]  oom_kill_process+0x25d/0x600
[ 2268.550209][ T8103]  out_of_memory+0x35c/0x1650
[ 2268.554970][ T8103]  ? find_held_lock+0x2d/0x110
[ 2268.559818][ T8103]  ? oom_killer_disable+0x2b0/0x2b0
[ 2268.565099][ T8103]  ? rcu_read_unlock+0x9/0x60
[ 2268.569845][ T8103]  ? find_held_lock+0x2d/0x110
[ 2268.574850][ T8103]  mem_cgroup_out_of_memory+0x206/0x270
[ 2268.580465][ T8103]  ? mem_cgroup_margin+0x130/0x130
[ 2268.585653][ T8103]  ? lock_downgrade+0x690/0x690
[ 2268.590603][ T8103]  try_charge_memcg+0xf99/0x13a0
[ 2268.595605][ T8103]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2268.601656][ T8103]  ? lock_downgrade+0x690/0x690
[ 2268.606577][ T8103]  ? trace_lock_acquire+0x12d/0x180
[ 2268.611833][ T8103]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2268.617461][ T8103]  ? lock_acquire+0x32/0xc0
[ 2268.622039][ T8103]  charge_memcg+0x90/0x3b0
[ 2268.626535][ T8103]  __mem_cgroup_charge+0x2b/0x90
[ 2268.631551][ T8103]  do_wp_page+0x8ac/0x3510
[ 2268.636056][ T8103]  ? lock_sync+0x190/0x190
[ 2268.640543][ T8103]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2268.645988][ T8103]  ? rcu_is_watching+0x12/0xb0
[ 2268.650845][ T8103]  ? do_raw_spin_lock+0x124/0x2b0
[ 2268.655960][ T8103]  ? spin_bug+0x1c0/0x1c0
[ 2268.660354][ T8103]  ? lock_acquire+0x32/0xc0
[ 2268.664923][ T8103]  ? __handle_mm_fault+0x1334/0x4180
[ 2268.670298][ T8103]  __handle_mm_fault+0x1547/0x4180
[ 2268.675495][ T8103]  ? vm_iomap_memory+0x190/0x190
[ 2268.680534][ T8103]  handle_mm_fault+0x2c0/0x9c0
[ 2268.685377][ T8103]  do_user_addr_fault+0x2ed/0x1240
[ 2268.690559][ T8103]  ? rcu_is_watching+0x12/0xb0
[ 2268.695401][ T8103]  exc_page_fault+0x98/0x170
[ 2268.700084][ T8103]  asm_exc_page_fault+0x26/0x30
[ 2268.704996][ T8103] RIP: 0033:0x7f47dd2395a0
[ 2268.709469][ T8103] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2268.729227][ T8103] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2268.735351][ T8103] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2268.743373][ T8103] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2268.751390][ T8103] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2268.759410][ T8103] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2268.767518][ T8103] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2268.775557][ T8103]  ? build_open_flags+0x76/0x720
[ 2268.780588][ T8103]  </TASK>
[ 2268.817382][ T8103] memory: usage 307200kB, limit 307200kB, failcnt 9947
[ 2268.831375][ T8103] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2268.838893][ T8103] Memory cgroup stats for /syz1:
[ 2268.839172][ T8103] anon 131072
[ 2268.839172][ T8103] file 312406016
[ 2268.839172][ T8103] kernel 2035712
[ 2268.839172][ T8103] kernel_stack 65536
[ 2268.839172][ T8103] pagetables 81920
[ 2268.839172][ T8103] sec_pagetables 0
[ 2268.839172][ T8103] percpu 4928
[ 2268.839172][ T8103] sock 0
[ 2268.839172][ T8103] vmalloc 0
[ 2268.839172][ T8103] shmem 312406016
[ 2268.839172][ T8103] zswap 0
[ 2268.839172][ T8103] zswapped 0
[ 2268.839172][ T8103] file_mapped 380928
[ 2268.839172][ T8103] file_dirty 0
[ 2268.839172][ T8103] file_writeback 0
[ 2268.839172][ T8103] swapcached 0
[ 2268.839172][ T8103] anon_thp 0
[ 2268.839172][ T8103] file_thp 0
[ 2268.839172][ T8103] shmem_thp 0
[ 2268.839172][ T8103] inactive_anon 62951424
[ 2268.839172][ T8103] active_anon 155648
[ 2268.839172][ T8103] inactive_file 0
[ 2268.839172][ T8103] active_file 0
[ 2268.839172][ T8103] unevictable 249430016
[ 2268.839172][ T8103] slab_reclaimable 964920
[ 2268.839172][ T8103] slab_unreclaimable 880720
[ 2268.839172][ T8103] slab 1845640
[ 2268.839172][ T8103] workingset_refault_anon 0
[ 2268.839172][ T8103] workingset_refault_file 0
[ 2268.839172][ T8103] workingset_activate_anon 0
[ 2268.839172][ T8103] workingset_activate_file 0
[ 2268.839172][ T8103] workingset_restore_anon 0
[ 2268.839172][ T8103] workingset_restore_file 0
[ 2268.839172][ T8103] workingset_nodereclaim 0
[ 2268.839172][ T8103] pgscan 49
[ 2268.839172][ T8103] pgsteal 49
[ 2268.839172][ T8103] pgscan_kswapd 0
[ 2268.839172][ T8103] pgscan_direct 49
[ 2268.839172][ T8103] pgscan_khugepaged 0
[ 2268.839172][ T8103] pgsteal_kswapd 0
[ 2268.839172][ T8103] pgsteal_direct 49
[ 2268.839172][ T8103] pgsteal_khugepaged 0
[ 2268.839172][ T8103] pgfault 1093564
[ 2268.839172][ T8103] pgmajfault 422
[ 2268.839172][ T8103] pgrefill 150
[ 2268.839172][ T8103] pgactivate 161
[ 2268.839172][ T8103] pgdeactivate 0
[ 2268.839172][ T8103] pglazyfree 0
[ 2268.839172][ T8103] pglazyfreed 0
[ 2268.839172][ T8103] zswpin 0
[ 2268.839172][ T8103] zswpout 0
[ 2269.050040][ T8103] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8103,uid=0
12:16:53 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280), 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:53 executing program 4:
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x88a02, 0x0)
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000000))
ioctl$int_in(r0, 0x800000c004500a, &(0x7f00000000c0))
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000080)="a2545375a7fd71bcb79d10fe719003761662e85f306539", 0x17}, {&(0x7f0000000280)="07a8773f6fd2b63d", 0x8}], 0x2)

12:16:53 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, 0x0)

12:16:53 executing program 2:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x24001, 0x0)

12:16:53 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, 0x0, 0x0)

[ 2269.075968][ T8103] Memory cgroup out of memory: Killed process 8103 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:53 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r2}, 0x10)
sendfile(0xffffffffffffffff, r1, 0x0, 0xf800)

12:16:54 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, 0x0, 0x0)

12:16:54 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x3}})

[ 2269.177850][   T27] audit: type=1804 audit(1680178613.979:1102): pid=8127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2145/bus" dev="sda1" ino=1165 res=1 errno=0
12:16:54 executing program 4:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000d00), 0x0)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r0, 0x80045400, &(0x7f0000000240))

[ 2269.287658][   T27] audit: type=1800 audit(1680178613.979:1103): pid=8127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1165 res=0 errno=0
12:16:54 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x3}})

12:16:54 executing program 4:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x3, &(0x7f0000000100)=[{}, {0x6c}, {0x6}]})

12:16:54 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, 0x0, 0x0)

[ 2269.435580][   T27] audit: type=1326 audit(1680178614.239:1104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8140 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fecfde8c0f9 code=0x0
[ 2269.466284][ T8133] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2269.502216][ T8133] CPU: 0 PID: 8133 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2269.512102][ T8133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2269.522201][ T8133] Call Trace:
[ 2269.525520][ T8133]  <TASK>
[ 2269.528494][ T8133]  dump_stack_lvl+0x136/0x150
[ 2269.533270][ T8133]  dump_header+0x10a/0xd70
[ 2269.537777][ T8133]  oom_kill_process+0x25d/0x600
[ 2269.542715][ T8133]  out_of_memory+0x35c/0x1650
[ 2269.547461][ T8133]  ? find_held_lock+0x2d/0x110
[ 2269.552285][ T8133]  ? oom_killer_disable+0x2b0/0x2b0
[ 2269.557556][ T8133]  ? rcu_read_unlock+0x9/0x60
[ 2269.562285][ T8133]  ? find_held_lock+0x2d/0x110
[ 2269.567111][ T8133]  mem_cgroup_out_of_memory+0x206/0x270
[ 2269.572717][ T8133]  ? mem_cgroup_margin+0x130/0x130
[ 2269.577885][ T8133]  ? lock_downgrade+0x690/0x690
[ 2269.582825][ T8133]  try_charge_memcg+0xf99/0x13a0
[ 2269.587843][ T8133]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2269.593922][ T8133]  ? lock_downgrade+0x690/0x690
[ 2269.598850][ T8133]  ? trace_lock_acquire+0x12d/0x180
[ 2269.604133][ T8133]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2269.609739][ T8133]  ? lock_acquire+0x32/0xc0
[ 2269.614315][ T8133]  charge_memcg+0x90/0x3b0
[ 2269.618810][ T8133]  __mem_cgroup_charge+0x2b/0x90
[ 2269.623824][ T8133]  do_wp_page+0x8ac/0x3510
[ 2269.628349][ T8133]  ? lock_sync+0x190/0x190
[ 2269.632832][ T8133]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2269.638388][ T8133]  ? rcu_is_watching+0x12/0xb0
[ 2269.643231][ T8133]  ? do_raw_spin_lock+0x124/0x2b0
[ 2269.648324][ T8133]  ? spin_bug+0x1c0/0x1c0
[ 2269.652720][ T8133]  ? lock_acquire+0x32/0xc0
[ 2269.657547][ T8133]  ? __handle_mm_fault+0x1334/0x4180
[ 2269.663009][ T8133]  __handle_mm_fault+0x1547/0x4180
[ 2269.668216][ T8133]  ? vm_iomap_memory+0x190/0x190
[ 2269.673259][ T8133]  handle_mm_fault+0x2c0/0x9c0
[ 2269.678111][ T8133]  do_user_addr_fault+0x2ed/0x1240
[ 2269.683295][ T8133]  ? rcu_is_watching+0x12/0xb0
[ 2269.688147][ T8133]  exc_page_fault+0x98/0x170
[ 2269.692823][ T8133]  asm_exc_page_fault+0x26/0x30
[ 2269.697747][ T8133] RIP: 0033:0x7f47dd2395a0
[ 2269.702214][ T8133] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2269.721880][ T8133] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2269.728008][ T8133] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2269.736028][ T8133] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2269.744052][ T8133] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2269.752071][ T8133] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2269.760092][ T8133] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2269.768111][ T8133]  ? build_open_flags+0x76/0x720
[ 2269.773153][ T8133]  </TASK>
[ 2269.838104][ T8133] memory: usage 307200kB, limit 307200kB, failcnt 10059
[ 2269.845369][ T8133] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2269.852801][ T8133] Memory cgroup stats for /syz1:
[ 2269.853092][ T8133] anon 131072
[ 2269.853092][ T8133] file 312406016
[ 2269.853092][ T8133] kernel 2035712
[ 2269.853092][ T8133] kernel_stack 65536
[ 2269.853092][ T8133] pagetables 81920
[ 2269.853092][ T8133] sec_pagetables 0
[ 2269.853092][ T8133] percpu 4928
[ 2269.853092][ T8133] sock 0
[ 2269.853092][ T8133] vmalloc 0
[ 2269.853092][ T8133] shmem 312406016
[ 2269.853092][ T8133] zswap 0
[ 2269.853092][ T8133] zswapped 0
[ 2269.853092][ T8133] file_mapped 380928
[ 2269.853092][ T8133] file_dirty 0
[ 2269.853092][ T8133] file_writeback 0
[ 2269.853092][ T8133] swapcached 0
[ 2269.853092][ T8133] anon_thp 0
[ 2269.853092][ T8133] file_thp 0
[ 2269.853092][ T8133] shmem_thp 0
[ 2269.853092][ T8133] inactive_anon 62951424
[ 2269.853092][ T8133] active_anon 155648
[ 2269.853092][ T8133] inactive_file 0
[ 2269.853092][ T8133] active_file 0
[ 2269.853092][ T8133] unevictable 249430016
[ 2269.853092][ T8133] slab_reclaimable 964920
[ 2269.853092][ T8133] slab_unreclaimable 880720
[ 2269.853092][ T8133] slab 1845640
[ 2269.853092][ T8133] workingset_refault_anon 0
[ 2269.853092][ T8133] workingset_refault_file 0
[ 2269.853092][ T8133] workingset_activate_anon 0
[ 2269.853092][ T8133] workingset_activate_file 0
[ 2269.853092][ T8133] workingset_restore_anon 0
[ 2269.853092][ T8133] workingset_restore_file 0
[ 2269.853092][ T8133] workingset_nodereclaim 0
[ 2269.853092][ T8133] pgscan 49
[ 2269.853092][ T8133] pgsteal 49
[ 2269.853092][ T8133] pgscan_kswapd 0
[ 2269.853092][ T8133] pgscan_direct 49
[ 2269.853092][ T8133] pgscan_khugepaged 0
[ 2269.853092][ T8133] pgsteal_kswapd 0
[ 2269.853092][ T8133] pgsteal_direct 49
[ 2269.853092][ T8133] pgsteal_khugepaged 0
[ 2269.853092][ T8133] pgfault 1093619
[ 2269.853092][ T8133] pgmajfault 422
[ 2269.853092][ T8133] pgrefill 150
[ 2269.853092][ T8133] pgactivate 161
[ 2269.853092][ T8133] pgdeactivate 0
[ 2269.853092][ T8133] pglazyfree 0
[ 2269.853092][ T8133] pglazyfreed 0
[ 2269.853092][ T8133] zswpin 0
[ 2269.853092][ T8133] zswpout 0
12:16:54 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280), 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:54 executing program 2:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x24001, 0x0)

12:16:54 executing program 4:
syz_mount_image$vfat(&(0x7f0000001200), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f0000000080)=ANY=[@ANYBLOB="73686f72746e616d653d77696e39352c757466383d312c726f6469722c0021ef1d2efffd85f3438b9843bf9c01d1a62587aa95b24658f0a7f72930cead505af1cb7c44e426b8ac5ab5834a69e58e1a6c614b99c183c332ae7c2b7766690ae72b3230563285dd496fd3619b5cb02dbc131c9bd0be6c06c24af2841d8fe054c230f5b825b8b3725f61314fba295bdeb3912b564ea700c524f7c34e34a3922efc5c9bf06539415ce241cc386260fe6216"], 0xfd, 0x11ea, &(0x7f00000024c0)="$eJzs3MGLG1UcB/Bf29XW1N2sWqstiA+96GVs9uDJS5AtSANK2xRaQZi6ExuSTUImLETEevPqnyHi0Zsg/gN78eJZ8CJ78diDOGIitlsiuAqOXT6fS37w3hfeIzDwhvebgzc+2x30yqyXz+LkiROxNolI91KkOBmnYumTePXG9z+8cO3mrSvtTmf7akqX29dbr6eUNl785t2Pvnzp29nZG19tfH069jffO/h568f98/sXDn69fqdfpn6ZRuNZytPt8XiW3x4WaadfDrKU3hkWeVmk/qgspofGe8PxZDJP+WhnvTGZFmWZ8tE8DYp5mo3TbDpP+Qd5f5SyLEvrjeDf6H5xr6qqiKp6LB6PqqqqJ6IRZ+PJWI+NaMZmPBVPxzNxLp6N8/FcPB8XFrPqXjcAAAAAAAAAAAAAAAAAAAAcL/r/AQAAAAAAAAAAAAAAAAAAoH76/wEAAAAAAAAAAAAAAAAAAKB++v8BAAAAAAAAAAAAAAAAAACgftdu3rrS7nS2r6Z0JmL3073uXnf5uxxv96IfwyjiUjTjl1h0/y8t68tvdbYvpYXNeG337h/5u3vdU4fzrcXnBFbmW8t8Opw/HY0H81vRjHOr81sr82filZcfyGfRjO/ej3EMYyd+z97Pf9xK6c23Ow/lLy7mAQAAwHGQpT+tPL9n2V+NL/NHeD/w0Pl6LS6u1bt3Isr5h4N8OCymCsWxKX76/H+xjEe6qPvJxH/h/p9e90oAAAAAAAAAAAA4ir9/H/DOP75OWPceAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmMHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFUBAAD//5Tr8pM=")
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', 0x0, 0x8204ab, 0x0)

12:16:54 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r2}, 0x10)
sendfile(0xffffffffffffffff, r1, 0x0, 0xf800)

12:16:54 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

12:16:54 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x0, 0x0, 0x0, 0x3}})

[ 2270.050644][ T8133] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8133,uid=0
[ 2270.074226][ T8133] Memory cgroup out of memory: Killed process 8133 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:55 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

12:16:55 executing program 0:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000002c0)={{0x1}})

[ 2270.166430][   T27] audit: type=1804 audit(1680178614.969:1105): pid=8152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2146/bus" dev="sda1" ino=1160 res=1 errno=0
12:16:55 executing program 0:
syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x3000080, &(0x7f0000000200)={[{@fat=@umask={'umask', 0x3d, 0x7fffffffffffffff}}, {@shortname_mixed}, {@shortname_winnt}, {@uni_xlateno}, {@shortname_winnt}, {@fat=@errors_continue}, {@rodir}, {@shortname_lower}, {@shortname_mixed}, {@utf8}, {@shortname_mixed}, {@uni_xlate}, {@fat=@check_normal}, {@rodir}, {@utf8}, {@fat=@gid}, {@shortname_win95}]}, 0xd, 0x272, &(0x7f0000004640)="$eJzs3T9rG2ccB/DfybKstoM0dCqF3uChk7G9dpEpLpR6atHQdmhNbEOwhMEGQf4QxVNeQca8j7yJLHkHgayBbDHBcOF0J0tOhG35b+J8Posf7vl9nz93hz3d4/9/7G5v7Oxt7T98FfV6EpVWtOIgiWZUYuhxAAC3yUGWxdusMF2yWrmqNQEAV+v8f/8BgC/VX3//88fK2trqn2laj+g+6bWTKH4W/StbcTc6sRmL0YjDiOxI0f7t97XVqKa5Zsx3+712nuz+96Icf+VNxCC/FI1oTs4vpYWxfL/Xno1vy/lbeX45GvH95PzyhHy0a/FzvVxEnl+IRry8EzvRiY3Is6P8o6U0/TV7+u7Bv3lxnk/6vfbcoG4km7nWBwMAAAAAAAAAAAAAAAAAAAAAwK22kB5pxnw3v1SevzNzOOhfONY/OF+nMugv8slwoI/OB+pn8Wx4vs5imqZZWTg636caP1SjejO7BgAAAAAAAAAAAAAAAAAAgM/L3r372+udzubupTSGpwEMP+s/7zitsSs/xcnFc1PNFTNleb7WE4vzTVzSbTmt8U2+ntOL35dnK1xw0tmzzHWxxvDt2l5PTruH9eGDez7eVYtPiyOZZhnZVK9f7ZL2XvvuguP88rq4c+WVZIpdzJaNsfjxmvpU7/P1/Q4CAAAAAAAAAAAAAAAAAAAKo49+J3TunxitXNmiAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCajf7//xSNfhk+Q3EtdvdueIsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8BT4EAAD//6jmbAA=")

12:16:55 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)

[ 2270.355280][ T8155] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2270.401979][ T8155] CPU: 0 PID: 8155 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2270.411882][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2270.421997][ T8155] Call Trace:
[ 2270.425319][ T8155]  <TASK>
[ 2270.428292][ T8155]  dump_stack_lvl+0x136/0x150
[ 2270.433047][ T8155]  dump_header+0x10a/0xd70
[ 2270.437560][ T8155]  oom_kill_process+0x25d/0x600
[ 2270.442522][ T8155]  out_of_memory+0x35c/0x1650
[ 2270.447278][ T8155]  ? find_held_lock+0x2d/0x110
[ 2270.452101][ T8155]  ? oom_killer_disable+0x2b0/0x2b0
[ 2270.457374][ T8155]  ? rcu_read_unlock+0x9/0x60
[ 2270.462105][ T8155]  ? find_held_lock+0x2d/0x110
[ 2270.466930][ T8155]  mem_cgroup_out_of_memory+0x206/0x270
[ 2270.472543][ T8155]  ? mem_cgroup_margin+0x130/0x130
[ 2270.477754][ T8155]  ? lock_downgrade+0x690/0x690
[ 2270.482887][ T8155]  try_charge_memcg+0xf99/0x13a0
[ 2270.487906][ T8155]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2270.493950][ T8155]  ? lock_downgrade+0x690/0x690
[ 2270.498894][ T8155]  ? trace_lock_acquire+0x12d/0x180
[ 2270.504200][ T8155]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2270.509795][ T8155]  ? lock_acquire+0x32/0xc0
[ 2270.514354][ T8155]  charge_memcg+0x90/0x3b0
[ 2270.518845][ T8155]  __mem_cgroup_charge+0x2b/0x90
[ 2270.523844][ T8155]  do_wp_page+0x8ac/0x3510
[ 2270.528313][ T8155]  ? lock_sync+0x190/0x190
[ 2270.532765][ T8155]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2270.538179][ T8155]  ? rcu_is_watching+0x12/0xb0
[ 2270.542982][ T8155]  ? do_raw_spin_lock+0x124/0x2b0
[ 2270.548064][ T8155]  ? spin_bug+0x1c0/0x1c0
[ 2270.552451][ T8155]  ? lock_acquire+0x32/0xc0
[ 2270.557030][ T8155]  ? __handle_mm_fault+0x1334/0x4180
[ 2270.562385][ T8155]  __handle_mm_fault+0x1547/0x4180
[ 2270.567552][ T8155]  ? vm_iomap_memory+0x190/0x190
[ 2270.572565][ T8155]  handle_mm_fault+0x2c0/0x9c0
[ 2270.577386][ T8155]  do_user_addr_fault+0x2ed/0x1240
[ 2270.582539][ T8155]  ? rcu_is_watching+0x12/0xb0
[ 2270.587361][ T8155]  exc_page_fault+0x98/0x170
[ 2270.592010][ T8155]  asm_exc_page_fault+0x26/0x30
[ 2270.596904][ T8155] RIP: 0033:0x7f47dd2395a0
[ 2270.601348][ T8155] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2270.620985][ T8155] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2270.627080][ T8155] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2270.635072][ T8155] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2270.643063][ T8155] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
12:16:55 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0)

12:16:55 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0)

[ 2270.651085][ T8155] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2270.659075][ T8155] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2270.667078][ T8155]  ? build_open_flags+0x76/0x720
[ 2270.672081][ T8155]  </TASK>
[ 2270.732392][ T8155] memory: usage 307200kB, limit 307200kB, failcnt 10153
[ 2270.739536][ T8155] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2270.757416][ T8155] Memory cgroup stats for /syz1:
[ 2270.757685][ T8155] anon 131072
[ 2270.757685][ T8155] file 312406016
[ 2270.757685][ T8155] kernel 2035712
[ 2270.757685][ T8155] kernel_stack 65536
[ 2270.757685][ T8155] pagetables 81920
[ 2270.757685][ T8155] sec_pagetables 0
[ 2270.757685][ T8155] percpu 4928
[ 2270.757685][ T8155] sock 0
[ 2270.757685][ T8155] vmalloc 0
[ 2270.757685][ T8155] shmem 312406016
[ 2270.757685][ T8155] zswap 0
[ 2270.757685][ T8155] zswapped 0
[ 2270.757685][ T8155] file_mapped 380928
[ 2270.757685][ T8155] file_dirty 0
[ 2270.757685][ T8155] file_writeback 0
[ 2270.757685][ T8155] swapcached 0
[ 2270.757685][ T8155] anon_thp 0
[ 2270.757685][ T8155] file_thp 0
[ 2270.757685][ T8155] shmem_thp 0
[ 2270.757685][ T8155] inactive_anon 62951424
[ 2270.757685][ T8155] active_anon 155648
[ 2270.757685][ T8155] inactive_file 0
[ 2270.757685][ T8155] active_file 0
[ 2270.757685][ T8155] unevictable 249430016
[ 2270.757685][ T8155] slab_reclaimable 964920
[ 2270.757685][ T8155] slab_unreclaimable 880720
[ 2270.757685][ T8155] slab 1845640
[ 2270.757685][ T8155] workingset_refault_anon 0
[ 2270.757685][ T8155] workingset_refault_file 0
[ 2270.757685][ T8155] workingset_activate_anon 0
[ 2270.757685][ T8155] workingset_activate_file 0
[ 2270.757685][ T8155] workingset_restore_anon 0
[ 2270.757685][ T8155] workingset_restore_file 0
[ 2270.757685][ T8155] workingset_nodereclaim 0
[ 2270.757685][ T8155] pgscan 49
[ 2270.757685][ T8155] pgsteal 49
[ 2270.757685][ T8155] pgscan_kswapd 0
[ 2270.757685][ T8155] pgscan_direct 49
[ 2270.757685][ T8155] pgscan_khugepaged 0
[ 2270.757685][ T8155] pgsteal_kswapd 0
[ 2270.757685][ T8155] pgsteal_direct 49
[ 2270.757685][ T8155] pgsteal_khugepaged 0
[ 2270.757685][ T8155] pgfault 1093672
[ 2270.757685][ T8155] pgmajfault 422
[ 2270.757685][ T8155] pgrefill 150
[ 2270.757685][ T8155] pgactivate 161
[ 2270.757685][ T8155] pgdeactivate 0
[ 2270.757685][ T8155] pglazyfree 0
[ 2270.757685][ T8155] pglazyfreed 0
[ 2270.757685][ T8155] zswpin 0
[ 2270.757685][ T8155] zswpout 0
[ 2270.961618][ T8155] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8155,uid=0
12:16:55 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280), 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:55 executing program 2:
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x24001, 0x0)

12:16:55 executing program 0:
io_cancel(0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)

12:16:55 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={0x0}}, 0x0)

12:16:55 executing program 4:
socket$inet6_udplite(0xa, 0x2, 0x88)
syz_clone(0x20000, &(0x7f0000000280), 0x0, &(0x7f00000002c0), &(0x7f0000000300), &(0x7f0000000340)="23d5056414c86945c5d542da4267b440c828b587b21fa78f7549e3b668591fac555d8baa76421874b12ac6973b023a1111c23abd02ccb796887031b74eeb8995425d85fed65375bae8403687d71257984380743f440aad845f8c051a20dd1335b3f02ddfe25e6c199a2411c3cdc7285498f8eee5294a7cf522bc0c6cdf4ee2f13d39987a0bb203c7e843bc4908ec10c024dff281e9c52effbaf5")
timer_create(0x0, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0)
syz_genetlink_get_family_id$nbd(0x0, 0xffffffffffffffff)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
sendmsg$NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x40004005)

12:16:55 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r1}, 0x10)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xf800)

[ 2271.047580][ T8155] Memory cgroup out of memory: Killed process 8155 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:55 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, 0x0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:55 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x3, &(0x7f0000000100)=[{0x25}, {}, {0x6}]})

12:16:56 executing program 2:
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x24001, 0x0)

12:16:56 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0x3, 0x4, 0x4, 0x4, 0x0, 0xffffffffffffffff, 0x5}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r0}, 0x20)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000007c0)='/proc/meminfo\x00', 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000d00)={r1, 0x0, 0x0}, 0x20)
r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000007c0)='/proc/meminfo\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000d00)={r2, 0x0, 0x0}, 0x20)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
write$FUSE_ATTR(r3, &(0x7f0000000000)={0x78}, 0x78)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_GET(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$VT_RESIZE(0xffffffffffffffff, 0x5609, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)

12:16:56 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, 0x0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:56 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x3, &(0x7f0000000100)=[{}, {0xc}, {0x6}]})

[ 2271.365658][ T8185] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2271.424415][   T27] kauditd_printk_skb: 4 callbacks suppressed
[ 2271.424436][   T27] audit: type=1326 audit(1680178616.229:1110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8196 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc8ffc8c0f9 code=0x0
[ 2271.464480][ T8185] CPU: 1 PID: 8185 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2271.474370][ T8185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2271.484472][ T8185] Call Trace:
[ 2271.487789][ T8185]  <TASK>
[ 2271.490756][ T8185]  dump_stack_lvl+0x136/0x150
[ 2271.495509][ T8185]  dump_header+0x10a/0xd70
[ 2271.500024][ T8185]  oom_kill_process+0x25d/0x600
[ 2271.504952][ T8185]  out_of_memory+0x35c/0x1650
[ 2271.509715][ T8185]  ? find_held_lock+0x2d/0x110
[ 2271.514529][ T8185]  ? oom_killer_disable+0x2b0/0x2b0
[ 2271.519773][ T8185]  ? rcu_read_unlock+0x9/0x60
[ 2271.524477][ T8185]  ? find_held_lock+0x2d/0x110
[ 2271.529272][ T8185]  mem_cgroup_out_of_memory+0x206/0x270
[ 2271.534859][ T8185]  ? mem_cgroup_margin+0x130/0x130
[ 2271.539999][ T8185]  ? lock_downgrade+0x690/0x690
[ 2271.544900][ T8185]  try_charge_memcg+0xf99/0x13a0
[ 2271.549882][ T8185]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2271.555908][ T8185]  ? lock_downgrade+0x690/0x690
[ 2271.560788][ T8185]  ? trace_lock_acquire+0x12d/0x180
[ 2271.566030][ T8185]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2271.571603][ T8185]  ? lock_acquire+0x32/0xc0
[ 2271.576155][ T8185]  charge_memcg+0x90/0x3b0
[ 2271.580630][ T8185]  __mem_cgroup_charge+0x2b/0x90
[ 2271.585618][ T8185]  do_wp_page+0x8ac/0x3510
[ 2271.590087][ T8185]  ? lock_sync+0x190/0x190
[ 2271.594538][ T8185]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2271.599975][ T8185]  ? rcu_is_watching+0x12/0xb0
[ 2271.604798][ T8185]  ? do_raw_spin_lock+0x124/0x2b0
[ 2271.609893][ T8185]  ? spin_bug+0x1c0/0x1c0
[ 2271.614276][ T8185]  ? lock_acquire+0x32/0xc0
[ 2271.618835][ T8185]  ? __handle_mm_fault+0x1334/0x4180
[ 2271.624176][ T8185]  __handle_mm_fault+0x1547/0x4180
[ 2271.629347][ T8185]  ? vm_iomap_memory+0x190/0x190
[ 2271.634472][ T8185]  handle_mm_fault+0x2c0/0x9c0
[ 2271.639294][ T8185]  do_user_addr_fault+0x2ed/0x1240
[ 2271.644448][ T8185]  ? rcu_is_watching+0x12/0xb0
[ 2271.649266][ T8185]  exc_page_fault+0x98/0x170
[ 2271.653910][ T8185]  asm_exc_page_fault+0x26/0x30
[ 2271.658813][ T8185] RIP: 0033:0x7f47dd2395a0
[ 2271.663259][ T8185] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2271.682905][ T8185] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2271.688998][ T8185] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2271.696996][ T8185] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2271.705023][ T8185] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2271.713026][ T8185] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2271.721028][ T8185] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2271.729029][ T8185]  ? build_open_flags+0x76/0x720
[ 2271.734028][ T8185]  </TASK>
[ 2271.757775][ T8185] memory: usage 307200kB, limit 307200kB, failcnt 10216
[ 2271.765236][ T8185] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2271.773175][ T8185] Memory cgroup stats for /syz1:
[ 2271.773455][ T8185] anon 131072
[ 2271.773455][ T8185] file 312406016
[ 2271.773455][ T8185] kernel 2035712
[ 2271.773455][ T8185] kernel_stack 65536
[ 2271.773455][ T8185] pagetables 81920
[ 2271.773455][ T8185] sec_pagetables 0
[ 2271.773455][ T8185] percpu 4928
[ 2271.773455][ T8185] sock 0
[ 2271.773455][ T8185] vmalloc 0
[ 2271.773455][ T8185] shmem 312406016
[ 2271.773455][ T8185] zswap 0
[ 2271.773455][ T8185] zswapped 0
[ 2271.773455][ T8185] file_mapped 380928
[ 2271.773455][ T8185] file_dirty 0
[ 2271.773455][ T8185] file_writeback 0
[ 2271.773455][ T8185] swapcached 0
[ 2271.773455][ T8185] anon_thp 0
[ 2271.773455][ T8185] file_thp 0
[ 2271.773455][ T8185] shmem_thp 0
[ 2271.773455][ T8185] inactive_anon 62951424
[ 2271.773455][ T8185] active_anon 155648
[ 2271.773455][ T8185] inactive_file 0
[ 2271.773455][ T8185] active_file 0
[ 2271.773455][ T8185] unevictable 249430016
[ 2271.773455][ T8185] slab_reclaimable 964920
[ 2271.773455][ T8185] slab_unreclaimable 880720
[ 2271.773455][ T8185] slab 1845640
[ 2271.773455][ T8185] workingset_refault_anon 0
[ 2271.773455][ T8185] workingset_refault_file 0
[ 2271.773455][ T8185] workingset_activate_anon 0
[ 2271.773455][ T8185] workingset_activate_file 0
[ 2271.773455][ T8185] workingset_restore_anon 0
[ 2271.773455][ T8185] workingset_restore_file 0
[ 2271.773455][ T8185] workingset_nodereclaim 0
[ 2271.773455][ T8185] pgscan 49
[ 2271.773455][ T8185] pgsteal 49
[ 2271.773455][ T8185] pgscan_kswapd 0
[ 2271.773455][ T8185] pgscan_direct 49
[ 2271.773455][ T8185] pgscan_khugepaged 0
[ 2271.773455][ T8185] pgsteal_kswapd 0
[ 2271.773455][ T8185] pgsteal_direct 49
[ 2271.773455][ T8185] pgsteal_khugepaged 0
[ 2271.773455][ T8185] pgfault 1093725
[ 2271.773455][ T8185] pgmajfault 422
[ 2271.773455][ T8185] pgrefill 150
[ 2271.773455][ T8185] pgactivate 161
[ 2271.773455][ T8185] pgdeactivate 0
[ 2271.773455][ T8185] pglazyfree 0
[ 2271.773455][ T8185] pglazyfreed 0
[ 2271.773455][ T8185] zswpin 0
[ 2271.773455][ T8185] zswpout 0
[ 2272.120095][ T8185] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8185,uid=0
[ 2272.210186][ T8185] Memory cgroup out of memory: Killed process 8185 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:57 executing program 0:
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
ioctl$TIOCGPKT(r0, 0x80045438, 0x0)

12:16:57 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, 0x0, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:57 executing program 2:
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x24001, 0x0)

12:16:57 executing program 4:
syz_clone(0x40040200, &(0x7f00000000c0)="15d698b14f3a5f3c5cb787c7b32c89392dd46885b88ed286824b07e3ae8fc0072d2a6fb7864c609d289484864bdc11a640f5325889f1d0b58dc8cbaca7652cce68210e729ab1cb5a5b7c60c93e9a4191cc2bf77c0003a9e9634cec2e1536934a68edd8da46263b321a6a36086e9a13532dd5fdfc60fc698015f210af3a4f4e4773fc0e86cb2abd62e55dac251f3ab9146568f01dee996dd45b1366e354abfd37a6b30664b560957110023424431e0780484bd8827ffccf9c80705f81a5895e", 0xbf, &(0x7f00000001c0), 0x0, 0x0)

12:16:57 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:57 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r1}, 0x10)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xf800)

12:16:57 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:16:57 executing program 0:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x3, &(0x7f0000000100)=[{}, {0x2}, {0x6}]})

12:16:57 executing program 2:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

[ 2272.424435][   T27] audit: type=1804 audit(1680178617.209:1111): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2148/bus" dev="sda1" ino=1174 res=1 errno=0
12:16:57 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

[ 2272.545443][   T27] audit: type=1800 audit(1680178617.249:1112): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1174 res=0 errno=0
12:16:57 executing program 0:
r0 = syz_open_dev$loop(&(0x7f00000001c0), 0x0, 0x0)
r1 = memfd_create(0x0, 0x0)
ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, r1)
ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f0000000940)={0x0, {}, 0x0, {}, 0x0, 0x0, 0xfffffffe, 0x0, "1dcc79dc871c727f5161ac2a8e4cc9840bf9758bd451be073ffc9a88295eb61f59ed7b505b740380e9e52408f09a3a51eb40921a93b564681049851448ebb8ba", "3ffc40ded6559d50df9129b09affb6a24732ffe375f19b9d3e5ca6831952a1c9", [0x0, 0x7]})

[ 2272.630886][ T8209] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2272.638547][   T27] audit: type=1326 audit(1680178617.379:1113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8214 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc8ffc8c0f9 code=0x0
[ 2272.697493][ T8209] CPU: 0 PID: 8209 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2272.707458][ T8209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2272.717558][ T8209] Call Trace:
[ 2272.720911][ T8209]  <TASK>
[ 2272.723884][ T8209]  dump_stack_lvl+0x136/0x150
[ 2272.728631][ T8209]  dump_header+0x10a/0xd70
[ 2272.733186][ T8209]  oom_kill_process+0x25d/0x600
[ 2272.738113][ T8209]  out_of_memory+0x35c/0x1650
[ 2272.742881][ T8209]  ? find_held_lock+0x2d/0x110
12:16:57 executing program 2:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

12:16:57 executing program 0:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000005c0), 0x4)

[ 2272.747723][ T8209]  ? oom_killer_disable+0x2b0/0x2b0
[ 2272.753001][ T8209]  ? rcu_read_unlock+0x9/0x60
[ 2272.757761][ T8209]  ? find_held_lock+0x2d/0x110
[ 2272.762584][ T8209]  mem_cgroup_out_of_memory+0x206/0x270
[ 2272.768194][ T8209]  ? mem_cgroup_margin+0x130/0x130
[ 2272.773372][ T8209]  ? lock_downgrade+0x690/0x690
[ 2272.778293][ T8209]  try_charge_memcg+0xf99/0x13a0
[ 2272.783299][ T8209]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2272.789366][ T8209]  ? lock_downgrade+0x690/0x690
[ 2272.794630][ T8209]  ? trace_lock_acquire+0x12d/0x180
[ 2272.799907][ T8209]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2272.805520][ T8209]  ? lock_acquire+0x32/0xc0
[ 2272.810099][ T8209]  charge_memcg+0x90/0x3b0
[ 2272.814586][ T8209]  __mem_cgroup_charge+0x2b/0x90
[ 2272.819601][ T8209]  do_wp_page+0x8ac/0x3510
[ 2272.824101][ T8209]  ? lock_sync+0x190/0x190
[ 2272.828580][ T8209]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2272.834019][ T8209]  ? rcu_is_watching+0x12/0xb0
[ 2272.838854][ T8209]  ? do_raw_spin_lock+0x124/0x2b0
[ 2272.843946][ T8209]  ? spin_bug+0x1c0/0x1c0
[ 2272.848341][ T8209]  ? lock_acquire+0x32/0xc0
[ 2272.852909][ T8209]  ? __handle_mm_fault+0x1334/0x4180
[ 2272.858278][ T8209]  __handle_mm_fault+0x1547/0x4180
[ 2272.863477][ T8209]  ? vm_iomap_memory+0x190/0x190
[ 2272.868524][ T8209]  handle_mm_fault+0x2c0/0x9c0
[ 2272.873371][ T8209]  do_user_addr_fault+0x2ed/0x1240
[ 2272.878552][ T8209]  ? rcu_is_watching+0x12/0xb0
[ 2272.883391][ T8209]  exc_page_fault+0x98/0x170
[ 2272.888061][ T8209]  asm_exc_page_fault+0x26/0x30
[ 2272.892970][ T8209] RIP: 0033:0x7f47dd2395a0
[ 2272.897430][ T8209] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2272.917097][ T8209] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2272.923221][ T8209] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2272.931291][ T8209] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2272.939311][ T8209] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2272.947425][ T8209] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2272.955444][ T8209] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2272.963505][ T8209]  ? build_open_flags+0x76/0x720
[ 2272.968530][ T8209]  </TASK>
[ 2273.089159][ T8209] memory: usage 307200kB, limit 307200kB, failcnt 10288
[ 2273.110360][ T8209] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2273.121300][ T8209] Memory cgroup stats for /syz1:
[ 2273.121548][ T8209] anon 131072
[ 2273.121548][ T8209] file 312406016
[ 2273.121548][ T8209] kernel 2035712
[ 2273.121548][ T8209] kernel_stack 65536
[ 2273.121548][ T8209] pagetables 81920
[ 2273.121548][ T8209] sec_pagetables 0
[ 2273.121548][ T8209] percpu 4928
[ 2273.121548][ T8209] sock 0
[ 2273.121548][ T8209] vmalloc 0
[ 2273.121548][ T8209] shmem 312406016
[ 2273.121548][ T8209] zswap 0
[ 2273.121548][ T8209] zswapped 0
[ 2273.121548][ T8209] file_mapped 380928
[ 2273.121548][ T8209] file_dirty 0
[ 2273.121548][ T8209] file_writeback 0
[ 2273.121548][ T8209] swapcached 0
[ 2273.121548][ T8209] anon_thp 0
[ 2273.121548][ T8209] file_thp 0
[ 2273.121548][ T8209] shmem_thp 0
[ 2273.121548][ T8209] inactive_anon 62951424
[ 2273.121548][ T8209] active_anon 155648
[ 2273.121548][ T8209] inactive_file 0
[ 2273.121548][ T8209] active_file 0
[ 2273.121548][ T8209] unevictable 249430016
[ 2273.121548][ T8209] slab_reclaimable 964920
[ 2273.121548][ T8209] slab_unreclaimable 880720
[ 2273.121548][ T8209] slab 1845640
[ 2273.121548][ T8209] workingset_refault_anon 0
[ 2273.121548][ T8209] workingset_refault_file 0
[ 2273.121548][ T8209] workingset_activate_anon 0
[ 2273.121548][ T8209] workingset_activate_file 0
[ 2273.121548][ T8209] workingset_restore_anon 0
[ 2273.121548][ T8209] workingset_restore_file 0
[ 2273.121548][ T8209] workingset_nodereclaim 0
[ 2273.121548][ T8209] pgscan 49
[ 2273.121548][ T8209] pgsteal 49
[ 2273.121548][ T8209] pgscan_kswapd 0
[ 2273.121548][ T8209] pgscan_direct 49
[ 2273.121548][ T8209] pgscan_khugepaged 0
[ 2273.121548][ T8209] pgsteal_kswapd 0
[ 2273.121548][ T8209] pgsteal_direct 49
[ 2273.121548][ T8209] pgsteal_khugepaged 0
[ 2273.121548][ T8209] pgfault 1093778
[ 2273.121548][ T8209] pgmajfault 422
[ 2273.121548][ T8209] pgrefill 150
[ 2273.121548][ T8209] pgactivate 161
[ 2273.121548][ T8209] pgdeactivate 0
[ 2273.121548][ T8209] pglazyfree 0
[ 2273.121548][ T8209] pglazyfreed 0
[ 2273.121548][ T8209] zswpin 0
[ 2273.121548][ T8209] zswpout 0
[ 2273.630066][ T8209] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8209,uid=0
[ 2273.671153][ T8209] Memory cgroup out of memory: Killed process 8209 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:16:58 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:16:58 executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:16:58 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x0, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

[ 2273.930511][ T8235] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2273.949368][ T8235] CPU: 0 PID: 8235 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2273.959249][ T8235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2273.969353][ T8235] Call Trace:
[ 2273.972679][ T8235]  <TASK>
[ 2273.975656][ T8235]  dump_stack_lvl+0x136/0x150
[ 2273.980417][ T8235]  dump_header+0x10a/0xd70
[ 2273.984912][ T8235]  oom_kill_process+0x25d/0x600
[ 2273.989855][ T8235]  out_of_memory+0x35c/0x1650
[ 2273.994609][ T8235]  ? find_held_lock+0x2d/0x110
[ 2273.999429][ T8235]  ? oom_killer_disable+0x2b0/0x2b0
[ 2274.004701][ T8235]  ? rcu_read_unlock+0x9/0x60
[ 2274.009426][ T8235]  ? find_held_lock+0x2d/0x110
[ 2274.014250][ T8235]  mem_cgroup_out_of_memory+0x206/0x270
[ 2274.019860][ T8235]  ? mem_cgroup_margin+0x130/0x130
[ 2274.025037][ T8235]  ? lock_downgrade+0x690/0x690
[ 2274.029961][ T8235]  try_charge_memcg+0xf99/0x13a0
[ 2274.034984][ T8235]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2274.041053][ T8235]  ? lock_downgrade+0x690/0x690
[ 2274.045966][ T8235]  ? trace_lock_acquire+0x12d/0x180
[ 2274.051226][ T8235]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2274.056825][ T8235]  ? lock_acquire+0x32/0xc0
[ 2274.061398][ T8235]  charge_memcg+0x90/0x3b0
[ 2274.065890][ T8235]  __mem_cgroup_charge+0x2b/0x90
[ 2274.070981][ T8235]  do_wp_page+0x8ac/0x3510
[ 2274.075567][ T8235]  ? lock_sync+0x190/0x190
[ 2274.080055][ T8235]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2274.085504][ T8235]  ? rcu_is_watching+0x12/0xb0
[ 2274.090332][ T8235]  ? do_raw_spin_lock+0x124/0x2b0
[ 2274.092621][T27900] usb 1-1: new high-speed USB device number 48 using dummy_hcd
[ 2274.095396][ T8235]  ? spin_bug+0x1c0/0x1c0
[ 2274.107350][ T8235]  ? lock_acquire+0x32/0xc0
[ 2274.111975][ T8235]  ? __handle_mm_fault+0x1334/0x4180
[ 2274.117313][ T8235]  __handle_mm_fault+0x1547/0x4180
[ 2274.122476][ T8235]  ? vm_iomap_memory+0x190/0x190
[ 2274.127477][ T8235]  handle_mm_fault+0x2c0/0x9c0
[ 2274.132290][ T8235]  do_user_addr_fault+0x2ed/0x1240
[ 2274.137440][ T8235]  ? rcu_is_watching+0x12/0xb0
[ 2274.142258][ T8235]  exc_page_fault+0x98/0x170
[ 2274.146902][ T8235]  asm_exc_page_fault+0x26/0x30
[ 2274.151819][ T8235] RIP: 0033:0x7f47dd2395a0
[ 2274.156278][ T8235] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2274.175930][ T8235] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2274.182023][ T8235] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2274.190030][ T8235] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2274.198023][ T8235] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2274.206017][ T8235] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2274.214011][ T8235] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2274.222005][ T8235]  ? build_open_flags+0x76/0x720
[ 2274.227004][ T8235]  </TASK>
[ 2274.292653][ T8235] memory: usage 307200kB, limit 307200kB, failcnt 10371
[ 2274.299911][ T8235] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2274.322504][ T8235] Memory cgroup stats for /syz1:
[ 2274.322789][ T8235] anon 131072
[ 2274.322789][ T8235] file 312406016
[ 2274.322789][ T8235] kernel 2019328
[ 2274.322789][ T8235] kernel_stack 65536
[ 2274.322789][ T8235] pagetables 81920
[ 2274.322789][ T8235] sec_pagetables 0
[ 2274.322789][ T8235] percpu 4864
[ 2274.322789][ T8235] sock 0
[ 2274.322789][ T8235] vmalloc 0
[ 2274.322789][ T8235] shmem 312406016
[ 2274.322789][ T8235] zswap 0
[ 2274.322789][ T8235] zswapped 0
[ 2274.322789][ T8235] file_mapped 380928
[ 2274.322789][ T8235] file_dirty 0
[ 2274.322789][ T8235] file_writeback 0
[ 2274.322789][ T8235] swapcached 0
[ 2274.322789][ T8235] anon_thp 0
[ 2274.322789][ T8235] file_thp 0
[ 2274.322789][ T8235] shmem_thp 0
[ 2274.322789][ T8235] inactive_anon 62951424
[ 2274.322789][ T8235] active_anon 155648
[ 2274.322789][ T8235] inactive_file 0
[ 2274.322789][ T8235] active_file 0
[ 2274.322789][ T8235] unevictable 249430016
[ 2274.322789][ T8235] slab_reclaimable 964920
[ 2274.322789][ T8235] slab_unreclaimable 871488
[ 2274.322789][ T8235] slab 1836408
[ 2274.322789][ T8235] workingset_refault_anon 0
[ 2274.322789][ T8235] workingset_refault_file 0
[ 2274.322789][ T8235] workingset_activate_anon 0
[ 2274.322789][ T8235] workingset_activate_file 0
[ 2274.322789][ T8235] workingset_restore_anon 0
[ 2274.322789][ T8235] workingset_restore_file 0
[ 2274.322789][ T8235] workingset_nodereclaim 0
[ 2274.322789][ T8235] pgscan 49
[ 2274.322789][ T8235] pgsteal 49
[ 2274.322789][ T8235] pgscan_kswapd 0
[ 2274.322789][ T8235] pgscan_direct 49
[ 2274.322789][ T8235] pgscan_khugepaged 0
[ 2274.322789][ T8235] pgsteal_kswapd 0
[ 2274.322789][ T8235] pgsteal_direct 49
[ 2274.322789][ T8235] pgsteal_khugepaged 0
[ 2274.322789][ T8235] pgfault 1093831
[ 2274.322789][ T8235] pgmajfault 422
[ 2274.322789][ T8235] pgrefill 150
[ 2274.322789][ T8235] pgactivate 161
[ 2274.322789][ T8235] pgdeactivate 0
[ 2274.322789][ T8235] pglazyfree 0
[ 2274.322789][ T8235] pglazyfreed 0
[ 2274.322789][ T8235] zswpin 0
[ 2274.322789][ T8235] zswpout 0
[ 2274.552255][ T8235] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8235,uid=0
[ 2274.608985][ T8235] Memory cgroup out of memory: Killed process 8235 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2274.670554][T27900] usb 1-1: Using ep0 maxpacket: 16
[ 2274.899270][T27900] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2274.925588][T27900] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 2274.958104][T27900] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 2275.040642][T27900] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2275.201974][T27900] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2275.216118][T27900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2275.238583][T27900] usb 1-1: Product: syz
[ 2275.254069][T27900] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2275.261139][T27900] usb 1-1: SerialNumber: syz
[ 2275.542834][T27900] usb 1-1: USB disconnect, device number 48
12:17:01 executing program 4:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000080)={{0x3, 0x0, 0x9}})

12:17:01 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r1}, 0x10)
sendfile(r0, 0xffffffffffffffff, 0x0, 0xf800)

12:17:01 executing program 2:
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)

12:17:01 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:17:01 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:01 executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:01 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

12:17:01 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a40)=@base={0x19, 0x4, 0x4, 0x4}, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000100)={r0}, 0x20)

[ 2276.474663][   T27] audit: type=1804 audit(1680178621.279:1114): pid=8243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2149/bus" dev="sda1" ino=1175 res=1 errno=0
12:17:01 executing program 4:
syz_mount_image$f2fs(&(0x7f0000000100), &(0x7f0000010600)='./file0\x00', 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f696e6c696e655f64656e7472792c6e6f757365725f78617474722c66617374626f6f742c6e6f61636c2c696e6c696e655f646174612c6d6f64653d6c66732c008de9cc35773d8f85af1fbcdcfbf24e5bdc7fbf1fd90dbb0700000000000000b426a767428d6688526c54e50000a961b04b0f420336e8d0f915d29a2f94270936580cc435c8c7ad280df0e700000000010000fe008dd431aa37d98ff55561b6a67c7500000000000000095899336fda9b6f7df62519a872ca0cd2a50f18c92d20c2d070dfe05a7d1ac89626b8aa9937c2dfc79ea49390488ef06c59c2c2037d2bd54745a8c196a95ea54cc95f579032893b386b3e991db9ae6cb71790136848d73220cb5ba022af9a45f09f4f7e89aaf506057dc32e2423ec264e5199e113132c47e915350d4dc1a79eca1a9d557ec5c4e00a88bff0262d8ae0b7c3e2d5ea233a3472590da7489dbfa07977d2e5ae63bfc5dc38340112c18f672a0ad904d4ab837f18fa53dc550959"], 0x1, 0x105fe, &(0x7f0000010640)="$eJzs3E2LW1UYB/AnHadv1rZIXxQKXhBhAmZopi8oiFTbogVbiy8LV5pJbkPaSe4wSadj17rSjXu3goi7gh9AcOMX8AMUF4K4ENxVlNx7RhvtonWmTev8fpD5n3vuuU/OCdmc3OEGsGXtz377tRZ7Y1dEzETEnoiyXUuv0qkqnoqIZyJi222vWur/q2N7ROyOiL3j4lXNWjp18vebt754+txLn3x1s9786cvPp7dqYNqei4j+ctW+1q+y6FZ5OfW3Vntl9o+vpqxO9K+k46LKa/liWeFaa31cq8xj3Wp8sXx1OM5LS632OLu9S2X/8qB6w+Fqd71OecHl1kp53MkXy+wNizK716t5raW8PhxVdTqp3odl+RiN1rPqz9fyaj3LV8psD0apv6pbdPK1ca6mTG8X7WKpU85j8T9/zA+9N3qDq2vZar4y7BWD7MR884X55slGc6Xo5KP8eKPV75w8ns11l8bDGqO81T/VLYruUj7fLvr1bK7bbjdOp1KtQdZszh+bP9o4UU+t57PXLrybLXWyuXG+2htcHfWWhtmlYiU7ky/2WoN6tjB/7MV69mwze/v8xeziW2fPnr/4zvtn3rvwyvlzp9Ogf00rm1s4urDQaB5tLDTrU19/s5nNpYlOrH973O36P9sXMaX11zZ2OVudLxDAPbP/B6bB/j8in00fhv3//dj/bvX9/yOxfts3NsQXCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgy/px9sbrZWN/dfx46n8idT0ZEYcj4lBEHIyIP+5gJrZP1DwQEbXUvtP42X/M4btalBXG1+yoXt+snzsVEbf23ccPAAAAAP7nvv7+o48jZsbN8s/Lk6e/PTKdafFgpB9tdm6kRnZbu/zJ57GNzelvB8pia5tU7eB6yU1xKCJm9/+8SdUOR8S2PR9sUrW7MjMRO2+LWhXbHuRsAACAB2NyJ7BpuzcAAAAeOp9OewJMR3m/Nv0vfroXvKOKdENw18QRAAAA8AiqTXsCAAAAwL265+18ecFD+vy/2J2e/ef5fwAAAHAH9fYP+S83jrx5F0Or5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCf7NxNqtpQFAfwozZqv6gUP7biqHTowEV0CR120lm7m47qGgriHjqzsy6haDG57/HyEJ6Qm8iT3w/ivQnmz1FHxxsuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KY/xWb1Y/fte9Ocw7GZPJ8GAAAAOGdfbFblZFKdv07X36ZL7yNiERHziJhFxLnefRDDWuY0Inppfu79xaMafkWUCad7Rul4FREf0/HvXdvfAgAAANyu3Xa5jhicpuXLh6duGHZRFR1Jv+Y4V175l8+LXGnTMuxLprTZXWQW84goJn8zpS0iov/mU6a0iwxqw/jB0KuGfpfVAAAA3ah3Apd2b9m6PAAAADrz+doFcB3lem16Fj+tBY+qIS0IvqydAQAAAM9Q79oFAAAAAK0r+3/7/wEAAMBtq/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoE37YrPabZfrpjmHYzP3QdOfv782LQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP/szzkKxTAQRMHWX7zcSfj+xzINdubcSRUIHjNSIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODRuE4+d3xHMo4kv04b/45nkqV3GmtXja3rxt4H8+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnOzP3QmEQBCEwb7zP6fF/MOSBo1BhCpY+JhhHhYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4GIHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgr7c2+bMBDGcfj1JVHiNhkhvZXADDRUCEbgQ0Ky5BkYgIVoqGgtFoEVQIJzTWcKnqf5/4or7gUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDXdHn44i0iikhdpkjjzc/pPSI+Im3bdvR5y2J3PjZf95ztD5Oc3zH9LSOijKKPcwAAeld1m2O1rpd/ef/zDvIO81bzpl4889MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABc2blj1aa+MADgJ0mT/786OVpBBAddbGxiNUIWh0J3QdAttFGKqUqaoS1d+gSik6uvYDd9BV9AcNCCg0MHBRdBIklu0hMaJEXJTfX3g+/er5dy7jkZAt/9zg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHMvBbjjdzzMhhLmZw7zj3ZedlVHnN0/fz/Xj863X5+MxO0PkQwj31xr1qxNcy7Tb2Np+WGs06k2JRCIZJGl/MwEAcFK02+320auZqILvySfRufoxv7fc/a9qCO2Xw/X/pSgPv6j/P704e64fPzbftuJ7xfX/wp9e8AlWbK0/KW5sbV9ZW689yIb6o3K5tHh98drNG6Vi91lJ0RMTAAAAfk8hibj+z1aP9v9PRXkYs/6/s3TvbnyvnPp/pMOmX9ozAQAA+LedufDta2bE9UyhEDZrrVZzoXcc/F3qHVOY6rH9l0Rc/+eqac8KAAAAmISD3cxQ/381ysOY/f/5Vzv78Zi5EMJs0v+fX3ncWJ3ccqbaJF4nTnuNAAAApGs2ibj/n+/u/88OtjxkQwiXL/by5GcAx6r/Pzy/PfTSerz/vzy5JU6lbKX3eXTPlRBmKmnPCAAAgL/Z/0l0iv39/N5y8/uzpYL9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBPduwfJXogCgD4l2TzWYkLFqJWXkAULawWLASxEbyCKAieQAT1AGKppXew9A5bKwhiYbmFnkBmdgaXtdAq8c/vB7PvzbBkXiZNXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD41GD9Pa/CT3eYl2nt7uV4N8T7sRg8X83OhxHyosmif6Bire0KAAAA+O26qbev0vypvtkMsezF/r/O/ws9//XkMM/9/Hjfn+PtxcNc7v9PtheORjcL+4SL7h8c7i01dpff39THpcudx5XX09WZNO3Ek4/fXqr4QMqts+lBHc+zOO/3N/7HdKLhwgGAL1vMMSX5fSjE5TYLA+DP6KTxb6T/r3rt1gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQhLcAAAD//9iWbOY=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket$igmp(0x2, 0x3, 0x2)
sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x1, &(0x7f0000000a80)={0x0, 0x3938700})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xfea7)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305839, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0xfea7)

[ 2276.575765][   T27] audit: type=1800 audit(1680178621.319:1115): pid=8243 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1175 res=0 errno=0
12:17:01 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x894a, &(0x7f0000000100)={'sit0\x00', 0x0})

12:17:01 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x34, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x34}}, 0x0)

[ 2276.671128][ T8241] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2276.731268][ T8241] CPU: 0 PID: 8241 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2276.741167][ T8241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2276.751271][ T8241] Call Trace:
[ 2276.754593][ T8241]  <TASK>
[ 2276.757567][ T8241]  dump_stack_lvl+0x136/0x150
[ 2276.762323][ T8241]  dump_header+0x10a/0xd70
[ 2276.766845][ T8241]  oom_kill_process+0x25d/0x600
[ 2276.772039][ T8241]  out_of_memory+0x35c/0x1650
[ 2276.774914][T27900] usb 1-1: new high-speed USB device number 49 using dummy_hcd
[ 2276.776770][ T8241]  ? find_held_lock+0x2d/0x110
[ 2276.789211][ T8241]  ? oom_killer_disable+0x2b0/0x2b0
[ 2276.794476][ T8241]  ? rcu_read_unlock+0x9/0x60
[ 2276.799193][ T8241]  ? find_held_lock+0x2d/0x110
[ 2276.804004][ T8241]  mem_cgroup_out_of_memory+0x206/0x270
[ 2276.809593][ T8241]  ? mem_cgroup_margin+0x130/0x130
[ 2276.814743][ T8241]  ? lock_downgrade+0x690/0x690
[ 2276.819650][ T8241]  try_charge_memcg+0xf99/0x13a0
[ 2276.824641][ T8241]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2276.830669][ T8241]  ? lock_downgrade+0x690/0x690
[ 2276.835558][ T8241]  ? trace_lock_acquire+0x12d/0x180
[ 2276.840802][ T8241]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2276.846381][ T8241]  ? lock_acquire+0x32/0xc0
[ 2276.850928][ T8241]  charge_memcg+0x90/0x3b0
[ 2276.855406][ T8241]  __mem_cgroup_charge+0x2b/0x90
[ 2276.860382][ T8241]  ? copy_mc_to_kernel+0x3e/0x90
[ 2276.865532][ T8241]  do_wp_page+0x8ac/0x3510
[ 2276.870021][ T8241]  ? lock_sync+0x190/0x190
[ 2276.874574][ T8241]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2276.879989][ T8241]  ? rcu_is_watching+0x12/0xb0
[ 2276.884807][ T8241]  ? do_raw_spin_lock+0x124/0x2b0
[ 2276.889881][ T8241]  ? spin_bug+0x1c0/0x1c0
[ 2276.894250][ T8241]  ? lock_acquire+0x32/0xc0
[ 2276.898825][ T8241]  ? __handle_mm_fault+0x1334/0x4180
[ 2276.904189][ T8241]  __handle_mm_fault+0x1547/0x4180
[ 2276.909380][ T8241]  ? vm_iomap_memory+0x190/0x190
[ 2276.914411][ T8241]  handle_mm_fault+0x2c0/0x9c0
[ 2276.919243][ T8241]  do_user_addr_fault+0x2ed/0x1240
[ 2276.924932][ T8241]  ? rcu_is_watching+0x12/0xb0
[ 2276.929762][ T8241]  exc_page_fault+0x98/0x170
[ 2276.934430][ T8241]  asm_exc_page_fault+0x26/0x30
[ 2276.939318][ T8241] RIP: 0033:0x7f47dd2364bd
[ 2276.943761][ T8241] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2276.963498][ T8241] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2276.969598][ T8241] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000003d7
12:17:01 executing program 2:
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='signal_generate\x00', r0}, 0x10)
ioctl$BTRFS_IOC_QUOTA_RESCAN(r0, 0x4040942c, &(0x7f0000000040)={0x0, 0x8, [0x2, 0x7, 0x3, 0x6, 0x10000, 0x4d0c]})
pipe(&(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket(0x1000000000000010, 0x80802, 0x0)
write(r2, &(0x7f0000000000)="24000000520001000000f4f9002304000a04f51108000100020000000800028001000000", 0x24)
splice(r2, 0x0, r1, 0x0, 0x101ff, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='skb_copy_datagram_iovec\x00', r3}, 0x10)
ioctl$BTRFS_IOC_SNAP_CREATE(r2, 0x50009401, &(0x7f0000000640)={{r3}, "72c40e7f52f4bdbb9931a48c1fc3cf9e4c1b174c3e7f505d5e68aaeb1c25332ff448a8c5ec0e0942570197a5751d905b84f64683c056a75124b92bc2e4dab824d9d4e26e773960324ec038481f40622cfdf519a92914e52cb6d1e632c7086cce4c4dc0851d81d147f0177d270f93c868dde6906b6686b81b5692741d2792b6bc99ae2b82fc4cef933c75ef7031b81f2c21373fc72bb7e5f7fb75d72bb0277ef07aaefb4c81615716f198bec3a474512b45076f9b1331a3b19c4c5a231b67dce389166adf5c9260eeade392652697349b214ff6623ed37134cc9cf8c7cad694794c80037d82e1e288bb223eef4d8ca85fe968be01965ce2c9c9d479e7af95cc2ab8374348825c3f4e789209c5e9d271ae8eb5bd3d1e24c382939a6d38192a5c9809ddec13513faa775c15dd590d81cccb95ba49dd585f3785c2cd85539f4ae0c8c142ff6c2b18e1ee84761d5585a2bda75b79f2dcf01bb813098e7017ae6f459bb741027ab5e8333b1ad9a7ce38c1d449dbce224c5004bf55ecf5f5d70da1cb27eeaee82cd8ce5a95a76c5e40916be8f8bfcd24fdc77c0d0ad634fbcdc334df8ca593b372fcf5228d98fc325232021062e441c3016c4fee9401bc8a712b70085893c6cf5f8af085bfc666516067bd7871b731841642c305840c5e82664dd7b70ccd123193ad3f87c9459505a05baf9ece830d64683843d3ce2ebcf3cbaf1f5a3b7d84182c01431e951b0ffe86d692a7681c5f5219b312fcf3261909807b52fd8b5bff561f426734ff6f056ef08bd943c42fbe0fae5dc92307078f375462f32d6e5936adb7edcf3cbede2db05cc330135abcee024c28be2f37aaebb373ba25692f6c69f844d0aed75145ae1b90db7d0d92b6ce8e40f9064591a4c4c5c3f36cf0c99284940e5a5a461756839a6bf59efc501d3531a883801f7f4fd32f431b4990c1cda23b9c3728ae5bcb0f7c1a0d2660dd81bf3cdc86e221d85f7f2ff95a9fd05cafa4c6e0823e97deac7ee49a04f4d8e63e243135e6430bdb513b8379f21d7a121fe2b48063325741f9fbceb41f6d04d8440dd95d4b9236823f1cc0b6c8da9f197c7f5ae6c98f5ac467ec809840004ba042ec1f2b5ea5f4bbe1753319edb375317f863faeac1400a9d6b87e3018b0ed1fda526294f3b49b009c67cd38c61f538f45333b928f3f52df2a457f84e00a5316d717384314cf980692581460f18f5acb91003785a9670da8cab4b09d452bd4f7e52aa7176994316bebb2e634bb37151770a3e1df80a47da2a7811dd344c0378684db61ec6d92e008e5dcd639b5d667be921da25dc0646ea4f66c28b5e5d8f1ec3ac07e2cb8ef3bb8ea3c272b8953c1181e8439f2c4ba1e3bb2064d68bb2fe8ac2bd1f117e4429383d4a156f23bd01bc79427500a0440d8b348b07b15e5db1639df43e07bfc713c2d75f5c892e9fff9aa6cf77fd6526d20cf7f726ff3b8d83c835b4081c635b8245b80f25dac094859de66114caa1ce364bb2232d69bd665242c62049d8272b1980c08581fcc08d0bdbb310ce50fd47a7de096a10828e865eed79da99b74d5630e809c1e112ea33b46d09bef4339873365b41690deebf298f8772be31aea97a55a33c1d3342cef42b630f73b49ea7e9e93a0705aa3720efefc45d57f513fa9a3ab8532ded57fc6722e90bc31934ebcaa50bf3595389a6ac83024ad9569ca1cf09c188fa9e0e2db4f075d5633044fda8f40816605cc02a897e578e6acc533f80a4bc20078c941d4acf87b30bfdf4c722a59ea076f0c4b90382038fdc6d0d38a23c0278677f3965f759ce4dc1be017a4abcd083df20fd6b849dc7b69a8d405b974467f4eaf6bca928935ec2822200405cc97d0d9658c62a0e22f9802984732ed27bfb6f6a6acc9b95078430f168400b4c9f39207d60c3e3a0da801c80a6930a20bfcbdfd5658d003877f6b57f78f65033027756d1cb6512fefdb89bdbb1ba2de7bee462a49aacb9e67c978fd6b92c6ff974e31ec40034ddcdc6291825ad03c9e1a9e30083d936991628d41781111e17efb82d5cbb162b68a198805a7f575a71e55b0e31749f5292ac594c124e41a1232299866cc3f46260eaf47ed87fe4b6ee40cfa2c334c3a8739bdae551bc88c45d776adf3431d4b0d010b327c5792ac4ddf53333ec7dea9c222f8f7b3559f239138f9c7b694ae2dd96e5062d7a45b479806e064b744641d99297961fbffa39a99c0d7b0f8859c1826f97b3660be193a054699506b722f57c732bba9c4bf53a24b72c6da076672bb91a4cf8a5787f0928172f1f76887cf69f53e33b714f947e1bc9ec2db7c2f6c4910a93f0bdaabd8bec51e288ba868cbc8bf9a88cd419b096537854337107900e48131c2942c7c9bed047898a456890c0d0b1d9a98939e6869a4b61cfa34d110667ccf7f392beb1485e7448c7c1ef3dce006f1d0ea24f5eb2ffddb830ac674f535e8c2233cc0a53ecfb2b78d5d5a39016b3569c5e03e29d0e8c90c78ad6b87d6bf4886360284d56c0736e983fbe0d1199d127f309cefaeebe168f72f1268d4ff79138b521ca548bf6a3f82d411565f7491082876adb80ba9aa22284761cabd1166c5300ff148a8c4d793a40b99b1714edeecd2f2f6671f9e66ac30a08358da7f7be80053f4a78a90272d6f32ee607f5a091a0740b466736707372d3ffa345b97a5213f1aaf21bdcd4d9a31e441292b9a37dc9ade2c33fdccddc392b5f8650df42d69a1c920d0d9e23b535e45f92db625ca9dd1aa06a343019ba2cd6b2aab2d964a4719c69b609d07990cafb3d9f88b2ae169034eea91227b7989176b02e93ba92e0ff6cd59a7df108d0e78c9ca34101ec1d34f8c9b3a2b3805cf4a06be4a9b3d4f4812cb566398f90d86e3aba8b5a91b4050aa13787b95e74d86316c58c79134cf272c083643e42493ffbea81329b2ca29a3d81f14408a63d29c691b3bde96a59a9fb8706434b656188e2e23749517f799a083df650d11350aae0a51ffddcfbc5ce0f8056f4df9cbeb45ff63df4a3683419de0f7064a47ae22602636e9820fac34786a691859c1ba000e1791f63e987830cf9aa116aec558660d71e2ddc6c643c13157d03fea4d37d1235ce2206a9465bc60254b8ee0247c2eae19394d60a072b76e6d5c018d93d5820d94c5d4b27b968c887bd0db94a87ec437ce8a2f0865d53a8ba90e29966ae04097b1a3136ab40469c898c30ef4b045471351b0da4335f59ff396e4b817d5193c7d67ee5d4856a9496de2aa5ef5cb029dc4a2dee07ac60f970fd0e43e638f1bcf9113ae8a4ca3723bc1f8162d2b2f13216e83c86f871fe7b2ecc715e0b97f59168a29c77674e001db046498ae8d059e1f2507dc8efb6cd6401fd786643b79196bf3320631d0f66ccfdc1194f41e39da34e37412cbb34aaf97ccf0fd9d4f0ab1eea435388d48f7a0b55cee172123026cdc2855795bb350ff3e61df8ceabe739cec0a190b934e15a53094234d375e89b3e301c3e03afbea104ebcb31af219714ca99ee1079acdbba98cbeaf22c275f59b0db04d8ef92f4921b8cca32af29962f619f61b10b45ba39cb1d46ad642266247a4d24da908215fe26e0a92b994e8d7ec98a6584ade9169ff93719d9c88fb1871bb0ae9929a8bdea1f062337e0bfbfd650e4d777cd76ca4a7799b5ebb7661df09a4e6fd1597c6f6d182318e52bd0c3cbc219a374dfc7fa5e1ba0178624f0bf284286091e81111b2304aeecfbbfb4786122503d0af913717ac27eb334f01fa22c79f9d5f8acdc305c594fbe547d8d943ccdaf28c883b7d7d745370ec043e27b3dc4e57bf701624ee92406dcd534cd8791bfb0b4bca0e73abe9a0c1414599fcf37d4bf65c18e8620b7286299a939b302a74f8e364a32b717f2bae2eb4b9643ac793add0d5ca8aaa79ef21f727c77b842ff5a9244243cd92a87af1536eb9d9b7f1c9038bd8f9d67b9f65cd08a4a9c08f5d336a01b56e149d871b429355209ab965069ab2e0a5ab7e03206e00cd9f291cd19b7f50cfbd4415226b2a6c330f13b47ac19dddd7a7853c41de3222aa8852e0421fa0558911804ccb5f9a1af59d476e5284cf734a1290317545d551e5317a25242e02904fef3067bafb9d2c982db0c74a24d7c8e2b1295847aebcf7d071b39115f159b24bead7713641878d11127207ed643a5dbafb0f5b642f611b85cdbebd80c967781e35e5f726ca96a5057be15276994002e7dac67a49eb087748a58013155f717dfc8ee9dfcfda4e97be8fb1d40b5e586df53056762117f89e2c51086febb537e2086212824b2e4c100f49ea7ef10c1dff9e9df71e92e7dbd1df58784c54ddd31d976c47ec20d0faf156dc074a4241352ee2f069feadd5d8f5ad48390b060fa47bba7b73662790df1d2390141eb7de4cccdec9ed8e37da38cd9725a875aa94b8b8ed8c0328d9f3b39df8ecaeb427e6f2edff9233df2f396a2cd48a851e5aea2a28be28a4fa3008b673ed6d2d9396e039eb22e97a0f08ab5dd1aba429ad2c59714e44b91dcdffc0491bb346d3929ab9d856c8e3b1cd43b87215dfcf1fafc40fff72abb77bb53c1f31d97ed5d8b042a92af8603047972770b8656101c368659c9c11b17911dd2670d63bc74a9fa3dbb4fcd008ca52efa563d633de9768f5a0e551e4f531add4ea7587e5a26a78bc4b3a0df7531f8601148b9b19635b216499ec1768c9ac11a20732a81c1679546cca9fd4303580ce535ea7f99484f20d31be3a249ad10d61e92a5c048daf1282019eb3df79454525ec55498707e59f15441461038e10ac5b9508282ea68770dc993eae1f90b2c407a38ea6fb5846b97b0ce892e8a75c142fbafb71ccbf4c6e43eb25f49d0bce69a6a71b9f0984121789fe2f163009a867fe9d7a321891e0be58a36fc93749f6c9f65eac32e3f3a3052615b23b0f6268492f7c2dddd368b2263e7133938249843be8f0fb1170170bf8fafdde443a79e790970193c59d509312c80e8c3c647ec2dad1598be368a6ad7adbb495346747bbdf3b88302cf0e846519e5659db430ce0048c12034c900db26028f985b2b22c2c3916adcbab30a19544ae98fddaefff428f265a8d10aaf1c2978d6acb3b1dd0be1f5f9d2dad3eb72336c7189017a71aca2883830023fa30dfb8816eb7d696e7dc58c7701ba2599650d01d06503160a12c07caed7ce3f90dffffbd307712cbb6fcfab02873889752344d03be4d1dc1ca97c513dd90d3677a08867949faca70588741d0ce38fabc2c15273641dd7be20fd296f53678b200afb689330338278224d5f9f2cf525fcfdcdf51ba4efca4290ef49b285eb5970aa7f23845995b5ebb4072283619f8b2845e85388c91de182f5d62629fa0adf19648f5bcbff567fe8ba938dfa8d11ad5fe1cec800d756e6d8b302a6cad7f41a341cfb765006266594deec35bbac83135250ee28b116aa3b0ab125c73d03e1d831091a259ad133499eba179546c4dcb634c713b623b681ec70c259b110e040104e01c4f8c2b68fee1fb9c4b77fc6ef888089d9b5874cda9c4cde906635adbfcb7bbbdf27234b7f3689a2a4e3da9d12025001087546c88d04b420136cb4d0fcf6c1c1c44417fc2f972b893d8f9af3d399461168d8b8718fdd944b69dac2d2517c001a2cb2a6c4aa2e109f2bc2e2cfd5ea6598720932272b157b835e8dd9c80754db816955b5ea2e0e54c8523235624d08257571636236b8ef96989aa19d051b8023697760f37bca70f21d8c461ff1ad2c58277064e602fbf9e4781732e3e5404fec8a1221396bfb17dd0f3795ae8da"})

12:17:01 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r2}, 0x10)
sendfile(r0, r1, 0x0, 0x0)

[ 2276.977596][ T8241] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2276.985593][ T8241] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2276.993588][ T8241] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2277.001581][ T8241] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2277.009600][ T8241]  </TASK>
[ 2277.072426][ T8241] memory: usage 307188kB, limit 307200kB, failcnt 10441
[ 2277.081613][ T8241] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2277.107293][ T8241] Memory cgroup stats for /syz1:
[ 2277.107582][ T8241] anon 147456
[ 2277.107582][ T8241] file 312406016
[ 2277.107582][ T8241] kernel 2002944
[ 2277.107582][ T8241] kernel_stack 65536
[ 2277.107582][ T8241] pagetables 81920
[ 2277.107582][ T8241] sec_pagetables 0
[ 2277.107582][ T8241] percpu 4800
[ 2277.107582][ T8241] sock 0
[ 2277.107582][ T8241] vmalloc 0
[ 2277.107582][ T8241] shmem 312406016
[ 2277.107582][ T8241] zswap 0
[ 2277.107582][ T8241] zswapped 0
[ 2277.107582][ T8241] file_mapped 380928
[ 2277.107582][ T8241] file_dirty 0
[ 2277.107582][ T8241] file_writeback 0
[ 2277.107582][ T8241] swapcached 0
[ 2277.107582][ T8241] anon_thp 0
[ 2277.107582][ T8241] file_thp 0
[ 2277.107582][ T8241] shmem_thp 0
[ 2277.107582][ T8241] inactive_anon 62951424
[ 2277.107582][ T8241] active_anon 172032
[ 2277.107582][ T8241] inactive_file 0
[ 2277.107582][ T8241] active_file 0
[ 2277.107582][ T8241] unevictable 249430016
[ 2277.107582][ T8241] slab_reclaimable 964920
[ 2277.107582][ T8241] slab_unreclaimable 856896
[ 2277.107582][ T8241] slab 1821816
[ 2277.107582][ T8241] workingset_refault_anon 0
[ 2277.107582][ T8241] workingset_refault_file 0
[ 2277.107582][ T8241] workingset_activate_anon 0
[ 2277.107582][ T8241] workingset_activate_file 0
[ 2277.107582][ T8241] workingset_restore_anon 0
[ 2277.107582][ T8241] workingset_restore_file 0
[ 2277.107582][ T8241] workingset_nodereclaim 0
[ 2277.107582][ T8241] pgscan 49
[ 2277.107582][ T8241] pgsteal 49
[ 2277.107582][ T8241] pgscan_kswapd 0
[ 2277.107582][ T8241] pgscan_direct 49
[ 2277.107582][ T8241] pgscan_khugepaged 0
[ 2277.107582][ T8241] pgsteal_kswapd 0
[ 2277.107582][ T8241] pgsteal_direct 49
[ 2277.107582][ T8241] pgsteal_khugepaged 0
[ 2277.107582][ T8241] pgfault 1093891
[ 2277.107582][ T8241] pgmajfault 422
12:17:02 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x2c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x2c}}, 0x0)

[ 2277.107582][ T8241] pgrefill 150
[ 2277.107582][ T8241] pgactivate 161
[ 2277.107582][ T8241] pgdeactivate 0
[ 2277.107582][ T8241] pglazyfree 0
[ 2277.107582][ T8241] pglazyfreed 0
[ 2277.107582][ T8241] zswpin 0
[ 2277.107582][ T8241] zswpout 0
[ 2277.316957][   T27] audit: type=1804 audit(1680178622.119:1116): pid=8264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2150/bus" dev="sda1" ino=1159 res=1 errno=0
12:17:02 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x2c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x2c}}, 0x0)

[ 2277.385611][   T27] audit: type=1800 audit(1680178622.149:1117): pid=8264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1159 res=0 errno=0
[ 2277.432215][T27900] usb 1-1: Using ep0 maxpacket: 16
12:17:02 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x2c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x2c}}, 0x0)

[ 2277.642539][T27900] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2277.685885][T27900] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 2277.731786][T27900] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 2277.830317][T27900] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2277.895298][ T8241] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8241,uid=0
[ 2277.932335][ T8241] Memory cgroup out of memory: Killed process 8241 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:17:02 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2277.972687][T27900] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2277.993735][T27900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2278.019304][T27900] usb 1-1: Product: syz
[ 2278.028351][T27900] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2278.035522][T27900] usb 1-1: SerialNumber: syz
[ 2278.083293][ T8274] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2278.118449][ T8274] CPU: 0 PID: 8274 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2278.128510][ T8274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2278.138610][ T8274] Call Trace:
[ 2278.141924][ T8274]  <TASK>
[ 2278.144892][ T8274]  dump_stack_lvl+0x136/0x150
[ 2278.149659][ T8274]  dump_header+0x10a/0xd70
[ 2278.154162][ T8274]  oom_kill_process+0x25d/0x600
[ 2278.159097][ T8274]  out_of_memory+0x35c/0x1650
[ 2278.163856][ T8274]  ? find_held_lock+0x2d/0x110
[ 2278.168720][ T8274]  ? oom_killer_disable+0x2b0/0x2b0
[ 2278.174020][ T8274]  ? rcu_read_unlock+0x9/0x60
[ 2278.178756][ T8274]  ? find_held_lock+0x2d/0x110
[ 2278.183592][ T8274]  mem_cgroup_out_of_memory+0x206/0x270
[ 2278.189200][ T8274]  ? mem_cgroup_margin+0x130/0x130
[ 2278.194370][ T8274]  ? lock_downgrade+0x690/0x690
[ 2278.199316][ T8274]  try_charge_memcg+0xf99/0x13a0
[ 2278.204347][ T8274]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2278.210413][ T8274]  ? lock_downgrade+0x690/0x690
[ 2278.215417][ T8274]  ? trace_lock_acquire+0x12d/0x180
[ 2278.220685][ T8274]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2278.226294][ T8274]  ? lock_acquire+0x32/0xc0
[ 2278.230857][ T8274]  charge_memcg+0x90/0x3b0
[ 2278.235327][ T8274]  __mem_cgroup_charge+0x2b/0x90
[ 2278.240316][ T8274]  do_wp_page+0x8ac/0x3510
[ 2278.244785][ T8274]  ? lock_sync+0x190/0x190
[ 2278.249237][ T8274]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2278.254661][ T8274]  ? rcu_is_watching+0x12/0xb0
[ 2278.259471][ T8274]  ? do_raw_spin_lock+0x124/0x2b0
[ 2278.264537][ T8274]  ? spin_bug+0x1c0/0x1c0
[ 2278.268904][ T8274]  ? lock_acquire+0x32/0xc0
[ 2278.273449][ T8274]  ? __handle_mm_fault+0x1334/0x4180
[ 2278.278790][ T8274]  __handle_mm_fault+0x1547/0x4180
[ 2278.283957][ T8274]  ? vm_iomap_memory+0x190/0x190
[ 2278.288965][ T8274]  handle_mm_fault+0x2c0/0x9c0
[ 2278.293787][ T8274]  do_user_addr_fault+0x2ed/0x1240
[ 2278.298940][ T8274]  ? rcu_is_watching+0x12/0xb0
[ 2278.303752][ T8274]  exc_page_fault+0x98/0x170
[ 2278.308396][ T8274]  asm_exc_page_fault+0x26/0x30
[ 2278.313279][ T8274] RIP: 0033:0x7f47dd2395a0
[ 2278.317723][ T8274] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2278.337356][ T8274] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2278.343445][ T8274] RAX: 0000000018ecfdec RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2278.351438][ T8274] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fdf78
[ 2278.359435][ T8274] RBP: 0000000018ecfdec R08: 0000000000001dec R09: 0000000018ecfdf0
[ 2278.367433][ T8274] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2278.375444][ T8274] R13: 0000000000000001 R14: 000000000000000f R15: ffffffff81e3d5e1
[ 2278.383445][ T8274]  ? build_open_flags+0x251/0x720
[ 2278.388525][ T8274]  </TASK>
[ 2278.406122][ T8274] memory: usage 307200kB, limit 307200kB, failcnt 10502
[ 2278.418864][ T8274] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2278.442229][ T8274] Memory cgroup stats for /syz1:
[ 2278.442520][ T8274] anon 143360
[ 2278.442520][ T8274] file 312406016
[ 2278.442520][ T8274] kernel 2023424
[ 2278.442520][ T8274] kernel_stack 65536
[ 2278.442520][ T8274] pagetables 81920
[ 2278.442520][ T8274] sec_pagetables 0
[ 2278.442520][ T8274] percpu 4864
[ 2278.442520][ T8274] sock 0
[ 2278.442520][ T8274] vmalloc 0
[ 2278.442520][ T8274] shmem 312406016
[ 2278.442520][ T8274] zswap 0
[ 2278.442520][ T8274] zswapped 0
[ 2278.442520][ T8274] file_mapped 380928
[ 2278.442520][ T8274] file_dirty 0
[ 2278.442520][ T8274] file_writeback 0
[ 2278.442520][ T8274] swapcached 0
[ 2278.442520][ T8274] anon_thp 0
[ 2278.442520][ T8274] file_thp 0
[ 2278.442520][ T8274] shmem_thp 0
[ 2278.442520][ T8274] inactive_anon 62951424
[ 2278.442520][ T8274] active_anon 167936
[ 2278.442520][ T8274] inactive_file 0
[ 2278.442520][ T8274] active_file 0
[ 2278.442520][ T8274] unevictable 249430016
[ 2278.442520][ T8274] slab_reclaimable 964920
[ 2278.442520][ T8274] slab_unreclaimable 868808
[ 2278.442520][ T8274] slab 1833728
[ 2278.442520][ T8274] workingset_refault_anon 0
[ 2278.442520][ T8274] workingset_refault_file 0
[ 2278.442520][ T8274] workingset_activate_anon 0
[ 2278.442520][ T8274] workingset_activate_file 0
[ 2278.442520][ T8274] workingset_restore_anon 0
[ 2278.442520][ T8274] workingset_restore_file 0
[ 2278.442520][ T8274] workingset_nodereclaim 0
[ 2278.442520][ T8274] pgscan 49
[ 2278.442520][ T8274] pgsteal 49
[ 2278.442520][ T8274] pgscan_kswapd 0
[ 2278.442520][ T8274] pgscan_direct 49
[ 2278.442520][ T8274] pgscan_khugepaged 0
[ 2278.442520][ T8274] pgsteal_kswapd 0
[ 2278.442520][ T8274] pgsteal_direct 49
[ 2278.442520][ T8274] pgsteal_khugepaged 0
[ 2278.442520][ T8274] pgfault 1093952
[ 2278.442520][ T8274] pgmajfault 422
[ 2278.442520][ T8274] pgrefill 150
[ 2278.442520][ T8274] pgactivate 161
[ 2278.442520][ T8274] pgdeactivate 0
[ 2278.442520][ T8274] pglazyfree 0
[ 2278.442520][ T8274] pglazyfreed 0
[ 2278.442520][ T8274] zswpin 0
[ 2278.442520][ T8274] zswpout 0
[ 2278.515096][ T5556] usb 1-1: USB disconnect, device number 49
[ 2278.685631][ T8274] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8274,uid=0
[ 2278.710247][ T8274] Memory cgroup out of memory: Killed process 8274 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:17:03 executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:03 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000040)={0x2, {0x2, 0x0, 0x0, 0x0, 0x401}})

12:17:03 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x2c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params]}, 0x2c}}, 0x0)

[ 2279.482222][T27900] usb 1-1: new high-speed USB device number 50 using dummy_hcd
[ 2279.742213][T27900] usb 1-1: Using ep0 maxpacket: 16
12:17:05 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r0, 0x4b47, &(0x7f0000000000)={0x0, 0x71e})

12:17:05 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r2}, 0x10)
sendfile(r0, r1, 0x0, 0x0)

12:17:05 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:05 executing program 2:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZE(r0, 0x5607, 0x0)

12:17:05 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x2c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params]}, 0x2c}}, 0x0)

[ 2280.450621][   T27] audit: type=1804 audit(1680178625.249:1118): pid=8285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2151/bus" dev="sda1" ino=1175 res=1 errno=0
12:17:05 executing program 2:
r0 = gettid()
r1 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read(r1, &(0x7f0000000240)=""/264, 0xc)
tkill(r0, 0x7)

12:17:05 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x2c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params]}, 0x2c}}, 0x0)

[ 2280.490369][   T27] audit: type=1800 audit(1680178625.279:1119): pid=8285 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1175 res=0 errno=0
[ 2280.520198][T27900] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2280.542851][ T8290] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2280.555562][T27900] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 2280.565737][ T8290] CPU: 1 PID: 8290 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2280.575602][ T8290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2280.585700][ T8290] Call Trace:
[ 2280.589020][ T8290]  <TASK>
[ 2280.592083][ T8290]  dump_stack_lvl+0x136/0x150
[ 2280.596871][ T8290]  dump_header+0x10a/0xd70
[ 2280.601376][ T8290]  oom_kill_process+0x25d/0x600
[ 2280.606304][ T8290]  out_of_memory+0x35c/0x1650
[ 2280.611143][ T8290]  ? find_held_lock+0x2d/0x110
[ 2280.615968][ T8290]  ? oom_killer_disable+0x2b0/0x2b0
[ 2280.621240][ T8290]  ? rcu_read_unlock+0x9/0x60
[ 2280.625976][ T8290]  ? find_held_lock+0x2d/0x110
[ 2280.630803][ T8290]  mem_cgroup_out_of_memory+0x206/0x270
[ 2280.636414][ T8290]  ? mem_cgroup_margin+0x130/0x130
[ 2280.641588][ T8290]  ? lock_downgrade+0x690/0x690
[ 2280.646525][ T8290]  try_charge_memcg+0xf99/0x13a0
[ 2280.651543][ T8290]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2280.657603][ T8290]  ? lock_downgrade+0x690/0x690
[ 2280.662519][ T8290]  ? trace_lock_acquire+0x12d/0x180
[ 2280.667781][ T8290]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2280.673395][ T8290]  ? lock_acquire+0x32/0xc0
[ 2280.677965][ T8290]  charge_memcg+0x90/0x3b0
[ 2280.682452][ T8290]  __mem_cgroup_charge+0x2b/0x90
[ 2280.687454][ T8290]  ? copy_mc_to_kernel+0x3e/0x90
[ 2280.692456][ T8290]  do_wp_page+0x8ac/0x3510
[ 2280.696952][ T8290]  ? lock_sync+0x190/0x190
[ 2280.701436][ T8290]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2280.706888][ T8290]  ? rcu_is_watching+0x12/0xb0
[ 2280.711892][ T8290]  ? do_raw_spin_lock+0x124/0x2b0
[ 2280.716986][ T8290]  ? spin_bug+0x1c0/0x1c0
[ 2280.721379][ T8290]  ? lock_acquire+0x32/0xc0
[ 2280.725942][ T8290]  ? __handle_mm_fault+0x1334/0x4180
[ 2280.731319][ T8290]  __handle_mm_fault+0x1547/0x4180
[ 2280.736615][ T8290]  ? vm_iomap_memory+0x190/0x190
[ 2280.741743][ T8290]  handle_mm_fault+0x2c0/0x9c0
[ 2280.746677][ T8290]  do_user_addr_fault+0x2ed/0x1240
[ 2280.751875][ T8290]  ? rcu_is_watching+0x12/0xb0
[ 2280.756722][ T8290]  exc_page_fault+0x98/0x170
[ 2280.761398][ T8290]  asm_exc_page_fault+0x26/0x30
[ 2280.766319][ T8290] RIP: 0033:0x7f47dd2364bd
[ 2280.770805][ T8290] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2280.790474][ T8290] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
12:17:05 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x28, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x28}}, 0x0)

12:17:05 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x28, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x28}}, 0x0)

[ 2280.796626][ T8290] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000003d2
[ 2280.804655][ T8290] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2280.812686][ T8290] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2280.820705][ T8290] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2280.828724][ T8290] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2280.836768][ T8290]  </TASK>
[ 2280.855632][T27900] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 2280.871902][ T8290] memory: usage 307192kB, limit 307200kB, failcnt 10605
[ 2280.879374][ T8290] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2280.887049][ T8290] Memory cgroup stats for /syz1:
[ 2280.887329][ T8290] anon 147456
[ 2280.887329][ T8290] file 312406016
[ 2280.887329][ T8290] kernel 2002944
[ 2280.887329][ T8290] kernel_stack 65536
[ 2280.887329][ T8290] pagetables 81920
[ 2280.887329][ T8290] sec_pagetables 0
[ 2280.887329][ T8290] percpu 4800
[ 2280.887329][ T8290] sock 0
[ 2280.887329][ T8290] vmalloc 0
[ 2280.887329][ T8290] shmem 312406016
[ 2280.887329][ T8290] zswap 0
[ 2280.887329][ T8290] zswapped 0
[ 2280.887329][ T8290] file_mapped 380928
[ 2280.887329][ T8290] file_dirty 0
[ 2280.887329][ T8290] file_writeback 0
[ 2280.887329][ T8290] swapcached 0
[ 2280.887329][ T8290] anon_thp 0
[ 2280.887329][ T8290] file_thp 0
[ 2280.887329][ T8290] shmem_thp 0
[ 2280.887329][ T8290] inactive_anon 62951424
[ 2280.887329][ T8290] active_anon 172032
[ 2280.887329][ T8290] inactive_file 0
[ 2280.887329][ T8290] active_file 0
[ 2280.887329][ T8290] unevictable 249430016
[ 2280.887329][ T8290] slab_reclaimable 964920
[ 2280.887329][ T8290] slab_unreclaimable 856896
[ 2280.887329][ T8290] slab 1821816
[ 2280.887329][ T8290] workingset_refault_anon 0
[ 2280.887329][ T8290] workingset_refault_file 0
[ 2280.887329][ T8290] workingset_activate_anon 0
[ 2280.887329][ T8290] workingset_activate_file 0
[ 2280.887329][ T8290] workingset_restore_anon 0
[ 2280.887329][ T8290] workingset_restore_file 0
[ 2280.887329][ T8290] workingset_nodereclaim 0
[ 2280.887329][ T8290] pgscan 49
[ 2280.887329][ T8290] pgsteal 49
[ 2280.887329][ T8290] pgscan_kswapd 0
[ 2280.887329][ T8290] pgscan_direct 49
[ 2280.887329][ T8290] pgscan_khugepaged 0
[ 2280.887329][ T8290] pgsteal_kswapd 0
[ 2280.887329][ T8290] pgsteal_direct 49
[ 2280.887329][ T8290] pgsteal_khugepaged 0
[ 2280.887329][ T8290] pgfault 1094012
[ 2280.887329][ T8290] pgmajfault 422
[ 2280.887329][ T8290] pgrefill 150
[ 2280.887329][ T8290] pgactivate 161
[ 2280.887329][ T8290] pgdeactivate 0
[ 2280.887329][ T8290] pglazyfree 0
[ 2280.887329][ T8290] pglazyfreed 0
[ 2280.887329][ T8290] zswpin 0
[ 2280.887329][ T8290] zswpout 0
[ 2281.082317][T27900] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2281.095505][ T8290] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8290,uid=0
[ 2281.113558][ T8290] Memory cgroup out of memory: Killed process 8290 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2281.212601][T27900] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2281.221740][T27900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2281.229889][T27900] usb 1-1: Product: syz
[ 2281.234201][T27900] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2281.243318][T27900] usb 1-1: SerialNumber: syz
[ 2281.513059][T27900] usb 1-1: USB disconnect, device number 50
12:17:06 executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:06 executing program 3:
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r0, 0x800)
write$cgroup_freezer_state(0xffffffffffffffff, 0x0, 0x0)
lseek(r0, 0x200, 0x0)
dup(0xffffffffffffffff)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x24000, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000001740)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed4284da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda52013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3542c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff852656cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b470067bbab40743b2a428f1da1f68df75c00008ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c4396f1d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d7cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a92144e43a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbd6ea6cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109bec1267dd7d781aa230ac1cae"], &(0x7f0000000100)='GPL\x00'}, 0x48)
socket(0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='ext4_writepages_result\x00', r2}, 0x10)
sendfile(r0, r1, 0x0, 0x0)

12:17:06 executing program 4:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file2\x00', 0x2a342, 0x0)
pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x0, 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x1)

12:17:06 executing program 2:
open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0)
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$PIO_UNISCRNMAP(r0, 0x4b66, &(0x7f0000000000))

12:17:06 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x28, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x28}}, 0x0)

12:17:06 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:06 executing program 2:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='net/netlink\x00')
accept4$vsock_stream(r0, &(0x7f00000004c0)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10, 0x80800)
sendmsg$IPVS_CMD_GET_INFO(r0, 0x0, 0x0)
socketpair(0x22, 0x40002, 0x1, &(0x7f0000000540)={<r1=>0xffffffffffffffff})
bind$vsock_stream(r1, &(0x7f0000000580)={0x28, 0x0, 0x0, @local}, 0x10)
syz_usb_connect$uac1(0x5, 0xce, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbc, 0x3, 0x1, 0x1, 0xb0, 0xc1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x6}, [@mixer_unit={0x8, 0x24, 0x4, 0x1, 0x20, "bbf758"}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x200, 0x1, 0x2, 0x0, 0x6, 0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x28, 0x8000, 0x5, "e2c1739777"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x3, 0x4, 0x8, 0x1, "ae", "cdf7"}, @as_header={0x7, 0x24, 0x1, 0x7f, 0x3, 0x2}]}, {{0x9, 0x5, 0x1, 0x9, 0x1ff, 0x20, 0x2, 0xb1, {0x7, 0x25, 0x1, 0x80, 0x9, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x3, 0x2, 0x20, 0x2, "ad65ca"}, @as_header={0x7, 0x24, 0x1, 0x1f, 0x15}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x84, 0x3, 0x80, 0x1, "3a11f6", 's3&'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x8, 0x1, 0xfe, 0x3, "f5"}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x3f, 0x1, 0x8, {0x7, 0x25, 0x1, 0x0, 0x6, 0x40}}}}}}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0xff, 0x7e, 0x2, 0x8, 0x5}, 0x28, &(0x7f0000000140)={0x5, 0xf, 0x28, 0x4, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x20, 0x1, 0xff, 0x401, 0x53}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xa, 0x5d, 0x7, 0x100}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x1, 0x1f, 0x0, 0x40}]}, 0x4, [{0x99, &(0x7f0000000180)=@string={0x99, 0x3, "da4b98cafcf69b86fa287ccac074aca525e21c1467ad3c42039f04bf6cbe61680e1c927b9b5240d07630071b111b4976bbba95d87eeba22bfd7db0d2397ccfd8ba0a5274b6764691e8b3856aba4632158b5ea2befa8c63c6a3d449e36af13f783120afcde10e3f3e876b0b73f80990b0a4f381caba99876e9ee8705153255a2d7d0965c0d7d456327c8def978b55ab50fee1ab4e9e50f3"}}, {0x8d, &(0x7f0000000240)=@string={0x8d, 0x3, "e3056387fcf5c20aeec9829c7d5631daddd7ccfa62e963b7fa0490e5ebbbef400e8928d40b12a86bf2af087b7204c86be16e205d0f6c43f4d257a251a49fad9c1c44fcc8f45947ab743abf158f4a5258dd1d32fb3404c810e5e407401d8012126bc440c7d836c2d08f407e67e8fc087530b878e6f089c0064a23b6aabb28ef972e748e826f3d222df4e360"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x480a}}, {0xca, &(0x7f0000000340)=@string={0xca, 0x3, "12e2eaf4c7c71224645e909f98bf655d724936b632d651c171e0cd50449e428a317d44b0d72a3f4e7ec2312698b5b5d1029d814c26b2ae52966f5ac26a7cf2cf452d1ad965534c57c8f6fc300f073e84c98869dc8c988f856a7ad48d3751c1aaf5d8f3fe857111e7a83efc895d173c18c43b6dd9b301cba4fcd08cbcaf58ddf8f1ce78d010459dca5bd982ffa36c3a320faea67b555367d74d0e1fdcfbaf79e4f451f32064d11c7a17608efaf1e3afb894a8f858bc835fb58b5a31e8881d0f6658fac5e6fb06db83"}}]})

12:17:06 executing program 4:
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x8922, &(0x7f0000000080)={'ip6_vti0\x00', 0x0})

[ 2282.074647][   T27] audit: type=1804 audit(1680178626.879:1120): pid=8311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir3710322249/syzkaller.EsUX9x/2152/bus" dev="sda1" ino=1165 res=1 errno=0
12:17:06 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x30, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)

[ 2282.167624][   T27] audit: type=1800 audit(1680178626.919:1121): pid=8311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=1165 res=0 errno=0
12:17:07 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x30, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)

[ 2282.241654][ T8312] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2282.252400][ T8324] ip6_vti0: mtu less than device minimum
[ 2282.321238][ T8312] CPU: 1 PID: 8312 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2282.331142][ T8312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2282.341246][ T8312] Call Trace:
[ 2282.344567][ T8312]  <TASK>
[ 2282.347540][ T8312]  dump_stack_lvl+0x136/0x150
[ 2282.352298][ T8312]  dump_header+0x10a/0xd70
[ 2282.356882][ T8312]  oom_kill_process+0x25d/0x600
[ 2282.361931][ T8312]  out_of_memory+0x35c/0x1650
[ 2282.366683][ T8312]  ? find_held_lock+0x2d/0x110
12:17:07 executing program 4:
syz_open_procfs(0xffffffffffffffff, 0x0)
syz_usb_connect$uac1(0x0, 0x7f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x6d, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@mixer_unit={0x6, 0x24, 0x4, 0x1, 0x0, "bb"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x2, 0x0, {0x7, 0x25, 0x1, 0x80}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x0, 0x0, 0x8, {0x7}}}}}}}]}}, 0x0)

12:17:07 executing program 3:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @local, 0x4}, 0x1c)

[ 2282.371509][ T8312]  ? oom_killer_disable+0x2b0/0x2b0
[ 2282.376781][ T8312]  ? rcu_read_unlock+0x9/0x60
[ 2282.381512][ T8312]  ? find_held_lock+0x2d/0x110
[ 2282.386768][ T8312]  mem_cgroup_out_of_memory+0x206/0x270
[ 2282.392373][ T8312]  ? mem_cgroup_margin+0x130/0x130
[ 2282.397542][ T8312]  ? lock_downgrade+0x690/0x690
[ 2282.402499][ T8312]  try_charge_memcg+0xf99/0x13a0
[ 2282.407521][ T8312]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2282.413579][ T8312]  ? lock_downgrade+0x690/0x690
[ 2282.418493][ T8312]  ? trace_lock_acquire+0x12d/0x180
[ 2282.422679][ T8017] usb 1-1: new high-speed USB device number 51 using dummy_hcd
[ 2282.423772][ T8312]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2282.436960][ T8312]  ? lock_acquire+0x32/0xc0
[ 2282.441520][ T8312]  charge_memcg+0x90/0x3b0
[ 2282.446007][ T8312]  __mem_cgroup_charge+0x2b/0x90
[ 2282.450987][ T8312]  ? copy_mc_to_kernel+0x3e/0x90
[ 2282.455966][ T8312]  do_wp_page+0x8ac/0x3510
[ 2282.460433][ T8312]  ? lock_sync+0x190/0x190
[ 2282.464887][ T8312]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2282.470302][ T8312]  ? rcu_is_watching+0x12/0xb0
[ 2282.475134][ T8312]  ? do_raw_spin_lock+0x124/0x2b0
[ 2282.480196][ T8312]  ? spin_bug+0x1c0/0x1c0
[ 2282.484562][ T8312]  ? lock_acquire+0x32/0xc0
[ 2282.489099][ T8312]  ? __handle_mm_fault+0x1334/0x4180
[ 2282.494440][ T8312]  __handle_mm_fault+0x1547/0x4180
[ 2282.499606][ T8312]  ? vm_iomap_memory+0x190/0x190
[ 2282.504617][ T8312]  handle_mm_fault+0x2c0/0x9c0
[ 2282.509434][ T8312]  do_user_addr_fault+0x2ed/0x1240
[ 2282.514585][ T8312]  ? rcu_is_watching+0x12/0xb0
[ 2282.519428][ T8312]  exc_page_fault+0x98/0x170
[ 2282.524273][ T8312]  asm_exc_page_fault+0x26/0x30
[ 2282.529262][ T8312] RIP: 0033:0x7f47dd2364bd
[ 2282.533705][ T8312] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2282.553494][ T8312] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2282.559591][ T8312] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000005a8
[ 2282.567597][ T8312] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2282.575599][ T8312] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2282.583628][ T8312] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2282.591655][ T8312] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2282.599678][ T8312]  </TASK>
[ 2282.636280][ T8312] memory: usage 307200kB, limit 307200kB, failcnt 10683
[ 2282.647629][ T8312] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2282.660178][ T8312] Memory cgroup stats for /syz1:
[ 2282.660478][ T8312] anon 147456
[ 2282.660478][ T8312] file 312406016
[ 2282.660478][ T8312] kernel 2019328
[ 2282.660478][ T8312] kernel_stack 65536
[ 2282.660478][ T8312] pagetables 81920
[ 2282.660478][ T8312] sec_pagetables 0
[ 2282.660478][ T8312] percpu 4864
[ 2282.660478][ T8312] sock 0
[ 2282.660478][ T8312] vmalloc 0
[ 2282.660478][ T8312] shmem 312406016
[ 2282.660478][ T8312] zswap 0
[ 2282.660478][ T8312] zswapped 0
[ 2282.660478][ T8312] file_mapped 380928
[ 2282.660478][ T8312] file_dirty 0
[ 2282.660478][ T8312] file_writeback 0
[ 2282.660478][ T8312] swapcached 0
[ 2282.660478][ T8312] anon_thp 0
[ 2282.660478][ T8312] file_thp 0
[ 2282.660478][ T8312] shmem_thp 0
[ 2282.660478][ T8312] inactive_anon 62951424
[ 2282.660478][ T8312] active_anon 172032
[ 2282.660478][ T8312] inactive_file 0
[ 2282.660478][ T8312] active_file 0
[ 2282.660478][ T8312] unevictable 249430016
[ 2282.660478][ T8312] slab_reclaimable 964920
[ 2282.660478][ T8312] slab_unreclaimable 868808
[ 2282.660478][ T8312] slab 1833728
[ 2282.660478][ T8312] workingset_refault_anon 0
[ 2282.660478][ T8312] workingset_refault_file 0
[ 2282.660478][ T8312] workingset_activate_anon 0
[ 2282.660478][ T8312] workingset_activate_file 0
[ 2282.660478][ T8312] workingset_restore_anon 0
[ 2282.660478][ T8312] workingset_restore_file 0
[ 2282.660478][ T8312] workingset_nodereclaim 0
[ 2282.660478][ T8312] pgscan 49
[ 2282.660478][ T8312] pgsteal 49
[ 2282.660478][ T8312] pgscan_kswapd 0
[ 2282.660478][ T8312] pgscan_direct 49
[ 2282.660478][ T8312] pgscan_khugepaged 0
[ 2282.660478][ T8312] pgsteal_kswapd 0
[ 2282.660478][ T8312] pgsteal_direct 49
[ 2282.660478][ T8312] pgsteal_khugepaged 0
[ 2282.660478][ T8312] pgfault 1094073
[ 2282.660478][ T8312] pgmajfault 422
[ 2282.660478][ T8312] pgrefill 150
[ 2282.660478][ T8312] pgactivate 161
[ 2282.660478][ T8312] pgdeactivate 0
[ 2282.660478][ T8312] pglazyfree 0
[ 2282.660478][ T8312] pglazyfreed 0
[ 2282.660478][ T8312] zswpin 0
[ 2282.660478][ T8312] zswpout 0
[ 2282.846375][  T756] usb 3-1: new high-speed USB device number 29 using dummy_hcd
[ 2282.855514][ T8312] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8312,uid=0
[ 2282.873335][ T8312] Memory cgroup out of memory: Killed process 8312 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2283.002316][ T8017] usb 1-1: Using ep0 maxpacket: 16
[ 2283.112201][  T756] usb 3-1: Using ep0 maxpacket: 8
[ 2283.202733][ T8017] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2283.222153][ T8017] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 2283.231873][ T8017] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 2283.262451][  T756] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2283.278263][  T756] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2283.287666][ T8017] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2283.303233][  T756] usb 3-1: too many endpoints for config 1 interface 1 altsetting 32: 187, using maximum allowed: 30
[ 2283.318146][  T756] usb 3-1: config 1 interface 1 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 187
[ 2283.333532][  T756] usb 3-1: config 1 interface 1 has no altsetting 0
[ 2283.454531][ T8017] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2283.463752][ T8017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2283.471837][ T8017] usb 1-1: Product: syz
[ 2283.476818][ T8017] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2283.484214][ T8017] usb 1-1: SerialNumber: syz
[ 2283.513104][  T756] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2283.522525][  T756] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2283.530570][  T756] usb 3-1: Product: 䠊
[ 2283.540480][  T756] usb 3-1: Manufacturer: ף蝣ૂ짮鲂噽ퟝ頻띣Ӻ믫䃯褎퐨ላ殨꿲笈Ѳ毈满崠氏埒冢龤鲭䐜주姴ꭇ㩴ᖿ䪏塒ᷝגּд჈䀇耝ሒ쑫은㛘탂䂏松ﳨ甈렰觰ۀ⍊ꪶ⢻韯琮芎㵯ⴢ
[ 2283.562380][  T756] usb 3-1: SerialNumber: 쟇␒幤龐뾘嵥䥲똶혲셑働鹄詂紱끄⫗丿쉾☱떘통鴂䲁눦劮澖쉚籪쿲ⵅ卥坌ー܏萾裉颌薏穪跔儷꫁ﻳ熅㺨觼᝝ᠼ㯄Ƴ꓋탼벌墯컱큸䔐쪝ﾂ沣㈺긏箦单흧ํ꿻凴⃳텤稜怗搜뢯ꢔ壸莼땟媋ᶈ昏縉ۻ菛
[ 2283.755717][ T8017] usb 1-1: USB disconnect, device number 51
[ 2283.952907][  T756] usb 3-1: 0:2 : does not exist
[ 2284.007295][  T756] usb 3-1: USB disconnect, device number 29
[ 2284.050658][ T8334] udevd[8334]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
12:17:09 executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

12:17:09 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000840)={0x30, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0)

12:17:09 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}]}]}, 0x2c}}, 0x0)

12:17:09 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x0)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:09 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

12:17:09 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x4, &(0x7f0000000100)=[{0x6}, {0x1}, {0x4}, {0x6}]})

12:17:09 executing program 2:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x8914, &(0x7f0000000080)={'ip6_vti0\x00', 0x0})

12:17:09 executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

12:17:09 executing program 5:
accept4$vsock_stream(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_connect$uac1(0x0, 0x88, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x76, 0x3, 0x1, 0x1, 0xb0, 0xc1, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0x8}, @as_header={0x7, 0x24, 0x1, 0x0, 0x3, 0x2}]}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0xb1, {0x7, 0x25, 0x1, 0x80, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0x8, 0x24, 0x2, 0x1, 0x0, 0x0, 0x0, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x8, {0x7}}}}}}}]}}, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x0, 0x0}, {0x0, 0x0}]})

[ 2284.366859][   T27] audit: type=1326 audit(1680178629.169:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8342 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f314de8c0f9 code=0x0
12:17:09 executing program 0:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

[ 2284.440583][ T8338] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2284.466072][ T8338] CPU: 1 PID: 8338 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2284.475960][ T8338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2284.486065][ T8338] Call Trace:
[ 2284.489384][ T8338]  <TASK>
[ 2284.492360][ T8338]  dump_stack_lvl+0x136/0x150
[ 2284.497109][ T8338]  dump_header+0x10a/0xd70
[ 2284.501617][ T8338]  oom_kill_process+0x25d/0x600
[ 2284.506553][ T8338]  out_of_memory+0x35c/0x1650
[ 2284.511309][ T8338]  ? find_held_lock+0x2d/0x110
[ 2284.516138][ T8338]  ? oom_killer_disable+0x2b0/0x2b0
[ 2284.521433][ T8338]  ? rcu_read_unlock+0x9/0x60
[ 2284.526187][ T8338]  ? find_held_lock+0x2d/0x110
[ 2284.531011][ T8338]  mem_cgroup_out_of_memory+0x206/0x270
[ 2284.536615][ T8338]  ? mem_cgroup_margin+0x130/0x130
[ 2284.541779][ T8338]  ? lock_downgrade+0x690/0x690
[ 2284.546714][ T8338]  try_charge_memcg+0xf99/0x13a0
[ 2284.551757][ T8338]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2284.557821][ T8338]  ? lock_downgrade+0x690/0x690
[ 2284.562740][ T8338]  ? trace_lock_acquire+0x12d/0x180
[ 2284.568032][ T8338]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2284.573743][ T8338]  ? lock_acquire+0x32/0xc0
[ 2284.578326][ T8338]  charge_memcg+0x90/0x3b0
[ 2284.582841][ T8338]  __mem_cgroup_charge+0x2b/0x90
[ 2284.587854][ T8338]  ? copy_mc_to_kernel+0x3e/0x90
[ 2284.592870][ T8338]  do_wp_page+0x8ac/0x3510
[ 2284.597369][ T8338]  ? lock_sync+0x190/0x190
[ 2284.601857][ T8338]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2284.607299][ T8338]  ? rcu_is_watching+0x12/0xb0
[ 2284.612144][ T8338]  ? do_raw_spin_lock+0x124/0x2b0
[ 2284.617234][ T8338]  ? spin_bug+0x1c0/0x1c0
[ 2284.621632][ T8338]  ? lock_acquire+0x32/0xc0
[ 2284.626194][ T8338]  ? __handle_mm_fault+0x1334/0x4180
[ 2284.631570][ T8338]  __handle_mm_fault+0x1547/0x4180
[ 2284.636760][ T8338]  ? vm_iomap_memory+0x190/0x190
[ 2284.641812][ T8338]  handle_mm_fault+0x2c0/0x9c0
[ 2284.646671][ T8338]  do_user_addr_fault+0x2ed/0x1240
[ 2284.651874][ T8338]  ? rcu_is_watching+0x12/0xb0
[ 2284.656718][ T8338]  exc_page_fault+0x98/0x170
[ 2284.661393][ T8338]  asm_exc_page_fault+0x26/0x30
[ 2284.666303][ T8338] RIP: 0033:0x7f47dd2364bd
[ 2284.670763][ T8338] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2284.690436][ T8338] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2284.696560][ T8338] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000005cd
[ 2284.704584][ T8338] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 00000000b4a86bdd
[ 2284.712636][ T8338] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 00000000b4a86be1
[ 2284.720675][ T8338] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2284.728691][ T8338] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2284.736744][ T8338]  </TASK>
[ 2284.750573][ T8338] memory: usage 307200kB, limit 307200kB, failcnt 10761
[ 2284.757619][ T8338] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2284.765629][ T8338] Memory cgroup stats for /syz1:
[ 2284.765923][ T8338] anon 147456
[ 2284.765923][ T8338] file 312406016
[ 2284.765923][ T8338] kernel 2019328
[ 2284.765923][ T8338] kernel_stack 65536
[ 2284.765923][ T8338] pagetables 81920
[ 2284.765923][ T8338] sec_pagetables 0
[ 2284.765923][ T8338] percpu 4864
[ 2284.765923][ T8338] sock 0
[ 2284.765923][ T8338] vmalloc 0
[ 2284.765923][ T8338] shmem 312406016
[ 2284.765923][ T8338] zswap 0
[ 2284.765923][ T8338] zswapped 0
[ 2284.765923][ T8338] file_mapped 380928
[ 2284.765923][ T8338] file_dirty 0
[ 2284.765923][ T8338] file_writeback 0
[ 2284.765923][ T8338] swapcached 0
[ 2284.765923][ T8338] anon_thp 0
[ 2284.765923][ T8338] file_thp 0
[ 2284.765923][ T8338] shmem_thp 0
[ 2284.765923][ T8338] inactive_anon 62951424
[ 2284.765923][ T8338] active_anon 172032
[ 2284.765923][ T8338] inactive_file 0
[ 2284.765923][ T8338] active_file 0
[ 2284.765923][ T8338] unevictable 249430016
[ 2284.765923][ T8338] slab_reclaimable 964920
[ 2284.765923][ T8338] slab_unreclaimable 868808
[ 2284.765923][ T8338] slab 1833728
[ 2284.765923][ T8338] workingset_refault_anon 0
[ 2284.765923][ T8338] workingset_refault_file 0
[ 2284.765923][ T8338] workingset_activate_anon 0
[ 2284.765923][ T8338] workingset_activate_file 0
[ 2284.765923][ T8338] workingset_restore_anon 0
[ 2284.765923][ T8338] workingset_restore_file 0
[ 2284.765923][ T8338] workingset_nodereclaim 0
[ 2284.765923][ T8338] pgscan 49
[ 2284.765923][ T8338] pgsteal 49
[ 2284.765923][ T8338] pgscan_kswapd 0
[ 2284.765923][ T8338] pgscan_direct 49
[ 2284.765923][ T8338] pgscan_khugepaged 0
[ 2284.765923][ T8338] pgsteal_kswapd 0
[ 2284.765923][ T8338] pgsteal_direct 49
[ 2284.765923][ T8338] pgsteal_khugepaged 0
[ 2284.765923][ T8338] pgfault 1094134
[ 2284.765923][ T8338] pgmajfault 422
[ 2284.765923][ T8338] pgrefill 150
[ 2284.765923][ T8338] pgactivate 161
[ 2284.765923][ T8338] pgdeactivate 0
[ 2284.765923][ T8338] pglazyfree 0
[ 2284.765923][ T8338] pglazyfreed 0
[ 2284.765923][ T8338] zswpin 0
[ 2284.765923][ T8338] zswpout 0
[ 2284.852278][T27624] usb 6-1: new high-speed USB device number 92 using dummy_hcd
[ 2284.959288][ T8338] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8338,uid=0
[ 2284.976064][ T8338] Memory cgroup out of memory: Killed process 8338 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2285.222292][T27624] usb 6-1: Using ep0 maxpacket: 8
12:17:10 executing program 4:
r0 = socket$inet6(0xa, 0x1, 0x0)
getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, 0x0, 0xffffffffffffffff)

12:17:10 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:10 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='net/netlink\x00')
accept4$vsock_stream(r0, &(0x7f00000004c0)={0x28, 0x0, 0xffffffff, @my=0x1}, 0x10, 0x80800)
sendmsg$IPVS_CMD_GET_INFO(r0, 0x0, 0x0)
socketpair(0x22, 0x40002, 0x1, &(0x7f0000000540))
syz_usb_connect$uac1(0x5, 0xce, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xbc, 0x3, 0x1, 0x1, 0xb0, 0xc1, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x2, 0x6}, [@mixer_unit={0x8, 0x24, 0x4, 0x1, 0x20, "bbf758"}, @input_terminal={0xc, 0x24, 0x2, 0x6, 0x200, 0x1, 0x2, 0x0, 0x6, 0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x28, 0x8000, 0x5, "e2c1739777"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x3, 0x4, 0x8, 0x1, "ae", "cdf7"}, @as_header={0x7, 0x24, 0x1, 0x7f, 0x3, 0x2}]}, {{0x9, 0x5, 0x1, 0x9, 0x1ff, 0x20, 0x2, 0xb1, {0x7, 0x25, 0x1, 0x80, 0x9, 0x8}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x3, 0x2, 0x20, 0x2, "ad65ca"}, @as_header={0x7, 0x24, 0x1, 0x1f, 0x15}, @format_type_i_continuous={0xe, 0x24, 0x2, 0x1, 0x84, 0x3, 0x80, 0x1, "3a11f6", 's3&'}, @format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x8, 0x1, 0xfe, 0x3, "f5"}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x3f, 0x1, 0x8, {0x7, 0x25, 0x1, 0x0, 0x6, 0x40}}}}}}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0xff, 0x7e, 0x2, 0x8, 0x5}, 0x28, &(0x7f0000000140)={0x5, 0xf, 0x28, 0x4, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0xc, 0x20, 0x1, 0xff, 0x401, 0x53}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xa, 0x5d, 0x7, 0x100}, @wireless={0xb, 0x10, 0x1, 0xc, 0x0, 0x1, 0x1f, 0x0, 0x40}]}, 0x4, [{0x99, &(0x7f0000000180)=@string={0x99, 0x3, "da4b98cafcf69b86fa287ccac074aca525e21c1467ad3c42039f04bf6cbe61680e1c927b9b5240d07630071b111b4976bbba95d87eeba22bfd7db0d2397ccfd8ba0a5274b6764691e8b3856aba4632158b5ea2befa8c63c6a3d449e36af13f783120afcde10e3f3e876b0b73f80990b0a4f381caba99876e9ee8705153255a2d7d0965c0d7d456327c8def978b55ab50fee1ab4e9e50f3"}}, {0x8d, &(0x7f0000000240)=@string={0x8d, 0x3, "e3056387fcf5c20aeec9829c7d5631daddd7ccfa62e963b7fa0490e5ebbbef400e8928d40b12a86bf2af087b7204c86be16e205d0f6c43f4d257a251a49fad9c1c44fcc8f45947ab743abf158f4a5258dd1d32fb3404c810e5e407401d8012126bc440c7d836c2d08f407e67e8fc087530b878e6f089c0064a23b6aabb28ef972e748e826f3d222df4e360"}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x480a}}, {0xca, &(0x7f0000000340)=@string={0xca, 0x3, "12e2eaf4c7c71224645e909f98bf655d724936b632d651c171e0cd50449e428a317d44b0d72a3f4e7ec2312698b5b5d1029d814c26b2ae52966f5ac26a7cf2cf452d1ad965534c57c8f6fc300f073e84c98869dc8c988f856a7ad48d3751c1aaf5d8f3fe857111e7a83efc895d173c18c43b6dd9b301cba4fcd08cbcaf58ddf8f1ce78d010459dca5bd982ffa36c3a320faea67b555367d74d0e1fdcfbaf79e4f451f32064d11c7a17608efaf1e3afb894a8f858bc835fb58b5a31e8881d0f6658fac5e6fb06db83"}}]})

12:17:10 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x43, &(0x7f0000000380)={{{@in=@remote, @in=@loopback}}, {{@in6=@empty}, 0x0, @in=@loopback}}, 0xe8)

12:17:10 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x0)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2285.342294][T27624] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 2285.351264][T27624] usb 6-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 2285.361547][T27624] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
12:17:10 executing program 2:
r0 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000200), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$SEG6_CMD_SET_TUNSRC(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r0, 0x1}, 0x14}}, 0x0)

12:17:10 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x6}, 0x1c)

12:17:10 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x4, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}]}]}, 0x2c}}, 0x0)

[ 2285.523321][ T8358] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2285.529308][ T8373] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2285.538421][ T8358] CPU: 0 PID: 8358 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2285.553457][ T8358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2285.563549][ T8358] Call Trace:
[ 2285.566865][ T8358]  <TASK>
[ 2285.569833][ T8358]  dump_stack_lvl+0x136/0x150
[ 2285.574565][ T8358]  dump_header+0x10a/0xd70
[ 2285.579039][ T8358]  oom_kill_process+0x25d/0x600
[ 2285.583956][ T8358]  out_of_memory+0x35c/0x1650
[ 2285.588693][ T8358]  ? find_held_lock+0x2d/0x110
[ 2285.593510][ T8358]  ? oom_killer_disable+0x2b0/0x2b0
[ 2285.598758][ T8358]  ? rcu_read_unlock+0x9/0x60
[ 2285.603480][ T8358]  ? find_held_lock+0x2d/0x110
[ 2285.608298][ T8358]  mem_cgroup_out_of_memory+0x206/0x270
[ 2285.613969][ T8358]  ? mem_cgroup_margin+0x130/0x130
[ 2285.619121][ T8358]  ? lock_downgrade+0x690/0x690
[ 2285.624033][ T8358]  try_charge_memcg+0xf99/0x13a0
[ 2285.629029][ T8358]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2285.635063][ T8358]  ? lock_downgrade+0x690/0x690
[ 2285.639948][ T8358]  ? trace_lock_acquire+0x12d/0x180
[ 2285.645187][ T8358]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2285.650769][ T8358]  ? lock_acquire+0x32/0xc0
[ 2285.655330][ T8358]  charge_memcg+0x90/0x3b0
[ 2285.659798][ T8358]  __mem_cgroup_charge+0x2b/0x90
[ 2285.664785][ T8358]  ? copy_mc_to_kernel+0x3e/0x90
[ 2285.669770][ T8358]  do_wp_page+0x8ac/0x3510
[ 2285.674247][ T8358]  ? lock_sync+0x190/0x190
[ 2285.678705][ T8358]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2285.684123][ T8358]  ? rcu_is_watching+0x12/0xb0
[ 2285.688935][ T8358]  ? do_raw_spin_lock+0x124/0x2b0
[ 2285.694002][ T8358]  ? spin_bug+0x1c0/0x1c0
[ 2285.698370][ T8358]  ? lock_acquire+0x32/0xc0
[ 2285.702904][ T8358]  ? __handle_mm_fault+0x1334/0x4180
[ 2285.708244][ T8358]  __handle_mm_fault+0x1547/0x4180
[ 2285.713414][ T8358]  ? vm_iomap_memory+0x190/0x190
[ 2285.718422][ T8358]  handle_mm_fault+0x2c0/0x9c0
[ 2285.723239][ T8358]  do_user_addr_fault+0x2ed/0x1240
[ 2285.728395][ T8358]  ? rcu_is_watching+0x12/0xb0
[ 2285.733203][ T8358]  exc_page_fault+0x98/0x170
[ 2285.737859][ T8358]  asm_exc_page_fault+0x26/0x30
[ 2285.742787][ T8358] RIP: 0033:0x7f47dd2364bd
[ 2285.747242][ T8358] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2285.766879][ T8358] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2285.772988][ T8358] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000005c0
[ 2285.780983][ T8358] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 00000000b4a86bdd
[ 2285.788978][ T8358] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 00000000b4a86be1
[ 2285.796972][ T8358] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2285.804984][ T8358] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2285.813027][ T8358]  </TASK>
12:17:10 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x4, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}]}]}, 0x2c}}, 0x0)

[ 2285.817677][ T8373] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2285.840315][ T8358] memory: usage 307200kB, limit 307200kB, failcnt 10824
[ 2285.860638][ T8358] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2285.867892][ T8358] Memory cgroup stats for /syz1:
[ 2285.868151][ T8358] anon 147456
[ 2285.868151][ T8358] file 312406016
[ 2285.868151][ T8358] kernel 2019328
[ 2285.868151][ T8358] kernel_stack 65536
[ 2285.868151][ T8358] pagetables 81920
[ 2285.868151][ T8358] sec_pagetables 0
[ 2285.868151][ T8358] percpu 4864
[ 2285.868151][ T8358] sock 0
[ 2285.868151][ T8358] vmalloc 0
[ 2285.868151][ T8358] shmem 312406016
[ 2285.868151][ T8358] zswap 0
[ 2285.868151][ T8358] zswapped 0
[ 2285.868151][ T8358] file_mapped 380928
[ 2285.868151][ T8358] file_dirty 0
[ 2285.868151][ T8358] file_writeback 0
[ 2285.868151][ T8358] swapcached 0
[ 2285.868151][ T8358] anon_thp 0
[ 2285.868151][ T8358] file_thp 0
[ 2285.868151][ T8358] shmem_thp 0
[ 2285.868151][ T8358] inactive_anon 62951424
[ 2285.868151][ T8358] active_anon 172032
[ 2285.868151][ T8358] inactive_file 0
[ 2285.868151][ T8358] active_file 0
[ 2285.868151][ T8358] unevictable 249430016
[ 2285.868151][ T8358] slab_reclaimable 964920
[ 2285.868151][ T8358] slab_unreclaimable 868808
[ 2285.868151][ T8358] slab 1833728
[ 2285.868151][ T8358] workingset_refault_anon 0
[ 2285.868151][ T8358] workingset_refault_file 0
[ 2285.868151][ T8358] workingset_activate_anon 0
[ 2285.868151][ T8358] workingset_activate_file 0
[ 2285.868151][ T8358] workingset_restore_anon 0
[ 2285.868151][ T8358] workingset_restore_file 0
[ 2285.868151][ T8358] workingset_nodereclaim 0
[ 2285.868151][ T8358] pgscan 49
[ 2285.868151][ T8358] pgsteal 49
[ 2285.868151][ T8358] pgscan_kswapd 0
[ 2285.868151][ T8358] pgscan_direct 49
[ 2285.868151][ T8358] pgscan_khugepaged 0
[ 2285.868151][ T8358] pgsteal_kswapd 0
[ 2285.868151][ T8358] pgsteal_direct 49
[ 2285.868151][ T8358] pgsteal_khugepaged 0
[ 2285.868151][ T8358] pgfault 1094195
[ 2285.868151][ T8358] pgmajfault 422
[ 2285.868151][ T8358] pgrefill 150
[ 2285.868151][ T8358] pgactivate 161
[ 2285.868151][ T8358] pgdeactivate 0
[ 2285.868151][ T8358] pglazyfree 0
[ 2285.868151][ T8358] pglazyfreed 0
[ 2285.868151][ T8358] zswpin 0
[ 2285.868151][ T8358] zswpout 0
[ 2285.886166][ T8375] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2286.055578][ T8358] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null)
[ 2286.063935][ T8017] usb 1-1: new high-speed USB device number 52 using dummy_hcd
[ 2286.072493][T27624] usb 6-1: string descriptor 0 read error: -22
[ 2286.082824][ T8375] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2286.090505][ T8358] ,cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8358,uid=0
12:17:10 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x4, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}]}]}, 0x2c}}, 0x0)

[ 2286.119766][T27624] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2286.132276][ T5556] usb 4-1: new high-speed USB device number 76 using dummy_hcd
[ 2286.141401][ T8358] Memory cgroup out of memory: Killed process 8358 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2286.168657][T27624] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2286.190940][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2286.215940][ T8377] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2286.246215][T27624] usb 6-1: 0:2 : does not exist
[ 2286.302437][ T8017] usb 1-1: Using ep0 maxpacket: 16
[ 2286.392219][ T5556] usb 4-1: Using ep0 maxpacket: 8
[ 2286.455036][T27624] usb 6-1: USB disconnect, device number 92
[ 2286.502595][ T8017] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2286.513657][ T5556] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2286.524448][ T8017] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 2286.535220][ T5556] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2286.544603][ T5556] usb 4-1: too many endpoints for config 1 interface 1 altsetting 32: 187, using maximum allowed: 30
[ 2286.556233][ T8017] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 2286.569837][ T5556] usb 4-1: config 1 interface 1 altsetting 32 has 0 endpoint descriptors, different from the interface descriptor's value: 187
[ 2286.583524][ T5556] usb 4-1: config 1 interface 1 has no altsetting 0
[ 2286.622443][ T8017] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2286.742321][ T8017] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2286.751669][ T8017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2286.760095][ T5556] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2286.769587][ T8017] usb 1-1: Product: syz
[ 2286.775456][ T5556] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2286.783820][ T8017] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2286.790913][ T5556] usb 4-1: Product: 䠊
[ 2286.795290][ T8017] usb 1-1: SerialNumber: syz
[ 2286.800270][ T5556] usb 4-1: Manufacturer: ף蝣ૂ짮鲂噽ퟝ頻띣Ӻ믫䃯褎퐨ላ殨꿲笈Ѳ毈满崠氏埒冢龤鲭䐜주姴ꭇ㩴ᖿ䪏塒ᷝגּд჈䀇耝ሒ쑫은㛘탂䂏松ﳨ甈렰觰ۀ⍊ꪶ⢻韯琮芎㵯ⴢ
[ 2286.834143][ T5556] usb 4-1: SerialNumber: 쟇␒幤龐뾘嵥䥲똶혲셑働鹄詂紱끄⫗丿쉾☱떘통鴂䲁눦劮澖쉚籪쿲ⵅ卥坌ー܏萾裉颌薏穪跔儷꫁ﻳ熅㺨觼᝝ᠼ㯄Ƴ꓋탼벌墯컱큸䔐쪝ﾂ沣㈺긏箦单흧ํ꿻凴⃳텤稜怗搜뢯ꢔ壸莼땟媋ᶈ昏縉ۻ菛
12:17:11 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev, 0x7}, 0x1c)

12:17:11 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x0)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:11 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
connect$inet6(r0, &(0x7f0000000000)={0x2, 0x0, 0x0, @empty}, 0x1c)

[ 2287.044484][ T8379] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2287.054942][ T8379] CPU: 0 PID: 8379 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2287.064894][ T8379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2287.074995][ T8379] Call Trace:
[ 2287.078302][ T8379]  <TASK>
[ 2287.081276][ T8379]  dump_stack_lvl+0x136/0x150
[ 2287.085988][ T8379]  dump_header+0x10a/0xd70
[ 2287.090460][ T8379]  oom_kill_process+0x25d/0x600
[ 2287.095356][ T8379]  out_of_memory+0x35c/0x1650
[ 2287.100082][ T8379]  ? find_held_lock+0x2d/0x110
[ 2287.104885][ T8379]  ? oom_killer_disable+0x2b0/0x2b0
[ 2287.110131][ T8379]  ? rcu_read_unlock+0x9/0x60
[ 2287.114845][ T8379]  ? find_held_lock+0x2d/0x110
[ 2287.119678][ T8379]  mem_cgroup_out_of_memory+0x206/0x270
[ 2287.125290][ T8379]  ? mem_cgroup_margin+0x130/0x130
[ 2287.130455][ T8379]  ? lock_downgrade+0x690/0x690
[ 2287.135371][ T8379]  try_charge_memcg+0xf99/0x13a0
[ 2287.140374][ T8379]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2287.146424][ T8379]  ? lock_downgrade+0x690/0x690
[ 2287.151327][ T8379]  ? trace_lock_acquire+0x12d/0x180
[ 2287.156570][ T8379]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2287.162503][ T8379]  ? lock_acquire+0x32/0xc0
[ 2287.167080][ T8379]  charge_memcg+0x90/0x3b0
[ 2287.171579][ T8379]  __mem_cgroup_charge+0x2b/0x90
[ 2287.176584][ T8379]  do_wp_page+0x8ac/0x3510
[ 2287.181089][ T8379]  ? lock_sync+0x190/0x190
[ 2287.185560][ T8379]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2287.191037][ T8379]  ? rcu_is_watching+0x12/0xb0
[ 2287.195851][ T8379]  ? do_raw_spin_lock+0x124/0x2b0
[ 2287.200931][ T8379]  ? spin_bug+0x1c0/0x1c0
[ 2287.205287][ T8379]  ? lock_acquire+0x32/0xc0
[ 2287.209814][ T8379]  ? __handle_mm_fault+0x1334/0x4180
[ 2287.215163][ T8379]  __handle_mm_fault+0x1547/0x4180
[ 2287.220358][ T8379]  ? vm_iomap_memory+0x190/0x190
[ 2287.225380][ T8379]  handle_mm_fault+0x2c0/0x9c0
[ 2287.230181][ T8379]  do_user_addr_fault+0x2ed/0x1240
[ 2287.235336][ T8379]  ? rcu_is_watching+0x12/0xb0
[ 2287.240154][ T8379]  exc_page_fault+0x98/0x170
[ 2287.244786][ T8379]  asm_exc_page_fault+0x26/0x30
[ 2287.249666][ T8379] RIP: 0033:0x7f47dd2395a0
[ 2287.254101][ T8379] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2287.273740][ T8379] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2287.279858][ T8379] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2287.287860][ T8379] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2287.295863][ T8379] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2287.303883][ T8379] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2287.311902][ T8379] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2287.319906][ T8379]  ? build_open_flags+0x76/0x720
[ 2287.325038][ T8379]  </TASK>
[ 2287.346892][T27624] usb 1-1: USB disconnect, device number 52
[ 2287.372300][ T8379] memory: usage 307184kB, limit 307200kB, failcnt 10888
[ 2287.379500][ T8379] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2287.391762][ T8379] Memory cgroup stats for /syz1:
[ 2287.392056][ T8379] anon 131072
[ 2287.392056][ T8379] file 312406016
[ 2287.392056][ T8379] kernel 2019328
[ 2287.392056][ T8379] kernel_stack 65536
[ 2287.392056][ T8379] pagetables 81920
[ 2287.392056][ T8379] sec_pagetables 0
[ 2287.392056][ T8379] percpu 4864
[ 2287.392056][ T8379] sock 0
[ 2287.392056][ T8379] vmalloc 0
[ 2287.392056][ T8379] shmem 312406016
[ 2287.392056][ T8379] zswap 0
[ 2287.392056][ T8379] zswapped 0
[ 2287.392056][ T8379] file_mapped 380928
[ 2287.392056][ T8379] file_dirty 0
[ 2287.392056][ T8379] file_writeback 0
[ 2287.392056][ T8379] swapcached 0
[ 2287.392056][ T8379] anon_thp 0
[ 2287.392056][ T8379] file_thp 0
[ 2287.392056][ T8379] shmem_thp 0
[ 2287.392056][ T8379] inactive_anon 62951424
[ 2287.392056][ T8379] active_anon 155648
[ 2287.392056][ T8379] inactive_file 0
[ 2287.392056][ T8379] active_file 0
[ 2287.392056][ T8379] unevictable 249430016
[ 2287.392056][ T8379] slab_reclaimable 964920
[ 2287.392056][ T8379] slab_unreclaimable 868808
[ 2287.392056][ T8379] slab 1833728
[ 2287.392056][ T8379] workingset_refault_anon 0
[ 2287.392056][ T8379] workingset_refault_file 0
[ 2287.392056][ T8379] workingset_activate_anon 0
[ 2287.392056][ T8379] workingset_activate_file 0
[ 2287.392056][ T8379] workingset_restore_anon 0
[ 2287.392056][ T8379] workingset_restore_file 0
[ 2287.392056][ T8379] workingset_nodereclaim 0
[ 2287.392056][ T8379] pgscan 49
[ 2287.392056][ T8379] pgsteal 49
[ 2287.392056][ T8379] pgscan_kswapd 0
[ 2287.392056][ T8379] pgscan_direct 49
[ 2287.392056][ T8379] pgscan_khugepaged 0
[ 2287.392056][ T8379] pgsteal_kswapd 0
[ 2287.392056][ T8379] pgsteal_direct 49
[ 2287.392056][ T8379] pgsteal_khugepaged 0
[ 2287.392056][ T8379] pgfault 1094248
[ 2287.392056][ T8379] pgmajfault 422
[ 2287.392056][ T8379] pgrefill 150
[ 2287.392056][ T8379] pgactivate 161
[ 2287.392056][ T8379] pgdeactivate 0
[ 2287.392056][ T8379] pglazyfree 0
[ 2287.392056][ T8379] pglazyfreed 0
[ 2287.392056][ T8379] zswpin 0
[ 2287.392056][ T8379] zswpout 0
[ 2287.432512][ T5556] usb 4-1: 0:2 : does not exist
[ 2287.584937][ T8379] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8379,uid=0
[ 2287.612572][ T8379] Memory cgroup out of memory: Killed process 8379 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2287.672037][ T5556] usb 4-1: USB disconnect, device number 76
12:17:12 executing program 0:
syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:12 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x4, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}]}]}, 0x2c}}, 0x0)

12:17:12 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(0x0, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:12 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000000)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @private1, @loopback, 0x0, 0x0, 0xfffffffa}})

12:17:12 executing program 3:
accept4$vsock_stream(0xffffffffffffffff, &(0x7f00000004c0)={0x28, 0x0, 0x0, @my=0x1}, 0x10, 0x0)
syz_usb_connect$uac1(0x5, 0x71, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x20, 0x0, 0xb1, {0x7, 0x25, 0x1, 0x80, 0x9}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x6}}}}}}}]}}, &(0x7f0000000440)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x0, 0xff, 0x0, 0x2}, 0x0, 0x0})

12:17:12 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x30, 0x3, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x8}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}]}]}, 0x30}}, 0x0)

[ 2288.129912][ T8385] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2288.146128][ T8385] CPU: 0 PID: 8385 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2288.155996][ T8385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2288.166092][ T8385] Call Trace:
[ 2288.169404][ T8385]  <TASK>
[ 2288.172383][ T8385]  dump_stack_lvl+0x136/0x150
[ 2288.177131][ T8385]  dump_header+0x10a/0xd70
[ 2288.181649][ T8385]  oom_kill_process+0x25d/0x600
[ 2288.186583][ T8385]  out_of_memory+0x35c/0x1650
[ 2288.191330][ T8385]  ? find_held_lock+0x2d/0x110
[ 2288.196146][ T8385]  ? oom_killer_disable+0x2b0/0x2b0
[ 2288.201408][ T8385]  ? rcu_read_unlock+0x9/0x60
[ 2288.206131][ T8385]  ? find_held_lock+0x2d/0x110
[ 2288.210951][ T8385]  mem_cgroup_out_of_memory+0x206/0x270
[ 2288.216557][ T8385]  ? mem_cgroup_margin+0x130/0x130
[ 2288.221716][ T8385]  ? lock_downgrade+0x690/0x690
[ 2288.226645][ T8385]  try_charge_memcg+0xf99/0x13a0
[ 2288.231655][ T8385]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2288.237731][ T8385]  ? lock_downgrade+0x690/0x690
[ 2288.242640][ T8385]  ? trace_lock_acquire+0x12d/0x180
[ 2288.247892][ T8385]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2288.253493][ T8385]  ? lock_acquire+0x32/0xc0
[ 2288.258067][ T8385]  charge_memcg+0x90/0x3b0
[ 2288.262574][ T8385]  __mem_cgroup_charge+0x2b/0x90
[ 2288.267579][ T8385]  do_wp_page+0x8ac/0x3510
[ 2288.272076][ T8385]  ? lock_sync+0x190/0x190
[ 2288.276556][ T8385]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2288.281990][ T8385]  ? rcu_is_watching+0x12/0xb0
[ 2288.286798][ T8385]  ? do_raw_spin_lock+0x124/0x2b0
[ 2288.291975][ T8385]  ? spin_bug+0x1c0/0x1c0
[ 2288.296341][ T8385]  ? lock_acquire+0x32/0xc0
[ 2288.300877][ T8385]  ? __handle_mm_fault+0x1334/0x4180
[ 2288.306226][ T8385]  __handle_mm_fault+0x1547/0x4180
[ 2288.311427][ T8385]  ? vm_iomap_memory+0x190/0x190
[ 2288.316435][ T8385]  handle_mm_fault+0x2c0/0x9c0
[ 2288.321251][ T8385]  do_user_addr_fault+0x2ed/0x1240
[ 2288.326414][ T8385]  ? rcu_is_watching+0x12/0xb0
[ 2288.331224][ T8385]  exc_page_fault+0x98/0x170
[ 2288.335866][ T8385]  asm_exc_page_fault+0x26/0x30
[ 2288.340748][ T8385] RIP: 0033:0x7f47dd2395a0
[ 2288.345186][ T8385] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2288.364906][ T8385] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2288.370999][ T8385] RAX: 000000000aabd42b RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2288.378990][ T8385] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090febb2
[ 2288.386980][ T8385] RBP: 000000000aabd42b R08: 000000000000142b R09: 000000000aabd42f
[ 2288.394972][ T8385] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2288.402964][ T8385] R13: 0000000000000001 R14: 0000000000000001 R15: ffffffff81e3ed13
[ 2288.410980][ T8385]  ? __x64_sys_openat+0x183/0x1f0
[ 2288.416085][ T8385]  </TASK>
12:17:13 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, 0x3, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x8}]}, @CTA_TUPLE_REPLY={0x4}]}, 0x24}}, 0x0)

[ 2288.433760][ T1216] ieee802154 phy0 wpan0: encryption failed: -22
[ 2288.440121][ T1216] ieee802154 phy1 wpan1: encryption failed: -22
[ 2288.445074][ T8396] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2288.446560][ T8385] memory: usage 307184kB, limit 307200kB, failcnt 10944
[ 2288.485751][ T8396] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[ 2288.486290][ T8385] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2288.502585][ T8385] Memory cgroup stats for /syz1:
[ 2288.502868][ T8385] anon 118784
[ 2288.502868][ T8385] file 312406016
[ 2288.502868][ T8385] kernel 2019328
[ 2288.502868][ T8385] kernel_stack 65536
[ 2288.502868][ T8385] pagetables 81920
[ 2288.502868][ T8385] sec_pagetables 0
[ 2288.502868][ T8385] percpu 4864
[ 2288.502868][ T8385] sock 0
[ 2288.502868][ T8385] vmalloc 0
[ 2288.502868][ T8385] shmem 312406016
[ 2288.502868][ T8385] zswap 0
[ 2288.502868][ T8385] zswapped 0
[ 2288.502868][ T8385] file_mapped 380928
[ 2288.502868][ T8385] file_dirty 0
[ 2288.502868][ T8385] file_writeback 0
[ 2288.502868][ T8385] swapcached 0
[ 2288.502868][ T8385] anon_thp 0
[ 2288.502868][ T8385] file_thp 0
[ 2288.502868][ T8385] shmem_thp 0
[ 2288.502868][ T8385] inactive_anon 62951424
[ 2288.502868][ T8385] active_anon 143360
[ 2288.502868][ T8385] inactive_file 0
[ 2288.502868][ T8385] active_file 0
[ 2288.502868][ T8385] unevictable 249430016
[ 2288.502868][ T8385] slab_reclaimable 964920
[ 2288.502868][ T8385] slab_unreclaimable 868808
[ 2288.502868][ T8385] slab 1833728
[ 2288.502868][ T8385] workingset_refault_anon 0
[ 2288.502868][ T8385] workingset_refault_file 0
[ 2288.502868][ T8385] workingset_activate_anon 0
[ 2288.502868][ T8385] workingset_activate_file 0
[ 2288.502868][ T8385] workingset_restore_anon 0
[ 2288.502868][ T8385] workingset_restore_file 0
[ 2288.502868][ T8385] workingset_nodereclaim 0
[ 2288.502868][ T8385] pgscan 49
[ 2288.502868][ T8385] pgsteal 49
[ 2288.502868][ T8385] pgscan_kswapd 0
[ 2288.502868][ T8385] pgscan_direct 49
[ 2288.502868][ T8385] pgscan_khugepaged 0
[ 2288.502868][ T8385] pgsteal_kswapd 0
[ 2288.502868][ T8385] pgsteal_direct 49
[ 2288.502868][ T8385] pgsteal_khugepaged 0
[ 2288.502868][ T8385] pgfault 1094297
[ 2288.502868][ T8385] pgmajfault 422
[ 2288.502868][ T8385] pgrefill 150
[ 2288.502868][ T8385] pgactivate 161
[ 2288.502868][ T8385] pgdeactivate 0
[ 2288.502868][ T8385] pglazyfree 0
[ 2288.502868][ T8385] pglazyfreed 0
[ 2288.502868][ T8385] zswpin 0
12:17:13 executing program 4:
syz_mount_image$vfat(&(0x7f00000001c0), &(0x7f00000000c0)='./bus\x00', 0x0, &(0x7f0000000200)={[{@utf8no}, {@uni_xlateno}, {@fat=@codepage={'codepage', 0x3d, '874'}}, {@shortname_lower}, {@fat=@nfs}, {@iocharset={'iocharset', 0x3d, 'macroman'}}, {@shortname_mixed}, {@shortname_winnt}, {@shortname_win95}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'cp1251'}}, {@numtail}, {@rodir}]}, 0x1, 0x220, &(0x7f00000002c0)="$eJzs3TFrU10YB/Anb9vXWpB0EIoieMXFKbQVRyFFKogBQcmgk8WmKE0sGAjo0NbJL6GDX0BHV8FBXP0CIkgVXOzWQYjUGxobUpvStLeY32/JA/f5555zAjlkyLl3z9QW55fqC+vrazE6movhYhRjIxfj8V8MRWo1AIB/yUazGT+aqazHAgAcDvs/AAye7vv/y46uyyOHPS4A4OD4/Q8Ag+fW7TvXZ0ql2ZtJMhpRe9YoN8rpa3p9ZiEeRDUqMRn5+BnR3JLWV6+VZieTTV/Ho1xbaeVXGuWh7fmpyMd49/xUktqeH4mxVv7TWFRiOvJxsnt+umv+/7hw/o/7FyIfH+/FUlRjPjaz7fzyVJJcuVHqyB/73QcAAAAAAAAAAAAAAAAAAAAAAAehkGzpen5PobDT9TTf+/lAnefzDMfp4WznDgAAAAAAAAAAAAAAAAAAAEdF/fGTxblqtfLob8XDD6/e7dbTY5Fr3Xe/77P/4sS5L8937nna8/rkViP6OrC3Z/s95aHo+xq+X7t/6mJ94lKWn+Beiu/56P8ipMXrIzHBXYuJF8W5N8ufv/WayvBLCQAAAAAAAAAAAAAAAAAABlT7T79ZjwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAstN+/v+ei+O9Nmc9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+BUAAP//iIOltA==")
mknod$loop(&(0x7f0000000000)='./bus\x00', 0x0, 0x1)

12:17:13 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

[ 2288.502868][ T8385] zswpout 0
[ 2288.582276][ T5556] usb 4-1: new high-speed USB device number 77 using dummy_hcd
[ 2288.696237][ T8385] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8385,uid=0
[ 2288.712277][ T8385] Memory cgroup out of memory: Killed process 8385 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:17:13 executing program 4:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x18, 0x2, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_FILTER={0x4}]}, 0x18}}, 0x0)

12:17:13 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:13 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @mcast1={0x0}}, 0x1c)

12:17:13 executing program 0:
syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:13 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(0x0, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:13 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:13 executing program 2:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0)=[{{}, {0x0, 0x1}}, {{}, {0x0, 0x0, 0x1}}, {{}, {0x2}}], 0x18)
bind$can_raw(r0, &(0x7f00000001c0), 0x10)

[ 2289.122246][ T5556] usb 4-1: Using ep0 maxpacket: 8
[ 2289.174978][ T8411] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2289.189343][ T8411] CPU: 1 PID: 8411 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2289.199210][ T8411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2289.209288][ T8411] Call Trace:
[ 2289.212598][ T8411]  <TASK>
[ 2289.215570][ T8411]  dump_stack_lvl+0x136/0x150
[ 2289.220324][ T8411]  dump_header+0x10a/0xd70
[ 2289.224798][ T8411]  oom_kill_process+0x25d/0x600
[ 2289.229720][ T8411]  out_of_memory+0x35c/0x1650
[ 2289.234487][ T8411]  ? find_held_lock+0x2d/0x110
[ 2289.239304][ T8411]  ? oom_killer_disable+0x2b0/0x2b0
[ 2289.242599][ T5556] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[ 2289.244537][ T8411]  ? rcu_read_unlock+0x9/0x60
[ 2289.257743][ T5556] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[ 2289.257925][ T8411]  ? find_held_lock+0x2d/0x110
[ 2289.257975][ T8411]  mem_cgroup_out_of_memory+0x206/0x270
[ 2289.270792][ T5556] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2289.272915][ T8411]  ? mem_cgroup_margin+0x130/0x130
[ 2289.272960][ T8411]  ? lock_downgrade+0x690/0x690
[ 2289.273025][ T8411]  try_charge_memcg+0xf99/0x13a0
[ 2289.273083][ T8411]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2289.308534][ T8411]  ? lock_downgrade+0x690/0x690
[ 2289.313470][ T8411]  ? trace_lock_acquire+0x12d/0x180
[ 2289.318716][ T8411]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2289.324299][ T8411]  ? lock_acquire+0x32/0xc0
[ 2289.328842][ T8411]  charge_memcg+0x90/0x3b0
[ 2289.333306][ T8411]  __mem_cgroup_charge+0x2b/0x90
[ 2289.338298][ T8411]  do_wp_page+0x8ac/0x3510
[ 2289.342772][ T8411]  ? lock_sync+0x190/0x190
[ 2289.347239][ T8411]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2289.352676][ T8411]  ? rcu_is_watching+0x12/0xb0
[ 2289.357498][ T8411]  ? do_raw_spin_lock+0x124/0x2b0
[ 2289.362565][ T8411]  ? spin_bug+0x1c0/0x1c0
[ 2289.366931][ T8411]  ? lock_acquire+0x32/0xc0
[ 2289.371483][ T8411]  ? __handle_mm_fault+0x1334/0x4180
[ 2289.376819][ T8411]  __handle_mm_fault+0x1547/0x4180
[ 2289.381989][ T8411]  ? vm_iomap_memory+0x190/0x190
[ 2289.386993][ T8411]  handle_mm_fault+0x2c0/0x9c0
[ 2289.391805][ T8411]  do_user_addr_fault+0x2ed/0x1240
[ 2289.396965][ T8411]  ? rcu_is_watching+0x12/0xb0
[ 2289.401772][ T8411]  exc_page_fault+0x98/0x170
[ 2289.406410][ T8411]  asm_exc_page_fault+0x26/0x30
[ 2289.411308][ T8411] RIP: 0033:0x7f47dd2395a0
[ 2289.415746][ T8411] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2289.435392][ T8411] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2289.441513][ T8411] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2289.449613][ T8411] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2289.457603][ T8411] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2289.465592][ T8411] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2289.473579][ T8411] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2289.481571][ T8411]  ? build_open_flags+0x76/0x720
[ 2289.486591][ T8411]  </TASK>
[ 2289.501897][ T8411] memory: usage 307200kB, limit 307200kB, failcnt 11001
[ 2289.509330][ T8411] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2289.516865][ T8411] Memory cgroup stats for /syz1:
[ 2289.517148][ T8411] anon 131072
[ 2289.517148][ T8411] file 312406016
[ 2289.517148][ T8411] kernel 2035712
[ 2289.517148][ T8411] kernel_stack 65536
[ 2289.517148][ T8411] pagetables 81920
[ 2289.517148][ T8411] sec_pagetables 0
[ 2289.517148][ T8411] percpu 4928
[ 2289.517148][ T8411] sock 0
[ 2289.517148][ T8411] vmalloc 0
[ 2289.517148][ T8411] shmem 312406016
[ 2289.517148][ T8411] zswap 0
[ 2289.517148][ T8411] zswapped 0
[ 2289.517148][ T8411] file_mapped 380928
[ 2289.517148][ T8411] file_dirty 0
[ 2289.517148][ T8411] file_writeback 0
[ 2289.517148][ T8411] swapcached 0
[ 2289.517148][ T8411] anon_thp 0
[ 2289.517148][ T8411] file_thp 0
[ 2289.517148][ T8411] shmem_thp 0
[ 2289.517148][ T8411] inactive_anon 62951424
[ 2289.517148][ T8411] active_anon 155648
[ 2289.517148][ T8411] inactive_file 0
[ 2289.517148][ T8411] active_file 0
[ 2289.517148][ T8411] unevictable 249430016
[ 2289.517148][ T8411] slab_reclaimable 964920
[ 2289.517148][ T8411] slab_unreclaimable 880720
[ 2289.517148][ T8411] slab 1845640
[ 2289.517148][ T8411] workingset_refault_anon 0
[ 2289.517148][ T8411] workingset_refault_file 0
[ 2289.517148][ T8411] workingset_activate_anon 0
[ 2289.517148][ T8411] workingset_activate_file 0
[ 2289.517148][ T8411] workingset_restore_anon 0
[ 2289.517148][ T8411] workingset_restore_file 0
[ 2289.517148][ T8411] workingset_nodereclaim 0
[ 2289.517148][ T8411] pgscan 49
[ 2289.517148][ T8411] pgsteal 49
[ 2289.517148][ T8411] pgscan_kswapd 0
[ 2289.517148][ T8411] pgscan_direct 49
[ 2289.517148][ T8411] pgscan_khugepaged 0
[ 2289.517148][ T8411] pgsteal_kswapd 0
[ 2289.517148][ T8411] pgsteal_direct 49
[ 2289.517148][ T8411] pgsteal_khugepaged 0
[ 2289.517148][ T8411] pgfault 1094350
[ 2289.517148][ T8411] pgmajfault 422
[ 2289.517148][ T8411] pgrefill 150
[ 2289.517148][ T8411] pgactivate 161
[ 2289.517148][ T8411] pgdeactivate 0
[ 2289.517148][ T8411] pglazyfree 0
[ 2289.517148][ T8411] pglazyfreed 0
[ 2289.517148][ T8411] zswpin 0
[ 2289.517148][ T8411] zswpout 0
[ 2289.710093][ T8411] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8411,uid=0
[ 2289.728246][ T8411] Memory cgroup out of memory: Killed process 8411 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2289.802599][ T5556] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2289.811676][ T5556] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2289.826657][ T5556] usb 4-1: Product: syz
[ 2289.830852][ T5556] usb 4-1: Manufacturer: syz
[ 2289.836630][ T5556] usb 4-1: SerialNumber: syz
[ 2290.172438][ T5556] usb 4-1: 0:2 : does not exist
[ 2290.193928][ T5556] usb 4-1: USB disconnect, device number 77
12:17:15 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f00000001c0)=ANY=[@ANYBLOB="b00100000201030000000000000000000a000000080008400000007f08001540000000033c0018800800014000000007080003400745367508000140000000070800014000000003080003400000d28b08000340000800000800014000008001a800028006000340000000002c0001"], 0x1b0}}, 0x0)

12:17:15 executing program 4:
r0 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x8971, &(0x7f0000000080)={'ip6_vti0\x00', 0x0})

12:17:15 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:15 executing program 2:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x30, 0x3, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_FILTER={0xc, 0x19, 0x0, 0x1, [@CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0x8}]}, @CTA_TUPLE_REPLY={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x30}}, 0x0)

12:17:15 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(0x0, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:15 executing program 0:
syz_usb_connect$printer(0x0, 0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:15 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000002580)=ANY=[@ANYBLOB="611578000000000061134c0000000000bfa00000000000000700000008ffffffd50301000000000095000000000000006916000000000000bf67000000000000350607000fff07201706000020000000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f674629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5480a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead00"/1474], &(0x7f0000000100)='GPL\x00'}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)

[ 2290.736976][ T8432] syz-executor.1 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2290.780795][ T8432] CPU: 1 PID: 8432 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2290.790680][ T8432] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2290.800788][ T8432] Call Trace:
[ 2290.804102][ T8432]  <TASK>
[ 2290.807069][ T8432]  dump_stack_lvl+0x136/0x150
[ 2290.811822][ T8432]  dump_header+0x10a/0xd70
[ 2290.816306][ T8432]  oom_kill_process+0x25d/0x600
[ 2290.821222][ T8432]  out_of_memory+0x35c/0x1650
[ 2290.825968][ T8432]  ? find_held_lock+0x2d/0x110
[ 2290.830787][ T8432]  ? oom_killer_disable+0x2b0/0x2b0
[ 2290.836062][ T8432]  ? rcu_read_unlock+0x9/0x60
[ 2290.840788][ T8432]  ? find_held_lock+0x2d/0x110
[ 2290.845610][ T8432]  mem_cgroup_out_of_memory+0x206/0x270
[ 2290.851206][ T8432]  ? mem_cgroup_margin+0x130/0x130
[ 2290.856369][ T8432]  ? lock_downgrade+0x690/0x690
[ 2290.861299][ T8432]  try_charge_memcg+0xf99/0x13a0
[ 2290.866313][ T8432]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2290.872397][ T8432]  ? get_mem_cgroup_from_objcg+0xa1/0x280
[ 2290.878180][ T8432]  ? lock_downgrade+0x690/0x690
[ 2290.883087][ T8432]  ? trace_lock_acquire+0x12d/0x180
[ 2290.888341][ T8432]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2290.894216][ T8432]  ? lock_acquire+0x32/0xc0
[ 2290.898800][ T8432]  obj_cgroup_charge+0x2af/0x5e0
[ 2290.903831][ T8432]  ? __alloc_file+0x21/0x270
[ 2290.908455][ T8432]  kmem_cache_alloc+0xb1/0x3b0
[ 2290.913276][ T8432]  __alloc_file+0x21/0x270
[ 2290.917727][ T8432]  alloc_empty_file+0x71/0x190
[ 2290.922542][ T8432]  path_openat+0xe6/0x2750
[ 2290.927000][ T8432]  ? find_held_lock+0x2d/0x110
[ 2290.931917][ T8432]  ? path_lookupat+0x840/0x840
[ 2290.936741][ T8432]  do_filp_open+0x1ba/0x410
[ 2290.941296][ T8432]  ? may_open_dev+0xf0/0xf0
[ 2290.945844][ T8432]  ? find_held_lock+0x2d/0x110
[ 2290.950658][ T8432]  ? alloc_fd+0x2e4/0x750
[ 2290.955050][ T8432]  ? do_raw_spin_lock+0x124/0x2b0
[ 2290.960144][ T8432]  ? spin_bug+0x1c0/0x1c0
[ 2290.964538][ T8432]  ? _raw_spin_unlock+0x28/0x40
[ 2290.969436][ T8432]  ? alloc_fd+0x2e4/0x750
[ 2290.973909][ T8432]  do_sys_openat2+0x16d/0x4c0
[ 2290.978629][ T8432]  ? build_open_flags+0x720/0x720
[ 2290.983710][ T8432]  __x64_sys_openat+0x143/0x1f0
[ 2290.988608][ T8432]  ? __ia32_sys_open+0x1c0/0x1c0
[ 2290.993600][ T8432]  ? syscall_enter_from_user_mode+0x26/0x80
[ 2290.999539][ T8432]  do_syscall_64+0x39/0xb0
[ 2291.003997][ T8432]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2291.009926][ T8432] RIP: 0033:0x7f47dd28c0f9
[ 2291.014371][ T8432] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2291.034008][ T8432] RSP: 002b:00007f47de072168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 2291.042460][ T8432] RAX: ffffffffffffffda RBX: 00007f47dd3abf80 RCX: 00007f47dd28c0f9
[ 2291.050460][ T8432] RDX: 0000000000000802 RSI: 0000000020000200 RDI: ffffffffffffff9c
[ 2291.058720][ T8432] RBP: 00007f47dd2e7b39 R08: 0000000000000000 R09: 0000000000000000
[ 2291.066727][ T8432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2291.074733][ T8432] R13: 00007ffdbc005ebf R14: 00007f47de072300 R15: 0000000000022000
[ 2291.082859][ T8432]  </TASK>
12:17:15 executing program 5:
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

[ 2291.110139][ T8434] netlink: 168 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2291.120345][ T8434] netlink: 112 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2291.136642][ T8434] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2291.149391][ T8432] memory: usage 307168kB, limit 307200kB, failcnt 11080
12:17:15 executing program 3:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$FUSE(r0, &(0x7f0000002880)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x204d)
sched_getaffinity(r1, 0x8, &(0x7f0000000040))

12:17:16 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x201, 0x0)
write$FUSE_LSEEK(r0, 0x0, 0x0)

[ 2291.156834][ T8434] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'.
[ 2291.173958][ T8432] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2291.239419][ T8432] Memory cgroup stats for /syz1:
[ 2291.239714][ T8432] anon 118784
[ 2291.239714][ T8432] file 312406016
[ 2291.239714][ T8432] kernel 2048000
[ 2291.239714][ T8432] kernel_stack 65536
[ 2291.239714][ T8432] pagetables 81920
[ 2291.239714][ T8432] sec_pagetables 0
[ 2291.239714][ T8432] percpu 4864
[ 2291.239714][ T8432] sock 0
[ 2291.239714][ T8432] vmalloc 0
[ 2291.239714][ T8432] shmem 312406016
[ 2291.239714][ T8432] zswap 0
[ 2291.239714][ T8432] zswapped 0
[ 2291.239714][ T8432] file_mapped 380928
[ 2291.239714][ T8432] file_dirty 0
[ 2291.239714][ T8432] file_writeback 0
[ 2291.239714][ T8432] swapcached 0
[ 2291.239714][ T8432] anon_thp 0
[ 2291.239714][ T8432] file_thp 0
[ 2291.239714][ T8432] shmem_thp 0
[ 2291.239714][ T8432] inactive_anon 62951424
[ 2291.239714][ T8432] active_anon 143360
[ 2291.239714][ T8432] inactive_file 0
[ 2291.239714][ T8432] active_file 0
[ 2291.239714][ T8432] unevictable 249430016
[ 2291.239714][ T8432] slab_reclaimable 964920
[ 2291.239714][ T8432] slab_unreclaimable 877032
[ 2291.239714][ T8432] slab 1841952
[ 2291.239714][ T8432] workingset_refault_anon 0
[ 2291.239714][ T8432] workingset_refault_file 0
[ 2291.239714][ T8432] workingset_activate_anon 0
[ 2291.239714][ T8432] workingset_activate_file 0
[ 2291.239714][ T8432] workingset_restore_anon 0
[ 2291.239714][ T8432] workingset_restore_file 0
[ 2291.239714][ T8432] workingset_nodereclaim 0
[ 2291.239714][ T8432] pgscan 49
[ 2291.239714][ T8432] pgsteal 49
[ 2291.239714][ T8432] pgscan_kswapd 0
[ 2291.239714][ T8432] pgscan_direct 49
[ 2291.239714][ T8432] pgscan_khugepaged 0
[ 2291.239714][ T8432] pgsteal_kswapd 0
[ 2291.239714][ T8432] pgsteal_direct 49
[ 2291.239714][ T8432] pgsteal_khugepaged 0
[ 2291.239714][ T8432] pgfault 1094394
[ 2291.239714][ T8432] pgmajfault 422
[ 2291.239714][ T8432] pgrefill 150
[ 2291.239714][ T8432] pgactivate 161
[ 2291.239714][ T8432] pgdeactivate 0
[ 2291.239714][ T8432] pglazyfree 0
[ 2291.239714][ T8432] pglazyfreed 0
[ 2291.239714][ T8432] zswpin 0
[ 2291.239714][ T8432] zswpout 0
12:17:16 executing program 5:
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:16 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:16 executing program 3:
semctl$IPC_INFO(0xffffffffffffffff, 0x3, 0x3, &(0x7f0000000040)=""/32)

12:17:16 executing program 2:
r0 = msgget$private(0x0, 0x0)
msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000080)=""/158)

[ 2291.427852][ T8432] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8422,uid=0
12:17:16 executing program 5:
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

[ 2291.498677][ T8432] Memory cgroup out of memory: Killed process 8422 (syz-executor.1) total-vm:54672kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:17:16 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x0)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:16 executing program 3:
setreuid(0x0, 0xee00)
setreuid(0x0, 0x0)

12:17:16 executing program 2:
setreuid(0x0, 0xee00)
r0 = semget(0x0, 0x0, 0x0)
semctl$IPC_STAT(r0, 0x0, 0x2, 0x0)

12:17:16 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000002580)=ANY=[@ANYBLOB="611578000000000061134c0000000000bfa00000000000000700000008ffffffd50301000000000095000000000000006916000000000000bf67000000000000350607000fff07201706000020000000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f674629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5480a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead00"/1474], &(0x7f0000000100)='GPL\x00'}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)

12:17:16 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:16 executing program 3:
mq_open(&(0x7f0000000440)='net_prio.ifpriomap\x00', 0x0, 0x100, 0x0)

12:17:16 executing program 2:
msgget(0x0, 0x2a0)

12:17:16 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

[ 2291.756047][ T8455] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2291.783253][ T8455] CPU: 1 PID: 8455 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2291.793149][ T8455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2291.803277][ T8455] Call Trace:
[ 2291.806608][ T8455]  <TASK>
[ 2291.809581][ T8455]  dump_stack_lvl+0x136/0x150
[ 2291.814343][ T8455]  dump_header+0x10a/0xd70
[ 2291.818841][ T8455]  oom_kill_process+0x25d/0x600
[ 2291.823779][ T8455]  out_of_memory+0x35c/0x1650
[ 2291.828542][ T8455]  ? find_held_lock+0x2d/0x110
[ 2291.833369][ T8455]  ? oom_killer_disable+0x2b0/0x2b0
[ 2291.838742][ T8455]  ? rcu_read_unlock+0x9/0x60
[ 2291.843479][ T8455]  ? find_held_lock+0x2d/0x110
[ 2291.848412][ T8455]  mem_cgroup_out_of_memory+0x206/0x270
[ 2291.854023][ T8455]  ? mem_cgroup_margin+0x130/0x130
[ 2291.859197][ T8455]  ? lock_downgrade+0x690/0x690
[ 2291.864136][ T8455]  try_charge_memcg+0xf99/0x13a0
[ 2291.869157][ T8455]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2291.875225][ T8455]  ? lock_downgrade+0x690/0x690
[ 2291.880149][ T8455]  ? trace_lock_acquire+0x12d/0x180
[ 2291.885421][ T8455]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2291.891029][ T8455]  ? lock_acquire+0x32/0xc0
[ 2291.895613][ T8455]  charge_memcg+0x90/0x3b0
[ 2291.900107][ T8455]  __mem_cgroup_charge+0x2b/0x90
[ 2291.905119][ T8455]  do_wp_page+0x8ac/0x3510
[ 2291.909620][ T8455]  ? lock_sync+0x190/0x190
[ 2291.914099][ T8455]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2291.919541][ T8455]  ? rcu_is_watching+0x12/0xb0
[ 2291.924388][ T8455]  ? do_raw_spin_lock+0x124/0x2b0
[ 2291.929482][ T8455]  ? spin_bug+0x1c0/0x1c0
[ 2291.933890][ T8455]  ? lock_acquire+0x32/0xc0
[ 2291.938455][ T8455]  ? __handle_mm_fault+0x1334/0x4180
[ 2291.943831][ T8455]  __handle_mm_fault+0x1547/0x4180
[ 2291.949222][ T8455]  ? vm_iomap_memory+0x190/0x190
[ 2291.954274][ T8455]  handle_mm_fault+0x2c0/0x9c0
[ 2291.959128][ T8455]  do_user_addr_fault+0x2ed/0x1240
[ 2291.964313][ T8455]  ? rcu_is_watching+0x12/0xb0
[ 2291.969152][ T8455]  exc_page_fault+0x98/0x170
[ 2291.973825][ T8455]  asm_exc_page_fault+0x26/0x30
[ 2291.978745][ T8455] RIP: 0033:0x7f47dd2395a0
[ 2291.983202][ T8455] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2292.002870][ T8455] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2292.008993][ T8455] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2292.017030][ T8455] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2292.025047][ T8455] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2292.033072][ T8455] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2292.041090][ T8455] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2292.049111][ T8455]  ? build_open_flags+0x76/0x720
[ 2292.054141][ T8455]  </TASK>
[ 2292.060650][T27900] usb 1-1: new high-speed USB device number 53 using dummy_hcd
[ 2292.087541][ T8455] memory: usage 307184kB, limit 307200kB, failcnt 11191
[ 2292.097264][ T8455] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2292.104896][ T8455] Memory cgroup stats for /syz1:
[ 2292.105189][ T8455] anon 131072
[ 2292.105189][ T8455] file 312406016
[ 2292.105189][ T8455] kernel 2019328
[ 2292.105189][ T8455] kernel_stack 65536
[ 2292.105189][ T8455] pagetables 81920
[ 2292.105189][ T8455] sec_pagetables 0
[ 2292.105189][ T8455] percpu 4864
[ 2292.105189][ T8455] sock 0
[ 2292.105189][ T8455] vmalloc 0
[ 2292.105189][ T8455] shmem 312406016
[ 2292.105189][ T8455] zswap 0
[ 2292.105189][ T8455] zswapped 0
[ 2292.105189][ T8455] file_mapped 380928
[ 2292.105189][ T8455] file_dirty 0
[ 2292.105189][ T8455] file_writeback 0
[ 2292.105189][ T8455] swapcached 0
[ 2292.105189][ T8455] anon_thp 0
[ 2292.105189][ T8455] file_thp 0
[ 2292.105189][ T8455] shmem_thp 0
[ 2292.105189][ T8455] inactive_anon 62951424
[ 2292.105189][ T8455] active_anon 155648
[ 2292.105189][ T8455] inactive_file 0
[ 2292.105189][ T8455] active_file 0
[ 2292.105189][ T8455] unevictable 249430016
[ 2292.105189][ T8455] slab_reclaimable 964920
[ 2292.105189][ T8455] slab_unreclaimable 868808
[ 2292.105189][ T8455] slab 1833728
[ 2292.105189][ T8455] workingset_refault_anon 0
[ 2292.105189][ T8455] workingset_refault_file 0
[ 2292.105189][ T8455] workingset_activate_anon 0
[ 2292.105189][ T8455] workingset_activate_file 0
[ 2292.105189][ T8455] workingset_restore_anon 0
[ 2292.105189][ T8455] workingset_restore_file 0
[ 2292.105189][ T8455] workingset_nodereclaim 0
[ 2292.105189][ T8455] pgscan 49
[ 2292.105189][ T8455] pgsteal 49
[ 2292.105189][ T8455] pgscan_kswapd 0
[ 2292.105189][ T8455] pgscan_direct 49
[ 2292.105189][ T8455] pgscan_khugepaged 0
[ 2292.105189][ T8455] pgsteal_kswapd 0
[ 2292.105189][ T8455] pgsteal_direct 49
[ 2292.105189][ T8455] pgsteal_khugepaged 0
[ 2292.105189][ T8455] pgfault 1094447
[ 2292.105189][ T8455] pgmajfault 422
[ 2292.105189][ T8455] pgrefill 150
[ 2292.105189][ T8455] pgactivate 161
[ 2292.105189][ T8455] pgdeactivate 0
[ 2292.105189][ T8455] pglazyfree 0
[ 2292.105189][ T8455] pglazyfreed 0
[ 2292.105189][ T8455] zswpin 0
[ 2292.105189][ T8455] zswpout 0
[ 2292.332576][ T8455] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8455,uid=0
[ 2292.355533][ T8455] Memory cgroup out of memory: Killed process 8455 (syz-executor.1) total-vm:54540kB, anon-rss:432kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2292.502241][T27900] usb 1-1: Using ep0 maxpacket: 16
[ 2292.658215][T27900] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2292.673986][T27900] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 2292.701093][T27900] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 2292.782330][T27900] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2292.922309][T27900] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2292.931493][T27900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2292.939914][T27900] usb 1-1: Product: syz
[ 2292.944473][T27900] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2292.951504][T27900] usb 1-1: SerialNumber: syz
[ 2293.214495][T27900] usb 1-1: USB disconnect, device number 53
12:17:18 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:18 executing program 3:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x8101, 0x0)
write$FUSE_IOCTL(r0, 0x0, 0x0)

12:17:18 executing program 5:
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:18 executing program 2:
r0 = shmget$private(0x0, 0x2000, 0x0, &(0x7f0000ffb000/0x2000)=nil)
shmat(r0, &(0x7f0000ffb000/0x3000)=nil, 0x3000)

12:17:18 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x0)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:18 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000002580)=ANY=[@ANYBLOB="611578000000000061134c0000000000bfa00000000000000700000008ffffffd50301000000000095000000000000006916000000000000bf67000000000000350607000fff07201706000020000000160300000ee60060bf050000000000007b650000000000006507f9ff01000000070700004ddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703cac4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05000400c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ab2af27546e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44221b235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10fd7ed6735154beb4000000000000000000000000004000bc00f674629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253887a5ad103649afa17690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43ea0ffb567b40407d000000210000000000000000005f37d8703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5480a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba90000000000000000fffb0000000082fb0d3cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631d22a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6106f117b062df67d3a6473265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db89da3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0af1cb3f1f815f8989d78854ca4d3116dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0453bedf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c29984864961a57ff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee15620789c524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2b4dc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca87ddd9d064e081383409ed2912c811ae63f03212a5331c2a4ead00"/1474], &(0x7f0000000100)='GPL\x00'}, 0x48)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)

12:17:18 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, 0x0, 0x0)

12:17:18 executing program 2:
r0 = msgget(0x2, 0x0)
msgsnd(r0, &(0x7f0000000340)={0x1}, 0x8, 0x0)

12:17:18 executing program 3:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0)
write$P9_RGETATTR(r0, 0x0, 0x0)

[ 2293.868110][ T8476] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2293.894892][ T8476] CPU: 1 PID: 8476 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2293.904775][ T8476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2293.914918][ T8476] Call Trace:
12:17:18 executing program 3:
pipe2(&(0x7f0000000400)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
write$P9_RCREATE(r0, 0x0, 0x0)

12:17:18 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, 0x0, 0x0)

[ 2293.918243][ T8476]  <TASK>
[ 2293.921220][ T8476]  dump_stack_lvl+0x136/0x150
[ 2293.925971][ T8476]  dump_header+0x10a/0xd70
[ 2293.930471][ T8476]  oom_kill_process+0x25d/0x600
[ 2293.935405][ T8476]  out_of_memory+0x35c/0x1650
[ 2293.940164][ T8476]  ? find_held_lock+0x2d/0x110
[ 2293.944988][ T8476]  ? oom_killer_disable+0x2b0/0x2b0
[ 2293.950273][ T8476]  ? rcu_read_unlock+0x9/0x60
[ 2293.955011][ T8476]  ? find_held_lock+0x2d/0x110
[ 2293.959836][ T8476]  mem_cgroup_out_of_memory+0x206/0x270
12:17:18 executing program 3:
r0 = socket(0x11, 0x2, 0x0)
bind$unix(r0, &(0x7f0000000040)=@file={0x0, './file0\x00'}, 0x6e)

[ 2293.965451][ T8476]  ? mem_cgroup_margin+0x130/0x130
[ 2293.970616][ T8476]  ? lock_downgrade+0x690/0x690
[ 2293.975547][ T8476]  try_charge_memcg+0xf99/0x13a0
[ 2293.980565][ T8476]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2293.986620][ T8476]  ? lock_downgrade+0x690/0x690
[ 2293.991539][ T8476]  ? trace_lock_acquire+0x12d/0x180
[ 2293.996816][ T8476]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2294.002428][ T8476]  ? lock_acquire+0x32/0xc0
[ 2294.006989][ T8476]  charge_memcg+0x90/0x3b0
[ 2294.011448][ T8476]  __mem_cgroup_charge+0x2b/0x90
[ 2294.016427][ T8476]  ? copy_mc_to_kernel+0x3e/0x90
[ 2294.021422][ T8476]  do_wp_page+0x8ac/0x3510
[ 2294.025897][ T8476]  ? lock_sync+0x190/0x190
[ 2294.030358][ T8476]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2294.035860][ T8476]  ? rcu_is_watching+0x12/0xb0
[ 2294.040683][ T8476]  ? do_raw_spin_lock+0x124/0x2b0
[ 2294.045778][ T8476]  ? spin_bug+0x1c0/0x1c0
[ 2294.050181][ T8476]  ? lock_acquire+0x32/0xc0
[ 2294.054740][ T8476]  ? __handle_mm_fault+0x1334/0x4180
[ 2294.060086][ T8476]  __handle_mm_fault+0x1547/0x4180
[ 2294.065261][ T8476]  ? vm_iomap_memory+0x190/0x190
[ 2294.070282][ T8476]  handle_mm_fault+0x2c0/0x9c0
[ 2294.075131][ T8476]  do_user_addr_fault+0x2ed/0x1240
[ 2294.080290][ T8476]  ? rcu_is_watching+0x12/0xb0
[ 2294.085114][ T8476]  exc_page_fault+0x98/0x170
[ 2294.089782][ T8476]  asm_exc_page_fault+0x26/0x30
[ 2294.094708][ T8476] RIP: 0033:0x7f47dd2364bd
[ 2294.099153][ T8476] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2294.118802][ T8476] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2294.124984][ T8476] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000005c2
[ 2294.132988][ T8476] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 00000000b4a86bdd
[ 2294.140981][ T8476] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 00000000b4a86be1
[ 2294.148979][ T8476] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2294.156972][ T8476] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2294.164985][ T8476]  </TASK>
[ 2294.175553][ T8476] memory: usage 307200kB, limit 307200kB, failcnt 11251
[ 2294.190820][ T8476] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2294.218425][ T8476] Memory cgroup stats for /syz1:
[ 2294.218710][ T8476] anon 147456
[ 2294.218710][ T8476] file 312406016
[ 2294.218710][ T8476] kernel 2019328
[ 2294.218710][ T8476] kernel_stack 65536
[ 2294.218710][ T8476] pagetables 81920
[ 2294.218710][ T8476] sec_pagetables 0
[ 2294.218710][ T8476] percpu 4864
[ 2294.218710][ T8476] sock 0
[ 2294.218710][ T8476] vmalloc 0
[ 2294.218710][ T8476] shmem 312406016
[ 2294.218710][ T8476] zswap 0
[ 2294.218710][ T8476] zswapped 0
[ 2294.218710][ T8476] file_mapped 380928
[ 2294.218710][ T8476] file_dirty 0
[ 2294.218710][ T8476] file_writeback 0
[ 2294.218710][ T8476] swapcached 0
[ 2294.218710][ T8476] anon_thp 0
[ 2294.218710][ T8476] file_thp 0
[ 2294.218710][ T8476] shmem_thp 0
[ 2294.218710][ T8476] inactive_anon 62951424
[ 2294.218710][ T8476] active_anon 172032
[ 2294.218710][ T8476] inactive_file 0
[ 2294.218710][ T8476] active_file 0
[ 2294.218710][ T8476] unevictable 249430016
[ 2294.218710][ T8476] slab_reclaimable 964920
[ 2294.218710][ T8476] slab_unreclaimable 868808
[ 2294.218710][ T8476] slab 1833728
[ 2294.218710][ T8476] workingset_refault_anon 0
[ 2294.218710][ T8476] workingset_refault_file 0
[ 2294.218710][ T8476] workingset_activate_anon 0
[ 2294.218710][ T8476] workingset_activate_file 0
[ 2294.218710][ T8476] workingset_restore_anon 0
[ 2294.218710][ T8476] workingset_restore_file 0
[ 2294.218710][ T8476] workingset_nodereclaim 0
[ 2294.218710][ T8476] pgscan 49
[ 2294.218710][ T8476] pgsteal 49
[ 2294.218710][ T8476] pgscan_kswapd 0
[ 2294.218710][ T8476] pgscan_direct 49
[ 2294.218710][ T8476] pgscan_khugepaged 0
[ 2294.218710][ T8476] pgsteal_kswapd 0
[ 2294.218710][ T8476] pgsteal_direct 49
[ 2294.218710][ T8476] pgsteal_khugepaged 0
[ 2294.218710][ T8476] pgfault 1094507
[ 2294.218710][ T8476] pgmajfault 422
[ 2294.218710][ T8476] pgrefill 150
[ 2294.218710][ T8476] pgactivate 161
[ 2294.218710][ T8476] pgdeactivate 0
[ 2294.218710][ T8476] pglazyfree 0
[ 2294.218710][ T8476] pglazyfreed 0
[ 2294.218710][ T8476] zswpin 0
[ 2294.218710][ T8476] zswpout 0
[ 2294.456790][ T8476] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8476,uid=0
[ 2294.472817][ T8476] Memory cgroup out of memory: Killed process 8476 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2294.482551][T27899] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[ 2294.697954][T27899] usb 1-1: device descriptor read/64, error 18
[ 2294.972228][T27899] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 2295.162202][T27899] usb 1-1: device descriptor read/64, error 18
[ 2295.285982][T27899] usb usb1-port1: attempt power cycle
[ 2295.692182][T27899] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[ 2295.782694][T27899] usb 1-1: Invalid ep0 maxpacket: 0
[ 2295.932183][T27899] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[ 2296.022382][T27899] usb 1-1: Invalid ep0 maxpacket: 0
[ 2296.027893][T27899] usb usb1-port1: unable to enumerate USB device
12:17:21 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:21 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, 0x0, 0x0)

12:17:21 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmmsg$unix(r1, &(0x7f0000000000)=[{{0x0, 0x61, &(0x7f0000000300)=[{&(0x7f0000000180)=""/67, 0x43}], 0x1}}], 0x1, 0x0, 0x0)
sendto$unix(r0, &(0x7f0000000340)='$', 0x1, 0x0, 0x0, 0x0)

12:17:21 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x0)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:21 executing program 2:
r0 = socket(0x11, 0x2, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0)

12:17:21 executing program 4:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
write$cgroup_pressure(r0, 0x0, 0x0)

12:17:21 executing program 2:
r0 = socket(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x60)

12:17:21 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)

12:17:21 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r1, r1)
r3 = dup2(r2, r0)
read(r3, &(0x7f00000009c0)=""/235, 0xeb)

12:17:21 executing program 2:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x25, &(0x7f0000000000), 0x9c)

12:17:21 executing program 3:
r0 = socket(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000380)={0x10, 0x2}, 0x10)

[ 2296.956571][ T8511] syz-executor.1 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2296.981170][ T8511] CPU: 0 PID: 8511 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2296.991084][ T8511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2297.001192][ T8511] Call Trace:
[ 2297.004516][ T8511]  <TASK>
[ 2297.007509][ T8511]  dump_stack_lvl+0x136/0x150
[ 2297.012271][ T8511]  dump_header+0x10a/0xd70
[ 2297.016772][ T8511]  oom_kill_process+0x25d/0x600
[ 2297.021702][ T8511]  out_of_memory+0x35c/0x1650
[ 2297.026461][ T8511]  ? find_held_lock+0x2d/0x110
[ 2297.031288][ T8511]  ? oom_killer_disable+0x2b0/0x2b0
[ 2297.036586][ T8511]  ? rcu_read_unlock+0x9/0x60
[ 2297.041325][ T8511]  ? find_held_lock+0x2d/0x110
[ 2297.046159][ T8511]  mem_cgroup_out_of_memory+0x206/0x270
[ 2297.051774][ T8511]  ? mem_cgroup_margin+0x130/0x130
[ 2297.056956][ T8511]  ? lock_downgrade+0x690/0x690
[ 2297.061923][ T8511]  try_charge_memcg+0xf99/0x13a0
[ 2297.066967][ T8511]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2297.073028][ T8511]  ? get_mem_cgroup_from_objcg+0xa1/0x280
[ 2297.078877][ T8511]  ? lock_downgrade+0x690/0x690
[ 2297.083872][ T8511]  ? trace_lock_acquire+0x12d/0x180
[ 2297.089146][ T8511]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2297.095032][ T8511]  ? lock_acquire+0x32/0xc0
[ 2297.099743][ T8511]  obj_cgroup_charge+0x2af/0x5e0
[ 2297.104770][ T8511]  ? __alloc_file+0x21/0x270
[ 2297.109427][ T8511]  kmem_cache_alloc+0xb1/0x3b0
[ 2297.114293][ T8511]  __alloc_file+0x21/0x270
[ 2297.118776][ T8511]  alloc_empty_file+0x71/0x190
[ 2297.123621][ T8511]  path_openat+0xe6/0x2750
[ 2297.128244][ T8511]  ? path_lookupat+0x840/0x840
[ 2297.133097][ T8511]  do_filp_open+0x1ba/0x410
[ 2297.137752][ T8511]  ? may_open_dev+0xf0/0xf0
[ 2297.142325][ T8511]  ? find_held_lock+0x2d/0x110
[ 2297.147285][ T8511]  ? alloc_fd+0x2e4/0x750
[ 2297.151708][ T8511]  ? do_raw_spin_lock+0x124/0x2b0
12:17:21 executing program 2:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000100)={0x1c, 0x1c, 0x2}, 0x1c)

[ 2297.156812][ T8511]  ? spin_bug+0x1c0/0x1c0
[ 2297.161228][ T8511]  ? _raw_spin_unlock+0x28/0x40
[ 2297.166143][ T8511]  ? alloc_fd+0x2e4/0x750
[ 2297.170558][ T8511]  do_sys_openat2+0x16d/0x4c0
[ 2297.175305][ T8511]  ? __ia32_sys_get_robust_list+0x400/0x400
[ 2297.181274][ T8511]  ? build_open_flags+0x720/0x720
[ 2297.186408][ T8511]  ? xfd_validate_state+0x5d/0x180
[ 2297.191591][ T8511]  ? restore_fpregs_from_fpstate+0xc1/0x1c0
[ 2297.197563][ T8511]  __x64_sys_creat+0xcd/0x120
[ 2297.202341][ T8511]  ? __x64_compat_sys_openat+0x1f0/0x1f0
[ 2297.208052][ T8511]  ? syscall_enter_from_user_mode+0x26/0x80
[ 2297.214012][ T8511]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2297.219273][ T8511]  do_syscall_64+0x39/0xb0
[ 2297.223766][ T8511]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2297.229725][ T8511] RIP: 0033:0x7f47dd28c0f9
[ 2297.234194][ T8511] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2297.253867][ T8511] RSP: 002b:00007f47de072168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2297.262356][ T8511] RAX: ffffffffffffffda RBX: 00007f47dd3abf80 RCX: 00007f47dd28c0f9
[ 2297.270388][ T8511] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
[ 2297.278419][ T8511] RBP: 00007f47dd2e7b39 R08: 0000000000000000 R09: 0000000000000000
[ 2297.286442][ T8511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2297.294468][ T8511] R13: 00007ffdbc005ebf R14: 00007f47de072300 R15: 0000000000022000
[ 2297.302522][ T8511]  </TASK>
[ 2297.338053][ T8511] memory: usage 307200kB, limit 307200kB, failcnt 11336
[ 2297.345710][ T8511] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2297.353931][ T8511] Memory cgroup stats for /syz1:
[ 2297.354405][ T8511] anon 151552
[ 2297.354405][ T8511] file 312406016
[ 2297.354405][ T8511] kernel 2015232
[ 2297.354405][ T8511] kernel_stack 65536
[ 2297.354405][ T8511] pagetables 81920
[ 2297.354405][ T8511] sec_pagetables 0
[ 2297.354405][ T8511] percpu 4800
[ 2297.354405][ T8511] sock 0
[ 2297.354405][ T8511] vmalloc 0
[ 2297.354405][ T8511] shmem 312406016
[ 2297.354405][ T8511] zswap 0
[ 2297.354405][ T8511] zswapped 0
[ 2297.354405][ T8511] file_mapped 380928
[ 2297.354405][ T8511] file_dirty 0
[ 2297.354405][ T8511] file_writeback 0
[ 2297.354405][ T8511] swapcached 0
[ 2297.354405][ T8511] anon_thp 0
[ 2297.354405][ T8511] file_thp 0
[ 2297.354405][ T8511] shmem_thp 0
[ 2297.354405][ T8511] inactive_anon 62951424
[ 2297.354405][ T8511] active_anon 176128
[ 2297.354405][ T8511] inactive_file 0
[ 2297.354405][ T8511] active_file 0
[ 2297.354405][ T8511] unevictable 249430016
[ 2297.354405][ T8511] slab_reclaimable 968264
[ 2297.354405][ T8511] slab_unreclaimable 862944
[ 2297.354405][ T8511] slab 1831208
[ 2297.354405][ T8511] workingset_refault_anon 0
[ 2297.354405][ T8511] workingset_refault_file 0
[ 2297.354405][ T8511] workingset_activate_anon 0
[ 2297.354405][ T8511] workingset_activate_file 0
[ 2297.354405][ T8511] workingset_restore_anon 0
[ 2297.354405][ T8511] workingset_restore_file 0
[ 2297.354405][ T8511] workingset_nodereclaim 0
[ 2297.354405][ T8511] pgscan 49
[ 2297.354405][ T8511] pgsteal 49
[ 2297.354405][ T8511] pgscan_kswapd 0
[ 2297.354405][ T8511] pgscan_direct 49
[ 2297.354405][ T8511] pgscan_khugepaged 0
[ 2297.354405][ T8511] pgsteal_kswapd 0
[ 2297.354405][ T8511] pgsteal_direct 49
[ 2297.354405][ T8511] pgsteal_khugepaged 0
[ 2297.354405][ T8511] pgfault 1094570
[ 2297.354405][ T8511] pgmajfault 422
[ 2297.354405][ T8511] pgrefill 150
[ 2297.354405][ T8511] pgactivate 161
[ 2297.354405][ T8511] pgdeactivate 0
[ 2297.354405][ T8511] pglazyfree 0
[ 2297.354405][ T8511] pglazyfreed 0
[ 2297.354405][ T8511] zswpin 0
[ 2297.354405][ T8511] zswpout 0
[ 2297.552241][ T8511] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8501,uid=0
[ 2297.571546][ T8511] Memory cgroup out of memory: Killed process 8501 (syz-executor.1) total-vm:54672kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2297.752279][ T5556] usb 1-1: new high-speed USB device number 58 using dummy_hcd
[ 2297.942211][ T5556] usb 1-1: device descriptor read/64, error 18
[ 2298.212193][ T5556] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[ 2298.412241][ T5556] usb 1-1: device descriptor read/64, error 18
[ 2298.533614][ T5556] usb usb1-port1: attempt power cycle
[ 2298.952259][ T5556] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[ 2299.042407][ T5556] usb 1-1: Invalid ep0 maxpacket: 0
[ 2299.192186][ T5556] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 2299.282700][ T5556] usb 1-1: Invalid ep0 maxpacket: 0
[ 2299.288206][ T5556] usb usb1-port1: unable to enumerate USB device
12:17:24 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:24 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)

12:17:24 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x105, &(0x7f0000000100)=ANY=[], &(0x7f00000000c0)=0x8)

12:17:24 executing program 4:
r0 = socket$inet(0x2, 0x5, 0x0)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000001000)=@in6={0x1c, 0x1c, 0x2}, 0x1c)

12:17:24 executing program 2:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000440)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = dup2(r1, r1)
dup2(r2, r0)

12:17:24 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(0x0, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:24 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)

12:17:24 executing program 4:
r0 = socket$unix(0x1, 0x2, 0x0)
sendto$unix(r0, &(0x7f0000000ac0)="aa2bcf6f457bcb8ae4b006d714a7b123e5b03558a41beeb0a95588c328fe79a6470e139ff8ad848b4f34e6517fbeacbf754be78313bdbadbabe63571564661a3feb99e0b0bcaa41e1feddaefb4f9c3d59dd81eb7a1a7abe8bb385f57a4d5b1c3d570d15daeeaedd706d2a435320d0bc44d57b67c5eded892c7cc5989937da88dddc17b13643572c87afe9aa79aec57c734d8fb884096364b0bc51baa2bc50c4490ee883bf38ae04d5d2aff088b8a8dba65400401c93ddbd3ae19b3302a5e38b0f1da33e41ef2f4c963fd05be406745a6142413e326034fa57d3830260ce5f4961c09a096517aa1777b057f5f7937f2d1a3c15de66ffead81549231f5fbef38adc32b4814c69b6b452818d6d50672eb71cb6a002705703f0affceb10ff643a0946d2e280c3256d6265f23173a051ebdbbcfee78eaf962061233292a8cab655f971621fe030d17571c390683728d6c728447a8c2774099eff49a222eeb92dfac4831562c2abdeaa219b945c10a5541f1a4e8", 0x171, 0x0, &(0x7f0000000000), 0xa)

12:17:24 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)

12:17:24 executing program 4:
r0 = socket$inet(0x2, 0x5, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f0000000000), &(0x7f00000000c0)=0xb0)

[ 2300.109659][ T8548] syz-executor.1 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=1000
12:17:25 executing program 4:
openat$ptmx(0xffffff9c, &(0x7f0000000180), 0x0, 0x0)

[ 2300.180201][ T8548] CPU: 0 PID: 8548 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2300.190102][ T8548] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2300.200242][ T8548] Call Trace:
[ 2300.203570][ T8548]  <TASK>
[ 2300.206598][ T8548]  dump_stack_lvl+0x136/0x150
[ 2300.211371][ T8548]  dump_header+0x10a/0xd70
[ 2300.215880][ T8548]  oom_kill_process+0x25d/0x600
[ 2300.220822][ T8548]  out_of_memory+0x35c/0x1650
[ 2300.225585][ T8548]  ? find_held_lock+0x2d/0x110
[ 2300.230417][ T8548]  ? oom_killer_disable+0x2b0/0x2b0
[ 2300.235693][ T8548]  ? rcu_read_unlock+0x9/0x60
[ 2300.240411][ T8548]  ? find_held_lock+0x2d/0x110
[ 2300.245223][ T8548]  mem_cgroup_out_of_memory+0x206/0x270
[ 2300.250813][ T8548]  ? mem_cgroup_margin+0x130/0x130
[ 2300.255965][ T8548]  ? lock_downgrade+0x690/0x690
[ 2300.260875][ T8548]  try_charge_memcg+0xf99/0x13a0
[ 2300.265866][ T8548]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2300.271892][ T8548]  ? get_mem_cgroup_from_objcg+0xa1/0x280
[ 2300.277655][ T8548]  ? lock_downgrade+0x690/0x690
[ 2300.282555][ T8548]  ? trace_lock_acquire+0x12d/0x180
[ 2300.287816][ T8548]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2300.293665][ T8548]  ? lock_acquire+0x32/0xc0
[ 2300.298225][ T8548]  obj_cgroup_charge+0x2af/0x5e0
[ 2300.303217][ T8548]  ? __alloc_file+0x21/0x270
[ 2300.307837][ T8548]  kmem_cache_alloc+0xb1/0x3b0
[ 2300.312646][ T8548]  __alloc_file+0x21/0x270
[ 2300.317090][ T8548]  alloc_empty_file+0x71/0x190
[ 2300.321888][ T8548]  path_openat+0xe6/0x2750
[ 2300.326353][ T8548]  ? path_lookupat+0x840/0x840
[ 2300.331161][ T8548]  do_filp_open+0x1ba/0x410
[ 2300.335697][ T8548]  ? may_open_dev+0xf0/0xf0
[ 2300.340255][ T8548]  ? find_held_lock+0x2d/0x110
[ 2300.345080][ T8548]  ? alloc_fd+0x2e4/0x750
[ 2300.349453][ T8548]  ? do_raw_spin_lock+0x124/0x2b0
[ 2300.354523][ T8548]  ? spin_bug+0x1c0/0x1c0
[ 2300.358905][ T8548]  ? _raw_spin_unlock+0x28/0x40
[ 2300.363793][ T8548]  ? alloc_fd+0x2e4/0x750
[ 2300.368375][ T8548]  do_sys_openat2+0x16d/0x4c0
[ 2300.373110][ T8548]  ? __ia32_sys_get_robust_list+0x400/0x400
[ 2300.379038][ T8548]  ? build_open_flags+0x720/0x720
[ 2300.384105][ T8548]  ? xfd_validate_state+0x5d/0x180
[ 2300.389255][ T8548]  ? restore_fpregs_from_fpstate+0xc1/0x1c0
[ 2300.395193][ T8548]  __x64_sys_creat+0xcd/0x120
[ 2300.399928][ T8548]  ? __x64_compat_sys_openat+0x1f0/0x1f0
[ 2300.405607][ T8548]  ? syscall_enter_from_user_mode+0x26/0x80
[ 2300.411530][ T8548]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2300.416771][ T8548]  do_syscall_64+0x39/0xb0
[ 2300.421231][ T8548]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2300.427159][ T8548] RIP: 0033:0x7f47dd28c0f9
[ 2300.431610][ T8548] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2300.451252][ T8548] RSP: 002b:00007f47de072168 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2300.459720][ T8548] RAX: ffffffffffffffda RBX: 00007f47dd3abf80 RCX: 00007f47dd28c0f9
[ 2300.467722][ T8548] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040
[ 2300.475728][ T8548] RBP: 00007f47dd2e7b39 R08: 0000000000000000 R09: 0000000000000000
[ 2300.483726][ T8548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2300.491722][ T8548] R13: 00007ffdbc005ebf R14: 00007f47de072300 R15: 0000000000022000
[ 2300.499746][ T8548]  </TASK>
12:17:25 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)

[ 2300.522321][ T8548] memory: usage 307200kB, limit 307200kB, failcnt 11437
[ 2300.554340][ T8548] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2300.582456][T27624] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[ 2300.597212][ T8548] Memory cgroup stats for /syz1:
[ 2300.597504][ T8548] anon 151552
[ 2300.597504][ T8548] file 312406016
[ 2300.597504][ T8548] kernel 2015232
[ 2300.597504][ T8548] kernel_stack 65536
[ 2300.597504][ T8548] pagetables 81920
[ 2300.597504][ T8548] sec_pagetables 0
[ 2300.597504][ T8548] percpu 4800
[ 2300.597504][ T8548] sock 0
[ 2300.597504][ T8548] vmalloc 0
[ 2300.597504][ T8548] shmem 312406016
[ 2300.597504][ T8548] zswap 0
[ 2300.597504][ T8548] zswapped 0
[ 2300.597504][ T8548] file_mapped 380928
[ 2300.597504][ T8548] file_dirty 0
[ 2300.597504][ T8548] file_writeback 0
[ 2300.597504][ T8548] swapcached 0
[ 2300.597504][ T8548] anon_thp 0
[ 2300.597504][ T8548] file_thp 0
[ 2300.597504][ T8548] shmem_thp 0
[ 2300.597504][ T8548] inactive_anon 62951424
[ 2300.597504][ T8548] active_anon 176128
[ 2300.597504][ T8548] inactive_file 0
[ 2300.597504][ T8548] active_file 0
[ 2300.597504][ T8548] unevictable 249430016
[ 2300.597504][ T8548] slab_reclaimable 968264
[ 2300.597504][ T8548] slab_unreclaimable 862944
[ 2300.597504][ T8548] slab 1831208
[ 2300.597504][ T8548] workingset_refault_anon 0
[ 2300.597504][ T8548] workingset_refault_file 0
[ 2300.597504][ T8548] workingset_activate_anon 0
[ 2300.597504][ T8548] workingset_activate_file 0
[ 2300.597504][ T8548] workingset_restore_anon 0
[ 2300.597504][ T8548] workingset_restore_file 0
[ 2300.597504][ T8548] workingset_nodereclaim 0
[ 2300.597504][ T8548] pgscan 49
[ 2300.597504][ T8548] pgsteal 49
[ 2300.597504][ T8548] pgscan_kswapd 0
[ 2300.597504][ T8548] pgscan_direct 49
[ 2300.597504][ T8548] pgscan_khugepaged 0
[ 2300.597504][ T8548] pgsteal_kswapd 0
[ 2300.597504][ T8548] pgsteal_direct 49
[ 2300.597504][ T8548] pgsteal_khugepaged 0
[ 2300.597504][ T8548] pgfault 1094635
[ 2300.597504][ T8548] pgmajfault 422
[ 2300.597504][ T8548] pgrefill 150
[ 2300.597504][ T8548] pgactivate 161
[ 2300.597504][ T8548] pgdeactivate 0
[ 2300.597504][ T8548] pglazyfree 0
[ 2300.597504][ T8548] pglazyfreed 0
[ 2300.597504][ T8548] zswpin 0
[ 2300.597504][ T8548] zswpout 0
[ 2300.793200][ T8548] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8532,uid=0
[ 2300.821113][ T8548] Memory cgroup out of memory: Killed process 8532 (syz-executor.1) total-vm:54672kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2300.952209][T27624] usb 1-1: device descriptor read/64, error 18
[ 2301.222322][T27624] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 2301.412217][T27624] usb 1-1: device descriptor read/64, error 18
[ 2301.532775][T27624] usb usb1-port1: attempt power cycle
[ 2301.942235][T27624] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 2302.032422][T27624] usb 1-1: Invalid ep0 maxpacket: 0
[ 2302.182241][T27624] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 2302.272375][T27624] usb 1-1: Invalid ep0 maxpacket: 0
[ 2302.277829][T27624] usb usb1-port1: unable to enumerate USB device
12:17:27 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x3, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:27 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000540)={0x1c, 0x1c}, 0x1c)

12:17:27 executing program 2:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
sendto$inet6(r0, &(0x7f0000000000)='\t', 0x1, 0x108, &(0x7f0000000080)={0x1c, 0x1c}, 0x1c)

12:17:27 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)

12:17:27 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup2(r0, r0)
r2 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r2, &(0x7f0000000040)={0x10, 0x2}, 0x10)
r3 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r4 = dup2(r2, r3)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x105, &(0x7f0000000100)={0x1, [<r5=>0x0]}, &(0x7f0000000380)=0x8)
setsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x1a, &(0x7f0000000000)={r5}, 0x8)

12:17:27 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(0x0, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:27 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:27 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:28 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x0, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:28 executing program 2:
semget(0x1, 0x7, 0x2a1)

[ 2303.231208][ T8566] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2303.296488][ T8566] CPU: 0 PID: 8566 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2303.306405][ T8566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2303.316501][ T8566] Call Trace:
[ 2303.319909][ T8566]  <TASK>
[ 2303.322909][ T8566]  dump_stack_lvl+0x136/0x150
[ 2303.327665][ T8566]  dump_header+0x10a/0xd70
[ 2303.332951][ T8566]  oom_kill_process+0x25d/0x600
[ 2303.337881][ T8566]  out_of_memory+0x35c/0x1650
[ 2303.342644][ T8566]  ? find_held_lock+0x2d/0x110
[ 2303.347481][ T8566]  ? oom_killer_disable+0x2b0/0x2b0
[ 2303.352757][ T8566]  ? rcu_read_unlock+0x9/0x60
[ 2303.357661][ T8566]  ? find_held_lock+0x2d/0x110
[ 2303.362519][ T8566]  mem_cgroup_out_of_memory+0x206/0x270
[ 2303.368245][ T8566]  ? mem_cgroup_margin+0x130/0x130
[ 2303.373446][ T8566]  ? lock_downgrade+0x690/0x690
[ 2303.378380][ T8566]  try_charge_memcg+0xf99/0x13a0
[ 2303.383394][ T8566]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2303.389524][ T8566]  ? get_mem_cgroup_from_objcg+0xa1/0x280
12:17:28 executing program 2:
pipe2(&(0x7f0000001a00)={<r0=>0xffffffffffffffff}, 0x0)
writev(r0, &(0x7f00000014c0)=[{0x0}, {0x0}, {&(0x7f0000001380)="82", 0x1}], 0x3)

[ 2303.395321][ T8566]  ? lock_downgrade+0x690/0x690
[ 2303.400234][ T8566]  ? trace_lock_acquire+0x12d/0x180
[ 2303.405512][ T8566]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2303.411380][ T8566]  ? lock_acquire+0x32/0xc0
[ 2303.415994][ T8566]  obj_cgroup_charge+0x2af/0x5e0
[ 2303.421081][ T8566]  ? vm_area_dup+0x23/0x300
[ 2303.425694][ T8566]  kmem_cache_alloc+0xb1/0x3b0
[ 2303.430527][ T8566]  vm_area_dup+0x23/0x300
[ 2303.434921][ T8566]  __split_vma+0x199/0x830
[ 2303.439405][ T8566]  ? expand_stack+0x20/0x20
12:17:28 executing program 2:
syz_emit_ethernet(0x66, &(0x7f0000000180)={@broadcast, @empty, @val, {@ipv6}}, 0x0)

[ 2303.444007][ T8566]  ? vma_shrink+0x5c0/0x5c0
[ 2303.448573][ T8566]  ? mark_held_locks+0x9f/0xe0
[ 2303.453406][ T8566]  ? percpu_counter_add_batch+0x199/0x1e0
[ 2303.459219][ T8566]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2303.464488][ T8566]  split_vma+0xc6/0x110
[ 2303.468714][ T8566]  mprotect_fixup+0x891/0xbd0
[ 2303.473492][ T8566]  ? change_protection+0x3d60/0x3d60
[ 2303.478872][ T8566]  do_mprotect_pkey+0x878/0xd20
[ 2303.483827][ T8566]  ? mprotect_fixup+0xbd0/0xbd0
[ 2303.488762][ T8566]  ? up_write+0x1b4/0x520
[ 2303.493184][ T8566]  ? xfd_validate_state+0x5d/0x180
[ 2303.498361][ T8566]  ? kernel_fpu_begin_mask+0x270/0x270
[ 2303.503893][ T8566]  ? rcu_is_watching+0x12/0xb0
[ 2303.508771][ T8566]  __x64_sys_mprotect+0x78/0xb0
[ 2303.513703][ T8566]  do_syscall_64+0x39/0xb0
[ 2303.518190][ T8566]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2303.524247][ T8566] RIP: 0033:0x7f47dd28c207
[ 2303.528713][ T8566] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2303.548423][ T8566] RSP: 002b:00007ffdbc005e58 EFLAGS: 00000206 ORIG_RAX: 000000000000000a
[ 2303.556951][ T8566] RAX: ffffffffffffffda RBX: 0000000000021000 RCX: 00007f47dd28c207
[ 2303.564985][ T8566] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f47de032000
[ 2303.573017][ T8566] RBP: 00007ffdbc005f30 R08: 00000000ffffffff R09: 00007f47de051700
[ 2303.581032][ T8566] R10: 0000000000020022 R11: 0000000000000206 R12: 00007ffdbc006050
[ 2303.589026][ T8566] R13: 00007f47de051700 R14: 0000000000000000 R15: 0000000000022000
[ 2303.597231][ T8566]  </TASK>
[ 2303.626395][ T8566] memory: usage 307200kB, limit 307200kB, failcnt 11563
[ 2303.633533][ T8566] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2303.640432][ T8566] Memory cgroup stats for /syz1:
[ 2303.640702][ T8566] anon 151552
[ 2303.640702][ T8566] file 312406016
[ 2303.640702][ T8566] kernel 2015232
[ 2303.640702][ T8566] kernel_stack 65536
[ 2303.640702][ T8566] pagetables 81920
[ 2303.640702][ T8566] sec_pagetables 0
[ 2303.640702][ T8566] percpu 4800
[ 2303.640702][ T8566] sock 0
[ 2303.640702][ T8566] vmalloc 0
[ 2303.640702][ T8566] shmem 312406016
[ 2303.640702][ T8566] zswap 0
[ 2303.640702][ T8566] zswapped 0
[ 2303.640702][ T8566] file_mapped 380928
[ 2303.640702][ T8566] file_dirty 0
[ 2303.640702][ T8566] file_writeback 0
[ 2303.640702][ T8566] swapcached 0
[ 2303.640702][ T8566] anon_thp 0
[ 2303.640702][ T8566] file_thp 0
[ 2303.640702][ T8566] shmem_thp 0
[ 2303.640702][ T8566] inactive_anon 62951424
[ 2303.640702][ T8566] active_anon 176128
[ 2303.640702][ T8566] inactive_file 0
[ 2303.640702][ T8566] active_file 0
[ 2303.640702][ T8566] unevictable 249430016
[ 2303.640702][ T8566] slab_reclaimable 968264
[ 2303.640702][ T8566] slab_unreclaimable 863592
[ 2303.640702][ T8566] slab 1831856
[ 2303.640702][ T8566] workingset_refault_anon 0
[ 2303.640702][ T8566] workingset_refault_file 0
[ 2303.640702][ T8566] workingset_activate_anon 0
[ 2303.640702][ T8566] workingset_activate_file 0
[ 2303.640702][ T8566] workingset_restore_anon 0
[ 2303.640702][ T8566] workingset_restore_file 0
[ 2303.640702][ T8566] workingset_nodereclaim 0
[ 2303.640702][ T8566] pgscan 49
[ 2303.640702][ T8566] pgsteal 49
[ 2303.640702][ T8566] pgscan_kswapd 0
[ 2303.640702][ T8566] pgscan_direct 49
[ 2303.640702][ T8566] pgscan_khugepaged 0
[ 2303.640702][ T8566] pgsteal_kswapd 0
[ 2303.640702][ T8566] pgsteal_direct 49
[ 2303.640702][ T8566] pgsteal_khugepaged 0
[ 2303.640702][ T8566] pgfault 1094698
[ 2303.640702][ T8566] pgmajfault 422
[ 2303.640702][ T8566] pgrefill 150
[ 2303.640702][ T8566] pgactivate 161
[ 2303.640702][ T8566] pgdeactivate 0
[ 2303.640702][ T8566] pglazyfree 0
[ 2303.640702][ T8566] pglazyfreed 0
[ 2303.640702][ T8566] zswpin 0
[ 2303.640702][ T8566] zswpout 0
[ 2303.830376][ T8566] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8566,uid=0
[ 2303.848722][ T8566] Memory cgroup out of memory: Killed process 8566 (syz-executor.1) total-vm:54672kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2303.902204][T27624] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 2304.152268][T27624] usb 1-1: Using ep0 maxpacket: 16
[ 2304.272530][T27624] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 2304.322512][T27624] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2304.442492][T27624] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2304.451601][T27624] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2304.459745][T27624] usb 1-1: Product: syz
[ 2304.463994][T27624] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2304.470958][T27624] usb 1-1: SerialNumber: syz
[ 2304.721473][T27899] usb 1-1: USB disconnect, device number 66
12:17:30 executing program 3:
setgroups(0x5e, &(0x7f0000000040))

12:17:30 executing program 2:
pipe2(&(0x7f0000001a00)={<r0=>0xffffffffffffffff}, 0x0)
fcntl$getown(r0, 0x5)

12:17:30 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:30 executing program 4:
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
epoll_pwait(r0, &(0x7f0000000000)=[{}], 0x1, 0x0, &(0x7f0000000040), 0x8)

12:17:30 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(0x0, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:30 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:30 executing program 3:
syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000100)='./bus\x00', 0x804810, &(0x7f0000000200)={[{@grpjquota}, {@nodelalloc}, {@quota}]}, 0x5, 0x756, &(0x7f0000000780)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
r0 = open(&(0x7f00000000c0)='./file1\x00', 0x161042, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x0, 0x0}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(r0, &(0x7f0000000400)={0x12, 0x10, 0xfa00, {0x0}}, 0x18)

12:17:30 executing program 2:
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f00000080c0)='./file0\x00', 0x10, &(0x7f0000007f80)=ANY=[], 0x1, 0x7e9d, &(0x7f0000017e40)="$eJzs3L1uW2UYB/DHCQ2UlhIhBjaOxIcciVj+SCooS0RVdYBUES1jB8d2LLeJHcWJEzp14eMi2GDiHrgANpYOvQAkJDYklgga5HNOoKqARombNM7vJx3/fV4fP+/7WqfDc1QlgDNrOvn9t0JcivMRMRkRFyPS94X8SC1k8UZEvBkRE48dhXx8eHJ7ODAVES9HxKVh8axmIb/22x++vP3dLx+/8833P06Wv/7q15PbNXCSNiPi7YhYW8/Ot9ey7LWzvJOP1wedNNfmBnmuR+ztxdrd/LyX5XZrOa2wXd+/rp5mrZ0V6q1v9Ye5slpvDLPdWUnH17vZhP1BO2L357/Xd6e+kWaztZxmp99Ls30v+3wnz3v9zaxOM6/3eSPb3+Z+ZuOtnVa2n/W7aTa6m/l4VrfXbO0Mc5BnPl00l/MFvXion/lU+KTT3dpJBq2NfqfXTeZLlXKpPLvRuDxbLlc+qM22m/WVxuVWda5ZX5lLiq2Ffm91Jim2G42keP3q1ZmkUi5VS+X3kus3PktWm0lxmB91ulubndX+TFIt1eZLlZnkrUpyc3EpWfr02rXFpVvJYq+b3OgNklo5qdSuzFev1N5Plm7eSqrlanl89v/nadh/4ZjnY8z89w2092gvdazLATgNRtn/h/4fzp6pw33t0P3/MJ9F/5/VSb9wlP5/4rE9/tP/5/s5bP8/xo7c/76r/z/N+9f/cyRuIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+vCTx9upW+ms/OJfPyVfOi1/LyQf7b3LwpP1Jwc1o2Icwe8/otCxFQ+x/7xQkQs5Mcfrz7b3wAAAADG2cPd4oNC2q1nL9P/f/nEueNZFkd0P4tHT7lsKn0tXLw/omnTxzpPuYcOLn0Q9fqoqk2m6xvVTi9E/oRqJNJ/Vi+NqtqBTB7rbAAAwPNBJwAAAADPv/OH/+qT/w0fAAAAGD/6fwAAABh/af/v7/8BAADAeHu4W3xw0msAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4i537OVEYCuIA/Mv+u4Rll61ie/BiCZZgE3aghdiRFw+pw5uIesgTRKKXGITwffAYJhkmmeO7DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNjVm8mi2f9v+/Y5nvp5zjQAAADAQ79teCvpd3n0V/KqvOu6u1c3rd6T1Ek+r+tzv35VJV/lG5fzkWRazuFn6OEBAABgvJr1bvbqfwAAAAAAAAAAAAAAAAAAAACSLEscev9fV/28Dfb/AQAAwHDs/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4szsvJwDAIAxA+1mg+09bBN1A8PIeJOQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD67Mw6NW7Um/4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBnBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCvt1jAMhCEQBFJZqO6q9zx7C2tt6FhvPgCFSGGMtUd9LPiQzzW8HAAAAAAB4tuUfwpy2fOog1+dbUtsPZRrP/qN4XeV7+vUuAAAAwBuklrC71WPuWAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAld05tAIABoEoRuk+7D9eBQ+Pq0kMXyAOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYOVGxFl85GR2AgDQam59HgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADx24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAACC/K1XGKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAqQAAAP//nU8iAg==")
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f00000003c0)=""/4090, 0xffa)

12:17:30 executing program 4:
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000400)='ns/time\x00')
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r0, 0x80489439, 0x0)

12:17:30 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

12:17:30 executing program 4:
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="646973636172642c006dcc1b86ecae980e060e28029235b0be96f0fe3ff2f7ae745fda226ca19d9673e6d747eabed88142db1e2c3e873c3f6f9ebbc1ed9741ba91a1d1ea2b6e6cdd3f5a8aae8b532e48827f8e5d5ab86c44c1e571c1e10ca9bee11d619a717b42b29a7d65ca8c016ece13c09772f83dfa70e4a1dd36f2d65ada4b43b876d1c6"], 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
write$binfmt_aout(r1, &(0x7f0000001200)={{}, "60089275dd033840b21a758720f83c15657de63c06be8ed1676db0e9f5be321e52237ec30ee5c11c72d14b8ced97f87a572d55bab450a615ad010323db4e7fa0619b9e47a07958220dc15e280aa4858fc28b4ec17faf0f59ce13488e11a08c823b8d6e53b22e168178ecb79797f1a16e935267491713aeb37e4ccc3432cd4b79b880ec345b2134bab9f1bd0034faf0afb9dad323d6eff44c6dcc2aedb4d32734a371c68de885e10a7dd1456fffc79531b0c192ef8d768b96c52501175353199ec2a4592c3923382acc9bb93835a0d93166a0efe6c703e6e3e717c0c29c26c05afcab444b66435d634d3dab76673bfb7108f6eca3a39c4808078afea8e1ab38f9708550d18a11861f92c577e6210db8f22c8c338e52c3efe165402265b3cf5e14735675d9eebf44b9177426f11fa46e89daec56d03172686a6860eef0d345debf99489328d28926953f15f81c82bb5d9b69ec51727e0b19e7ca4fb52123008a12c2e6c3614d382d7c50f2386907f0370975fc1a5ac79439272d4435dbbaf7d02c006132660b4366eb77f2c9bf06950f926394d451fd910d058a3922510e69dadad3695cf619635094cffbbed1f2534967656a9660dfea45d1f3da0b7b2ae2b116aea8bb2783d15fa5ada963818cd03a44e50dc0ec1490d5874f1aac1db8babc5c1ac26b29220f11d81ee7a363380f1bdf71ce882eb81d9241fea6dfba606a92ce6e6dfb84fb4fea42f2ae7a2c8b23264906b5875e5e1f85251a83c9ad20c17ff9cc96cde4a0b6bf1b97d048e76d601624d0d154aad761f5fb05b58b9d3ba6be6c7b07cd799d21d6692e41bc318894118188bfdce1bebb1a0a1204ebc7e91937bea3fb622e76b64ccc013fd6d61a5f15ef90a922c91fdb0a94ea01db2d283a0f892df3c0293f88b0abf878d12372b372275a561be7b7b25913ed7a16a40d8535702e01db74ca56b41ac7e9612df693f99c66222bdba629bd1ea8188ad0727fd685f5d3be488ef66bbdbdaa71a36ccc51446916f1d23b3285ddf17add954fd74af2c5d2411b0d484b8e780d1be018a8697637ede54219175c7fa549d557366044bf51375c71b3992710134415de82f69b438f005d88fa86e5b067f4c5cd7fa5c2e8ed60e1c082964a52c0d4bbff4ef9f3e699bb7c95e8879aa6335893e40d2ebb12d0151cbbee34c54338b12bf3d83618c66268ab7016e52addf32cea9dddc18d8107d99067f245daadd08aea0cd4a20c644ad78ab4f26697b10d23a48aa679738845058211886395220810f3fbd197c4e97583c3f19ba8f3190be768a46851730b6fee7eee70dd479929e69798606a219e5c7f745a80e43d7e697d0b842d80a6bb832a837814d3a50e10e08192c1a9894b82102e85ddc81d9901f2862b9b3cf951a69c7cfc16a11efcd0bb39e32a5e6aae8699243fad1b4ed6c89b5e294af2823ddf93e4ffa669ac2b7b631ac8ab80c7a92ae7973b5bf86b1bea1ebf40c1340d4aeb4a28e05a5a2c9359ca75519ebaeaa7f5ae4df551571e9a6c6df173b90a560da805e59fa4fa5fb88ed6bcccf4290d2ce15843d4d88176c4e9186b8c5d6b0586335eeca6c001281d8b6e5976c1030a94378e37ee87786af4309a380bce549bd9fa18bc2a6bb2822f82550a12eabc9d445999b059737e5f9ad794ae2ea18f033ff042fc60137111215ac818f13879d3fbca4ccf3ca98ae85a9d14ad80b29828c59abfaeeb10ccb13ebe405325e342703764a6f3a3531e678f0fec0da9ccd033b63e42396d0d8e741611d215f9de0d6453a7c18334af6fb40b77e660466960cf98af620eee95613515bf29c854bd438fe95f0a6f8a286387544306348d478106bd7de9302631c7b628c55bc22c0c12787660dc1d6313e0381e0e365fc429e9acaf7a37c95b3e9de696a7874e0a1c23808dfb8e48feb600790402642ef32c38e95e643dc9f66e00918908fff7ee82f9af958791e6e72da5b18f11503cd91b83ecf8f4184eba85d1ca2bc8ec998605c13a359577ada4b10559b58815391841a6ce6d5976559f8e39c1984b03878665ba5665a89cb312463e4f054e4566f5b2c5fbdad45bb3c1828338b8e488218222bffc739c2573a051a87ebe6162caf99e57cbb53ce7b87c07e94170a002e8df4090b9a93a0234d51601a780fd7a777e4a5218d34226b0f312f709ddf20e7fc0b18aff2c1824bc8ed3d2df9f92caaef6d563ff1313e382835dcd729834c598f536d1cc88cdab6e0def4f60b81b4b875d6906641e13ddd9330531dc08d9481a8a23939732499e7677768c73ae3205b198fc9e606021df8dee67622cf5681d2cd974f4e21446fc7825efd91b7ca8c740b8228f449ae0b072414259390a5a87a2da93052be1a6420ea012a36b3699ba6053915bcfe33a7a17529e11bee78c44e12d424ed2afc69d4a2d2004fdabb0b78fe5f26a408ac3954373136f5bda73a7bb28f8bd5933680c493b39ed7869521c93efd7bd98f78b58", ['\x00']}, 0x802)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0xc26b, 0x7})
r2 = open(&(0x7f0000002000)='./bus\x00', 0x143142, 0x0)
write$binfmt_script(r2, &(0x7f0000000080)=ANY=[], 0x29)

[ 2305.382396][ T8596] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2305.414686][ T8596] CPU: 0 PID: 8596 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2305.424589][ T8596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2305.435308][ T8596] Call Trace:
[ 2305.438622][ T8596]  <TASK>
[ 2305.441603][ T8596]  dump_stack_lvl+0x136/0x150
[ 2305.446358][ T8596]  dump_header+0x10a/0xd70
[ 2305.450876][ T8596]  oom_kill_process+0x25d/0x600
[ 2305.455803][ T8596]  out_of_memory+0x35c/0x1650
[ 2305.460562][ T8596]  ? find_held_lock+0x2d/0x110
[ 2305.465401][ T8596]  ? oom_killer_disable+0x2b0/0x2b0
[ 2305.470675][ T8596]  ? rcu_read_unlock+0x9/0x60
[ 2305.475421][ T8596]  ? find_held_lock+0x2d/0x110
[ 2305.480248][ T8596]  mem_cgroup_out_of_memory+0x206/0x270
[ 2305.485846][ T8596]  ? mem_cgroup_margin+0x130/0x130
[ 2305.491009][ T8596]  ? lock_downgrade+0x690/0x690
[ 2305.495924][ T8596]  try_charge_memcg+0xf99/0x13a0
[ 2305.500917][ T8596]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2305.506956][ T8596]  ? lock_downgrade+0x690/0x690
[ 2305.511851][ T8596]  ? trace_lock_acquire+0x12d/0x180
[ 2305.517085][ T8596]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2305.522662][ T8596]  ? lock_acquire+0x32/0xc0
[ 2305.527224][ T8596]  charge_memcg+0x90/0x3b0
[ 2305.531684][ T8596]  __mem_cgroup_charge+0x2b/0x90
[ 2305.536654][ T8596]  ? copy_mc_to_kernel+0x3e/0x90
[ 2305.541634][ T8596]  do_wp_page+0x8ac/0x3510
[ 2305.546100][ T8596]  ? lock_sync+0x190/0x190
[ 2305.550547][ T8596]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2305.555960][ T8596]  ? rcu_is_watching+0x12/0xb0
[ 2305.560796][ T8596]  ? do_raw_spin_lock+0x124/0x2b0
[ 2305.565879][ T8596]  ? spin_bug+0x1c0/0x1c0
[ 2305.570255][ T8596]  ? lock_acquire+0x32/0xc0
[ 2305.574857][ T8596]  ? __handle_mm_fault+0x1334/0x4180
[ 2305.580202][ T8596]  __handle_mm_fault+0x1547/0x4180
[ 2305.585373][ T8596]  ? vm_iomap_memory+0x190/0x190
[ 2305.590380][ T8596]  handle_mm_fault+0x2c0/0x9c0
[ 2305.595197][ T8596]  do_user_addr_fault+0x2ed/0x1240
[ 2305.600344][ T8596]  ? rcu_is_watching+0x12/0xb0
[ 2305.605151][ T8596]  exc_page_fault+0x98/0x170
[ 2305.609814][ T8596]  asm_exc_page_fault+0x26/0x30
[ 2305.614698][ T8596] RIP: 0033:0x7f47dd2364bd
[ 2305.619135][ T8596] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2305.638770][ T8596] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2305.644865][ T8596] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000003d2
[ 2305.652856][ T8596] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2305.660847][ T8596] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2305.668866][ T8596] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
12:17:30 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x38, 0x2, 0x1, 0x201, 0x0, 0x0, {}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x38}}, 0x0)

[ 2305.676876][ T8596] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2305.684887][ T8596]  </TASK>
[ 2305.693242][ T8596] memory: usage 307200kB, limit 307200kB, failcnt 11676
[ 2305.712248][ T8596] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2305.733825][ T8596] Memory cgroup stats for /syz1:
[ 2305.734133][ T8596] anon 147456
[ 2305.734133][ T8596] file 312406016
[ 2305.734133][ T8596] kernel 2019328
[ 2305.734133][ T8596] kernel_stack 65536
[ 2305.734133][ T8596] pagetables 81920
[ 2305.734133][ T8596] sec_pagetables 0
[ 2305.734133][ T8596] percpu 4864
[ 2305.734133][ T8596] sock 0
[ 2305.734133][ T8596] vmalloc 0
[ 2305.734133][ T8596] shmem 312406016
[ 2305.734133][ T8596] zswap 0
[ 2305.734133][ T8596] zswapped 0
[ 2305.734133][ T8596] file_mapped 380928
12:17:30 executing program 3:
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)={[{@rodir}, {@iocharset={'iocharset', 0x3d, 'macroman'}}, {@fat=@codepage={'codepage', 0x3d, '861'}}, {@uni_xlateno}, {@numtail}, {@shortname_lower}, {@shortname_winnt}, {@iocharset={'iocharset', 0x3d, 'macgaelic'}}]}, 0x1, 0x216, &(0x7f0000000240)="$eJzs3TFrU10cBvB/3ubVUpB0EIoieMXFKbQV9xapIAYUJYNOFpuiNLFgIKBDq5NfQr+Cjq6Cg7j6BUSQKrjYrYMQqTc0piQ2Em9vsb/fkgfueXLOuUMuGXJy+1RjZWm1uby5uRHj44UozsVcbBViMv6LsUg9DgDgX7LVbse3dirvtQAA+8PzHwAOnyGf/9f2cUkAQMZG+f5fyGZJAEDGbty8dWW+Ulm4niTjEY2nrWqrmr6m1+eX417UoxbTUYrvEe0dab50ubIwnWz7PBnVxnqnv96qjvX2Z6IUk/37M0mqt/9/THT6HyaiFrNRiuP9+7N9+0fi3Nlf5i9HKd7fidWox1Jsd7v9tZkkuXi1sqt/9Oc4AAAAAAAAAAAAAAAAAAAAAADIQjnZ0ff8nnJ50PW0P/z5QLvP5ynGyWK+ewcAAAAAAAAAAAAAAAAAAICDovnw0cpivV578Ltw/92LN3uNGTIUOvOO+j6jh2NnPj0bPObJn9yfvxten87ztgwZ3m7cPXG+OXVh0Jgo5r3C3vC1FJHRFC8PxAb3DFPP5xZfrX38Mmwrxw8lAAAAAAAAAAAAAAAAAAA4pLo/+s17JQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQn+7//2cX8t4jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8CAAA//+vIKbc")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r0, &(0x7f0000000240)=""/4087, 0xff7)

[ 2305.734133][ T8596] file_dirty 0
[ 2305.734133][ T8596] file_writeback 0
[ 2305.734133][ T8596] swapcached 0
[ 2305.734133][ T8596] anon_thp 0
[ 2305.734133][ T8596] file_thp 0
[ 2305.734133][ T8596] shmem_thp 0
[ 2305.734133][ T8596] inactive_anon 62951424
[ 2305.734133][ T8596] active_anon 172032
[ 2305.734133][ T8596] inactive_file 0
[ 2305.734133][ T8596] active_file 0
[ 2305.734133][ T8596] unevictable 249430016
[ 2305.734133][ T8596] slab_reclaimable 964920
[ 2305.734133][ T8596] slab_unreclaimable 868808
[ 2305.734133][ T8596] slab 1833728
[ 2305.734133][ T8596] workingset_refault_anon 0
[ 2305.734133][ T8596] workingset_refault_file 0
[ 2305.734133][ T8596] workingset_activate_anon 0
[ 2305.734133][ T8596] workingset_activate_file 0
[ 2305.734133][ T8596] workingset_restore_anon 0
[ 2305.734133][ T8596] workingset_restore_file 0
[ 2305.734133][ T8596] workingset_nodereclaim 0
[ 2305.734133][ T8596] pgscan 49
[ 2305.734133][ T8596] pgsteal 49
[ 2305.734133][ T8596] pgscan_kswapd 0
[ 2305.734133][ T8596] pgscan_direct 49
[ 2305.734133][ T8596] pgscan_khugepaged 0
[ 2305.734133][ T8596] pgsteal_kswapd 0
[ 2305.734133][ T8596] pgsteal_direct 49
[ 2305.734133][ T8596] pgsteal_khugepaged 0
[ 2305.734133][ T8596] pgfault 1094758
[ 2305.734133][ T8596] pgmajfault 422
[ 2305.734133][ T8596] pgrefill 150
[ 2305.734133][ T8596] pgactivate 161
[ 2305.734133][ T8596] pgdeactivate 0
[ 2305.734133][ T8596] pglazyfree 0
[ 2305.734133][ T8596] pglazyfreed 0
[ 2305.734133][ T8596] zswpin 0
[ 2305.734133][ T8596] zswpout 0
[ 2305.899975][ T5556] usb 1-1: new high-speed USB device number 67 using dummy_hcd
12:17:30 executing program 3:
r0 = open$dir(&(0x7f0000000a80)='./file0\x00', 0x200, 0x0)
utimensat(r0, 0x0, 0x0, 0x0)

12:17:30 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x14, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)

[ 2305.948569][ T8596] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8596,uid=0
[ 2305.970412][ T8596] Memory cgroup out of memory: Killed process 8596 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:17:30 executing program 3:
r0 = socket$inet(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000080), 0x10)
connect$inet(r0, &(0x7f0000000000), 0x10)

12:17:30 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x0, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2306.175392][ T8627] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2306.186101][ T8627] CPU: 0 PID: 8627 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2306.195965][ T8627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2306.206070][ T8627] Call Trace:
[ 2306.209473][ T8627]  <TASK>
[ 2306.212445][ T8627]  dump_stack_lvl+0x136/0x150
[ 2306.217187][ T8627]  dump_header+0x10a/0xd70
[ 2306.221675][ T8627]  oom_kill_process+0x25d/0x600
[ 2306.226596][ T8627]  out_of_memory+0x35c/0x1650
[ 2306.231348][ T8627]  ? find_held_lock+0x2d/0x110
[ 2306.236173][ T8627]  ? oom_killer_disable+0x2b0/0x2b0
[ 2306.241446][ T8627]  ? rcu_read_unlock+0x9/0x60
[ 2306.246172][ T8627]  ? find_held_lock+0x2d/0x110
[ 2306.250996][ T8627]  mem_cgroup_out_of_memory+0x206/0x270
[ 2306.256596][ T8627]  ? mem_cgroup_margin+0x130/0x130
[ 2306.261794][ T8627]  ? lock_downgrade+0x690/0x690
[ 2306.266726][ T8627]  try_charge_memcg+0xf99/0x13a0
[ 2306.271741][ T8627]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2306.277792][ T8627]  ? lock_downgrade+0x690/0x690
[ 2306.282700][ T8627]  ? trace_lock_acquire+0x12d/0x180
[ 2306.287951][ T8627]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2306.293555][ T8627]  ? lock_acquire+0x32/0xc0
[ 2306.298126][ T8627]  charge_memcg+0x90/0x3b0
[ 2306.302612][ T8627]  __mem_cgroup_charge+0x2b/0x90
[ 2306.307615][ T8627]  ? copy_mc_to_kernel+0x3e/0x90
[ 2306.312617][ T8627]  do_wp_page+0x8ac/0x3510
[ 2306.317112][ T8627]  ? lock_sync+0x190/0x190
[ 2306.321599][ T8627]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2306.327038][ T8627]  ? rcu_is_watching+0x12/0xb0
[ 2306.331863][ T8627]  ? do_raw_spin_lock+0x124/0x2b0
[ 2306.336967][ T8627]  ? spin_bug+0x1c0/0x1c0
[ 2306.341354][ T8627]  ? lock_acquire+0x32/0xc0
[ 2306.345913][ T8627]  ? __handle_mm_fault+0x1334/0x4180
[ 2306.351305][ T8627]  __handle_mm_fault+0x1547/0x4180
[ 2306.356497][ T8627]  ? vm_iomap_memory+0x190/0x190
[ 2306.361540][ T8627]  handle_mm_fault+0x2c0/0x9c0
[ 2306.366470][ T8627]  do_user_addr_fault+0x2ed/0x1240
[ 2306.371728][ T8627]  ? rcu_is_watching+0x12/0xb0
[ 2306.376562][ T8627]  exc_page_fault+0x98/0x170
[ 2306.381261][ T8627]  asm_exc_page_fault+0x26/0x30
[ 2306.386169][ T8627] RIP: 0033:0x7f47dd2364bd
[ 2306.390633][ T8627] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2306.410323][ T8627] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2306.416453][ T8627] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000003d2
[ 2306.424470][ T8627] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2306.432486][ T8627] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2306.440511][ T8627] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2306.448535][ T8627] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2306.456596][ T8627]  </TASK>
[ 2306.470692][ T8627] memory: usage 307200kB, limit 307200kB, failcnt 11752
[ 2306.477905][ T8627] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2306.485927][ T8627] Memory cgroup stats for /syz1:
[ 2306.486299][ T8627] anon 147456
[ 2306.486299][ T8627] file 312406016
[ 2306.486299][ T8627] kernel 2019328
[ 2306.486299][ T8627] kernel_stack 65536
[ 2306.486299][ T8627] pagetables 81920
[ 2306.486299][ T8627] sec_pagetables 0
[ 2306.486299][ T8627] percpu 4864
[ 2306.486299][ T8627] sock 0
[ 2306.486299][ T8627] vmalloc 0
[ 2306.486299][ T8627] shmem 312406016
[ 2306.486299][ T8627] zswap 0
[ 2306.486299][ T8627] zswapped 0
[ 2306.486299][ T8627] file_mapped 380928
[ 2306.486299][ T8627] file_dirty 0
[ 2306.486299][ T8627] file_writeback 0
[ 2306.486299][ T8627] swapcached 0
[ 2306.486299][ T8627] anon_thp 0
[ 2306.486299][ T8627] file_thp 0
[ 2306.486299][ T8627] shmem_thp 0
[ 2306.486299][ T8627] inactive_anon 62951424
[ 2306.486299][ T8627] active_anon 172032
[ 2306.486299][ T8627] inactive_file 0
[ 2306.486299][ T8627] active_file 0
[ 2306.486299][ T8627] unevictable 249430016
[ 2306.486299][ T8627] slab_reclaimable 964920
[ 2306.486299][ T8627] slab_unreclaimable 868808
[ 2306.486299][ T8627] slab 1833728
[ 2306.486299][ T8627] workingset_refault_anon 0
[ 2306.486299][ T8627] workingset_refault_file 0
[ 2306.486299][ T8627] workingset_activate_anon 0
[ 2306.486299][ T8627] workingset_activate_file 0
[ 2306.486299][ T8627] workingset_restore_anon 0
[ 2306.486299][ T8627] workingset_restore_file 0
[ 2306.486299][ T8627] workingset_nodereclaim 0
[ 2306.486299][ T8627] pgscan 49
[ 2306.486299][ T8627] pgsteal 49
[ 2306.486299][ T8627] pgscan_kswapd 0
[ 2306.486299][ T8627] pgscan_direct 49
[ 2306.486299][ T8627] pgscan_khugepaged 0
[ 2306.486299][ T8627] pgsteal_kswapd 0
[ 2306.486299][ T8627] pgsteal_direct 49
[ 2306.486299][ T8627] pgsteal_khugepaged 0
[ 2306.486299][ T8627] pgfault 1094818
[ 2306.486299][ T8627] pgmajfault 422
[ 2306.486299][ T8627] pgrefill 150
[ 2306.486299][ T8627] pgactivate 161
[ 2306.486299][ T8627] pgdeactivate 0
[ 2306.486299][ T8627] pglazyfree 0
[ 2306.486299][ T8627] pglazyfreed 0
[ 2306.486299][ T8627] zswpin 0
[ 2306.486299][ T8627] zswpout 0
[ 2306.673363][ T5556] usb 1-1: Using ep0 maxpacket: 16
[ 2306.689644][ T8627] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8627,uid=0
[ 2306.705959][ T8627] Memory cgroup out of memory: Killed process 8627 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2306.812496][ T5556] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 2306.872656][ T5556] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2307.001639][   T27] audit: type=1800 audit(1680178651.799:1123): pid=8615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1163 res=0 errno=0
[ 2307.032672][ T5556] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2307.041918][ T5556] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2307.051063][ T5556] usb 1-1: Product: syz
[ 2307.055699][ T5556] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2307.073874][ T5556] usb 1-1: SerialNumber: syz
[ 2307.349688][ T5556] usb 1-1: USB disconnect, device number 67
12:17:32 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x14, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)

12:17:32 executing program 3:
r0 = socket$unix(0x1, 0x5, 0x0)
getsockopt$sock_cred(r0, 0xffff, 0x11, 0x0, 0x0)
pipe2(&(0x7f00000001c0), 0x0)

12:17:32 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x0, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:32 executing program 4:
connect$unix(0xffffffffffffff9c, 0x0, 0x0)

12:17:32 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, "", {{{0x9, 0x5, 0x1, 0x2, 0x0, 0x0, 0x6}}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:32 executing program 2:
faccessat(0xffffffffffffffff, &(0x7f0000000a00)='./file0/file0\x00', 0x0)

12:17:32 executing program 2:
open$dir(&(0x7f0000000a80)='./file0\x00', 0x200, 0x0)
open$dir(&(0x7f0000000a80)='./file0\x00', 0x200, 0x0)

12:17:32 executing program 3:
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0)
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0)

12:17:32 executing program 4:
r0 = msgget(0x3, 0x0)
msgsnd(r0, &(0x7f0000000640), 0x8, 0x0)
msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000180)=""/150)

12:17:32 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x14, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)

[ 2307.985967][ T8629] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2308.010673][ T8629] CPU: 1 PID: 8629 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2308.020565][ T8629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2308.030664][ T8629] Call Trace:
12:17:32 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001580)={&(0x7f0000001400)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x2, [@func_proto={0x0, 0x1, 0x0, 0xd, 0x0, [{0x0, 0x4}]}]}}, &(0x7f0000001480)=""/198, 0x2e, 0xc6, 0x1}, 0x20)

12:17:32 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'pimreg\x00', 0x2})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f00000024c0)={0x1, &(0x7f0000002480)=[{0x5}]})

12:17:32 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}]}]}, 0x2c}}, 0x0)

[ 2308.034003][ T8629]  <TASK>
[ 2308.036995][ T8629]  dump_stack_lvl+0x136/0x150
[ 2308.041750][ T8629]  dump_header+0x10a/0xd70
[ 2308.046253][ T8629]  oom_kill_process+0x25d/0x600
[ 2308.051184][ T8629]  out_of_memory+0x35c/0x1650
[ 2308.055940][ T8629]  ? find_held_lock+0x2d/0x110
[ 2308.060853][ T8629]  ? oom_killer_disable+0x2b0/0x2b0
[ 2308.066219][ T8629]  ? rcu_read_unlock+0x9/0x60
[ 2308.070956][ T8629]  ? find_held_lock+0x2d/0x110
[ 2308.075814][ T8629]  mem_cgroup_out_of_memory+0x206/0x270
[ 2308.081431][ T8629]  ? mem_cgroup_margin+0x130/0x130
12:17:32 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001f80)={0x18, 0x4, &(0x7f00000003c0)=@framed={{}, [@alu={0x4, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffff6}]}, &(0x7f0000001900)='GPL\x00', 0x1, 0xc0, &(0x7f0000001ac0)=""/192, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[ 2308.086615][ T8629]  ? lock_downgrade+0x690/0x690
[ 2308.091556][ T8629]  try_charge_memcg+0xf99/0x13a0
[ 2308.096584][ T8629]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2308.102655][ T8629]  ? lock_downgrade+0x690/0x690
[ 2308.107578][ T8629]  ? trace_lock_acquire+0x12d/0x180
[ 2308.112849][ T8629]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2308.118467][ T8629]  ? lock_acquire+0x32/0xc0
[ 2308.123056][ T8629]  charge_memcg+0x90/0x3b0
[ 2308.127630][ T8629]  __mem_cgroup_charge+0x2b/0x90
[ 2308.132648][ T8629]  do_wp_page+0x8ac/0x3510
[ 2308.137170][ T8629]  ? lock_sync+0x190/0x190
[ 2308.141656][ T8629]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2308.147102][ T8629]  ? rcu_is_watching+0x12/0xb0
[ 2308.151951][ T8629]  ? do_raw_spin_lock+0x124/0x2b0
[ 2308.157088][ T8629]  ? spin_bug+0x1c0/0x1c0
[ 2308.161491][ T8629]  ? lock_acquire+0x32/0xc0
[ 2308.166056][ T8629]  ? __handle_mm_fault+0x1334/0x4180
[ 2308.171429][ T8629]  __handle_mm_fault+0x1547/0x4180
[ 2308.176628][ T8629]  ? vm_iomap_memory+0x190/0x190
[ 2308.181667][ T8629]  handle_mm_fault+0x2c0/0x9c0
[ 2308.186521][ T8629]  do_user_addr_fault+0x2ed/0x1240
[ 2308.191696][ T8629]  ? rcu_is_watching+0x12/0xb0
[ 2308.196559][ T8629]  exc_page_fault+0x98/0x170
[ 2308.201231][ T8629]  asm_exc_page_fault+0x26/0x30
[ 2308.206139][ T8629] RIP: 0033:0x7f47dd2395a0
[ 2308.210605][ T8629] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2308.230531][ T8629] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2308.236656][ T8629] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2308.244687][ T8629] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2308.252703][ T8629] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2308.260784][ T8629] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2308.268802][ T8629] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2308.276921][ T8629]  ? build_open_flags+0x76/0x720
[ 2308.281907][ T8629]  </TASK>
[ 2308.305858][ T8629] memory: usage 307192kB, limit 307200kB, failcnt 11809
[ 2308.313363][ T8629] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2308.320373][ T8629] Memory cgroup stats for /syz1:
[ 2308.320647][ T8629] anon 131072
[ 2308.320647][ T8629] file 312406016
[ 2308.320647][ T8629] kernel 2019328
[ 2308.320647][ T8629] kernel_stack 65536
[ 2308.320647][ T8629] pagetables 81920
[ 2308.320647][ T8629] sec_pagetables 0
[ 2308.320647][ T8629] percpu 4864
[ 2308.320647][ T8629] sock 0
[ 2308.320647][ T8629] vmalloc 0
[ 2308.320647][ T8629] shmem 312406016
[ 2308.320647][ T8629] zswap 0
[ 2308.320647][ T8629] zswapped 0
[ 2308.320647][ T8629] file_mapped 380928
[ 2308.320647][ T8629] file_dirty 0
[ 2308.320647][ T8629] file_writeback 0
[ 2308.320647][ T8629] swapcached 0
[ 2308.320647][ T8629] anon_thp 0
[ 2308.320647][ T8629] file_thp 0
[ 2308.320647][ T8629] shmem_thp 0
[ 2308.320647][ T8629] inactive_anon 62951424
[ 2308.320647][ T8629] active_anon 155648
[ 2308.320647][ T8629] inactive_file 0
[ 2308.320647][ T8629] active_file 0
[ 2308.320647][ T8629] unevictable 249430016
[ 2308.320647][ T8629] slab_reclaimable 964920
[ 2308.320647][ T8629] slab_unreclaimable 868808
[ 2308.320647][ T8629] slab 1833728
[ 2308.320647][ T8629] workingset_refault_anon 0
[ 2308.320647][ T8629] workingset_refault_file 0
[ 2308.320647][ T8629] workingset_activate_anon 0
[ 2308.320647][ T8629] workingset_activate_file 0
[ 2308.320647][ T8629] workingset_restore_anon 0
[ 2308.320647][ T8629] workingset_restore_file 0
[ 2308.320647][ T8629] workingset_nodereclaim 0
[ 2308.320647][ T8629] pgscan 49
[ 2308.320647][ T8629] pgsteal 49
[ 2308.320647][ T8629] pgscan_kswapd 0
[ 2308.320647][ T8629] pgscan_direct 49
[ 2308.320647][ T8629] pgscan_khugepaged 0
[ 2308.320647][ T8629] pgsteal_kswapd 0
[ 2308.320647][ T8629] pgsteal_direct 49
[ 2308.320647][ T8629] pgsteal_khugepaged 0
[ 2308.320647][ T8629] pgfault 1094873
[ 2308.320647][ T8629] pgmajfault 422
[ 2308.320647][ T8629] pgrefill 150
[ 2308.320647][ T8629] pgactivate 161
[ 2308.320647][ T8629] pgdeactivate 0
[ 2308.320647][ T8629] pglazyfree 0
[ 2308.320647][ T8629] pglazyfreed 0
[ 2308.320647][ T8629] zswpin 0
[ 2308.320647][ T8629] zswpout 0
12:17:33 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x0, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:33 executing program 4:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz0\x00', 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000080), 0x1)

[ 2308.517416][ T8629] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8629,uid=0
[ 2308.534567][ T8629] Memory cgroup out of memory: Killed process 8629 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2308.592493][T27899] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 2308.637328][ T8659] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2308.655257][ T8659] CPU: 0 PID: 8659 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2308.665119][ T8659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2308.675188][ T8659] Call Trace:
[ 2308.678490][ T8659]  <TASK>
[ 2308.681427][ T8659]  dump_stack_lvl+0x136/0x150
[ 2308.686172][ T8659]  dump_header+0x10a/0xd70
[ 2308.690657][ T8659]  oom_kill_process+0x25d/0x600
[ 2308.695539][ T8659]  out_of_memory+0x35c/0x1650
[ 2308.700247][ T8659]  ? find_held_lock+0x2d/0x110
[ 2308.705033][ T8659]  ? oom_killer_disable+0x2b0/0x2b0
[ 2308.710262][ T8659]  ? rcu_read_unlock+0x9/0x60
[ 2308.714973][ T8659]  ? find_held_lock+0x2d/0x110
[ 2308.719779][ T8659]  mem_cgroup_out_of_memory+0x206/0x270
[ 2308.725351][ T8659]  ? mem_cgroup_margin+0x130/0x130
[ 2308.730694][ T8659]  ? lock_downgrade+0x690/0x690
[ 2308.735581][ T8659]  try_charge_memcg+0xf99/0x13a0
[ 2308.740559][ T8659]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2308.746571][ T8659]  ? lock_downgrade+0x690/0x690
[ 2308.751451][ T8659]  ? trace_lock_acquire+0x12d/0x180
[ 2308.756760][ T8659]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2308.762338][ T8659]  ? lock_acquire+0x32/0xc0
[ 2308.766912][ T8659]  charge_memcg+0x90/0x3b0
[ 2308.771384][ T8659]  __mem_cgroup_charge+0x2b/0x90
[ 2308.776349][ T8659]  do_wp_page+0x8ac/0x3510
[ 2308.780797][ T8659]  ? lock_sync+0x190/0x190
[ 2308.785233][ T8659]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2308.790644][ T8659]  ? rcu_is_watching+0x12/0xb0
[ 2308.795442][ T8659]  ? do_raw_spin_lock+0x124/0x2b0
[ 2308.800491][ T8659]  ? spin_bug+0x1c0/0x1c0
[ 2308.804844][ T8659]  ? lock_acquire+0x32/0xc0
[ 2308.809373][ T8659]  ? __handle_mm_fault+0x1334/0x4180
[ 2308.814714][ T8659]  __handle_mm_fault+0x1547/0x4180
[ 2308.819890][ T8659]  ? vm_iomap_memory+0x190/0x190
[ 2308.824894][ T8659]  handle_mm_fault+0x2c0/0x9c0
[ 2308.829695][ T8659]  do_user_addr_fault+0x2ed/0x1240
[ 2308.834839][ T8659]  ? rcu_is_watching+0x12/0xb0
[ 2308.839639][ T8659]  exc_page_fault+0x98/0x170
[ 2308.844261][ T8659]  asm_exc_page_fault+0x26/0x30
[ 2308.849131][ T8659] RIP: 0033:0x7f47dd2395a0
[ 2308.853561][ T8659] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2308.873209][ T8659] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2308.879289][ T8659] RAX: 00000000672f47ab RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2308.887270][ T8659] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fe32a
[ 2308.895259][ T8659] RBP: 00000000672f47ab R08: 00000000000007ab R09: 00000000672f47af
[ 2308.903245][ T8659] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2308.911238][ T8659] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff81e3d3ad
[ 2308.919235][ T8659]  ? build_open_flags+0x1d/0x720
[ 2308.924246][ T8659]  </TASK>
[ 2308.933517][ T8659] memory: usage 307200kB, limit 307200kB, failcnt 11919
[ 2308.940506][ T8659] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2308.948083][T27899] usb 1-1: Using ep0 maxpacket: 16
[ 2308.953668][ T8659] Memory cgroup stats for /syz1:
[ 2308.953954][ T8659] anon 126976
[ 2308.953954][ T8659] file 312406016
[ 2308.953954][ T8659] kernel 2019328
[ 2308.953954][ T8659] kernel_stack 65536
[ 2308.953954][ T8659] pagetables 81920
[ 2308.953954][ T8659] sec_pagetables 0
[ 2308.953954][ T8659] percpu 4864
[ 2308.953954][ T8659] sock 0
[ 2308.953954][ T8659] vmalloc 0
[ 2308.953954][ T8659] shmem 312406016
[ 2308.953954][ T8659] zswap 0
[ 2308.953954][ T8659] zswapped 0
[ 2308.953954][ T8659] file_mapped 380928
[ 2308.953954][ T8659] file_dirty 0
[ 2308.953954][ T8659] file_writeback 0
[ 2308.953954][ T8659] swapcached 0
[ 2308.953954][ T8659] anon_thp 0
[ 2308.953954][ T8659] file_thp 0
[ 2308.953954][ T8659] shmem_thp 0
[ 2308.953954][ T8659] inactive_anon 62951424
[ 2308.953954][ T8659] active_anon 151552
[ 2308.953954][ T8659] inactive_file 0
[ 2308.953954][ T8659] active_file 0
[ 2308.953954][ T8659] unevictable 249430016
[ 2308.953954][ T8659] slab_reclaimable 964920
[ 2308.953954][ T8659] slab_unreclaimable 871488
[ 2308.953954][ T8659] slab 1836408
[ 2308.953954][ T8659] workingset_refault_anon 0
[ 2308.953954][ T8659] workingset_refault_file 0
[ 2308.953954][ T8659] workingset_activate_anon 0
[ 2308.953954][ T8659] workingset_activate_file 0
[ 2308.953954][ T8659] workingset_restore_anon 0
[ 2308.953954][ T8659] workingset_restore_file 0
[ 2308.953954][ T8659] workingset_nodereclaim 0
[ 2308.953954][ T8659] pgscan 49
[ 2308.953954][ T8659] pgsteal 49
[ 2308.953954][ T8659] pgscan_kswapd 0
[ 2308.953954][ T8659] pgscan_direct 49
[ 2308.953954][ T8659] pgscan_khugepaged 0
[ 2308.953954][ T8659] pgsteal_kswapd 0
[ 2308.953954][ T8659] pgsteal_direct 49
[ 2308.953954][ T8659] pgsteal_khugepaged 0
[ 2308.953954][ T8659] pgfault 1094924
[ 2308.953954][ T8659] pgmajfault 422
[ 2308.953954][ T8659] pgrefill 150
[ 2308.953954][ T8659] pgactivate 161
[ 2308.953954][ T8659] pgdeactivate 0
[ 2308.953954][ T8659] pglazyfree 0
[ 2308.953954][ T8659] pglazyfreed 0
[ 2308.953954][ T8659] zswpin 0
[ 2308.953954][ T8659] zswpout 0
[ 2309.143680][ T8659] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8659,uid=0
[ 2309.161733][ T8659] Memory cgroup out of memory: Killed process 8659 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2309.252437][T27899] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 2309.302325][T27899] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2309.422306][T27899] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2309.431488][T27899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2309.439919][T27899] usb 1-1: Product: syz
[ 2309.444395][T27899] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2309.451426][T27899] usb 1-1: SerialNumber: syz
[ 2309.716218][T27624] usb 1-1: USB disconnect, device number 68
12:17:35 executing program 0:
syz_usb_connect$printer(0x0, 0x36, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, "", {{}, [{}]}}}]}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:35 executing program 2:
r0 = socket$inet(0x2, 0x3, 0x0)
setsockopt$sock_int(r0, 0xffff, 0x800, 0x0, 0x0)

12:17:35 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}]}]}, 0x2c}}, 0x0)

12:17:35 executing program 3:
r0 = msgget(0x3, 0x0)
msgsnd(r0, 0x0, 0x0, 0x0)
r1 = msgget(0x3, 0x0)
msgsnd(r1, 0x0, 0x0, 0x800)

12:17:35 executing program 4:
syz_emit_ethernet(0x3e, &(0x7f00000000c0)={@local, @broadcast, @val, {@ipv6}}, 0x0)

12:17:35 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r6 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:35 executing program 3:
r0 = socket$inet(0x2, 0x3, 0x0)
fcntl$lock(r0, 0xb, 0x0)

12:17:35 executing program 4:
r0 = socket$inet(0x2, 0x3, 0x0)
getsockopt$sock_int(r0, 0xffff, 0x20, 0x0, 0x0)

12:17:35 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x2c, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x18, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @private}}}]}]}, 0x2c}}, 0x0)

[ 2310.373347][ T8663] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2310.410509][ T8663] CPU: 0 PID: 8663 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2310.420417][ T8663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2310.430512][ T8663] Call Trace:
[ 2310.433826][ T8663]  <TASK>
[ 2310.436813][ T8663]  dump_stack_lvl+0x136/0x150
[ 2310.441573][ T8663]  dump_header+0x10a/0xd70
[ 2310.446066][ T8663]  oom_kill_process+0x25d/0x600
[ 2310.450976][ T8663]  out_of_memory+0x35c/0x1650
[ 2310.455737][ T8663]  ? find_held_lock+0x2d/0x110
[ 2310.460555][ T8663]  ? oom_killer_disable+0x2b0/0x2b0
[ 2310.465835][ T8663]  ? rcu_read_unlock+0x9/0x60
[ 2310.470563][ T8663]  ? find_held_lock+0x2d/0x110
[ 2310.475400][ T8663]  mem_cgroup_out_of_memory+0x206/0x270
[ 2310.481013][ T8663]  ? mem_cgroup_margin+0x130/0x130
[ 2310.486188][ T8663]  ? lock_downgrade+0x690/0x690
[ 2310.491136][ T8663]  try_charge_memcg+0xf99/0x13a0
[ 2310.496160][ T8663]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2310.502239][ T8663]  ? lock_downgrade+0x690/0x690
[ 2310.507144][ T8663]  ? trace_lock_acquire+0x12d/0x180
[ 2310.512382][ T8663]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2310.518021][ T8663]  ? lock_acquire+0x32/0xc0
[ 2310.522571][ T8663]  charge_memcg+0x90/0x3b0
[ 2310.527042][ T8663]  __mem_cgroup_charge+0x2b/0x90
[ 2310.532040][ T8663]  do_wp_page+0x8ac/0x3510
[ 2310.536518][ T8663]  ? lock_sync+0x190/0x190
[ 2310.540986][ T8663]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2310.546407][ T8663]  ? rcu_is_watching+0x12/0xb0
[ 2310.551221][ T8663]  ? do_raw_spin_lock+0x124/0x2b0
[ 2310.556284][ T8663]  ? spin_bug+0x1c0/0x1c0
[ 2310.560654][ T8663]  ? lock_acquire+0x32/0xc0
[ 2310.565202][ T8663]  ? __handle_mm_fault+0x1334/0x4180
[ 2310.570569][ T8663]  __handle_mm_fault+0x1547/0x4180
[ 2310.575756][ T8663]  ? vm_iomap_memory+0x190/0x190
[ 2310.580773][ T8663]  handle_mm_fault+0x2c0/0x9c0
[ 2310.585622][ T8663]  do_user_addr_fault+0x2ed/0x1240
[ 2310.590788][ T8663]  ? rcu_is_watching+0x12/0xb0
[ 2310.595598][ T8663]  exc_page_fault+0x98/0x170
[ 2310.600272][ T8663]  asm_exc_page_fault+0x26/0x30
[ 2310.605166][ T8663] RIP: 0033:0x7f47dd2395a0
[ 2310.609695][ T8663] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2310.629333][ T8663] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2310.635426][ T8663] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2310.643424][ T8663] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2310.651414][ T8663] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2310.659411][ T8663] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
12:17:35 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x24}}, 0x0)

[ 2310.667402][ T8663] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2310.675395][ T8663]  ? build_open_flags+0x76/0x720
[ 2310.680384][ T8663]  </TASK>
[ 2310.687669][ T8663] memory: usage 307200kB, limit 307200kB, failcnt 11994
[ 2310.718442][ T8663] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2310.737175][ T8663] Memory cgroup stats for /syz1:
[ 2310.737485][ T8663] anon 131072
[ 2310.737485][ T8663] file 312406016
[ 2310.737485][ T8663] kernel 2019328
[ 2310.737485][ T8663] kernel_stack 65536
[ 2310.737485][ T8663] pagetables 81920
[ 2310.737485][ T8663] sec_pagetables 0
[ 2310.737485][ T8663] percpu 4864
[ 2310.737485][ T8663] sock 0
[ 2310.737485][ T8663] vmalloc 0
[ 2310.737485][ T8663] shmem 312406016
[ 2310.737485][ T8663] zswap 0
[ 2310.737485][ T8663] zswapped 0
[ 2310.737485][ T8663] file_mapped 380928
[ 2310.737485][ T8663] file_dirty 0
[ 2310.737485][ T8663] file_writeback 0
[ 2310.737485][ T8663] swapcached 0
[ 2310.737485][ T8663] anon_thp 0
[ 2310.737485][ T8663] file_thp 0
[ 2310.737485][ T8663] shmem_thp 0
[ 2310.737485][ T8663] inactive_anon 62951424
[ 2310.737485][ T8663] active_anon 155648
[ 2310.737485][ T8663] inactive_file 0
[ 2310.737485][ T8663] active_file 0
[ 2310.737485][ T8663] unevictable 249430016
[ 2310.737485][ T8663] slab_reclaimable 964920
[ 2310.737485][ T8663] slab_unreclaimable 868808
[ 2310.737485][ T8663] slab 1833728
[ 2310.737485][ T8663] workingset_refault_anon 0
[ 2310.737485][ T8663] workingset_refault_file 0
[ 2310.737485][ T8663] workingset_activate_anon 0
[ 2310.737485][ T8663] workingset_activate_file 0
[ 2310.737485][ T8663] workingset_restore_anon 0
[ 2310.737485][ T8663] workingset_restore_file 0
[ 2310.737485][ T8663] workingset_nodereclaim 0
[ 2310.737485][ T8663] pgscan 49
[ 2310.737485][ T8663] pgsteal 49
[ 2310.737485][ T8663] pgscan_kswapd 0
[ 2310.737485][ T8663] pgscan_direct 49
[ 2310.737485][ T8663] pgscan_khugepaged 0
[ 2310.737485][ T8663] pgsteal_kswapd 0
[ 2310.737485][ T8663] pgsteal_direct 49
[ 2310.737485][ T8663] pgsteal_khugepaged 0
[ 2310.737485][ T8663] pgfault 1094977
[ 2310.737485][ T8663] pgmajfault 422
[ 2310.737485][ T8663] pgrefill 150
[ 2310.737485][ T8663] pgactivate 161
[ 2310.737485][ T8663] pgdeactivate 0
[ 2310.737485][ T8663] pglazyfree 0
[ 2310.737485][ T8663] pglazyfreed 0
[ 2310.737485][ T8663] zswpin 0
12:17:35 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x24}}, 0x0)

[ 2310.737485][ T8663] zswpout 0
[ 2310.928408][T27902] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 2310.943100][ T8663] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8663,uid=0
12:17:35 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x24, 0x2, 0x1, 0x201, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x24}}, 0x0)

[ 2310.959312][ T8663] Memory cgroup out of memory: Killed process 8663 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2311.222250][T27902] usb 1-1: Using ep0 maxpacket: 16
[ 2311.352269][T27902] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 2311.402408][T27902] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2311.542341][T27902] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2311.553762][T27902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2311.561915][T27902] usb 1-1: Product: syz
[ 2311.566438][T27902] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2311.573727][T27902] usb 1-1: SerialNumber: syz
[ 2311.831962][T27902] usb 1-1: USB disconnect, device number 69
12:17:37 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x1f, &(0x7f0000000800)={0x5, 0xf, 0x1f, 0x2, [@generic={0x17, 0x10, 0xa, "533ef87fdb79825caf4c8ade6afe1b8d1060a2a5"}, @generic={0x3, 0x10, 0xa}]}, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:37 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r6 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:37 executing program 2:
r0 = socket$inet(0x2, 0x3, 0x0)
getsockopt$sock_int(r0, 0xffff, 0x10, &(0x7f0000000140), &(0x7f0000000180)=0xfffffffffffffe9e)

12:17:37 executing program 4:
recvmsg$unix(0xffffffffffffffff, &(0x7f0000001c00)={&(0x7f0000000640)=@abs, 0x6e, &(0x7f0000001b00)=[{0xfffffffffffffffd}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x7}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x9, 0x1e, 0x101, 0xf55, 0x0, 0xffffffffffffffff, 0xc56b, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x4}, 0x48)

12:17:37 executing program 3:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0x1, &(0x7f0000000000)=@raw=[@func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}], &(0x7f0000000040)='GPL\x00', 0x6, 0x8e, &(0x7f0000000080)=""/142, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

12:17:37 executing program 5:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x1, &(0x7f00000000c0)=@raw=[@jmp={0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffc0}], &(0x7f0000000140)='syzkaller\x00', 0x4, 0x9d, &(0x7f0000000180)=""/157, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

12:17:37 executing program 5:
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000280)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10, 0x10, 0x2, [@int={0x0, 0x0, 0x0, 0x1, 0x0, 0x7f}]}}, &(0x7f00000002c0)=""/208, 0x2a, 0xd0, 0x1}, 0x20)

12:17:37 executing program 3:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x5f5e0ff, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000280)=""/183, 0x1a, 0xb7, 0x1}, 0x20)

12:17:37 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000340)={&(0x7f00000001c0)={{0xeb9f, 0x9, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, &(0x7f0000000280)=""/183, 0x1a, 0xb7, 0x1}, 0x20)

12:17:37 executing program 5:
syz_usb_connect$cdc_ncm(0x0, 0x75, &(0x7f0000001200)={{0x12, 0x1, 0x310, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x63, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}, [@dmm={0x7}]}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}}}}]}}, &(0x7f0000001380)={0x0, 0x0, 0x12, &(0x7f00000012c0)={0x5, 0xf, 0x12, 0x2, [@generic={0x3, 0x10, 0x6}, @ss_cap={0xa}]}})

12:17:37 executing program 3:
syz_usb_connect(0x0, 0x24, &(0x7f00000016c0)={{0x12, 0x1, 0x0, 0x66, 0xe4, 0xd6, 0x40, 0x19d2, 0xffbc, 0x3828, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0xff}}]}}]}}, 0x0)

[ 2312.533772][ T8695] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2312.589614][ T8695] CPU: 0 PID: 8695 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2312.599502][ T8695] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2312.609602][ T8695] Call Trace:
[ 2312.612917][ T8695]  <TASK>
[ 2312.615883][ T8695]  dump_stack_lvl+0x136/0x150
[ 2312.620658][ T8695]  dump_header+0x10a/0xd70
[ 2312.625168][ T8695]  oom_kill_process+0x25d/0x600
[ 2312.630097][ T8695]  out_of_memory+0x35c/0x1650
[ 2312.634861][ T8695]  ? find_held_lock+0x2d/0x110
[ 2312.639683][ T8695]  ? oom_killer_disable+0x2b0/0x2b0
[ 2312.644960][ T8695]  ? rcu_read_unlock+0x9/0x60
[ 2312.649687][ T8695]  ? find_held_lock+0x2d/0x110
[ 2312.654537][ T8695]  mem_cgroup_out_of_memory+0x206/0x270
[ 2312.660146][ T8695]  ? mem_cgroup_margin+0x130/0x130
[ 2312.665321][ T8695]  ? lock_downgrade+0x690/0x690
[ 2312.670262][ T8695]  try_charge_memcg+0xf99/0x13a0
[ 2312.675272][ T8695]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2312.681304][ T8695]  ? lock_downgrade+0x690/0x690
[ 2312.686188][ T8695]  ? trace_lock_acquire+0x12d/0x180
[ 2312.691424][ T8695]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2312.697038][ T8695]  ? lock_acquire+0x32/0xc0
[ 2312.701597][ T8695]  charge_memcg+0x90/0x3b0
[ 2312.706057][ T8695]  __mem_cgroup_charge+0x2b/0x90
[ 2312.711033][ T8695]  ? copy_mc_to_kernel+0x3e/0x90
[ 2312.716021][ T8695]  do_wp_page+0x8ac/0x3510
[ 2312.720475][ T8695]  ? lock_sync+0x190/0x190
[ 2312.724917][ T8695]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2312.730390][ T8695]  ? rcu_is_watching+0x12/0xb0
[ 2312.735209][ T8695]  ? do_raw_spin_lock+0x124/0x2b0
[ 2312.740289][ T8695]  ? spin_bug+0x1c0/0x1c0
[ 2312.742484][T27902] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 2312.744639][ T8695]  ? lock_acquire+0x32/0xc0
[ 2312.744685][ T8695]  ? __handle_mm_fault+0x1334/0x4180
[ 2312.762093][ T8695]  __handle_mm_fault+0x1547/0x4180
[ 2312.767291][ T8695]  ? vm_iomap_memory+0x190/0x190
[ 2312.772336][ T8695]  handle_mm_fault+0x2c0/0x9c0
[ 2312.777145][ T8695]  do_user_addr_fault+0x2ed/0x1240
[ 2312.782298][ T8695]  ? rcu_is_watching+0x12/0xb0
[ 2312.787140][ T8695]  exc_page_fault+0x98/0x170
[ 2312.791784][ T8695]  asm_exc_page_fault+0x26/0x30
[ 2312.796697][ T8695] RIP: 0033:0x7f47dd2364bd
[ 2312.801164][ T8695] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2312.820879][ T8695] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2312.826974][ T8695] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 0000000000000622
12:17:37 executing program 4:
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x3c, &(0x7f00000000c0)=ANY=[@ANYBLOB="060200352f"])

[ 2312.834982][ T8695] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2312.843157][ T8695] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2312.851173][ T8695] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2312.859193][ T8695] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2312.867219][ T8695]  </TASK>
[ 2312.877833][ T8695] memory: usage 307200kB, limit 307200kB, failcnt 12059
[ 2312.893808][ T8695] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2312.901053][ T8695] Memory cgroup stats for /syz1:
[ 2312.901328][ T8695] anon 147456
[ 2312.901328][ T8695] file 312406016
[ 2312.901328][ T8695] kernel 2019328
[ 2312.901328][ T8695] kernel_stack 65536
[ 2312.901328][ T8695] pagetables 81920
[ 2312.901328][ T8695] sec_pagetables 0
[ 2312.901328][ T8695] percpu 4864
[ 2312.901328][ T8695] sock 0
[ 2312.901328][ T8695] vmalloc 0
[ 2312.901328][ T8695] shmem 312406016
[ 2312.901328][ T8695] zswap 0
[ 2312.901328][ T8695] zswapped 0
[ 2312.901328][ T8695] file_mapped 380928
[ 2312.901328][ T8695] file_dirty 0
[ 2312.901328][ T8695] file_writeback 0
[ 2312.901328][ T8695] swapcached 0
[ 2312.901328][ T8695] anon_thp 0
[ 2312.901328][ T8695] file_thp 0
[ 2312.901328][ T8695] shmem_thp 0
[ 2312.901328][ T8695] inactive_anon 62951424
[ 2312.901328][ T8695] active_anon 172032
[ 2312.901328][ T8695] inactive_file 0
[ 2312.901328][ T8695] active_file 0
[ 2312.901328][ T8695] unevictable 249430016
[ 2312.901328][ T8695] slab_reclaimable 964920
[ 2312.901328][ T8695] slab_unreclaimable 868808
[ 2312.901328][ T8695] slab 1833728
[ 2312.901328][ T8695] workingset_refault_anon 0
[ 2312.901328][ T8695] workingset_refault_file 0
[ 2312.901328][ T8695] workingset_activate_anon 0
[ 2312.901328][ T8695] workingset_activate_file 0
[ 2312.901328][ T8695] workingset_restore_anon 0
[ 2312.901328][ T8695] workingset_restore_file 0
[ 2312.901328][ T8695] workingset_nodereclaim 0
[ 2312.901328][ T8695] pgscan 49
[ 2312.901328][ T8695] pgsteal 49
[ 2312.901328][ T8695] pgscan_kswapd 0
[ 2312.901328][ T8695] pgscan_direct 49
[ 2312.901328][ T8695] pgscan_khugepaged 0
[ 2312.901328][ T8695] pgsteal_kswapd 0
[ 2312.901328][ T8695] pgsteal_direct 49
[ 2312.901328][ T8695] pgsteal_khugepaged 0
[ 2312.901328][ T8695] pgfault 1095038
[ 2312.901328][ T8695] pgmajfault 422
[ 2312.901328][ T8695] pgrefill 150
[ 2312.901328][ T8695] pgactivate 161
[ 2312.901328][ T8695] pgdeactivate 0
[ 2312.901328][ T8695] pglazyfree 0
[ 2312.901328][ T8695] pglazyfreed 0
[ 2312.901328][ T8695] zswpin 0
[ 2312.901328][ T8695] zswpout 0
[ 2313.095426][ T8695] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8695,uid=0
[ 2313.114800][ T8695] Memory cgroup out of memory: Killed process 8695 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2313.212278][T27902] usb 1-1: Using ep0 maxpacket: 16
[ 2313.252276][ T5556] usb 4-1: new high-speed USB device number 78 using dummy_hcd
[ 2313.252677][T27900] usb 6-1: new high-speed USB device number 93 using dummy_hcd
[ 2313.342506][T27902] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2313.402303][T27902] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2313.502282][T27900] usb 6-1: Using ep0 maxpacket: 8
[ 2313.522823][T27902] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2313.531943][T27902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2313.540790][T27902] usb 1-1: Product: syz
[ 2313.545873][T27902] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2313.553283][T27902] usb 1-1: SerialNumber: syz
[ 2313.742369][T27900] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2313.753777][T27900] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[ 2313.764248][T27900] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0
[ 2313.772362][ T5556] usb 4-1: New USB device found, idVendor=19d2, idProduct=ffbc, bcdDevice=38.28
[ 2313.775077][T27900] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[ 2313.788912][ T5556] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2313.793449][T27900] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[ 2313.809093][ T5556] usb 4-1: Product: syz
[ 2313.815180][ T5556] usb 4-1: Manufacturer: syz
[ 2313.819916][ T5556] usb 4-1: SerialNumber: syz
[ 2313.823235][T27902] usb 1-1: USB disconnect, device number 70
[ 2313.838563][ T5556] usb 4-1: config 0 descriptor??
[ 2313.884631][ T5556] option 4-1:0.0: GSM modem (1-port) converter detected
[ 2313.984883][T27900] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 2313.994095][T27900] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2314.002159][T27900] usb 6-1: Product: syz
[ 2314.006369][T27900] usb 6-1: Manufacturer: syz
[ 2314.013671][T27900] usb 6-1: SerialNumber: syz
[ 2314.086554][ T5556] usb 4-1: USB disconnect, device number 78
[ 2314.096832][ T5556] option 4-1:0.0: device disconnected
12:17:39 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0)

12:17:39 executing program 2:
syz_usb_connect(0x0, 0x3d9, &(0x7f0000000b80)=ANY=[@ANYBLOB="120110036613b840991120008fad010203010902c703030d0100d3090499"], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0})

12:17:39 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r5 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r5, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r6 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2314.292547][T27900] cdc_ncm 6-1:1.0: bind() failure
[ 2314.303667][T27900] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[ 2314.315222][T27900] cdc_ncm 6-1:1.1: bind() failure
[ 2314.328770][T27900] usb 6-1: USB disconnect, device number 93
[ 2314.413480][ T8722] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2314.439858][ T8722] CPU: 1 PID: 8722 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2314.449832][ T8722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2314.460045][ T8722] Call Trace:
[ 2314.463357][ T8722]  <TASK>
[ 2314.466319][ T8722]  dump_stack_lvl+0x136/0x150
[ 2314.471128][ T8722]  dump_header+0x10a/0xd70
[ 2314.475624][ T8722]  oom_kill_process+0x25d/0x600
[ 2314.480541][ T8722]  out_of_memory+0x35c/0x1650
[ 2314.485271][ T8722]  ? find_held_lock+0x2d/0x110
[ 2314.490063][ T8722]  ? oom_killer_disable+0x2b0/0x2b0
[ 2314.495324][ T8722]  ? rcu_read_unlock+0x9/0x60
[ 2314.500022][ T8722]  ? find_held_lock+0x2d/0x110
[ 2314.504836][ T8722]  mem_cgroup_out_of_memory+0x206/0x270
[ 2314.510411][ T8722]  ? mem_cgroup_margin+0x130/0x130
[ 2314.515546][ T8722]  ? lock_downgrade+0x690/0x690
[ 2314.520469][ T8722]  try_charge_memcg+0xf99/0x13a0
[ 2314.525496][ T8722]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2314.531546][ T8722]  ? lock_downgrade+0x690/0x690
[ 2314.536425][ T8722]  ? trace_lock_acquire+0x12d/0x180
[ 2314.541649][ T8722]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2314.547230][ T8722]  ? lock_acquire+0x32/0xc0
[ 2314.551777][ T8722]  charge_memcg+0x90/0x3b0
[ 2314.556242][ T8722]  __mem_cgroup_charge+0x2b/0x90
[ 2314.561256][ T8722]  do_wp_page+0x8ac/0x3510
[ 2314.565787][ T8722]  ? lock_sync+0x190/0x190
[ 2314.570252][ T8722]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2314.575665][ T8722]  ? rcu_is_watching+0x12/0xb0
[ 2314.580485][ T8722]  ? do_raw_spin_lock+0x124/0x2b0
[ 2314.585566][ T8722]  ? spin_bug+0x1c0/0x1c0
[ 2314.589924][ T8722]  ? lock_acquire+0x32/0xc0
[ 2314.594452][ T8722]  ? __handle_mm_fault+0x1334/0x4180
[ 2314.599796][ T8722]  __handle_mm_fault+0x1547/0x4180
[ 2314.604993][ T8722]  ? vm_iomap_memory+0x190/0x190
[ 2314.610040][ T8722]  handle_mm_fault+0x2c0/0x9c0
[ 2314.614884][ T8722]  do_user_addr_fault+0x2ed/0x1240
[ 2314.620112][ T8722]  ? rcu_is_watching+0x12/0xb0
[ 2314.624921][ T8722]  exc_page_fault+0x98/0x170
[ 2314.629586][ T8722]  asm_exc_page_fault+0x26/0x30
[ 2314.634504][ T8722] RIP: 0033:0x7f47dd2395a0
[ 2314.638972][ T8722] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2314.643645][ T5556] usb 3-1: new high-speed USB device number 30 using dummy_hcd
[ 2314.658618][ T8722] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2314.658651][ T8722] RAX: 00000000e71e0d02 RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2314.658671][ T8722] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fe031
[ 2314.658691][ T8722] RBP: 00000000e71e0d02 R08: 0000000000000d02 R09: 00000000e71e0d06
[ 2314.658711][ T8722] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2314.658732][ T8722] R13: 0000000000000001 R14: 0000000000000008 R15: ffffffff81e3d4bb
12:17:39 executing program 3:
syz_usb_connect$hid(0x0, 0x36, &(0x7f00000014c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x56a, 0xb1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x0, 0xe9}}}}}]}}]}}, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x54, &(0x7f0000001740)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x42, 0x1, 0x1, 0x0, 0x0, 0x5, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x81, 0x0, 0x9}, [@dmm={0x7}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x0, 0x2}}, {{0x9, 0x5, 0x3, 0x2, 0x20}}}}}]}}]}}, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})
syz_open_dev$evdev(&(0x7f0000003840), 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
ioctl$EVIOCSKEYCODE_V2(0xffffffffffffffff, 0x40284504, 0x0)

[ 2314.658753][ T8722]  ? build_open_flags+0x12b/0x720
[ 2314.702312][ T8017] usb 1-1: new high-speed USB device number 71 using dummy_hcd
[ 2314.704335][ T8722]  </TASK>
[ 2314.742312][ T8722] memory: usage 307188kB, limit 307200kB, failcnt 12098
[ 2314.749516][ T8722] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2314.758476][ T8722] Memory cgroup stats for /syz1:
[ 2314.758709][ T8722] anon 135168
[ 2314.758709][ T8722] file 312406016
[ 2314.758709][ T8722] kernel 2019328
[ 2314.758709][ T8722] kernel_stack 65536
[ 2314.758709][ T8722] pagetables 81920
[ 2314.758709][ T8722] sec_pagetables 0
[ 2314.758709][ T8722] percpu 4864
[ 2314.758709][ T8722] sock 0
[ 2314.758709][ T8722] vmalloc 0
[ 2314.758709][ T8722] shmem 312406016
[ 2314.758709][ T8722] zswap 0
[ 2314.758709][ T8722] zswapped 0
[ 2314.758709][ T8722] file_mapped 380928
[ 2314.758709][ T8722] file_dirty 0
[ 2314.758709][ T8722] file_writeback 0
[ 2314.758709][ T8722] swapcached 0
[ 2314.758709][ T8722] anon_thp 0
[ 2314.758709][ T8722] file_thp 0
[ 2314.758709][ T8722] shmem_thp 0
[ 2314.758709][ T8722] inactive_anon 62951424
[ 2314.758709][ T8722] active_anon 159744
[ 2314.758709][ T8722] inactive_file 0
[ 2314.758709][ T8722] active_file 0
[ 2314.758709][ T8722] unevictable 249430016
[ 2314.758709][ T8722] slab_reclaimable 964920
[ 2314.758709][ T8722] slab_unreclaimable 868808
[ 2314.758709][ T8722] slab 1833728
[ 2314.758709][ T8722] workingset_refault_anon 0
[ 2314.758709][ T8722] workingset_refault_file 0
[ 2314.758709][ T8722] workingset_activate_anon 0
[ 2314.758709][ T8722] workingset_activate_file 0
[ 2314.758709][ T8722] workingset_restore_anon 0
[ 2314.758709][ T8722] workingset_restore_file 0
[ 2314.758709][ T8722] workingset_nodereclaim 0
[ 2314.758709][ T8722] pgscan 49
[ 2314.758709][ T8722] pgsteal 49
[ 2314.758709][ T8722] pgscan_kswapd 0
[ 2314.758709][ T8722] pgscan_direct 49
[ 2314.758709][ T8722] pgscan_khugepaged 0
[ 2314.758709][ T8722] pgsteal_kswapd 0
[ 2314.758709][ T8722] pgsteal_direct 49
[ 2314.758709][ T8722] pgsteal_khugepaged 0
[ 2314.758709][ T8722] pgfault 1095093
[ 2314.758709][ T8722] pgmajfault 422
[ 2314.758709][ T8722] pgrefill 150
[ 2314.758709][ T8722] pgactivate 161
[ 2314.758709][ T8722] pgdeactivate 0
[ 2314.758709][ T8722] pglazyfree 0
[ 2314.758709][ T8722] pglazyfreed 0
[ 2314.758709][ T8722] zswpin 0
[ 2314.758709][ T8722] zswpout 0
[ 2314.947868][ T8722] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8722,uid=0
12:17:39 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, 0x0)
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2314.963690][ T8722] Memory cgroup out of memory: Killed process 8722 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:17:39 executing program 5:
syz_usb_connect$uac1(0x0, 0xaa, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x98, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@output_terminal={0x9, 0x24, 0x3, 0x0, 0x1ff, 0x0, 0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x8000, 0x0, 0x3, "bd519c2caf"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x0, 0xff, 0x8, "64824858"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x1f, 0x0, 0x0, 0x0, "a76b77"}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x7, 0x81, 0x0, '\r'}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0xcc, 0x0, 0x8e, {0x7, 0x25, 0x1, 0x0, 0x2, 0xfc00}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x2, 0x63, 0x0, {0x7, 0x25, 0x1, 0x82, 0xdf, 0x4}}}}}}}]}}, &(0x7f00000001c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x300, 0x7, 0x0, 0x96, 0x20, 0xe1}, 0x5, &(0x7f0000000100)={0x5, 0xf, 0x5}, 0x2, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x1001}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x81d}}]})

[ 2315.028279][ T8729] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2315.062279][ T8729] CPU: 0 PID: 8729 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2315.072156][ T8729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2315.082290][ T8729] Call Trace:
[ 2315.085598][ T8729]  <TASK>
[ 2315.088563][ T8729]  dump_stack_lvl+0x136/0x150
[ 2315.093291][ T8729]  dump_header+0x10a/0xd70
[ 2315.097771][ T8729]  oom_kill_process+0x25d/0x600
[ 2315.102672][ T8729]  out_of_memory+0x35c/0x1650
[ 2315.107407][ T8729]  ? find_held_lock+0x2d/0x110
[ 2315.112210][ T8729]  ? oom_killer_disable+0x2b0/0x2b0
[ 2315.117472][ T8729]  ? rcu_read_unlock+0x9/0x60
[ 2315.122180][ T8729]  ? find_held_lock+0x2d/0x110
[ 2315.126980][ T8729]  mem_cgroup_out_of_memory+0x206/0x270
[ 2315.132559][ T8729]  ? mem_cgroup_margin+0x130/0x130
[ 2315.137702][ T8729]  ? lock_downgrade+0x690/0x690
[ 2315.142616][ T8729]  try_charge_memcg+0xf99/0x13a0
[ 2315.147617][ T8729]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2315.153643][ T8729]  ? get_mem_cgroup_from_objcg+0xa1/0x280
[ 2315.159398][ T8729]  ? lock_downgrade+0x690/0x690
[ 2315.164286][ T8729]  ? trace_lock_acquire+0x12d/0x180
[ 2315.169519][ T8729]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2315.175357][ T8729]  ? lock_acquire+0x32/0xc0
[ 2315.179909][ T8729]  __memcg_kmem_charge_page+0x16e/0x3c0
[ 2315.185604][ T8729]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 2315.191795][ T8729]  copy_process+0x4e7/0x76b0
[ 2315.196423][ T8729]  ? __lock_acquire+0xbe1/0x5df0
[ 2315.201403][ T8729]  ? pidfd_pid+0x90/0x90
[ 2315.205687][ T8729]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 2315.211705][ T8729]  ? psi_memstall_leave+0x174/0x250
[ 2315.216949][ T8729]  ? lock_downgrade+0x690/0x690
[ 2315.221843][ T8729]  kernel_clone+0xeb/0x890
[ 2315.226295][ T8729]  ? create_io_thread+0xe0/0xe0
[ 2315.231193][ T8729]  ? percpu_ref_put_many.constprop.0+0x6a/0x1b0
[ 2315.237467][ T8729]  ? lock_downgrade+0x690/0x690
[ 2315.242353][ T8729]  ? mem_cgroup_css_online+0x3b0/0x3b0
[ 2315.247850][ T8729]  ? mem_cgroup_css_online+0x3b0/0x3b0
[ 2315.253346][ T8729]  __do_sys_clone+0xba/0x100
[ 2315.258324][ T8729]  ? kernel_clone+0x890/0x890
[ 2315.263062][ T8729]  ? syscall_enter_from_user_mode+0x26/0x80
[ 2315.269132][ T8729]  do_syscall_64+0x39/0xb0
[ 2315.273636][ T8729]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2315.279573][ T8729] RIP: 0033:0x7f47dd28d521
[ 2315.284037][ T8729] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 2315.303685][ T8729] RSP: 002b:00007ffdbc005e08 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2315.312144][ T8729] RAX: ffffffffffffffda RBX: 00007f47de072700 RCX: 00007f47dd28d521
[ 2315.320146][ T8729] RDX: 00007f47de0729d0 RSI: 00007f47de0722f0 RDI: 00000000003d0f00
[ 2315.328152][ T8729] RBP: 00007ffdbc006050 R08: 00007f47de072700 R09: 00007f47de072700
[ 2315.336243][ T8729] R10: 00007f47de0729d0 R11: 0000000000000206 R12: 00007ffdbc005ebe
[ 2315.344254][ T8729] R13: 00007ffdbc005ebf R14: 00007f47de072300 R15: 0000000000022000
[ 2315.352288][ T8729]  </TASK>
[ 2315.356391][ T8017] usb 1-1: Using ep0 maxpacket: 16
[ 2315.361745][T27624] usb 4-1: new high-speed USB device number 79 using dummy_hcd
[ 2315.363221][ T8729] memory: usage 307168kB, limit 307200kB, failcnt 12161
[ 2315.399290][ T8729] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2315.408714][ T8729] Memory cgroup stats for /syz1:
[ 2315.409037][ T8729] anon 106496
[ 2315.409037][ T8729] file 312406016
[ 2315.409037][ T8729] kernel 1998848
[ 2315.409037][ T8729] kernel_stack 32768
[ 2315.409037][ T8729] pagetables 81920
[ 2315.409037][ T8729] sec_pagetables 0
[ 2315.409037][ T8729] percpu 4864
[ 2315.409037][ T8729] sock 0
[ 2315.409037][ T8729] vmalloc 0
[ 2315.409037][ T8729] shmem 312406016
[ 2315.409037][ T8729] zswap 0
[ 2315.409037][ T8729] zswapped 0
[ 2315.409037][ T8729] file_mapped 380928
[ 2315.409037][ T8729] file_dirty 0
[ 2315.409037][ T8729] file_writeback 0
[ 2315.409037][ T8729] swapcached 0
[ 2315.409037][ T8729] anon_thp 0
[ 2315.409037][ T8729] file_thp 0
[ 2315.409037][ T8729] shmem_thp 0
[ 2315.409037][ T8729] inactive_anon 62951424
[ 2315.409037][ T8729] active_anon 131072
[ 2315.409037][ T8729] inactive_file 0
[ 2315.409037][ T8729] active_file 0
[ 2315.409037][ T8729] unevictable 249430016
[ 2315.409037][ T8729] slab_reclaimable 964920
[ 2315.409037][ T8729] slab_unreclaimable 867696
[ 2315.409037][ T8729] slab 1832616
[ 2315.409037][ T8729] workingset_refault_anon 0
[ 2315.409037][ T8729] workingset_refault_file 0
[ 2315.409037][ T8729] workingset_activate_anon 0
[ 2315.409037][ T8729] workingset_activate_file 0
[ 2315.409037][ T8729] workingset_restore_anon 0
[ 2315.409037][ T8729] workingset_restore_file 0
[ 2315.409037][ T8729] workingset_nodereclaim 0
[ 2315.409037][ T8729] pgscan 49
[ 2315.409037][ T8729] pgsteal 49
[ 2315.409037][ T8729] pgscan_kswapd 0
[ 2315.409037][ T8729] pgscan_direct 49
[ 2315.409037][ T8729] pgscan_khugepaged 0
[ 2315.409037][ T8729] pgsteal_kswapd 0
[ 2315.409037][ T8729] pgsteal_direct 49
[ 2315.409037][ T8729] pgsteal_khugepaged 0
[ 2315.409037][ T8729] pgfault 1095134
[ 2315.409037][ T8729] pgmajfault 422
[ 2315.409037][ T8729] pgrefill 150
[ 2315.409037][ T8729] pgactivate 161
[ 2315.409037][ T8729] pgdeactivate 0
[ 2315.409037][ T8729] pglazyfree 0
[ 2315.409037][ T8729] pglazyfreed 0
[ 2315.409037][ T8729] zswpin 0
[ 2315.409037][ T8729] zswpout 0
[ 2315.620135][ T8729] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8729,uid=0
[ 2315.642055][ T8017] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
12:17:40 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, 0x0)
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2315.642334][ T8729] Memory cgroup out of memory: Killed process 8729 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2315.674819][T27902] usb 6-1: new high-speed USB device number 94 using dummy_hcd
[ 2315.692322][ T5556] usb 3-1: unable to get BOS descriptor or descriptor too short
[ 2315.732233][T27624] usb 4-1: Using ep0 maxpacket: 32
[ 2315.758281][ T8733] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2315.769762][ T8733] CPU: 1 PID: 8733 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2315.779634][ T8733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2315.782723][ T5556] usb 3-1: config 13 has an invalid interface number: 153 but max is 2
[ 2315.789732][ T8733] Call Trace:
[ 2315.789746][ T8733]  <TASK>
[ 2315.804266][ T8733]  dump_stack_lvl+0x136/0x150
[ 2315.806279][ T5556] usb 3-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config
[ 2315.808991][ T8733]  dump_header+0x10a/0xd70
[ 2315.823688][ T8733]  oom_kill_process+0x25d/0x600
[ 2315.828594][ T8733]  out_of_memory+0x35c/0x1650
[ 2315.833344][ T8733]  ? find_held_lock+0x2d/0x110
[ 2315.838140][ T8733]  ? oom_killer_disable+0x2b0/0x2b0
[ 2315.843390][ T8733]  ? rcu_read_unlock+0x9/0x60
[ 2315.848356][ T8733]  ? find_held_lock+0x2d/0x110
[ 2315.853159][ T8733]  mem_cgroup_out_of_memory+0x206/0x270
[ 2315.858740][ T8733]  ? mem_cgroup_margin+0x130/0x130
[ 2315.864000][ T8733]  ? lock_downgrade+0x690/0x690
[ 2315.868907][ T8733]  try_charge_memcg+0xf99/0x13a0
[ 2315.873908][ T8733]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2315.880020][ T8733]  ? get_mem_cgroup_from_objcg+0xa1/0x280
[ 2315.885802][ T8733]  ? lock_downgrade+0x690/0x690
[ 2315.890688][ T8733]  ? trace_lock_acquire+0x12d/0x180
[ 2315.895935][ T8733]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2315.901774][ T8733]  ? lock_acquire+0x32/0xc0
[ 2315.906325][ T8733]  __memcg_kmem_charge_page+0x16e/0x3c0
[ 2315.911921][ T8733]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 2315.918120][ T8733]  copy_process+0x4e7/0x76b0
[ 2315.922753][ T8733]  ? folio_flags.constprop.0+0x53/0x150
[ 2315.928333][ T8733]  ? free_swap_cache+0x1b5/0x3d0
[ 2315.933317][ T8733]  ? pidfd_pid+0x90/0x90
[ 2315.937621][ T8733]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 2315.943649][ T8733]  kernel_clone+0xeb/0x890
[ 2315.948102][ T8733]  ? create_io_thread+0xe0/0xe0
[ 2315.952992][ T8733]  ? do_user_addr_fault+0x2d4/0x1240
[ 2315.958328][ T8733]  ? reacquire_held_locks+0x216/0x4e0
[ 2315.963738][ T8733]  ? do_user_addr_fault+0x2d4/0x1240
[ 2315.969077][ T8733]  ? find_held_lock+0x2d/0x110
[ 2315.973881][ T8733]  __do_sys_clone+0xba/0x100
[ 2315.978511][ T8733]  ? kernel_clone+0x890/0x890
[ 2315.983240][ T8733]  ? syscall_enter_from_user_mode+0x26/0x80
[ 2315.989170][ T8733]  do_syscall_64+0x39/0xb0
[ 2315.993630][ T8733]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2315.999557][ T8733] RIP: 0033:0x7f47dd28d521
[ 2316.004097][ T8733] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 2316.023731][ T8733] RSP: 002b:00007ffdbc005e08 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2316.032187][ T8733] RAX: ffffffffffffffda RBX: 00007f47de072700 RCX: 00007f47dd28d521
[ 2316.040195][ T8733] RDX: 00007f47de0729d0 RSI: 00007f47de0722f0 RDI: 00000000003d0f00
[ 2316.048193][ T8733] RBP: 00007ffdbc006050 R08: 00007f47de072700 R09: 00007f47de072700
[ 2316.056278][ T8733] R10: 00007f47de0729d0 R11: 0000000000000206 R12: 00007ffdbc005ebe
[ 2316.064536][ T8733] R13: 00007ffdbc005ebf R14: 00007f47de072300 R15: 0000000000022000
[ 2316.072567][ T8733]  </TASK>
[ 2316.077020][ T8017] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2316.092832][ T8733] memory: usage 307200kB, limit 307200kB, failcnt 12244
[ 2316.092972][ T5556] usb 3-1: config 13 has 1 interface, different from the descriptor's value: 3
[ 2316.099896][ T8733] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2316.099919][ T8733] Memory cgroup stats for /syz1:
[ 2316.100171][ T8733] anon 106496
[ 2316.100171][ T8733] file 312406016
[ 2316.100171][ T8733] kernel 2031616
[ 2316.100171][ T8733] kernel_stack 32768
[ 2316.100171][ T8733] pagetables 81920
[ 2316.100171][ T8733] sec_pagetables 0
[ 2316.100171][ T8733] percpu 4928
[ 2316.100171][ T8733] sock 0
[ 2316.100171][ T8733] vmalloc 0
[ 2316.100171][ T8733] shmem 312406016
[ 2316.100171][ T8733] zswap 0
[ 2316.100171][ T8733] zswapped 0
[ 2316.100171][ T8733] file_mapped 380928
[ 2316.100171][ T8733] file_dirty 0
[ 2316.100171][ T8733] file_writeback 0
[ 2316.100171][ T8733] swapcached 0
[ 2316.100171][ T8733] anon_thp 0
[ 2316.100171][ T8733] file_thp 0
[ 2316.100171][ T8733] shmem_thp 0
[ 2316.100171][ T8733] inactive_anon 62951424
[ 2316.100171][ T8733] active_anon 131072
[ 2316.100171][ T8733] inactive_file 0
[ 2316.100171][ T8733] active_file 0
[ 2316.100171][ T8733] unevictable 249430016
[ 2316.100171][ T8733] slab_reclaimable 969424
[ 2316.100171][ T8733] slab_unreclaimable 884144
[ 2316.100171][ T8733] slab 1853568
[ 2316.100171][ T8733] workingset_refault_anon 0
[ 2316.100171][ T8733] workingset_refault_file 0
[ 2316.100171][ T8733] workingset_activate_anon 0
[ 2316.100171][ T8733] workingset_activate_file 0
[ 2316.100171][ T8733] workingset_restore_anon 0
[ 2316.100171][ T8733] workingset_restore_file 0
[ 2316.100171][ T8733] workingset_nodereclaim 0
[ 2316.100171][ T8733] pgscan 49
[ 2316.100171][ T8733] pgsteal 49
[ 2316.100171][ T8733] pgscan_kswapd 0
[ 2316.100171][ T8733] pgscan_direct 49
[ 2316.100171][ T8733] pgscan_khugepaged 0
[ 2316.100171][ T8733] pgsteal_kswapd 0
[ 2316.100171][ T8733] pgsteal_direct 49
[ 2316.100171][ T8733] pgsteal_khugepaged 0
[ 2316.100171][ T8733] pgfault 1095173
[ 2316.100171][ T8733] pgmajfault 422
[ 2316.100171][ T8733] pgrefill 150
[ 2316.100171][ T8733] pgactivate 161
[ 2316.100171][ T8733] pgdeactivate 0
[ 2316.100171][ T8733] pglazyfree 0
[ 2316.100171][ T8733] pglazyfreed 0
[ 2316.100171][ T8733] zswpin 0
[ 2316.100171][ T8733] zswpout 0
12:17:41 executing program 4:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f}}, 0x20)

[ 2316.100269][ T8733] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1
[ 2316.123088][T27624] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2316.329846][ T8017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2316.338248][ T8017] usb 1-1: Product: syz
[ 2316.342759][ T8017] usb 1-1: Manufacturer: syz
[ 2316.347530][ T8017] usb 1-1: SerialNumber: syz
[ 2316.352360][ T5556] usb 3-1: config 13 has no interface number 0
12:17:41 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001bc0)={0x18, 0x6, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000100000018170000490e80bf1e5dac"], &(0x7f0000001880)='syzkaller\x00', 0x5, 0xb8, &(0x7f00000018c0)=""/184, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

12:17:41 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, 0x0)
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2316.357643][T27902] usb 6-1: Using ep0 maxpacket: 32
[ 2316.378226][ T8733] ,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8733,uid=0
[ 2316.387318][ T8733] Memory cgroup out of memory: Killed process 8733 (syz-executor.1) total-vm:54540kB, anon-rss:456kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:17:41 executing program 4:
semctl$IPC_INFO(0x0, 0x0, 0x13, 0x0)

12:17:41 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, &(0x7f0000000100), &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000000040), &(0x7f0000000080))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0x4138ae84, 0x0)

[ 2316.501785][ T8739] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2316.522317][T27902] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2316.524266][ T8739] CPU: 0 PID: 8739 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2316.541060][ T8739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2316.551175][ T8739] Call Trace:
[ 2316.554486][ T8739]  <TASK>
[ 2316.557438][ T8739]  dump_stack_lvl+0x136/0x150
[ 2316.562171][ T8739]  dump_header+0x10a/0xd70
[ 2316.566656][ T8739]  oom_kill_process+0x25d/0x600
[ 2316.571583][ T8739]  out_of_memory+0x35c/0x1650
[ 2316.576318][ T8739]  ? find_held_lock+0x2d/0x110
[ 2316.581133][ T8739]  ? oom_killer_disable+0x2b0/0x2b0
[ 2316.586381][ T8739]  ? rcu_read_unlock+0x9/0x60
[ 2316.591100][ T8739]  ? find_held_lock+0x2d/0x110
[ 2316.595925][ T8739]  mem_cgroup_out_of_memory+0x206/0x270
[ 2316.601509][ T8739]  ? mem_cgroup_margin+0x130/0x130
[ 2316.606658][ T8739]  ? lock_downgrade+0x690/0x690
[ 2316.611570][ T8739]  try_charge_memcg+0xf99/0x13a0
[ 2316.616567][ T8739]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2316.622588][ T8739]  ? get_mem_cgroup_from_objcg+0xa1/0x280
[ 2316.628341][ T8739]  ? lock_downgrade+0x690/0x690
[ 2316.633227][ T8739]  ? trace_lock_acquire+0x12d/0x180
[ 2316.638494][ T8739]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2316.644335][ T8739]  ? lock_acquire+0x32/0xc0
[ 2316.648883][ T8739]  __memcg_kmem_charge_page+0x16e/0x3c0
[ 2316.654475][ T8739]  memcg_charge_kernel_stack.part.0+0x6c/0x150
[ 2316.660670][ T8739]  copy_process+0x4e7/0x76b0
[ 2316.665297][ T8739]  ? __lock_acquire+0xbe1/0x5df0
[ 2316.670285][ T8739]  ? pidfd_pid+0x90/0x90
[ 2316.674565][ T8739]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 2316.680582][ T8739]  ? psi_memstall_leave+0x174/0x250
[ 2316.685822][ T8739]  ? lock_downgrade+0x690/0x690
[ 2316.690726][ T8739]  kernel_clone+0xeb/0x890
[ 2316.695193][ T8739]  ? create_io_thread+0xe0/0xe0
[ 2316.700087][ T8739]  ? percpu_ref_put_many.constprop.0+0x6a/0x1b0
[ 2316.706369][ T8739]  ? lock_downgrade+0x690/0x690
[ 2316.711259][ T8739]  ? mem_cgroup_css_online+0x3b0/0x3b0
[ 2316.716751][ T8739]  ? mem_cgroup_css_online+0x3b0/0x3b0
[ 2316.722254][ T8739]  __do_sys_clone+0xba/0x100
[ 2316.726881][ T8739]  ? kernel_clone+0x890/0x890
[ 2316.731615][ T8739]  ? syscall_enter_from_user_mode+0x26/0x80
[ 2316.737550][ T8739]  do_syscall_64+0x39/0xb0
[ 2316.742111][ T8739]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2316.748036][ T8739] RIP: 0033:0x7f47dd28d521
[ 2316.752478][ T8739] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 2316.772127][ T8739] RSP: 002b:00007ffdbc005e08 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2316.780566][ T8739] RAX: ffffffffffffffda RBX: 00007f47de072700 RCX: 00007f47dd28d521
[ 2316.788565][ T8739] RDX: 00007f47de0729d0 RSI: 00007f47de0722f0 RDI: 00000000003d0f00
[ 2316.796566][ T8739] RBP: 00007ffdbc006050 R08: 00007f47de072700 R09: 00007f47de072700
[ 2316.804556][ T8739] R10: 00007f47de0729d0 R11: 0000000000000206 R12: 00007ffdbc005ebe
[ 2316.812551][ T8739] R13: 00007ffdbc005ebf R14: 00007f47de072300 R15: 0000000000022000
[ 2316.820565][ T8739]  </TASK>
[ 2316.825915][ T5556] usb 3-1: New USB device found, idVendor=1199, idProduct=0020, bcdDevice=ad.8f
[ 2316.835513][T27624] usb 4-1: New USB device found, idVendor=056a, idProduct=00b1, bcdDevice= 0.40
[ 2316.836668][T27899] usb 1-1: USB disconnect, device number 71
[ 2316.857017][ T8739] memory: usage 307188kB, limit 307200kB, failcnt 12317
[ 2316.865620][ T5556] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2316.875076][T27624] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2316.883897][ T8739] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2316.891475][ T5556] usb 3-1: Product: syz
[ 2316.896156][T27624] usb 4-1: Product: syz
[ 2316.902326][ T8739] Memory cgroup stats for /syz1:
[ 2316.902604][ T8739] anon 106496
[ 2316.902604][ T8739] file 312406016
[ 2316.902604][ T8739] kernel 2048000
[ 2316.902604][ T8739] kernel_stack 32768
[ 2316.902604][ T8739] pagetables 81920
[ 2316.902604][ T8739] sec_pagetables 0
[ 2316.902604][ T8739] percpu 4992
[ 2316.902604][ T8739] sock 0
[ 2316.902604][ T8739] vmalloc 0
[ 2316.902604][ T8739] shmem 312406016
[ 2316.902604][ T8739] zswap 0
[ 2316.902604][ T8739] zswapped 0
[ 2316.902604][ T8739] file_mapped 380928
[ 2316.902604][ T8739] file_dirty 0
[ 2316.902604][ T8739] file_writeback 0
[ 2316.902604][ T8739] swapcached 0
[ 2316.902604][ T8739] anon_thp 0
[ 2316.902604][ T8739] file_thp 0
[ 2316.902604][ T8739] shmem_thp 0
[ 2316.902604][ T8739] inactive_anon 62951424
[ 2316.902604][ T8739] active_anon 131072
[ 2316.902604][ T8739] inactive_file 0
[ 2316.902604][ T8739] active_file 0
[ 2316.902604][ T8739] unevictable 249430016
[ 2316.902604][ T8739] slab_reclaimable 964920
[ 2316.902604][ T8739] slab_unreclaimable 891520
[ 2316.902604][ T8739] slab 1856440
[ 2316.902604][ T8739] workingset_refault_anon 0
[ 2316.902604][ T8739] workingset_refault_file 0
[ 2316.902604][ T8739] workingset_activate_anon 0
[ 2316.902604][ T8739] workingset_activate_file 0
[ 2316.902604][ T8739] workingset_restore_anon 0
[ 2316.902604][ T8739] workingset_restore_file 0
[ 2316.902604][ T8739] workingset_nodereclaim 0
[ 2316.902604][ T8739] pgscan 49
[ 2316.902604][ T8739] pgsteal 49
[ 2316.902604][ T8739] pgscan_kswapd 0
[ 2316.902604][ T8739] pgscan_direct 49
[ 2316.902604][ T8739] pgscan_khugepaged 0
[ 2316.902604][ T8739] pgsteal_kswapd 0
[ 2316.902604][ T8739] pgsteal_direct 49
[ 2316.902604][ T8739] pgsteal_khugepaged 0
[ 2316.902604][ T8739] pgfault 1095216
[ 2316.902604][ T8739] pgmajfault 422
[ 2316.902604][ T8739] pgrefill 150
[ 2316.902604][ T8739] pgactivate 161
[ 2316.902604][ T8739] pgdeactivate 0
[ 2316.902604][ T8739] pglazyfree 0
[ 2316.902604][ T8739] pglazyfreed 0
[ 2316.902604][ T8739] zswpin 0
[ 2316.902604][ T8739] zswpout 0
[ 2317.093345][ T8739] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8739,uid=0
[ 2317.097894][ T5556] usb 3-1: Manufacturer: syz
[ 2317.114632][ T8739] Memory cgroup out of memory: Killed process 8739 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2317.122774][T27624] usb 4-1: Manufacturer: syz
[ 2317.132486][T27902] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2317.145742][T27902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2317.150508][T27624] usb 4-1: SerialNumber: syz
[ 2317.153932][T27902] usb 6-1: Product: syz
[ 2317.164361][ T5556] usb 3-1: SerialNumber: syz
[ 2317.170010][T27902] usb 6-1: Manufacturer: ࠝ
[ 2317.189121][T27902] usb 6-1: SerialNumber: syz
[ 2317.215255][T27624] usbhid 4-1:1.0: couldn't find an input interrupt endpoint
[ 2317.383794][ T5556] sierra 3-1:13.153: Sierra USB modem converter detected
[ 2317.418456][ T8728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
12:17:42 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0)

12:17:42 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x0, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:42 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, &(0x7f0000000100), &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, &(0x7f0000000040), &(0x7f0000000080))
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0x4138ae84, 0x0)

[ 2317.428827][ T5556] usb 3-1: USB disconnect, device number 30
[ 2317.436360][ T5556] sierra 3-1:13.153: device disconnected
[ 2317.441944][ T8728] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2317.454960][T27899] usb 4-1: USB disconnect, device number 79
[ 2317.552516][T27902] usb 6-1: 0:2 : does not exist
[ 2317.606936][ T8751] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2317.617113][T27902] usb 6-1: USB disconnect, device number 94
[ 2317.627867][ T8751] CPU: 1 PID: 8751 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2317.637734][ T8751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2317.647844][ T8751] Call Trace:
[ 2317.651158][ T8751]  <TASK>
[ 2317.654126][ T8751]  dump_stack_lvl+0x136/0x150
[ 2317.658883][ T8751]  dump_header+0x10a/0xd70
[ 2317.663379][ T8751]  oom_kill_process+0x25d/0x600
[ 2317.668306][ T8751]  out_of_memory+0x35c/0x1650
[ 2317.673057][ T8751]  ? find_held_lock+0x2d/0x110
[ 2317.677879][ T8751]  ? oom_killer_disable+0x2b0/0x2b0
[ 2317.683152][ T8751]  ? rcu_read_unlock+0x9/0x60
[ 2317.687876][ T8751]  ? find_held_lock+0x2d/0x110
[ 2317.692681][ T8751]  mem_cgroup_out_of_memory+0x206/0x270
[ 2317.698261][ T8751]  ? mem_cgroup_margin+0x130/0x130
[ 2317.703403][ T8751]  ? lock_downgrade+0x690/0x690
[ 2317.708307][ T8751]  try_charge_memcg+0xf99/0x13a0
[ 2317.713294][ T8751]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2317.719322][ T8751]  ? lock_downgrade+0x690/0x690
[ 2317.724211][ T8751]  ? trace_lock_acquire+0x12d/0x180
[ 2317.729446][ T8751]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2317.735033][ T8751]  ? lock_acquire+0x32/0xc0
[ 2317.739580][ T8751]  charge_memcg+0x90/0x3b0
[ 2317.744040][ T8751]  __mem_cgroup_charge+0x2b/0x90
[ 2317.749023][ T8751]  do_wp_page+0x8ac/0x3510
[ 2317.753493][ T8751]  ? lock_sync+0x190/0x190
[ 2317.757943][ T8751]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2317.763354][ T8751]  ? rcu_is_watching+0x12/0xb0
[ 2317.768158][ T8751]  ? do_raw_spin_lock+0x124/0x2b0
[ 2317.773224][ T8751]  ? spin_bug+0x1c0/0x1c0
[ 2317.777590][ T8751]  ? lock_acquire+0x32/0xc0
[ 2317.782124][ T8751]  ? __handle_mm_fault+0x1334/0x4180
[ 2317.787482][ T8751]  __handle_mm_fault+0x1547/0x4180
[ 2317.792745][ T8751]  ? vm_iomap_memory+0x190/0x190
[ 2317.797747][ T8751]  handle_mm_fault+0x2c0/0x9c0
[ 2317.802646][ T8751]  do_user_addr_fault+0x2ed/0x1240
[ 2317.807794][ T8751]  ? rcu_is_watching+0x12/0xb0
[ 2317.812606][ T8751]  exc_page_fault+0x98/0x170
[ 2317.817236][ T8751]  asm_exc_page_fault+0x26/0x30
[ 2317.822122][ T8751] RIP: 0033:0x7f47dd2395a0
[ 2317.826577][ T8751] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2317.846208][ T8751] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2317.852297][ T8751] RAX: 00000000414aa294 RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2317.860294][ T8751] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 0000000000000022
[ 2317.868285][ T8751] RBP: 00000000414aa294 R08: 0000000000000294 R09: 00000000414aa298
[ 2317.876272][ T8751] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2317.884263][ T8751] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff81e3ebfe
[ 2317.892268][ T8751]  ? __x64_sys_openat+0x6e/0x1f0
[ 2317.897263][ T8751]  </TASK>
[ 2317.910543][ T8751] memory: usage 307200kB, limit 307200kB, failcnt 12374
[ 2317.918868][ T8751] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2317.926616][ T8751] Memory cgroup stats for /syz1:
[ 2317.927029][ T8751] anon 114688
[ 2317.927029][ T8751] file 312406016
[ 2317.927029][ T8751] kernel 2035712
[ 2317.927029][ T8751] kernel_stack 65536
[ 2317.927029][ T8751] pagetables 81920
[ 2317.927029][ T8751] sec_pagetables 0
[ 2317.927029][ T8751] percpu 4928
[ 2317.927029][ T8751] sock 0
[ 2317.927029][ T8751] vmalloc 0
[ 2317.927029][ T8751] shmem 312406016
[ 2317.927029][ T8751] zswap 0
[ 2317.927029][ T8751] zswapped 0
[ 2317.927029][ T8751] file_mapped 380928
[ 2317.927029][ T8751] file_dirty 0
[ 2317.927029][ T8751] file_writeback 0
[ 2317.927029][ T8751] swapcached 0
[ 2317.927029][ T8751] anon_thp 0
[ 2317.927029][ T8751] file_thp 0
[ 2317.927029][ T8751] shmem_thp 0
[ 2317.927029][ T8751] inactive_anon 62951424
[ 2317.927029][ T8751] active_anon 139264
[ 2317.927029][ T8751] inactive_file 0
[ 2317.927029][ T8751] active_file 0
[ 2317.927029][ T8751] unevictable 249430016
[ 2317.927029][ T8751] slab_reclaimable 964920
[ 2317.927029][ T8751] slab_unreclaimable 881024
[ 2317.927029][ T8751] slab 1845944
[ 2317.927029][ T8751] workingset_refault_anon 0
[ 2317.927029][ T8751] workingset_refault_file 0
[ 2317.927029][ T8751] workingset_activate_anon 0
[ 2317.927029][ T8751] workingset_activate_file 0
[ 2317.927029][ T8751] workingset_restore_anon 0
[ 2317.927029][ T8751] workingset_restore_file 0
[ 2317.927029][ T8751] workingset_nodereclaim 0
[ 2317.927029][ T8751] pgscan 49
[ 2317.927029][ T8751] pgsteal 49
[ 2317.927029][ T8751] pgscan_kswapd 0
[ 2317.927029][ T8751] pgscan_direct 49
[ 2317.927029][ T8751] pgscan_khugepaged 0
[ 2317.927029][ T8751] pgsteal_kswapd 0
[ 2317.927029][ T8751] pgsteal_direct 49
[ 2317.927029][ T8751] pgsteal_khugepaged 0
[ 2317.927029][ T8751] pgfault 1095259
[ 2317.927029][ T8751] pgmajfault 422
[ 2317.927029][ T8751] pgrefill 150
[ 2317.927029][ T8751] pgactivate 161
[ 2317.927029][ T8751] pgdeactivate 0
[ 2317.927029][ T8751] pglazyfree 0
[ 2317.927029][ T8751] pglazyfreed 0
[ 2317.927029][ T8751] zswpin 0
[ 2317.927029][ T8751] zswpout 0
[ 2317.972318][ T8017] usb 1-1: new high-speed USB device number 72 using dummy_hcd
[ 2318.144948][ T8751] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8751,uid=0
[ 2318.162275][ T8751] Memory cgroup out of memory: Killed process 8751 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:17:43 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0xb, 0x0, 0x0, 0x100, 0x81}, 0x48)

12:17:43 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x0, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:43 executing program 2:
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000000))

12:17:43 executing program 4:
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$CAPI_GET_SERIAL(r0, 0xc0044308, &(0x7f0000000000)=0x8da)

12:17:43 executing program 5:
syz_usb_connect$uac1(0x0, 0xaa, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x98, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@output_terminal={0x9, 0x24, 0x3, 0x0, 0x1ff, 0x0, 0x5}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x8000, 0x0, 0x3, "bd519c2caf"}, @format_type_ii_discrete={0xd, 0x24, 0x2, 0x2, 0x0, 0xff, 0x8, "64824858"}, @format_type_i_discrete={0xb, 0x24, 0x2, 0x1, 0x1f, 0x0, 0x0, 0x0, "a76b77"}, @format_type_ii_discrete={0xa, 0x24, 0x2, 0x2, 0x7, 0x81, 0x0, '\r'}]}, {{0x9, 0x5, 0x1, 0x9, 0x8, 0xcc, 0x0, 0x8e, {0x7, 0x25, 0x1, 0x0, 0x2, 0xfc00}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x2, 0x63, 0x0, {0x7, 0x25, 0x1, 0x82, 0xdf, 0x4}}}}}}}]}}, &(0x7f00000001c0)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x300, 0x7, 0x0, 0x96, 0x20, 0xe1}, 0x5, &(0x7f0000000100)={0x5, 0xf, 0x5}, 0x2, [{0x4, &(0x7f0000000140)=@lang_id={0x4, 0x3, 0x1001}}, {0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x81d}}]})

12:17:43 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000800), r0)
syz_genetlink_get_family_id$net_dm(&(0x7f0000000f80), r0)

12:17:43 executing program 4:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x4, 0x0, 0x0)

[ 2318.382420][ T8017] usb 1-1: Using ep0 maxpacket: 16
[ 2318.430790][ T8766] syz-executor.1 invoked oom-killer: gfp_mask=0xdc0(GFP_KERNEL|__GFP_ZERO), order=0, oom_score_adj=1000
[ 2318.449287][ T8766] CPU: 1 PID: 8766 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2318.459182][ T8766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2318.469378][ T8766] Call Trace:
[ 2318.472704][ T8766]  <TASK>
[ 2318.475689][ T8766]  dump_stack_lvl+0x136/0x150
12:17:43 executing program 3:
syz_io_uring_setup(0xa97, &(0x7f0000000000)={0x0, 0x4469, 0x8}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000080), 0x0)

12:17:43 executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SIOCGSKNS(r0, 0x8933, 0x0)

[ 2318.480448][ T8766]  dump_header+0x10a/0xd70
[ 2318.484965][ T8766]  oom_kill_process+0x25d/0x600
[ 2318.490029][ T8766]  out_of_memory+0x35c/0x1650
[ 2318.494882][ T8766]  ? find_held_lock+0x2d/0x110
[ 2318.499715][ T8766]  ? oom_killer_disable+0x2b0/0x2b0
[ 2318.502603][ T8017] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2318.505064][ T8766]  ? rcu_read_unlock+0x9/0x60
[ 2318.505104][ T8766]  ? find_held_lock+0x2d/0x110
[ 2318.527561][ T8766]  mem_cgroup_out_of_memory+0x206/0x270
[ 2318.533182][ T8766]  ? mem_cgroup_margin+0x130/0x130
[ 2318.538371][ T8766]  ? lock_downgrade+0x690/0x690
[ 2318.543326][ T8766]  try_charge_memcg+0xf99/0x13a0
[ 2318.548356][ T8766]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2318.554496][ T8766]  ? get_mem_cgroup_from_objcg+0xa1/0x280
[ 2318.560258][ T8766]  ? lock_downgrade+0x690/0x690
[ 2318.565176][ T8766]  ? trace_lock_acquire+0x12d/0x180
[ 2318.570455][ T8766]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2318.576380][ T8766]  ? lock_acquire+0x32/0xc0
[ 2318.580971][ T8766]  obj_cgroup_charge+0x2af/0x5e0
[ 2318.586008][ T8766]  ? __alloc_file+0x21/0x270
[ 2318.590643][ T8766]  kmem_cache_alloc+0xb1/0x3b0
[ 2318.595464][ T8766]  __alloc_file+0x21/0x270
[ 2318.599923][ T8766]  alloc_empty_file+0x71/0x190
[ 2318.604725][ T8766]  path_openat+0xe6/0x2750
[ 2318.609185][ T8766]  ? find_held_lock+0x2d/0x110
[ 2318.613993][ T8766]  ? path_lookupat+0x840/0x840
[ 2318.618807][ T8766]  do_filp_open+0x1ba/0x410
[ 2318.623354][ T8766]  ? may_open_dev+0xf0/0xf0
[ 2318.627894][ T8766]  ? find_held_lock+0x2d/0x110
[ 2318.632705][ T8766]  ? alloc_fd+0x2e4/0x750
[ 2318.637084][ T8766]  ? do_raw_spin_lock+0x124/0x2b0
[ 2318.642178][ T8766]  ? spin_bug+0x1c0/0x1c0
[ 2318.646553][ T8766]  ? _raw_spin_unlock+0x28/0x40
[ 2318.651433][ T8766]  ? alloc_fd+0x2e4/0x750
[ 2318.655808][ T8766]  do_sys_openat2+0x16d/0x4c0
[ 2318.660528][ T8766]  ? build_open_flags+0x720/0x720
[ 2318.665601][ T8766]  __x64_sys_openat+0x143/0x1f0
[ 2318.670485][ T8766]  ? __ia32_sys_open+0x1c0/0x1c0
[ 2318.675481][ T8766]  ? syscall_enter_from_user_mode+0x26/0x80
[ 2318.681420][ T8766]  do_syscall_64+0x39/0xb0
[ 2318.685878][ T8766]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2318.691809][ T8766] RIP: 0033:0x7f47dd28c0f9
[ 2318.696255][ T8766] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 2318.720425][ T8766] RSP: 002b:00007f47de072168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 2318.728890][ T8766] RAX: ffffffffffffffda RBX: 00007f47dd3abf80 RCX: 00007f47dd28c0f9
[ 2318.736889][ T8766] RDX: 0000000000000802 RSI: 0000000020000200 RDI: ffffffffffffff9c
[ 2318.744886][ T8766] RBP: 00007f47dd2e7b39 R08: 0000000000000000 R09: 0000000000000000
[ 2318.752879][ T8766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2318.760871][ T8766] R13: 00007ffdbc005ebf R14: 00007f47de072300 R15: 0000000000022000
[ 2318.768908][ T8766]  </TASK>
[ 2318.781206][ T8766] memory: usage 307200kB, limit 307200kB, failcnt 12468
[ 2318.788755][ T8766] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2318.796004][ T8766] Memory cgroup stats for /syz1:
[ 2318.796302][ T8766] anon 118784
[ 2318.796302][ T8766] file 312406016
[ 2318.796302][ T8766] kernel 2048000
[ 2318.796302][ T8766] kernel_stack 65536
[ 2318.796302][ T8766] pagetables 81920
[ 2318.796302][ T8766] sec_pagetables 0
[ 2318.796302][ T8766] percpu 4928
[ 2318.796302][ T8766] sock 0
[ 2318.796302][ T8766] vmalloc 0
[ 2318.796302][ T8766] shmem 312406016
[ 2318.796302][ T8766] zswap 0
[ 2318.796302][ T8766] zswapped 0
[ 2318.796302][ T8766] file_mapped 380928
[ 2318.796302][ T8766] file_dirty 0
[ 2318.796302][ T8766] file_writeback 0
[ 2318.796302][ T8766] swapcached 0
[ 2318.796302][ T8766] anon_thp 0
[ 2318.796302][ T8766] file_thp 0
[ 2318.796302][ T8766] shmem_thp 0
[ 2318.796302][ T8766] inactive_anon 62951424
[ 2318.796302][ T8766] active_anon 143360
[ 2318.796302][ T8766] inactive_file 0
[ 2318.796302][ T8766] active_file 0
[ 2318.796302][ T8766] unevictable 249430016
[ 2318.796302][ T8766] slab_reclaimable 964920
[ 2318.796302][ T8766] slab_unreclaimable 889248
[ 2318.796302][ T8766] slab 1854168
[ 2318.796302][ T8766] workingset_refault_anon 0
[ 2318.796302][ T8766] workingset_refault_file 0
[ 2318.796302][ T8766] workingset_activate_anon 0
[ 2318.796302][ T8766] workingset_activate_file 0
[ 2318.796302][ T8766] workingset_restore_anon 0
[ 2318.796302][ T8766] workingset_restore_file 0
[ 2318.796302][ T8766] workingset_nodereclaim 0
[ 2318.796302][ T8766] pgscan 49
[ 2318.796302][ T8766] pgsteal 49
[ 2318.796302][ T8766] pgscan_kswapd 0
[ 2318.796302][ T8766] pgscan_direct 49
[ 2318.796302][ T8766] pgscan_khugepaged 0
[ 2318.796302][ T8766] pgsteal_kswapd 0
[ 2318.796302][ T8766] pgsteal_direct 49
[ 2318.796302][ T8766] pgsteal_khugepaged 0
[ 2318.796302][ T8766] pgfault 1095303
[ 2318.796302][ T8766] pgmajfault 422
[ 2318.796302][ T8766] pgrefill 150
[ 2318.796302][ T8766] pgactivate 161
[ 2318.796302][ T8766] pgdeactivate 0
[ 2318.796302][ T8766] pglazyfree 0
[ 2318.796302][ T8766] pglazyfreed 0
[ 2318.796302][ T8766] zswpin 0
[ 2318.796302][ T8766] zswpout 0
[ 2318.932526][ T8017] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2318.993092][ T8766] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8762,uid=0
[ 2319.010314][ T8766] Memory cgroup out of memory: Killed process 8762 (syz-executor.1) total-vm:54672kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2319.037823][ T8017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2319.046763][ T8017] usb 1-1: Product: syz
[ 2319.051330][ T8017] usb 1-1: Manufacturer: syz
[ 2319.056556][ T8017] usb 1-1: SerialNumber: syz
[ 2319.062350][T27902] usb 6-1: new high-speed USB device number 95 using dummy_hcd
[ 2319.318937][ T3038] usb 1-1: USB disconnect, device number 72
[ 2319.332416][T27902] usb 6-1: Using ep0 maxpacket: 32
[ 2319.482272][T27902] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[ 2319.642306][T27902] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2319.651504][T27902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2319.660396][T27902] usb 6-1: Product: syz
[ 2319.664955][T27902] usb 6-1: Manufacturer: ࠝ
[ 2319.669652][T27902] usb 6-1: SerialNumber: syz
12:17:44 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, 0x0)

12:17:44 executing program 3:
openat$pfkey(0xffffffffffffff9c, &(0x7f0000002040), 0x121040, 0x0)

12:17:44 executing program 2:
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x220000, 0x0)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000080)={0x15, 0x110, 0xfa00, {0xffffffffffffffff, 0x400, 0x0, 0x0, 0x0, @in={0x2, 0x40, @private=0xa010102}, @in6={0xa, 0x4e22, 0x54, @remote, 0xa24}}}, 0x118)
syz_io_uring_complete(0x0)
syz_open_dev$usbmon(&(0x7f0000000840), 0x3ea6, 0x480)

12:17:44 executing program 4:
openat$zero(0xffffffffffffff9c, &(0x7f0000000880), 0x80400, 0x0)

12:17:44 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x0, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:44 executing program 4:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
syz_io_uring_setup(0x2b5, &(0x7f00000001c0)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000240), &(0x7f0000000280))

12:17:44 executing program 3:
syz_io_uring_setup(0x5612, &(0x7f0000000100)={0x0, 0x0, 0x800}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ff0000/0x10000)=nil, &(0x7f0000000180), 0x0)
syz_io_uring_setup(0x6087, &(0x7f0000000200), &(0x7f0000ff7000/0x7000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000280), &(0x7f00000002c0))

[ 2319.992554][T27902] usb 6-1: 0:2 : does not exist
[ 2319.994474][ T8781] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2320.023406][ T8781] CPU: 0 PID: 8781 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2320.033297][ T8781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2320.043399][ T8781] Call Trace:
[ 2320.046719][ T8781]  <TASK>
[ 2320.047180][T27902] usb 6-1: USB disconnect, device number 95
[ 2320.049663][ T8781]  dump_stack_lvl+0x136/0x150
[ 2320.049724][ T8781]  dump_header+0x10a/0xd70
[ 2320.064741][ T8781]  oom_kill_process+0x25d/0x600
[ 2320.069680][ T8781]  out_of_memory+0x35c/0x1650
[ 2320.074418][ T8781]  ? find_held_lock+0x2d/0x110
[ 2320.079250][ T8781]  ? oom_killer_disable+0x2b0/0x2b0
[ 2320.084500][ T8781]  ? rcu_read_unlock+0x9/0x60
[ 2320.089223][ T8781]  ? find_held_lock+0x2d/0x110
[ 2320.094026][ T8781]  mem_cgroup_out_of_memory+0x206/0x270
[ 2320.099616][ T8781]  ? mem_cgroup_margin+0x130/0x130
[ 2320.104855][ T8781]  ? lock_downgrade+0x690/0x690
[ 2320.109779][ T8781]  try_charge_memcg+0xf99/0x13a0
[ 2320.114771][ T8781]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2320.120821][ T8781]  ? lock_downgrade+0x690/0x690
[ 2320.125744][ T8781]  ? trace_lock_acquire+0x12d/0x180
[ 2320.131017][ T8781]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2320.136612][ T8781]  ? lock_acquire+0x32/0xc0
[ 2320.141171][ T8781]  charge_memcg+0x90/0x3b0
[ 2320.145642][ T8781]  __mem_cgroup_charge+0x2b/0x90
[ 2320.150636][ T8781]  do_wp_page+0x8ac/0x3510
[ 2320.155120][ T8781]  ? lock_sync+0x190/0x190
[ 2320.159596][ T8781]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2320.165018][ T8781]  ? rcu_is_watching+0x12/0xb0
[ 2320.169830][ T8781]  ? do_raw_spin_lock+0x124/0x2b0
[ 2320.174917][ T8781]  ? spin_bug+0x1c0/0x1c0
[ 2320.179313][ T8781]  ? lock_acquire+0x32/0xc0
[ 2320.183862][ T8781]  ? __handle_mm_fault+0x1334/0x4180
[ 2320.189214][ T8781]  __handle_mm_fault+0x1547/0x4180
[ 2320.194388][ T8781]  ? vm_iomap_memory+0x190/0x190
[ 2320.199405][ T8781]  handle_mm_fault+0x2c0/0x9c0
[ 2320.204231][ T8781]  do_user_addr_fault+0x2ed/0x1240
[ 2320.209394][ T8781]  ? rcu_is_watching+0x12/0xb0
[ 2320.214209][ T8781]  exc_page_fault+0x98/0x170
[ 2320.218849][ T8781]  asm_exc_page_fault+0x26/0x30
[ 2320.223731][ T8781] RIP: 0033:0x7f47dd2395a0
[ 2320.228171][ T8781] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2320.247808][ T8781] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2320.253989][ T8781] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2320.261985][ T8781] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2320.269983][ T8781] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2320.277977][ T8781] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2320.286025][ T8781] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2320.294093][ T8781]  ? build_open_flags+0x76/0x720
[ 2320.299102][ T8781]  </TASK>
[ 2320.316056][ T8781] memory: usage 307200kB, limit 307200kB, failcnt 12561
[ 2320.329160][ T8781] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2320.342546][ T8781] Memory cgroup stats for /syz1:
[ 2320.342838][ T8781] anon 131072
[ 2320.342838][ T8781] file 312406016
[ 2320.342838][ T8781] kernel 2027520
[ 2320.342838][ T8781] kernel_stack 65536
[ 2320.342838][ T8781] pagetables 81920
[ 2320.342838][ T8781] sec_pagetables 0
[ 2320.342838][ T8781] percpu 4928
[ 2320.342838][ T8781] sock 0
[ 2320.342838][ T8781] vmalloc 0
[ 2320.342838][ T8781] shmem 312406016
[ 2320.342838][ T8781] zswap 0
[ 2320.342838][ T8781] zswapped 0
[ 2320.342838][ T8781] file_mapped 380928
[ 2320.342838][ T8781] file_dirty 0
[ 2320.342838][ T8781] file_writeback 0
[ 2320.342838][ T8781] swapcached 0
[ 2320.342838][ T8781] anon_thp 0
[ 2320.342838][ T8781] file_thp 0
[ 2320.342838][ T8781] shmem_thp 0
[ 2320.342838][ T8781] inactive_anon 62951424
[ 2320.342838][ T8781] active_anon 155648
[ 2320.342838][ T8781] inactive_file 0
[ 2320.342838][ T8781] active_file 0
[ 2320.342838][ T8781] unevictable 249430016
[ 2320.342838][ T8781] slab_reclaimable 964920
[ 2320.342838][ T8781] slab_unreclaimable 871488
[ 2320.342838][ T8781] slab 1836408
[ 2320.342838][ T8781] workingset_refault_anon 0
[ 2320.342838][ T8781] workingset_refault_file 0
[ 2320.342838][ T8781] workingset_activate_anon 0
[ 2320.342838][ T8781] workingset_activate_file 0
[ 2320.342838][ T8781] workingset_restore_anon 0
[ 2320.342838][ T8781] workingset_restore_file 0
[ 2320.342838][ T8781] workingset_nodereclaim 0
[ 2320.342838][ T8781] pgscan 49
[ 2320.342838][ T8781] pgsteal 49
[ 2320.342838][ T8781] pgscan_kswapd 0
[ 2320.342838][ T8781] pgscan_direct 49
[ 2320.342838][ T8781] pgscan_khugepaged 0
[ 2320.342838][ T8781] pgsteal_kswapd 0
[ 2320.342838][ T8781] pgsteal_direct 49
[ 2320.342838][ T8781] pgsteal_khugepaged 0
[ 2320.342838][ T8781] pgfault 1095356
[ 2320.342838][ T8781] pgmajfault 422
[ 2320.342838][ T8781] pgrefill 150
[ 2320.342838][ T8781] pgactivate 161
[ 2320.342838][ T8781] pgdeactivate 0
[ 2320.342838][ T8781] pglazyfree 0
[ 2320.342838][ T8781] pglazyfreed 0
[ 2320.342838][ T8781] zswpin 0
[ 2320.342838][ T8781] zswpout 0
[ 2320.534623][ T5556] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[ 2320.549716][ T8781] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8781,uid=0
[ 2320.571345][ T8781] Memory cgroup out of memory: Killed process 8781 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2320.782176][ T5556] usb 1-1: Using ep0 maxpacket: 16
12:17:45 executing program 5:
semctl$IPC_INFO(0x0, 0x0, 0x14, 0x0)

12:17:45 executing program 2:
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$CAPI_GET_MANUFACTURER(r0, 0xc0044306, &(0x7f0000000080))

12:17:45 executing program 4:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f0000000240)={0x0, 0x9, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b3e9cceb"}})

12:17:45 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x10}, 0x48)

12:17:45 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x0, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2320.932427][ T5556] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2320.954686][ T8792] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2320.966655][ T8792] CPU: 1 PID: 8792 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2320.976537][ T8792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2320.986652][ T8792] Call Trace:
[ 2320.989984][ T8792]  <TASK>
[ 2320.992973][ T8792]  dump_stack_lvl+0x136/0x150
[ 2320.997735][ T8792]  dump_header+0x10a/0xd70
[ 2321.002227][ T8792]  oom_kill_process+0x25d/0x600
[ 2321.007154][ T8792]  out_of_memory+0x35c/0x1650
[ 2321.011902][ T8792]  ? find_held_lock+0x2d/0x110
[ 2321.016719][ T8792]  ? oom_killer_disable+0x2b0/0x2b0
[ 2321.021976][ T8792]  ? rcu_read_unlock+0x9/0x60
[ 2321.026697][ T8792]  ? find_held_lock+0x2d/0x110
[ 2321.031503][ T8792]  mem_cgroup_out_of_memory+0x206/0x270
[ 2321.037086][ T8792]  ? mem_cgroup_margin+0x130/0x130
[ 2321.042230][ T8792]  ? lock_downgrade+0x690/0x690
[ 2321.047145][ T8792]  try_charge_memcg+0xf99/0x13a0
[ 2321.052136][ T8792]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2321.058167][ T8792]  ? lock_downgrade+0x690/0x690
[ 2321.063055][ T8792]  ? trace_lock_acquire+0x12d/0x180
[ 2321.068295][ T8792]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2321.074319][ T8792]  ? lock_acquire+0x32/0xc0
[ 2321.078888][ T8792]  charge_memcg+0x90/0x3b0
[ 2321.083353][ T8792]  __mem_cgroup_charge+0x2b/0x90
[ 2321.088427][ T8792]  do_wp_page+0x8ac/0x3510
[ 2321.092986][ T8792]  ? lock_sync+0x190/0x190
[ 2321.097459][ T8792]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2321.102874][ T8792]  ? rcu_is_watching+0x12/0xb0
[ 2321.107685][ T8792]  ? do_raw_spin_lock+0x124/0x2b0
[ 2321.112761][ T8792]  ? spin_bug+0x1c0/0x1c0
[ 2321.117132][ T8792]  ? lock_acquire+0x32/0xc0
[ 2321.121670][ T8792]  ? __handle_mm_fault+0x1334/0x4180
[ 2321.127010][ T8792]  __handle_mm_fault+0x1547/0x4180
[ 2321.132176][ T8792]  ? vm_iomap_memory+0x190/0x190
[ 2321.137190][ T8792]  handle_mm_fault+0x2c0/0x9c0
[ 2321.142009][ T8792]  do_user_addr_fault+0x2ed/0x1240
[ 2321.147167][ T8792]  ? rcu_is_watching+0x12/0xb0
[ 2321.151975][ T8792]  exc_page_fault+0x98/0x170
[ 2321.156618][ T8792]  asm_exc_page_fault+0x26/0x30
[ 2321.161505][ T8792] RIP: 0033:0x7f47dd2395a0
[ 2321.165947][ T8792] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2321.185585][ T8792] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2321.191695][ T8792] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2321.199692][ T8792] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2321.207691][ T8792] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2321.215687][ T8792] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2321.223701][ T8792] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2321.231698][ T8792]  ? build_open_flags+0x76/0x720
[ 2321.236700][ T8792]  </TASK>
[ 2321.243969][ T8792] memory: usage 307192kB, limit 307200kB, failcnt 12628
[ 2321.251851][ T8792] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2321.259055][ T8792] Memory cgroup stats for /syz1:
[ 2321.259308][ T8792] anon 131072
[ 2321.259308][ T8792] file 312406016
[ 2321.259308][ T8792] kernel 2019328
[ 2321.259308][ T8792] kernel_stack 65536
[ 2321.259308][ T8792] pagetables 81920
[ 2321.259308][ T8792] sec_pagetables 0
[ 2321.259308][ T8792] percpu 4864
[ 2321.259308][ T8792] sock 0
[ 2321.259308][ T8792] vmalloc 0
[ 2321.259308][ T8792] shmem 312406016
[ 2321.259308][ T8792] zswap 0
[ 2321.259308][ T8792] zswapped 0
[ 2321.259308][ T8792] file_mapped 380928
[ 2321.259308][ T8792] file_dirty 0
[ 2321.259308][ T8792] file_writeback 0
[ 2321.259308][ T8792] swapcached 0
[ 2321.259308][ T8792] anon_thp 0
[ 2321.259308][ T8792] file_thp 0
[ 2321.259308][ T8792] shmem_thp 0
[ 2321.259308][ T8792] inactive_anon 62951424
[ 2321.259308][ T8792] active_anon 155648
[ 2321.259308][ T8792] inactive_file 0
[ 2321.259308][ T8792] active_file 0
[ 2321.259308][ T8792] unevictable 249430016
[ 2321.259308][ T8792] slab_reclaimable 964920
[ 2321.259308][ T8792] slab_unreclaimable 871488
[ 2321.259308][ T8792] slab 1836408
[ 2321.259308][ T8792] workingset_refault_anon 0
[ 2321.259308][ T8792] workingset_refault_file 0
[ 2321.259308][ T8792] workingset_activate_anon 0
[ 2321.259308][ T8792] workingset_activate_file 0
[ 2321.259308][ T8792] workingset_restore_anon 0
[ 2321.259308][ T8792] workingset_restore_file 0
[ 2321.259308][ T8792] workingset_nodereclaim 0
[ 2321.259308][ T8792] pgscan 49
[ 2321.259308][ T8792] pgsteal 49
[ 2321.259308][ T8792] pgscan_kswapd 0
[ 2321.259308][ T8792] pgscan_direct 49
[ 2321.259308][ T8792] pgscan_khugepaged 0
[ 2321.259308][ T8792] pgsteal_kswapd 0
[ 2321.259308][ T8792] pgsteal_direct 49
[ 2321.259308][ T8792] pgsteal_khugepaged 0
[ 2321.259308][ T8792] pgfault 1095409
[ 2321.259308][ T8792] pgmajfault 422
[ 2321.259308][ T8792] pgrefill 150
[ 2321.259308][ T8792] pgactivate 161
[ 2321.259308][ T8792] pgdeactivate 0
[ 2321.259308][ T8792] pglazyfree 0
[ 2321.259308][ T8792] pglazyfreed 0
[ 2321.259308][ T8792] zswpin 0
[ 2321.259308][ T8792] zswpout 0
[ 2321.459210][ T8792] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8792,uid=0
[ 2321.477141][ T8792] Memory cgroup out of memory: Killed process 8792 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2321.564126][ T5556] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2321.573400][ T5556] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2321.581440][ T5556] usb 1-1: Product: syz
[ 2321.589993][ T5556] usb 1-1: Manufacturer: syz
[ 2321.594969][ T5556] usb 1-1: SerialNumber: syz
[ 2321.859895][T27900] usb 1-1: USB disconnect, device number 73
12:17:47 executing program 2:
syz_usb_connect$uac1(0x0, 0xab, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x99, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@input_terminal={0xc}, @input_terminal={0xc}, @extension_unit={0xd, 0x24, 0x8, 0x0, 0x0, 0x0, "931feb2933e0"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x0, 0x0, 0x2}, @format_type_i_discrete={0xe, 0x24, 0x2, 0x1, 0x8, 0x0, 0x0, 0x0, "7e3872d0fe42"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0)

12:17:47 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, r1, 0x201, 0x0, 0x0, {}, [@WGDEVICE_A_FLAGS={0x8}]}, 0x1c}}, 0x0)

12:17:47 executing program 3:
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)

12:17:47 executing program 5:
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$CAPI_CLR_FLAGS(r0, 0xc0104320, 0x0)

12:17:47 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x18, &(0x7f0000000980)=@string={0x18, 0x3, "6e303a3618b9ec0015f0e1cef7c76159acaa5ddae4df"}}]})

12:17:47 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x0, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:47 executing program 5:
bpf$MAP_CREATE(0x1e, &(0x7f0000000300)=@bloom_filter, 0x48)

12:17:47 executing program 4:
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000000080)='./file0\x00', 0x1000010, &(0x7f00000000c0)=ANY=[@ANYBLOB="64617461636f772c6e6f6175746f6465667261672c6e6f6461746173756d2c72657363616e5f757569645f747265652c64656772616465642c636f6d70726573732c000076c1af66ea203ba28aeed7d2a815157a36e73b37ea21dc76f6b4579569e52727fd1a705dfa12efaa8527fdf2cb0d3e44b33f0000000012641b0daaeb90029de10137e89a6f7888705949f28ecbf460140e"], 0xfe, 0x51ab, &(0x7f0000005280)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x241, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xd000943d, 0x0)

12:17:47 executing program 3:
syz_io_uring_setup(0x64ec, &(0x7f0000000040)={0x0, 0x0, 0x800}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000140))

12:17:47 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 2322.508391][ T8803] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2322.530037][ T8803] CPU: 0 PID: 8803 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2322.539940][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2322.550040][ T8803] Call Trace:
[ 2322.553351][ T8803]  <TASK>
[ 2322.556303][ T8803]  dump_stack_lvl+0x136/0x150
[ 2322.561140][ T8803]  dump_header+0x10a/0xd70
[ 2322.565607][ T8803]  oom_kill_process+0x25d/0x600
[ 2322.570567][ T8803]  out_of_memory+0x35c/0x1650
[ 2322.575301][ T8803]  ? find_held_lock+0x2d/0x110
[ 2322.580103][ T8803]  ? oom_killer_disable+0x2b0/0x2b0
[ 2322.585349][ T8803]  ? rcu_read_unlock+0x9/0x60
[ 2322.590067][ T8803]  ? find_held_lock+0x2d/0x110
[ 2322.594867][ T8803]  mem_cgroup_out_of_memory+0x206/0x270
[ 2322.600454][ T8803]  ? mem_cgroup_margin+0x130/0x130
[ 2322.605699][ T8803]  ? lock_downgrade+0x690/0x690
[ 2322.610600][ T8803]  try_charge_memcg+0xf99/0x13a0
[ 2322.615595][ T8803]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2322.621641][ T8803]  ? lock_downgrade+0x690/0x690
[ 2322.626807][ T8803]  ? trace_lock_acquire+0x12d/0x180
[ 2322.632042][ T8803]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2322.637628][ T8803]  ? lock_acquire+0x32/0xc0
[ 2322.642196][ T8803]  charge_memcg+0x90/0x3b0
[ 2322.646655][ T8803]  __mem_cgroup_charge+0x2b/0x90
[ 2322.651725][ T8803]  do_wp_page+0x8ac/0x3510
[ 2322.656193][ T8803]  ? lock_sync+0x190/0x190
[ 2322.660645][ T8803]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2322.666063][ T8803]  ? rcu_is_watching+0x12/0xb0
[ 2322.670869][ T8803]  ? do_raw_spin_lock+0x124/0x2b0
[ 2322.675972][ T8803]  ? spin_bug+0x1c0/0x1c0
[ 2322.680343][ T8803]  ? lock_acquire+0x32/0xc0
[ 2322.684882][ T8803]  ? __handle_mm_fault+0x1334/0x4180
[ 2322.690222][ T8803]  __handle_mm_fault+0x1547/0x4180
[ 2322.695474][ T8803]  ? vm_iomap_memory+0x190/0x190
[ 2322.700489][ T8803]  handle_mm_fault+0x2c0/0x9c0
[ 2322.705755][ T8803]  do_user_addr_fault+0x2ed/0x1240
[ 2322.710905][ T8803]  ? rcu_is_watching+0x12/0xb0
[ 2322.715713][ T8803]  exc_page_fault+0x98/0x170
[ 2322.720356][ T8803]  asm_exc_page_fault+0x26/0x30
[ 2322.725237][ T8803] RIP: 0033:0x7f47dd2395a0
[ 2322.729674][ T8803] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2322.749316][ T8803] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2322.755408][ T8803] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2322.763399][ T8803] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2322.771392][ T8803] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2322.779384][ T8803] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2322.787377][ T8803] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2322.795377][ T8803]  ? build_open_flags+0x76/0x720
[ 2322.800371][ T8803]  </TASK>
12:17:47 executing program 3:
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$CAPI_SET_FLAGS(r0, 0x80044324, &(0x7f0000000000))

[ 2322.810798][ T8803] memory: usage 307192kB, limit 307200kB, failcnt 12686
[ 2322.821042][ T8803] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2322.846318][ T8803] Memory cgroup stats for /syz1:
[ 2322.846600][ T8803] anon 131072
[ 2322.846600][ T8803] file 312406016
12:17:47 executing program 3:
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0xc0142, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000000))

[ 2322.846600][ T8803] kernel 2019328
[ 2322.846600][ T8803] kernel_stack 65536
[ 2322.846600][ T8803] pagetables 81920
[ 2322.846600][ T8803] sec_pagetables 0
[ 2322.846600][ T8803] percpu 4864
[ 2322.846600][ T8803] sock 0
[ 2322.846600][ T8803] vmalloc 0
[ 2322.846600][ T8803] shmem 312406016
[ 2322.846600][ T8803] zswap 0
[ 2322.846600][ T8803] zswapped 0
[ 2322.846600][ T8803] file_mapped 380928
[ 2322.846600][ T8803] file_dirty 0
[ 2322.846600][ T8803] file_writeback 0
[ 2322.846600][ T8803] swapcached 0
[ 2322.846600][ T8803] anon_thp 0
[ 2322.846600][ T8803] file_thp 0
[ 2322.846600][ T8803] shmem_thp 0
[ 2322.846600][ T8803] inactive_anon 62951424
[ 2322.846600][ T8803] active_anon 155648
[ 2322.846600][ T8803] inactive_file 0
[ 2322.846600][ T8803] active_file 0
[ 2322.846600][ T8803] unevictable 249430016
[ 2322.846600][ T8803] slab_reclaimable 964920
[ 2322.846600][ T8803] slab_unreclaimable 868808
[ 2322.846600][ T8803] slab 1833728
[ 2322.846600][ T8803] workingset_refault_anon 0
[ 2322.846600][ T8803] workingset_refault_file 0
[ 2322.846600][ T8803] workingset_activate_anon 0
[ 2322.846600][ T8803] workingset_activate_file 0
[ 2322.846600][ T8803] workingset_restore_anon 0
[ 2322.846600][ T8803] workingset_restore_file 0
[ 2322.846600][ T8803] workingset_nodereclaim 0
[ 2322.846600][ T8803] pgscan 49
[ 2322.846600][ T8803] pgsteal 49
[ 2322.846600][ T8803] pgscan_kswapd 0
[ 2322.846600][ T8803] pgscan_direct 49
[ 2322.846600][ T8803] pgscan_khugepaged 0
[ 2322.846600][ T8803] pgsteal_kswapd 0
[ 2322.846600][ T8803] pgsteal_direct 49
[ 2322.846600][ T8803] pgsteal_khugepaged 0
[ 2322.846600][ T8803] pgfault 1095462
[ 2322.846600][ T8803] pgmajfault 422
[ 2322.846600][ T8803] pgrefill 150
[ 2322.846600][ T8803] pgactivate 161
[ 2322.846600][ T8803] pgdeactivate 0
[ 2322.846600][ T8803] pglazyfree 0
[ 2322.846600][ T8803] pglazyfreed 0
[ 2322.846600][ T8803] zswpin 0
[ 2322.846600][ T8803] zswpout 0
[ 2323.004987][ T5556] usb 3-1: new high-speed USB device number 31 using dummy_hcd
[ 2323.123511][T27900] usb 1-1: new high-speed USB device number 74 using dummy_hcd
[ 2323.124467][ T8803] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8803,uid=0
[ 2323.218811][ T8803] Memory cgroup out of memory: Killed process 8803 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2323.364257][T27900] usb 1-1: Using ep0 maxpacket: 16
[ 2323.472710][ T5556] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2323.481522][ T5556] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 2323.482469][T27900] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2323.493127][ T5556] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[ 2323.515397][ T5556] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 2323.552471][T27900] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2323.672395][T27900] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2323.681561][T27900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2323.689750][T27900] usb 1-1: Product: syz
[ 2323.692484][ T5556] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[ 2323.694370][T27900] usb 1-1: Manufacturer: の㘺뤘ì컡쟷奡ꪬ򧟤
[ 2323.708795][ T5556] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2323.710635][T27900] usb 1-1: SerialNumber: syz
[ 2323.720831][ T5556] usb 3-1: Product: syz
[ 2323.734955][ T5556] usb 3-1: Manufacturer: syz
[ 2323.739810][ T5556] usb 3-1: SerialNumber: syz
[ 2323.970401][T27629] usb 1-1: USB disconnect, device number 74
[ 2324.195132][ T5556] usb 3-1: USB disconnect, device number 31
[ 2324.240672][ T8233] udevd[8233]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
12:17:49 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r0)
sendmsg$NFC_CMD_FW_DOWNLOAD(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000980)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fbdbdf251500000008001400235d2124"], 0x44}}, 0x0)

12:17:49 executing program 3:
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f0000000240)={0x0, 0x7, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b3e9cceb"}})

12:17:49 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x0, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:49 executing program 4:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001c80), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r1, 0x6b5f68800f58c893, 0x0, 0x0, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}, @NL80211_ATTR_SOCKET_OWNER={0x4}]}, 0x20}}, 0x0)

12:17:49 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12:17:49 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2, &(0x7f00000008c0)=@string={0x2}}]})

12:17:49 executing program 4:
r0 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f0000000100)={0x0, "269a1c704d771e362ec822aa148b8d103d797bbf793937f66f6a1e438b4bee4db061530655458988ae14d71dde6a08fd3fd0b1a8d1470d5f964f3e7f46c7001b"}, 0x48, 0xfffffffffffffffd)
request_key(&(0x7f0000000040)='cifs.spnego\x00', &(0x7f0000000080)={'syz', 0x3}, &(0x7f0000000140)='\x00', r0)

12:17:49 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f0000000040)={0x0, 0x0, 0x0, 'queue1\x00'})

[ 2324.615679][ T8846] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'.
[ 2324.627748][ T8834] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2324.681361][ T8834] CPU: 1 PID: 8834 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2324.691259][ T8834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2324.701356][ T8834] Call Trace:
[ 2324.704676][ T8834]  <TASK>
[ 2324.707652][ T8834]  dump_stack_lvl+0x136/0x150
[ 2324.712402][ T8834]  dump_header+0x10a/0xd70
[ 2324.716939][ T8834]  oom_kill_process+0x25d/0x600
[ 2324.721874][ T8834]  out_of_memory+0x35c/0x1650
[ 2324.726633][ T8834]  ? find_held_lock+0x2d/0x110
[ 2324.731457][ T8834]  ? oom_killer_disable+0x2b0/0x2b0
[ 2324.736740][ T8834]  ? rcu_read_unlock+0x9/0x60
[ 2324.741492][ T8834]  ? find_held_lock+0x2d/0x110
[ 2324.746326][ T8834]  mem_cgroup_out_of_memory+0x206/0x270
[ 2324.751921][ T8834]  ? mem_cgroup_margin+0x130/0x130
[ 2324.757090][ T8834]  ? lock_downgrade+0x690/0x690
[ 2324.762006][ T8834]  try_charge_memcg+0xf99/0x13a0
[ 2324.766999][ T8834]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2324.773035][ T8834]  ? lock_downgrade+0x690/0x690
[ 2324.777949][ T8834]  ? trace_lock_acquire+0x12d/0x180
[ 2324.783190][ T8834]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2324.788772][ T8834]  ? lock_acquire+0x32/0xc0
[ 2324.793326][ T8834]  charge_memcg+0x90/0x3b0
[ 2324.797784][ T8834]  __mem_cgroup_charge+0x2b/0x90
[ 2324.802768][ T8834]  do_wp_page+0x8ac/0x3510
[ 2324.807235][ T8834]  ? lock_sync+0x190/0x190
[ 2324.811684][ T8834]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2324.817095][ T8834]  ? rcu_is_watching+0x12/0xb0
[ 2324.821905][ T8834]  ? do_raw_spin_lock+0x124/0x2b0
[ 2324.826975][ T8834]  ? spin_bug+0x1c0/0x1c0
[ 2324.831341][ T8834]  ? lock_acquire+0x32/0xc0
[ 2324.835874][ T8834]  ? __handle_mm_fault+0x1334/0x4180
[ 2324.841209][ T8834]  __handle_mm_fault+0x1547/0x4180
[ 2324.846374][ T8834]  ? vm_iomap_memory+0x190/0x190
[ 2324.851390][ T8834]  handle_mm_fault+0x2c0/0x9c0
[ 2324.856212][ T8834]  do_user_addr_fault+0x2ed/0x1240
[ 2324.861364][ T8834]  ? rcu_is_watching+0x12/0xb0
[ 2324.866177][ T8834]  exc_page_fault+0x98/0x170
[ 2324.870817][ T8834]  asm_exc_page_fault+0x26/0x30
[ 2324.875795][ T8834] RIP: 0033:0x7f47dd2395a0
[ 2324.880583][ T8834] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2324.900239][ T8834] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2324.906333][ T8834] RAX: 00000000e71e0d02 RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2324.914329][ T8834] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fe031
[ 2324.922322][ T8834] RBP: 00000000e71e0d02 R08: 0000000000000d02 R09: 00000000e71e0d06
[ 2324.930315][ T8834] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2324.938311][ T8834] R13: 0000000000000001 R14: 0000000000000008 R15: ffffffff81e3d4bb
[ 2324.946307][ T8834]  ? build_open_flags+0x12b/0x720
[ 2324.951383][ T8834]  </TASK>
12:17:49 executing program 4:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FD_FRAMES(r0, 0x65, 0x2, 0x0, 0x0)

12:17:49 executing program 2:
r0 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0x6, 0x0, 0x0, @dev}, 0x1c)

12:17:49 executing program 3:
socket$alg(0x26, 0x5, 0x0)
io_setup(0x0, 0x0)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="646973636172642c0008fd346f1fe0c7b977cf98b0dfc801ecf9a88e1ae482"], 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x141842, 0x0)
pwritev2(r0, &(0x7f0000000200)=[{&(0x7f0000000480)="93", 0x1}], 0x1, 0x8c0f, 0x0, 0x0)

12:17:49 executing program 4:
syz_io_uring_setup(0x3b23, &(0x7f0000000000)={0x0, 0x0, 0x800}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000080), &(0x7f00000000c0))

12:17:49 executing program 2:
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000100)={0x16, 0x98, 0xfa00, {0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}}, 0xa0)

[ 2325.132283][ T5556] usb 1-1: new high-speed USB device number 75 using dummy_hcd
12:17:50 executing program 4:
r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$CAPI_CLR_FLAGS(r0, 0xc0404309, 0x0)

[ 2325.239928][ T8834] memory: usage 307188kB, limit 307200kB, failcnt 12738
[ 2325.249562][ T8834] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2325.275624][ T8834] Memory cgroup stats for /syz1:
[ 2325.275913][ T8834] anon 135168
[ 2325.275913][ T8834] file 312406016
[ 2325.275913][ T8834] kernel 2019328
[ 2325.275913][ T8834] kernel_stack 65536
[ 2325.275913][ T8834] pagetables 81920
[ 2325.275913][ T8834] sec_pagetables 0
[ 2325.275913][ T8834] percpu 4864
[ 2325.275913][ T8834] sock 0
[ 2325.275913][ T8834] vmalloc 0
[ 2325.275913][ T8834] shmem 312406016
[ 2325.275913][ T8834] zswap 0
[ 2325.275913][ T8834] zswapped 0
[ 2325.275913][ T8834] file_mapped 380928
[ 2325.275913][ T8834] file_dirty 0
[ 2325.275913][ T8834] file_writeback 0
[ 2325.275913][ T8834] swapcached 0
[ 2325.275913][ T8834] anon_thp 0
[ 2325.275913][ T8834] file_thp 0
[ 2325.275913][ T8834] shmem_thp 0
[ 2325.275913][ T8834] inactive_anon 62951424
[ 2325.275913][ T8834] active_anon 159744
[ 2325.275913][ T8834] inactive_file 0
[ 2325.275913][ T8834] active_file 0
[ 2325.275913][ T8834] unevictable 249430016
[ 2325.275913][ T8834] slab_reclaimable 964920
[ 2325.275913][ T8834] slab_unreclaimable 868808
[ 2325.275913][ T8834] slab 1833728
[ 2325.275913][ T8834] workingset_refault_anon 0
[ 2325.275913][ T8834] workingset_refault_file 0
[ 2325.275913][ T8834] workingset_activate_anon 0
[ 2325.275913][ T8834] workingset_activate_file 0
[ 2325.275913][ T8834] workingset_restore_anon 0
[ 2325.275913][ T8834] workingset_restore_file 0
[ 2325.275913][ T8834] workingset_nodereclaim 0
[ 2325.275913][ T8834] pgscan 49
[ 2325.275913][ T8834] pgsteal 49
[ 2325.275913][ T8834] pgscan_kswapd 0
[ 2325.275913][ T8834] pgscan_direct 49
[ 2325.275913][ T8834] pgscan_khugepaged 0
[ 2325.275913][ T8834] pgsteal_kswapd 0
[ 2325.275913][ T8834] pgsteal_direct 49
[ 2325.275913][ T8834] pgsteal_khugepaged 0
[ 2325.275913][ T8834] pgfault 1095517
[ 2325.275913][ T8834] pgmajfault 422
[ 2325.275913][ T8834] pgrefill 150
[ 2325.275913][ T8834] pgactivate 161
[ 2325.275913][ T8834] pgdeactivate 0
[ 2325.275913][ T8834] pglazyfree 0
[ 2325.275913][ T8834] pglazyfreed 0
[ 2325.275913][ T8834] zswpin 0
[ 2325.275913][ T8834] zswpout 0
[ 2325.464984][ T5556] usb 1-1: Using ep0 maxpacket: 16
12:17:50 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:50 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001c80), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REQ_SET_REG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x6b5f68800f58c893}, 0x14}}, 0x0)

[ 2325.481437][ T8834] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8834,uid=0
[ 2325.498181][ T8834] Memory cgroup out of memory: Killed process 8834 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2325.592636][ T5556] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
12:17:50 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 2325.662583][ T5556] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2325.729165][ T8869] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2325.761056][ T8869] CPU: 1 PID: 8869 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2325.770938][ T8869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2325.781038][ T8869] Call Trace:
[ 2325.784354][ T8869]  <TASK>
[ 2325.787327][ T8869]  dump_stack_lvl+0x136/0x150
[ 2325.792076][ T8869]  dump_header+0x10a/0xd70
[ 2325.796572][ T8869]  oom_kill_process+0x25d/0x600
[ 2325.801496][ T8869]  out_of_memory+0x35c/0x1650
[ 2325.806242][ T8869]  ? find_held_lock+0x2d/0x110
[ 2325.811165][ T8869]  ? oom_killer_disable+0x2b0/0x2b0
[ 2325.816437][ T8869]  ? rcu_read_unlock+0x9/0x60
[ 2325.821161][ T8869]  ? find_held_lock+0x2d/0x110
[ 2325.826154][ T8869]  mem_cgroup_out_of_memory+0x206/0x270
[ 2325.831762][ T8869]  ? mem_cgroup_margin+0x130/0x130
[ 2325.836935][ T8869]  ? lock_downgrade+0x690/0x690
[ 2325.841898][ T8869]  try_charge_memcg+0xf99/0x13a0
[ 2325.846917][ T8869]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2325.852976][ T8869]  ? lock_downgrade+0x690/0x690
[ 2325.857884][ T8869]  ? trace_lock_acquire+0x12d/0x180
[ 2325.863149][ T8869]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2325.868756][ T8869]  ? lock_acquire+0x32/0xc0
[ 2325.873336][ T8869]  charge_memcg+0x90/0x3b0
[ 2325.877827][ T8869]  __mem_cgroup_charge+0x2b/0x90
[ 2325.882834][ T8869]  ? copy_mc_to_kernel+0x3e/0x90
[ 2325.887868][ T8869]  do_wp_page+0x8ac/0x3510
[ 2325.892370][ T8869]  ? lock_sync+0x190/0x190
[ 2325.896849][ T8869]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2325.902278][ T8869]  ? rcu_is_watching+0x12/0xb0
[ 2325.907107][ T8869]  ? do_raw_spin_lock+0x124/0x2b0
[ 2325.912203][ T8869]  ? spin_bug+0x1c0/0x1c0
[ 2325.912599][ T5556] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2325.916574][ T8869]  ? lock_acquire+0x32/0xc0
[ 2325.916621][ T8869]  ? __handle_mm_fault+0x1334/0x4180
[ 2325.935509][ T8869]  __handle_mm_fault+0x1547/0x4180
[ 2325.940701][ T8869]  ? vm_iomap_memory+0x190/0x190
[ 2325.941408][ T5556] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2325.945735][ T8869]  handle_mm_fault+0x2c0/0x9c0
[ 2325.945801][ T8869]  do_user_addr_fault+0x2ed/0x1240
[ 2325.963674][ T8869]  ? rcu_is_watching+0x12/0xb0
[ 2325.968527][ T8869]  exc_page_fault+0x98/0x170
[ 2325.973182][ T8869]  asm_exc_page_fault+0x26/0x30
[ 2325.978082][ T8869] RIP: 0033:0x7f47dd2364bd
[ 2325.982544][ T8869] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2325.993387][ T5556] usb 1-1: Product: syz
[ 2326.002169][ T8869] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2326.002202][ T8869] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000003d2
[ 2326.002224][ T8869] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2326.002246][ T8869] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2326.033645][ T5556] usb 1-1: Manufacturer: syz
[ 2326.036495][ T8869] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2326.036522][ T8869] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2326.056808][ T5556] usb 1-1: SerialNumber: syz
[ 2326.057104][ T8869]  </TASK>
[ 2326.079371][ T8869] memory: usage 307200kB, limit 307200kB, failcnt 12788
[ 2326.101371][ T8869] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2326.109015][ T8869] Memory cgroup stats for /syz1:
[ 2326.109276][ T8869] anon 147456
[ 2326.109276][ T8869] file 312406016
[ 2326.109276][ T8869] kernel 2019328
[ 2326.109276][ T8869] kernel_stack 65536
[ 2326.109276][ T8869] pagetables 81920
[ 2326.109276][ T8869] sec_pagetables 0
[ 2326.109276][ T8869] percpu 4864
[ 2326.109276][ T8869] sock 0
[ 2326.109276][ T8869] vmalloc 0
[ 2326.109276][ T8869] shmem 312406016
[ 2326.109276][ T8869] zswap 0
[ 2326.109276][ T8869] zswapped 0
[ 2326.109276][ T8869] file_mapped 380928
[ 2326.109276][ T8869] file_dirty 0
[ 2326.109276][ T8869] file_writeback 0
[ 2326.109276][ T8869] swapcached 0
[ 2326.109276][ T8869] anon_thp 0
[ 2326.109276][ T8869] file_thp 0
[ 2326.109276][ T8869] shmem_thp 0
[ 2326.109276][ T8869] inactive_anon 62951424
[ 2326.109276][ T8869] active_anon 172032
[ 2326.109276][ T8869] inactive_file 0
[ 2326.109276][ T8869] active_file 0
[ 2326.109276][ T8869] unevictable 249430016
[ 2326.109276][ T8869] slab_reclaimable 964920
[ 2326.109276][ T8869] slab_unreclaimable 868808
[ 2326.109276][ T8869] slab 1833728
[ 2326.109276][ T8869] workingset_refault_anon 0
[ 2326.109276][ T8869] workingset_refault_file 0
[ 2326.109276][ T8869] workingset_activate_anon 0
[ 2326.109276][ T8869] workingset_activate_file 0
[ 2326.109276][ T8869] workingset_restore_anon 0
[ 2326.109276][ T8869] workingset_restore_file 0
[ 2326.109276][ T8869] workingset_nodereclaim 0
[ 2326.109276][ T8869] pgscan 49
[ 2326.109276][ T8869] pgsteal 49
[ 2326.109276][ T8869] pgscan_kswapd 0
[ 2326.109276][ T8869] pgscan_direct 49
[ 2326.109276][ T8869] pgscan_khugepaged 0
[ 2326.109276][ T8869] pgsteal_kswapd 0
[ 2326.109276][ T8869] pgsteal_direct 49
[ 2326.109276][ T8869] pgsteal_khugepaged 0
[ 2326.109276][ T8869] pgfault 1095577
[ 2326.109276][ T8869] pgmajfault 422
[ 2326.109276][ T8869] pgrefill 150
[ 2326.109276][ T8869] pgactivate 161
[ 2326.109276][ T8869] pgdeactivate 0
[ 2326.109276][ T8869] pglazyfree 0
[ 2326.109276][ T8869] pglazyfreed 0
[ 2326.109276][ T8869] zswpin 0
[ 2326.109276][ T8869] zswpout 0
[ 2326.312169][ T8869] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8869,uid=0
[ 2326.352599][ T8869] Memory cgroup out of memory: Killed process 8869 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2326.380765][T27629] usb 1-1: USB disconnect, device number 75
12:17:51 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2, &(0x7f00000008c0)=@string={0x2}}]})

12:17:51 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
write$binfmt_script(r1, 0x0, 0xfffffe5d)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3c00000010008586000080ff0100000000000000", @ANYRES32=r2, @ANYBLOB="0100d0e1c2ed00001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket(0x1, 0x803, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=@newlink={0x20, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0xc3ffffff}}, 0x20}}, 0x0)

12:17:51 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:51 executing program 2:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x24, &(0x7f0000000000)=0x2080, 0x4)

12:17:51 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12:17:51 executing program 3:
syz_genetlink_get_family_id$nl802154(&(0x7f00000023c0), 0xffffffffffffffff)

12:17:51 executing program 2:
r0 = socket$inet(0x2, 0x1, 0x0)
shutdown(r0, 0x2)
recvmmsg(r0, &(0x7f00000015c0), 0x10, 0x3, 0x0)

12:17:51 executing program 3:
r0 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140), &(0x7f0000000180)={0x0, "e6358ad286255d418012cf4fa427e96191c88d00c5386226c7cb4d52d3ea66c0e0c7082c17865ba839aa9ff783f451458bb6cc05d95e6ff2dd5eca6acf2812ce"}, 0x48, 0xfffffffffffffffe)
add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, r0)

[ 2326.937806][ T8883] netlink: 'syz-executor.4': attribute type 1 has an invalid length.
12:17:51 executing program 3:
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f0000000040)={0xffffffff, 0x0, 0x0, 'queue0\x00'})

12:17:51 executing program 3:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f00000002c0)={&(0x7f0000000080)=@id={0x1e, 0x3, 0x0, {0x0, 0x3}}, 0x10, 0x0}, 0x0)

12:17:51 executing program 2:
pipe2$watch_queue(&(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x80)
read$rfkill(r0, 0x0, 0x0)

12:17:51 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000002c0), &(0x7f0000000340)=0xc)

[ 2327.087977][ T8891] bond1: entered promiscuous mode
[ 2327.126672][ T8891] bond1: entered allmulticast mode
[ 2327.133585][ T8877] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2327.170366][ T8891] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2327.178168][ T8877] CPU: 1 PID: 8877 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2327.188043][ T8877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2327.198149][ T8877] Call Trace:
[ 2327.201455][ T8877]  <TASK>
[ 2327.204422][ T8877]  dump_stack_lvl+0x136/0x150
[ 2327.209173][ T8877]  dump_header+0x10a/0xd70
[ 2327.213661][ T8877]  oom_kill_process+0x25d/0x600
[ 2327.218583][ T8877]  out_of_memory+0x35c/0x1650
[ 2327.223360][ T8877]  ? find_held_lock+0x2d/0x110
[ 2327.228187][ T8877]  ? oom_killer_disable+0x2b0/0x2b0
[ 2327.233457][ T8877]  ? rcu_read_unlock+0x9/0x60
[ 2327.238185][ T8877]  ? find_held_lock+0x2d/0x110
[ 2327.243025][ T8877]  mem_cgroup_out_of_memory+0x206/0x270
[ 2327.248647][ T8877]  ? mem_cgroup_margin+0x130/0x130
[ 2327.253820][ T8877]  ? lock_downgrade+0x690/0x690
[ 2327.258823][ T8877]  try_charge_memcg+0xf99/0x13a0
[ 2327.263885][ T8877]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2327.269947][ T8877]  ? lock_downgrade+0x690/0x690
[ 2327.274868][ T8877]  ? trace_lock_acquire+0x12d/0x180
[ 2327.280126][ T8877]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2327.285730][ T8877]  ? lock_acquire+0x32/0xc0
[ 2327.290274][ T8877]  charge_memcg+0x90/0x3b0
[ 2327.294731][ T8877]  __mem_cgroup_charge+0x2b/0x90
[ 2327.299716][ T8877]  do_wp_page+0x8ac/0x3510
[ 2327.304181][ T8877]  ? lock_sync+0x190/0x190
[ 2327.308631][ T8877]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2327.314130][ T8877]  ? rcu_is_watching+0x12/0xb0
[ 2327.318938][ T8877]  ? do_raw_spin_lock+0x124/0x2b0
[ 2327.324002][ T8877]  ? spin_bug+0x1c0/0x1c0
[ 2327.328373][ T8877]  ? lock_acquire+0x32/0xc0
[ 2327.332928][ T8877]  ? __handle_mm_fault+0x1334/0x4180
[ 2327.338270][ T8877]  __handle_mm_fault+0x1547/0x4180
[ 2327.343432][ T8877]  ? vm_iomap_memory+0x190/0x190
[ 2327.348433][ T8877]  handle_mm_fault+0x2c0/0x9c0
[ 2327.353260][ T8877]  do_user_addr_fault+0x2ed/0x1240
[ 2327.358423][ T8877]  ? rcu_is_watching+0x12/0xb0
[ 2327.363231][ T8877]  exc_page_fault+0x98/0x170
[ 2327.367887][ T8877]  asm_exc_page_fault+0x26/0x30
[ 2327.372883][ T8877] RIP: 0033:0x7f47dd2395a0
[ 2327.377338][ T8877] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2327.396973][ T8877] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2327.403066][ T8877] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2327.411065][ T8877] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2327.419059][ T8877] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2327.427053][ T8877] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2327.435133][ T8877] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2327.443213][ T8877]  ? build_open_flags+0x76/0x720
[ 2327.448207][ T8877]  </TASK>
[ 2327.453755][T27629] usb 1-1: new high-speed USB device number 76 using dummy_hcd
[ 2327.463318][ T8877] memory: usage 307200kB, limit 307200kB, failcnt 12880
[ 2327.486926][ T8877] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2327.494635][ T8877] Memory cgroup stats for /syz1:
[ 2327.494904][ T8877] anon 131072
[ 2327.494904][ T8877] file 312406016
[ 2327.494904][ T8877] kernel 2035712
[ 2327.494904][ T8877] kernel_stack 65536
[ 2327.494904][ T8877] pagetables 81920
[ 2327.494904][ T8877] sec_pagetables 0
[ 2327.494904][ T8877] percpu 4928
[ 2327.494904][ T8877] sock 0
[ 2327.494904][ T8877] vmalloc 0
[ 2327.494904][ T8877] shmem 312406016
[ 2327.494904][ T8877] zswap 0
[ 2327.494904][ T8877] zswapped 0
[ 2327.494904][ T8877] file_mapped 380928
[ 2327.494904][ T8877] file_dirty 0
[ 2327.494904][ T8877] file_writeback 0
[ 2327.494904][ T8877] swapcached 0
[ 2327.494904][ T8877] anon_thp 0
[ 2327.494904][ T8877] file_thp 0
[ 2327.494904][ T8877] shmem_thp 0
[ 2327.494904][ T8877] inactive_anon 62951424
[ 2327.494904][ T8877] active_anon 155648
[ 2327.494904][ T8877] inactive_file 0
[ 2327.494904][ T8877] active_file 0
[ 2327.494904][ T8877] unevictable 249430016
[ 2327.494904][ T8877] slab_reclaimable 964920
[ 2327.494904][ T8877] slab_unreclaimable 880720
[ 2327.494904][ T8877] slab 1845640
[ 2327.494904][ T8877] workingset_refault_anon 0
[ 2327.494904][ T8877] workingset_refault_file 0
[ 2327.494904][ T8877] workingset_activate_anon 0
[ 2327.494904][ T8877] workingset_activate_file 0
[ 2327.494904][ T8877] workingset_restore_anon 0
[ 2327.494904][ T8877] workingset_restore_file 0
[ 2327.494904][ T8877] workingset_nodereclaim 0
[ 2327.494904][ T8877] pgscan 49
[ 2327.494904][ T8877] pgsteal 49
[ 2327.494904][ T8877] pgscan_kswapd 0
[ 2327.494904][ T8877] pgscan_direct 49
[ 2327.494904][ T8877] pgscan_khugepaged 0
[ 2327.494904][ T8877] pgsteal_kswapd 0
[ 2327.494904][ T8877] pgsteal_direct 49
[ 2327.494904][ T8877] pgsteal_khugepaged 0
[ 2327.494904][ T8877] pgfault 1095632
[ 2327.494904][ T8877] pgmajfault 422
[ 2327.494904][ T8877] pgrefill 150
[ 2327.494904][ T8877] pgactivate 161
[ 2327.494904][ T8877] pgdeactivate 0
[ 2327.494904][ T8877] pglazyfree 0
[ 2327.494904][ T8877] pglazyfreed 0
[ 2327.494904][ T8877] zswpin 0
[ 2327.494904][ T8877] zswpout 0
[ 2327.690530][ T8877] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8877,uid=0
[ 2327.706805][ T8877] Memory cgroup out of memory: Killed process 8877 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2327.802357][T27629] usb 1-1: Using ep0 maxpacket: 16
[ 2327.932310][T27629] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2327.982460][T27629] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2328.112342][T27629] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2328.121626][T27629] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2328.129809][T27629] usb 1-1: Product: syz
[ 2328.134208][T27629] usb 1-1: Manufacturer: syz
[ 2328.138903][T27629] usb 1-1: SerialNumber: syz
[ 2328.400794][T27902] usb 1-1: USB disconnect, device number 76
12:17:53 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x2, &(0x7f00000008c0)=@string={0x2}}]})

12:17:53 executing program 2:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x0, 0x0, @private1}}}, &(0x7f0000000280)=0x98)

12:17:53 executing program 3:
r0 = add_key$keyring(&(0x7f0000001600), &(0x7f0000001640)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000001600), &(0x7f0000001640)={'syz', 0x3}, 0x0, 0x0, r2)

12:17:53 executing program 4:
openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040), 0x300, 0x0)

12:17:53 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:53 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12:17:53 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001540)={0x18, 0x3, &(0x7f0000000140)=@framed={{}, [], {0x95, 0x0, 0x0, 0x600}}, &(0x7f0000000100)='syzkaller\x00', 0x2, 0xda, &(0x7f0000000000)=""/218, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

12:17:53 executing program 2:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmsg(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f00000017c0)=[{0x0}, {0x0}, {0x0}], 0x3}, 0x0)

12:17:53 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'gretap0\x00', 0x400})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000001c0)={'rose0\x00', 0x112})

12:17:53 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xa, 0x8, 0x4, 0x3, 0x0, 0x1}, 0x48)

[ 2329.076246][ T8909] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2329.090822][ T8909] CPU: 0 PID: 8909 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2329.100707][ T8909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2329.110819][ T8909] Call Trace:
[ 2329.114141][ T8909]  <TASK>
[ 2329.117115][ T8909]  dump_stack_lvl+0x136/0x150
[ 2329.121857][ T8909]  dump_header+0x10a/0xd70
[ 2329.126316][ T8909]  oom_kill_process+0x25d/0x600
[ 2329.131202][ T8909]  out_of_memory+0x35c/0x1650
[ 2329.136020][ T8909]  ? find_held_lock+0x2d/0x110
[ 2329.140836][ T8909]  ? oom_killer_disable+0x2b0/0x2b0
[ 2329.146097][ T8909]  ? rcu_read_unlock+0x9/0x60
[ 2329.150801][ T8909]  ? find_held_lock+0x2d/0x110
[ 2329.155651][ T8909]  mem_cgroup_out_of_memory+0x206/0x270
[ 2329.161293][ T8909]  ? mem_cgroup_margin+0x130/0x130
[ 2329.166467][ T8909]  ? lock_downgrade+0x690/0x690
[ 2329.171411][ T8909]  try_charge_memcg+0xf99/0x13a0
[ 2329.176419][ T8909]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2329.182453][ T8909]  ? lock_downgrade+0x690/0x690
[ 2329.187383][ T8909]  ? trace_lock_acquire+0x12d/0x180
[ 2329.192643][ T8909]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2329.198255][ T8909]  ? lock_acquire+0x32/0xc0
[ 2329.202811][ T8909]  charge_memcg+0x90/0x3b0
[ 2329.207272][ T8909]  __mem_cgroup_charge+0x2b/0x90
[ 2329.212246][ T8909]  ? copy_mc_to_kernel+0x3e/0x90
[ 2329.217220][ T8909]  do_wp_page+0x8ac/0x3510
[ 2329.221705][ T8909]  ? lock_sync+0x190/0x190
[ 2329.226185][ T8909]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2329.231614][ T8909]  ? rcu_is_watching+0x12/0xb0
[ 2329.236423][ T8909]  ? do_raw_spin_lock+0x124/0x2b0
[ 2329.241604][ T8909]  ? spin_bug+0x1c0/0x1c0
[ 2329.245985][ T8909]  ? lock_acquire+0x32/0xc0
[ 2329.250656][ T8909]  ? __handle_mm_fault+0x1334/0x4180
[ 2329.255996][ T8909]  __handle_mm_fault+0x1547/0x4180
[ 2329.261168][ T8909]  ? vm_iomap_memory+0x190/0x190
[ 2329.266183][ T8909]  handle_mm_fault+0x2c0/0x9c0
[ 2329.271015][ T8909]  do_user_addr_fault+0x2ed/0x1240
[ 2329.276168][ T8909]  ? rcu_is_watching+0x12/0xb0
[ 2329.280979][ T8909]  exc_page_fault+0x98/0x170
[ 2329.285633][ T8909]  asm_exc_page_fault+0x26/0x30
[ 2329.290511][ T8909] RIP: 0033:0x7f47dd2364bd
[ 2329.294946][ T8909] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2329.314598][ T8909] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
12:17:54 executing program 4:
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000002c0)={0x6, 0xa, &(0x7f0000000000)=ANY=[@ANYBLOB="d1870c0001000000f6e918"], &(0x7f0000000080)='GPL\x00', 0x4, 0xd5, &(0x7f00000000c0)=""/213, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[ 2329.320698][ T8909] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000003ec
[ 2329.328721][ T8909] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 00000000b4a86bdd
[ 2329.336728][ T8909] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 00000000b4a86be1
[ 2329.344735][ T8909] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2329.352739][ T8909] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2329.360758][ T8909]  </TASK>
[ 2329.399573][ T8909] memory: usage 307200kB, limit 307200kB, failcnt 12955
[ 2329.407088][ T8909] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2329.421108][ T8909] Memory cgroup stats for /syz1:
[ 2329.421464][ T8909] anon 147456
[ 2329.421464][ T8909] file 312406016
[ 2329.421464][ T8909] kernel 2019328
[ 2329.421464][ T8909] kernel_stack 65536
[ 2329.421464][ T8909] pagetables 81920
[ 2329.421464][ T8909] sec_pagetables 0
[ 2329.421464][ T8909] percpu 4864
[ 2329.421464][ T8909] sock 0
[ 2329.421464][ T8909] vmalloc 0
[ 2329.421464][ T8909] shmem 312406016
[ 2329.421464][ T8909] zswap 0
[ 2329.421464][ T8909] zswapped 0
[ 2329.421464][ T8909] file_mapped 380928
[ 2329.421464][ T8909] file_dirty 0
[ 2329.421464][ T8909] file_writeback 0
[ 2329.421464][ T8909] swapcached 0
[ 2329.421464][ T8909] anon_thp 0
[ 2329.421464][ T8909] file_thp 0
[ 2329.421464][ T8909] shmem_thp 0
[ 2329.421464][ T8909] inactive_anon 62951424
[ 2329.421464][ T8909] active_anon 172032
[ 2329.421464][ T8909] inactive_file 0
[ 2329.421464][ T8909] active_file 0
[ 2329.421464][ T8909] unevictable 249430016
[ 2329.421464][ T8909] slab_reclaimable 964920
[ 2329.421464][ T8909] slab_unreclaimable 868808
[ 2329.421464][ T8909] slab 1833728
[ 2329.421464][ T8909] workingset_refault_anon 0
[ 2329.421464][ T8909] workingset_refault_file 0
[ 2329.421464][ T8909] workingset_activate_anon 0
[ 2329.421464][ T8909] workingset_activate_file 0
[ 2329.421464][ T8909] workingset_restore_anon 0
[ 2329.421464][ T8909] workingset_restore_file 0
[ 2329.421464][ T8909] workingset_nodereclaim 0
[ 2329.421464][ T8909] pgscan 49
[ 2329.421464][ T8909] pgsteal 49
[ 2329.421464][ T8909] pgscan_kswapd 0
[ 2329.421464][ T8909] pgscan_direct 49
[ 2329.421464][ T8909] pgscan_khugepaged 0
[ 2329.421464][ T8909] pgsteal_kswapd 0
[ 2329.421464][ T8909] pgsteal_direct 49
[ 2329.421464][ T8909] pgsteal_khugepaged 0
[ 2329.421464][ T8909] pgfault 1095692
[ 2329.421464][ T8909] pgmajfault 422
[ 2329.421464][ T8909] pgrefill 150
[ 2329.421464][ T8909] pgactivate 161
[ 2329.421464][ T8909] pgdeactivate 0
[ 2329.421464][ T8909] pglazyfree 0
12:17:54 executing program 4:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002b80)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r0)
sendmsg$inet(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0)
close(r1)

[ 2329.421464][ T8909] pglazyfreed 0
[ 2329.421464][ T8909] zswpin 0
[ 2329.421464][ T8909] zswpout 0
[ 2329.666638][ T8909] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8909,uid=0
[ 2329.692158][T27629] usb 1-1: new high-speed USB device number 77 using dummy_hcd
[ 2329.695618][ T8909] Memory cgroup out of memory: Killed process 8909 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2329.932301][T27629] usb 1-1: Using ep0 maxpacket: 16
[ 2330.053186][T27629] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2330.102382][T27629] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2330.222431][T27629] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2330.231569][T27629] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2330.240216][T27629] usb 1-1: Product: syz
[ 2330.244823][T27629] usb 1-1: Manufacturer: syz
[ 2330.249543][T27629] usb 1-1: SerialNumber: syz
[ 2330.500710][T27902] usb 1-1: USB disconnect, device number 77
12:17:55 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x0, 0x0}]})

12:17:55 executing program 3:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'gretap0\x00', 0x400})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000001c0)={'rose0\x00', 0x112})

12:17:55 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0x0, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:55 executing program 4:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'gretap0\x00', 0x400})
ioctl$TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000100)={0x1, &(0x7f0000000080)=[{}]})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000001c0)={'rose0\x00', 0x112})

12:17:55 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12:17:55 executing program 2:
socket$packet(0x11, 0xf3d7ef31fdf6d76, 0x300)

12:17:55 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

[ 2331.120637][ T8940] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2331.138450][ T8940] CPU: 1 PID: 8940 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2331.148356][ T8940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2331.158446][ T8940] Call Trace:
[ 2331.161755][ T8940]  <TASK>
[ 2331.164710][ T8940]  dump_stack_lvl+0x136/0x150
[ 2331.169438][ T8940]  dump_header+0x10a/0xd70
[ 2331.173903][ T8940]  oom_kill_process+0x25d/0x600
[ 2331.178798][ T8940]  out_of_memory+0x35c/0x1650
[ 2331.183567][ T8940]  ? find_held_lock+0x2d/0x110
[ 2331.188366][ T8940]  ? oom_killer_disable+0x2b0/0x2b0
[ 2331.193628][ T8940]  ? rcu_read_unlock+0x9/0x60
[ 2331.198353][ T8940]  ? find_held_lock+0x2d/0x110
[ 2331.203155][ T8940]  mem_cgroup_out_of_memory+0x206/0x270
[ 2331.208736][ T8940]  ? mem_cgroup_margin+0x130/0x130
[ 2331.213886][ T8940]  ? lock_downgrade+0x690/0x690
[ 2331.218800][ T8940]  try_charge_memcg+0xf99/0x13a0
[ 2331.223797][ T8940]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2331.229827][ T8940]  ? lock_downgrade+0x690/0x690
[ 2331.234715][ T8940]  ? trace_lock_acquire+0x12d/0x180
[ 2331.239947][ T8940]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2331.245523][ T8940]  ? lock_acquire+0x32/0xc0
[ 2331.250070][ T8940]  charge_memcg+0x90/0x3b0
[ 2331.254529][ T8940]  __mem_cgroup_charge+0x2b/0x90
[ 2331.259510][ T8940]  ? copy_mc_to_kernel+0x3e/0x90
[ 2331.264489][ T8940]  do_wp_page+0x8ac/0x3510
[ 2331.268957][ T8940]  ? lock_sync+0x190/0x190
[ 2331.273410][ T8940]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2331.278822][ T8940]  ? rcu_is_watching+0x12/0xb0
[ 2331.283631][ T8940]  ? do_raw_spin_lock+0x124/0x2b0
[ 2331.288700][ T8940]  ? spin_bug+0x1c0/0x1c0
[ 2331.293072][ T8940]  ? lock_acquire+0x32/0xc0
[ 2331.297609][ T8940]  ? __handle_mm_fault+0x1334/0x4180
[ 2331.302952][ T8940]  __handle_mm_fault+0x1547/0x4180
[ 2331.308134][ T8940]  ? vm_iomap_memory+0x190/0x190
[ 2331.313139][ T8940]  handle_mm_fault+0x2c0/0x9c0
[ 2331.317956][ T8940]  do_user_addr_fault+0x2ed/0x1240
[ 2331.323109][ T8940]  ? rcu_is_watching+0x12/0xb0
[ 2331.327915][ T8940]  exc_page_fault+0x98/0x170
[ 2331.332639][ T8940]  asm_exc_page_fault+0x26/0x30
[ 2331.337519][ T8940] RIP: 0033:0x7f47dd2364bd
[ 2331.341961][ T8940] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2331.361621][ T8940] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2331.367728][ T8940] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000003ef
[ 2331.375735][ T8940] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 00000000b4a86bdd
[ 2331.383747][ T8940] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 00000000b4a86be1
[ 2331.391754][ T8940] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2331.399751][ T8940] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2331.407780][ T8940]  </TASK>
12:17:56 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440), 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

[ 2331.425548][ T8940] memory: usage 307200kB, limit 307200kB, failcnt 13040
[ 2331.455209][ T8940] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2331.498908][ T8940] Memory cgroup stats for /syz1:
[ 2331.499129][ T8940] anon 147456
[ 2331.499129][ T8940] file 312406016
[ 2331.499129][ T8940] kernel 2019328
[ 2331.499129][ T8940] kernel_stack 65536
[ 2331.499129][ T8940] pagetables 81920
[ 2331.499129][ T8940] sec_pagetables 0
[ 2331.499129][ T8940] percpu 4864
[ 2331.499129][ T8940] sock 0
[ 2331.499129][ T8940] vmalloc 0
[ 2331.499129][ T8940] shmem 312406016
[ 2331.499129][ T8940] zswap 0
[ 2331.499129][ T8940] zswapped 0
[ 2331.499129][ T8940] file_mapped 380928
[ 2331.499129][ T8940] file_dirty 0
[ 2331.499129][ T8940] file_writeback 0
[ 2331.499129][ T8940] swapcached 0
[ 2331.499129][ T8940] anon_thp 0
[ 2331.499129][ T8940] file_thp 0
[ 2331.499129][ T8940] shmem_thp 0
[ 2331.499129][ T8940] inactive_anon 62951424
[ 2331.499129][ T8940] active_anon 172032
[ 2331.499129][ T8940] inactive_file 0
[ 2331.499129][ T8940] active_file 0
[ 2331.499129][ T8940] unevictable 249430016
[ 2331.499129][ T8940] slab_reclaimable 964920
[ 2331.499129][ T8940] slab_unreclaimable 868808
[ 2331.499129][ T8940] slab 1833728
[ 2331.499129][ T8940] workingset_refault_anon 0
[ 2331.499129][ T8940] workingset_refault_file 0
[ 2331.499129][ T8940] workingset_activate_anon 0
[ 2331.499129][ T8940] workingset_activate_file 0
[ 2331.499129][ T8940] workingset_restore_anon 0
[ 2331.499129][ T8940] workingset_restore_file 0
[ 2331.499129][ T8940] workingset_nodereclaim 0
[ 2331.499129][ T8940] pgscan 49
[ 2331.499129][ T8940] pgsteal 49
[ 2331.499129][ T8940] pgscan_kswapd 0
[ 2331.499129][ T8940] pgscan_direct 49
[ 2331.499129][ T8940] pgscan_khugepaged 0
[ 2331.499129][ T8940] pgsteal_kswapd 0
[ 2331.499129][ T8940] pgsteal_direct 49
[ 2331.499129][ T8940] pgsteal_khugepaged 0
[ 2331.499129][ T8940] pgfault 1095752
[ 2331.499129][ T8940] pgmajfault 422
[ 2331.499129][ T8940] pgrefill 150
[ 2331.499129][ T8940] pgactivate 161
[ 2331.499129][ T8940] pgdeactivate 0
[ 2331.499129][ T8940] pglazyfree 0
[ 2331.499129][ T8940] pglazyfreed 0
[ 2331.499129][ T8940] zswpin 0
[ 2331.499129][ T8940] zswpout 0
12:17:56 executing program 4:
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="646973636172642c0008fd346f1fe0c7b977cf98b0dfc801ecf9a88e3f52191ae482"], 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file0\x00', 0x141842, 0x0)
pwritev2(r0, &(0x7f0000000200)=[{&(0x7f0000000480)="93", 0x1}], 0x1, 0x0, 0x0, 0x0)

12:17:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12:17:56 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0x0, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2331.720527][ T8940] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8940,uid=0
[ 2331.720674][ T8940] Memory cgroup out of memory: Killed process 8940 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2331.752543][T27900] usb 1-1: new high-speed USB device number 78 using dummy_hcd
[ 2332.002236][T27900] usb 1-1: Using ep0 maxpacket: 16
12:17:56 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 2332.142387][T27900] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2332.175559][ T8973] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2332.175604][ T8973] CPU: 1 PID: 8973 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2332.175638][ T8973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2332.175657][ T8973] Call Trace:
[ 2332.175667][ T8973]  <TASK>
[ 2332.175679][ T8973]  dump_stack_lvl+0x136/0x150
[ 2332.175756][ T8973]  dump_header+0x10a/0xd70
[ 2332.175817][ T8973]  oom_kill_process+0x25d/0x600
[ 2332.175875][ T8973]  out_of_memory+0x35c/0x1650
[ 2332.175934][ T8973]  ? find_held_lock+0x2d/0x110
[ 2332.175974][ T8973]  ? oom_killer_disable+0x2b0/0x2b0
[ 2332.176030][ T8973]  ? rcu_read_unlock+0x9/0x60
[ 2332.176077][ T8973]  ? find_held_lock+0x2d/0x110
[ 2332.176121][ T8973]  mem_cgroup_out_of_memory+0x206/0x270
[ 2332.176162][ T8973]  ? mem_cgroup_margin+0x130/0x130
[ 2332.176200][ T8973]  ? lock_downgrade+0x690/0x690
[ 2332.176263][ T8973]  try_charge_memcg+0xf99/0x13a0
[ 2332.176320][ T8973]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2332.176390][ T8973]  ? lock_downgrade+0x690/0x690
[ 2332.176431][ T8973]  ? trace_lock_acquire+0x12d/0x180
[ 2332.176474][ T8973]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2332.176516][ T8973]  ? lock_acquire+0x32/0xc0
[ 2332.176566][ T8973]  charge_memcg+0x90/0x3b0
[ 2332.176617][ T8973]  __mem_cgroup_charge+0x2b/0x90
[ 2332.176668][ T8973]  do_wp_page+0x8ac/0x3510
[ 2332.176730][ T8973]  ? lock_sync+0x190/0x190
[ 2332.176771][ T8973]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2332.176822][ T8973]  ? rcu_is_watching+0x12/0xb0
[ 2332.176874][ T8973]  ? do_raw_spin_lock+0x124/0x2b0
[ 2332.176922][ T8973]  ? spin_bug+0x1c0/0x1c0
[ 2332.176965][ T8973]  ? lock_acquire+0x32/0xc0
[ 2332.177005][ T8973]  ? __handle_mm_fault+0x1334/0x4180
[ 2332.177068][ T8973]  __handle_mm_fault+0x1547/0x4180
[ 2332.177131][ T8973]  ? vm_iomap_memory+0x190/0x190
[ 2332.177217][ T8973]  handle_mm_fault+0x2c0/0x9c0
[ 2332.177278][ T8973]  do_user_addr_fault+0x2ed/0x1240
[ 2332.177326][ T8973]  ? rcu_is_watching+0x12/0xb0
[ 2332.177386][ T8973]  exc_page_fault+0x98/0x170
[ 2332.177445][ T8973]  asm_exc_page_fault+0x26/0x30
[ 2332.177482][ T8973] RIP: 0033:0x7f47dd2395a0
[ 2332.177508][ T8973] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2332.177539][ T8973] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2332.177584][ T8973] RAX: 0000000018ecfdec RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2332.177607][ T8973] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fdf78
[ 2332.177630][ T8973] RBP: 0000000018ecfdec R08: 0000000000001dec R09: 0000000018ecfdf0
[ 2332.177653][ T8973] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2332.177677][ T8973] R13: 0000000000000001 R14: 000000000000000f R15: ffffffff81e3d5e1
[ 2332.177698][ T8973]  ? build_open_flags+0x251/0x720
[ 2332.177765][ T8973]  </TASK>
[ 2332.177778][ T8973] memory: usage 307200kB, limit 307200kB, failcnt 13119
[ 2332.177800][ T8973] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2332.177834][ T8973] Memory cgroup stats for /syz1:
[ 2332.178084][ T8973] anon 143360
[ 2332.178084][ T8973] file 312406016
[ 2332.178084][ T8973] kernel 2023424
[ 2332.178084][ T8973] kernel_stack 65536
[ 2332.178084][ T8973] pagetables 81920
[ 2332.178084][ T8973] sec_pagetables 0
[ 2332.178084][ T8973] percpu 4864
[ 2332.178084][ T8973] sock 0
[ 2332.178084][ T8973] vmalloc 0
[ 2332.178084][ T8973] shmem 312406016
[ 2332.178084][ T8973] zswap 0
[ 2332.178084][ T8973] zswapped 0
[ 2332.178084][ T8973] file_mapped 380928
[ 2332.178084][ T8973] file_dirty 0
[ 2332.178084][ T8973] file_writeback 0
[ 2332.178084][ T8973] swapcached 0
[ 2332.178084][ T8973] anon_thp 0
[ 2332.178084][ T8973] file_thp 0
[ 2332.178084][ T8973] shmem_thp 0
[ 2332.178084][ T8973] inactive_anon 62951424
[ 2332.178084][ T8973] active_anon 167936
[ 2332.178084][ T8973] inactive_file 0
[ 2332.178084][ T8973] active_file 0
[ 2332.178084][ T8973] unevictable 249430016
[ 2332.178084][ T8973] slab_reclaimable 964920
[ 2332.178084][ T8973] slab_unreclaimable 868808
[ 2332.178084][ T8973] slab 1833728
[ 2332.178084][ T8973] workingset_refault_anon 0
[ 2332.178084][ T8973] workingset_refault_file 0
[ 2332.178084][ T8973] workingset_activate_anon 0
[ 2332.178084][ T8973] workingset_activate_file 0
[ 2332.178084][ T8973] workingset_restore_anon 0
[ 2332.178084][ T8973] workingset_restore_file 0
[ 2332.178084][ T8973] workingset_nodereclaim 0
[ 2332.178084][ T8973] pgscan 49
[ 2332.178084][ T8973] pgsteal 49
[ 2332.178084][ T8973] pgscan_kswapd 0
[ 2332.178084][ T8973] pgscan_direct 49
[ 2332.178084][ T8973] pgscan_khugepaged 0
[ 2332.178084][ T8973] pgsteal_kswapd 0
[ 2332.178084][ T8973] pgsteal_direct 49
[ 2332.178084][ T8973] pgsteal_khugepaged 0
[ 2332.178084][ T8973] pgfault 1095811
[ 2332.178084][ T8973] pgmajfault 422
[ 2332.178084][ T8973] pgrefill 150
[ 2332.178084][ T8973] pgactivate 161
[ 2332.178084][ T8973] pgdeactivate 0
[ 2332.178084][ T8973] pglazyfree 0
[ 2332.178084][ T8973] pglazyfreed 0
[ 2332.178084][ T8973] zswpin 0
[ 2332.178084][ T8973] zswpout 0
[ 2332.178188][ T8973] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8973,uid=0
[ 2332.178389][ T8973] Memory cgroup out of memory: Killed process 8973 (syz-executor.1) total-vm:54540kB, anon-rss:416kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2332.192515][T27900] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2332.572402][T27900] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2332.572451][T27900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2332.572486][T27900] usb 1-1: Product: syz
[ 2332.572512][T27900] usb 1-1: SerialNumber: syz
[ 2333.008659][T27629] usb 1-1: USB disconnect, device number 78
12:17:58 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

12:17:58 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0x0, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:17:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

12:17:58 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440), 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

12:17:58 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x0, 0x0}]})

12:17:58 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440), 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

12:17:58 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2333.775664][ T8983] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2333.775701][ T8983] CPU: 0 PID: 8983 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2333.775728][ T8983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2333.775745][ T8983] Call Trace:
[ 2333.775753][ T8983]  <TASK>
[ 2333.775762][ T8983]  dump_stack_lvl+0x136/0x150
[ 2333.775804][ T8983]  dump_header+0x10a/0xd70
[ 2333.775847][ T8983]  oom_kill_process+0x25d/0x600
[ 2333.775888][ T8983]  out_of_memory+0x35c/0x1650
[ 2333.775930][ T8983]  ? find_held_lock+0x2d/0x110
[ 2333.775959][ T8983]  ? oom_killer_disable+0x2b0/0x2b0
[ 2333.775998][ T8983]  ? rcu_read_unlock+0x9/0x60
[ 2333.776024][ T8983]  ? find_held_lock+0x2d/0x110
12:17:58 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_io_uring_setup(0x4645, 0x0, &(0x7f0000000000/0x4000)=nil, &(0x7f0000000000/0x2000)=nil, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 2333.776055][ T8983]  mem_cgroup_out_of_memory+0x206/0x270
[ 2333.776086][ T8983]  ? mem_cgroup_margin+0x130/0x130
[ 2333.776113][ T8983]  ? lock_downgrade+0x690/0x690
[ 2333.776159][ T8983]  try_charge_memcg+0xf99/0x13a0
[ 2333.776200][ T8983]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2333.776242][ T8983]  ? lock_downgrade+0x690/0x690
[ 2333.776272][ T8983]  ? trace_lock_acquire+0x12d/0x180
[ 2333.776303][ T8983]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2333.776334][ T8983]  ? lock_acquire+0x32/0xc0
[ 2333.776370][ T8983]  charge_memcg+0x90/0x3b0
[ 2333.776414][ T8983]  __mem_cgroup_charge+0x2b/0x90
[ 2333.776470][ T8983]  do_wp_page+0x8ac/0x3510
[ 2333.776532][ T8983]  ? lock_sync+0x190/0x190
[ 2333.776578][ T8983]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2333.776631][ T8983]  ? rcu_is_watching+0x12/0xb0
[ 2333.776687][ T8983]  ? do_raw_spin_lock+0x124/0x2b0
[ 2333.776739][ T8983]  ? spin_bug+0x1c0/0x1c0
[ 2333.776786][ T8983]  ? lock_acquire+0x32/0xc0
[ 2333.776817][ T8983]  ? __handle_mm_fault+0x1334/0x4180
[ 2333.776863][ T8983]  __handle_mm_fault+0x1547/0x4180
[ 2333.776909][ T8983]  ? vm_iomap_memory+0x190/0x190
[ 2333.776970][ T8983]  handle_mm_fault+0x2c0/0x9c0
[ 2333.777014][ T8983]  do_user_addr_fault+0x2ed/0x1240
[ 2333.777049][ T8983]  ? rcu_is_watching+0x12/0xb0
[ 2333.777088][ T8983]  exc_page_fault+0x98/0x170
[ 2333.777131][ T8983]  asm_exc_page_fault+0x26/0x30
[ 2333.777159][ T8983] RIP: 0033:0x7f47dd2395a0
[ 2333.777178][ T8983] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2333.777201][ T8983] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2333.777221][ T8983] RAX: 00000000ef192a3d RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2333.777238][ T8983] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fde60
[ 2333.777253][ T8983] RBP: 00000000ef192a3d R08: 0000000000000a3d R09: 00000000ef192a41
[ 2333.777269][ T8983] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2333.777285][ T8983] R13: 0000000000000001 R14: 0000000000000005 R15: ffffffff81e3d406
[ 2333.777301][ T8983]  ? build_open_flags+0x76/0x720
[ 2333.777346][ T8983]  </TASK>
[ 2333.794589][ T8983] memory: usage 307192kB, limit 307200kB, failcnt 13180
[ 2333.794612][ T8983] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2333.794627][ T8983] Memory cgroup stats for /syz1:
[ 2333.794860][ T8983] anon 131072
[ 2333.794860][ T8983] file 312406016
[ 2333.794860][ T8983] kernel 2019328
[ 2333.794860][ T8983] kernel_stack 65536
[ 2333.794860][ T8983] pagetables 81920
[ 2333.794860][ T8983] sec_pagetables 0
[ 2333.794860][ T8983] percpu 4864
[ 2333.794860][ T8983] sock 0
[ 2333.794860][ T8983] vmalloc 0
[ 2333.794860][ T8983] shmem 312406016
[ 2333.794860][ T8983] zswap 0
[ 2333.794860][ T8983] zswapped 0
[ 2333.794860][ T8983] file_mapped 380928
[ 2333.794860][ T8983] file_dirty 0
[ 2333.794860][ T8983] file_writeback 0
[ 2333.794860][ T8983] swapcached 0
[ 2333.794860][ T8983] anon_thp 0
[ 2333.794860][ T8983] file_thp 0
[ 2333.794860][ T8983] shmem_thp 0
[ 2333.794860][ T8983] inactive_anon 62951424
[ 2333.794860][ T8983] active_anon 155648
[ 2333.794860][ T8983] inactive_file 0
[ 2333.794860][ T8983] active_file 0
[ 2333.794860][ T8983] unevictable 249430016
[ 2333.794860][ T8983] slab_reclaimable 964920
[ 2333.794860][ T8983] slab_unreclaimable 871488
[ 2333.794860][ T8983] slab 1836408
[ 2333.794860][ T8983] workingset_refault_anon 0
[ 2333.794860][ T8983] workingset_refault_file 0
[ 2333.794860][ T8983] workingset_activate_anon 0
[ 2333.794860][ T8983] workingset_activate_file 0
[ 2333.794860][ T8983] workingset_restore_anon 0
[ 2333.794860][ T8983] workingset_restore_file 0
[ 2333.794860][ T8983] workingset_nodereclaim 0
[ 2333.794860][ T8983] pgscan 49
[ 2333.794860][ T8983] pgsteal 49
[ 2333.794860][ T8983] pgscan_kswapd 0
[ 2333.794860][ T8983] pgscan_direct 49
[ 2333.794860][ T8983] pgscan_khugepaged 0
[ 2333.794860][ T8983] pgsteal_kswapd 0
[ 2333.794860][ T8983] pgsteal_direct 49
[ 2333.794860][ T8983] pgsteal_khugepaged 0
[ 2333.794860][ T8983] pgfault 1095862
[ 2333.794860][ T8983] pgmajfault 422
[ 2333.794860][ T8983] pgrefill 150
[ 2333.794860][ T8983] pgactivate 161
[ 2333.794860][ T8983] pgdeactivate 0
[ 2333.794860][ T8983] pglazyfree 0
[ 2333.794860][ T8983] pglazyfreed 0
[ 2333.794860][ T8983] zswpin 0
[ 2333.794860][ T8983] zswpout 0
[ 2333.794935][ T8983] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=8983,uid=0
[ 2333.798093][ T8983] Memory cgroup out of memory: Killed process 8983 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2333.896073][T27624] usb 1-1: new high-speed USB device number 79 using dummy_hcd
[ 2334.132227][T27624] usb 1-1: Using ep0 maxpacket: 16
[ 2334.530077][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2334.634577][ T9004] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2334.677415][ T9004] CPU: 0 PID: 9004 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2334.687293][ T9004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2334.697477][ T9004] Call Trace:
[ 2334.700782][ T9004]  <TASK>
[ 2334.703731][ T9004]  dump_stack_lvl+0x136/0x150
[ 2334.708449][ T9004]  dump_header+0x10a/0xd70
[ 2334.712936][ T9004]  oom_kill_process+0x25d/0x600
[ 2334.717849][ T9004]  out_of_memory+0x35c/0x1650
[ 2334.722612][ T9004]  ? find_held_lock+0x2d/0x110
[ 2334.727414][ T9004]  ? oom_killer_disable+0x2b0/0x2b0
[ 2334.732690][ T9004]  ? rcu_read_unlock+0x9/0x60
[ 2334.737399][ T9004]  ? find_held_lock+0x2d/0x110
[ 2334.742292][ T9004]  mem_cgroup_out_of_memory+0x206/0x270
[ 2334.747884][ T9004]  ? mem_cgroup_margin+0x130/0x130
[ 2334.753031][ T9004]  ? lock_downgrade+0x690/0x690
[ 2334.757939][ T9004]  try_charge_memcg+0xf99/0x13a0
[ 2334.762928][ T9004]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2334.768961][ T9004]  ? lock_downgrade+0x690/0x690
[ 2334.773847][ T9004]  ? trace_lock_acquire+0x12d/0x180
[ 2334.779082][ T9004]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2334.784723][ T9004]  ? lock_acquire+0x32/0xc0
[ 2334.789305][ T9004]  charge_memcg+0x90/0x3b0
[ 2334.793787][ T9004]  __mem_cgroup_charge+0x2b/0x90
[ 2334.798769][ T9004]  do_wp_page+0x8ac/0x3510
[ 2334.803238][ T9004]  ? lock_sync+0x190/0x190
[ 2334.807684][ T9004]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2334.813094][ T9004]  ? rcu_is_watching+0x12/0xb0
[ 2334.817904][ T9004]  ? do_raw_spin_lock+0x124/0x2b0
[ 2334.822965][ T9004]  ? spin_bug+0x1c0/0x1c0
[ 2334.827327][ T9004]  ? lock_acquire+0x32/0xc0
[ 2334.831860][ T9004]  ? __handle_mm_fault+0x1334/0x4180
[ 2334.837204][ T9004]  __handle_mm_fault+0x1547/0x4180
[ 2334.842369][ T9004]  ? vm_iomap_memory+0x190/0x190
[ 2334.847463][ T9004]  handle_mm_fault+0x2c0/0x9c0
[ 2334.852277][ T9004]  do_user_addr_fault+0x2ed/0x1240
[ 2334.857441][ T9004]  ? rcu_is_watching+0x12/0xb0
[ 2334.862258][ T9004]  exc_page_fault+0x98/0x170
[ 2334.866895][ T9004]  asm_exc_page_fault+0x26/0x30
[ 2334.871776][ T9004] RIP: 0033:0x7f47dd2395a0
[ 2334.876214][ T9004] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2334.895846][ T9004] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2334.901950][ T9004] RAX: 0000000018ecfdec RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2334.909956][ T9004] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fdf78
[ 2334.917948][ T9004] RBP: 0000000018ecfdec R08: 0000000000001dec R09: 0000000018ecfdf0
[ 2334.925937][ T9004] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2334.933930][ T9004] R13: 0000000000000001 R14: 000000000000000f R15: ffffffff81e3d5e1
[ 2334.941926][ T9004]  ? build_open_flags+0x251/0x720
[ 2334.947035][ T9004]  </TASK>
[ 2334.950136][    C0] vkms_vblank_simulate: vblank timer overrun
12:17:59 executing program 4:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0)
writev(r1, &(0x7f0000000440), 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r4, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

[ 2335.082199][ T9004] memory: usage 307196kB, limit 307200kB, failcnt 13235
[ 2335.114826][ T9004] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2335.202446][T27624] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2335.215616][ T9004] Memory cgroup stats for /syz1:
[ 2335.215831][ T9004] anon 143360
[ 2335.215831][ T9004] file 312406016
[ 2335.215831][ T9004] kernel 2019328
[ 2335.215831][ T9004] kernel_stack 65536
[ 2335.215831][ T9004] pagetables 81920
[ 2335.215831][ T9004] sec_pagetables 0
[ 2335.215831][ T9004] percpu 4864
[ 2335.215831][ T9004] sock 0
[ 2335.215831][ T9004] vmalloc 0
[ 2335.215831][ T9004] shmem 312406016
[ 2335.215831][ T9004] zswap 0
[ 2335.215831][ T9004] zswapped 0
[ 2335.215831][ T9004] file_mapped 380928
[ 2335.215831][ T9004] file_dirty 0
[ 2335.215831][ T9004] file_writeback 0
[ 2335.215831][ T9004] swapcached 0
[ 2335.215831][ T9004] anon_thp 0
[ 2335.215831][ T9004] file_thp 0
[ 2335.215831][ T9004] shmem_thp 0
[ 2335.215831][ T9004] inactive_anon 62951424
[ 2335.215831][ T9004] active_anon 167936
[ 2335.215831][ T9004] inactive_file 0
[ 2335.215831][ T9004] active_file 0
[ 2335.215831][ T9004] unevictable 249430016
[ 2335.215831][ T9004] slab_reclaimable 964920
[ 2335.215831][ T9004] slab_unreclaimable 868808
[ 2335.215831][ T9004] slab 1833728
[ 2335.215831][ T9004] workingset_refault_anon 0
[ 2335.215831][ T9004] workingset_refault_file 0
[ 2335.215831][ T9004] workingset_activate_anon 0
[ 2335.215831][ T9004] workingset_activate_file 0
[ 2335.215831][ T9004] workingset_restore_anon 0
[ 2335.215831][ T9004] workingset_restore_file 0
[ 2335.215831][ T9004] workingset_nodereclaim 0
[ 2335.215831][ T9004] pgscan 49
[ 2335.215831][ T9004] pgsteal 49
[ 2335.215831][ T9004] pgscan_kswapd 0
[ 2335.215831][ T9004] pgscan_direct 49
[ 2335.215831][ T9004] pgscan_khugepaged 0
[ 2335.215831][ T9004] pgsteal_kswapd 0
[ 2335.215831][ T9004] pgsteal_direct 49
[ 2335.215831][ T9004] pgsteal_khugepaged 0
[ 2335.215831][ T9004] pgfault 1095921
[ 2335.215831][ T9004] pgmajfault 422
[ 2335.215831][ T9004] pgrefill 150
[ 2335.215831][ T9004] pgactivate 161
[ 2335.215831][ T9004] pgdeactivate 0
[ 2335.215831][ T9004] pglazyfree 0
[ 2335.215831][ T9004] pglazyfreed 0
[ 2335.215831][ T9004] zswpin 0
[ 2335.215831][ T9004] zswpout 0
[ 2335.400891][    C0] vkms_vblank_simulate: vblank timer overrun
12:18:00 executing program 3:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

12:18:00 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

[ 2335.475179][T27624] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2335.505927][ T9004] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9004,uid=0
12:18:00 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:18:00 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

[ 2335.607134][ T9004] Memory cgroup out of memory: Killed process 9004 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2335.822483][T27624] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2335.832525][T27624] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2335.840851][T27624] usb 1-1: Product: syz
[ 2335.850876][ T9026] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2335.862063][T27624] usb 1-1: SerialNumber: syz
[ 2335.925384][ T9026] CPU: 1 PID: 9026 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2335.935286][ T9026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2335.945365][ T9026] Call Trace:
[ 2335.948660][ T9026]  <TASK>
[ 2335.951617][ T9026]  dump_stack_lvl+0x136/0x150
[ 2335.956329][ T9026]  dump_header+0x10a/0xd70
[ 2335.960784][ T9026]  oom_kill_process+0x25d/0x600
[ 2335.965687][ T9026]  out_of_memory+0x35c/0x1650
[ 2335.970412][ T9026]  ? find_held_lock+0x2d/0x110
[ 2335.975207][ T9026]  ? oom_killer_disable+0x2b0/0x2b0
[ 2335.980456][ T9026]  ? rcu_read_unlock+0x9/0x60
[ 2335.985159][ T9026]  ? find_held_lock+0x2d/0x110
[ 2335.989953][ T9026]  mem_cgroup_out_of_memory+0x206/0x270
[ 2335.995522][ T9026]  ? mem_cgroup_margin+0x130/0x130
[ 2336.000652][ T9026]  ? lock_downgrade+0x690/0x690
[ 2336.005539][ T9026]  try_charge_memcg+0xf99/0x13a0
[ 2336.010519][ T9026]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2336.016532][ T9026]  ? lock_downgrade+0x690/0x690
[ 2336.021405][ T9026]  ? trace_lock_acquire+0x12d/0x180
[ 2336.026650][ T9026]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2336.032308][ T9026]  ? lock_acquire+0x32/0xc0
[ 2336.036837][ T9026]  charge_memcg+0x90/0x3b0
[ 2336.041303][ T9026]  __mem_cgroup_charge+0x2b/0x90
[ 2336.046298][ T9026]  do_wp_page+0x8ac/0x3510
[ 2336.050769][ T9026]  ? lock_sync+0x190/0x190
[ 2336.055258][ T9026]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2336.060675][ T9026]  ? rcu_is_watching+0x12/0xb0
[ 2336.065489][ T9026]  ? do_raw_spin_lock+0x124/0x2b0
[ 2336.070559][ T9026]  ? spin_bug+0x1c0/0x1c0
[ 2336.074950][ T9026]  ? lock_acquire+0x32/0xc0
[ 2336.079502][ T9026]  ? __handle_mm_fault+0x1334/0x4180
[ 2336.084847][ T9026]  __handle_mm_fault+0x1547/0x4180
[ 2336.090013][ T9026]  ? vm_iomap_memory+0x190/0x190
[ 2336.095040][ T9026]  handle_mm_fault+0x2c0/0x9c0
[ 2336.099862][ T9026]  do_user_addr_fault+0x2ed/0x1240
[ 2336.105014][ T9026]  ? rcu_is_watching+0x12/0xb0
[ 2336.109840][ T9026]  exc_page_fault+0x98/0x170
[ 2336.114493][ T9026]  asm_exc_page_fault+0x26/0x30
[ 2336.119408][ T9026] RIP: 0033:0x7f47dd2395a0
[ 2336.123871][ T9026] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2336.143511][ T9026] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2336.149697][ T9026] RAX: 0000000030607a73 RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2336.157805][ T9026] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fdfd7
[ 2336.165795][ T9026] RBP: 0000000030607a73 R08: 0000000000001a73 R09: 0000000030607a77
[ 2336.173787][ T9026] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2336.181777][ T9026] R13: 0000000000000001 R14: 000000000000000a R15: ffffffff81e3d50c
[ 2336.189786][ T9026]  ? build_open_flags+0x17c/0x720
[ 2336.194871][ T9026]  </TASK>
[ 2336.216766][T27624] usb 1-1: USB disconnect, device number 79
[ 2336.258240][ T9026] memory: usage 307192kB, limit 307200kB, failcnt 13302
[ 2336.292675][ T9026] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2336.299738][ T9026] Memory cgroup stats for /syz1:
[ 2336.300348][ T9026] anon 139264
[ 2336.300348][ T9026] file 312406016
[ 2336.300348][ T9026] kernel 2019328
[ 2336.300348][ T9026] kernel_stack 65536
[ 2336.300348][ T9026] pagetables 81920
[ 2336.300348][ T9026] sec_pagetables 0
[ 2336.300348][ T9026] percpu 4864
[ 2336.300348][ T9026] sock 0
[ 2336.300348][ T9026] vmalloc 0
[ 2336.300348][ T9026] shmem 312406016
[ 2336.300348][ T9026] zswap 0
[ 2336.300348][ T9026] zswapped 0
[ 2336.300348][ T9026] file_mapped 380928
[ 2336.300348][ T9026] file_dirty 0
[ 2336.300348][ T9026] file_writeback 0
[ 2336.300348][ T9026] swapcached 0
[ 2336.300348][ T9026] anon_thp 0
[ 2336.300348][ T9026] file_thp 0
[ 2336.300348][ T9026] shmem_thp 0
[ 2336.300348][ T9026] inactive_anon 62951424
[ 2336.300348][ T9026] active_anon 163840
[ 2336.300348][ T9026] inactive_file 0
[ 2336.300348][ T9026] active_file 0
[ 2336.300348][ T9026] unevictable 249430016
[ 2336.300348][ T9026] slab_reclaimable 964920
[ 2336.300348][ T9026] slab_unreclaimable 868808
[ 2336.300348][ T9026] slab 1833728
[ 2336.300348][ T9026] workingset_refault_anon 0
[ 2336.300348][ T9026] workingset_refault_file 0
[ 2336.300348][ T9026] workingset_activate_anon 0
[ 2336.300348][ T9026] workingset_activate_file 0
[ 2336.300348][ T9026] workingset_restore_anon 0
[ 2336.300348][ T9026] workingset_restore_file 0
[ 2336.300348][ T9026] workingset_nodereclaim 0
[ 2336.300348][ T9026] pgscan 49
[ 2336.300348][ T9026] pgsteal 49
[ 2336.300348][ T9026] pgscan_kswapd 0
[ 2336.300348][ T9026] pgscan_direct 49
[ 2336.300348][ T9026] pgscan_khugepaged 0
[ 2336.300348][ T9026] pgsteal_kswapd 0
[ 2336.300348][ T9026] pgsteal_direct 49
[ 2336.300348][ T9026] pgsteal_khugepaged 0
[ 2336.300348][ T9026] pgfault 1095980
[ 2336.300348][ T9026] pgmajfault 422
[ 2336.300348][ T9026] pgrefill 150
[ 2336.300348][ T9026] pgactivate 161
[ 2336.300348][ T9026] pgdeactivate 0
[ 2336.300348][ T9026] pglazyfree 0
[ 2336.300348][ T9026] pglazyfreed 0
[ 2336.300348][ T9026] zswpin 0
[ 2336.300348][ T9026] zswpout 0
12:18:01 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
dup(r1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

12:18:01 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x0, 0x0}]})

12:18:01 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2336.622382][ T9026] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9026,uid=0
[ 2336.622523][ T9026] Memory cgroup out of memory: Killed process 9026 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2336.814877][ T9034] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2336.826811][ T9034] CPU: 1 PID: 9034 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2336.836666][ T9034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2336.846736][ T9034] Call Trace:
[ 2336.850030][ T9034]  <TASK>
[ 2336.852995][ T9034]  dump_stack_lvl+0x136/0x150
[ 2336.857710][ T9034]  dump_header+0x10a/0xd70
[ 2336.862186][ T9034]  oom_kill_process+0x25d/0x600
[ 2336.867194][ T9034]  out_of_memory+0x35c/0x1650
[ 2336.871909][ T9034]  ? find_held_lock+0x2d/0x110
[ 2336.876703][ T9034]  ? oom_killer_disable+0x2b0/0x2b0
[ 2336.881947][ T9034]  ? rcu_read_unlock+0x9/0x60
[ 2336.886650][ T9034]  ? find_held_lock+0x2d/0x110
[ 2336.891452][ T9034]  mem_cgroup_out_of_memory+0x206/0x270
[ 2336.897031][ T9034]  ? mem_cgroup_margin+0x130/0x130
[ 2336.902198][ T9034]  ? lock_downgrade+0x690/0x690
[ 2336.907113][ T9034]  try_charge_memcg+0xf99/0x13a0
[ 2336.912103][ T9034]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2336.918138][ T9034]  ? lock_downgrade+0x690/0x690
[ 2336.923022][ T9034]  ? trace_lock_acquire+0x12d/0x180
[ 2336.928252][ T9034]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2336.933833][ T9034]  ? lock_acquire+0x32/0xc0
[ 2336.938412][ T9034]  charge_memcg+0x90/0x3b0
[ 2336.942877][ T9034]  __mem_cgroup_charge+0x2b/0x90
[ 2336.947862][ T9034]  do_wp_page+0x8ac/0x3510
[ 2336.952325][ T9034]  ? lock_sync+0x190/0x190
[ 2336.956770][ T9034]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2336.962179][ T9034]  ? rcu_is_watching+0x12/0xb0
[ 2336.966993][ T9034]  ? do_raw_spin_lock+0x124/0x2b0
[ 2336.972074][ T9034]  ? spin_bug+0x1c0/0x1c0
[ 2336.976444][ T9034]  ? lock_acquire+0x32/0xc0
[ 2336.980988][ T9034]  ? __handle_mm_fault+0x1334/0x4180
[ 2336.986323][ T9034]  __handle_mm_fault+0x1547/0x4180
[ 2336.991493][ T9034]  ? vm_iomap_memory+0x190/0x190
[ 2336.996508][ T9034]  handle_mm_fault+0x2c0/0x9c0
[ 2337.001321][ T9034]  do_user_addr_fault+0x2ed/0x1240
[ 2337.006469][ T9034]  ? rcu_is_watching+0x12/0xb0
[ 2337.011284][ T9034]  exc_page_fault+0x98/0x170
[ 2337.015923][ T9034]  asm_exc_page_fault+0x26/0x30
[ 2337.020804][ T9034] RIP: 0033:0x7f47dd2395a0
[ 2337.025239][ T9034] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2337.044873][ T9034] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2337.050966][ T9034] RAX: 00000000414aa294 RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2337.058971][ T9034] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 0000000000000022
[ 2337.066971][ T9034] RBP: 00000000414aa294 R08: 0000000000000294 R09: 00000000414aa298
[ 2337.074964][ T9034] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2337.082967][ T9034] R13: 0000000000000001 R14: 0000000000000000 R15: ffffffff81e3ebfe
[ 2337.090958][ T9034]  ? __x64_sys_openat+0x6e/0x1f0
[ 2337.095970][ T9034]  </TASK>
12:18:01 executing program 4:
mount(0x0, 0x0, &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r1, &(0x7f00000013c0)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @remote, 0x6}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000001680)="ba", 0x1}], 0x1}}], 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000006c0)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @private1}]}, &(0x7f0000000000)=0x10)
shutdown(r1, 0x1)

12:18:01 executing program 3:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001340)={0x6, 0x0, 0x0, &(0x7f00000011c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x80)

[ 2337.118340][ T9034] memory: usage 307200kB, limit 307200kB, failcnt 13386
[ 2337.164751][ T9034] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2337.195157][ T9034] Memory cgroup stats for /syz1:
[ 2337.195435][ T9034] anon 114688
[ 2337.195435][ T9034] file 312406016
[ 2337.195435][ T9034] kernel 2035712
[ 2337.195435][ T9034] kernel_stack 65536
[ 2337.195435][ T9034] pagetables 81920
[ 2337.195435][ T9034] sec_pagetables 0
[ 2337.195435][ T9034] percpu 4928
[ 2337.195435][ T9034] sock 0
[ 2337.195435][ T9034] vmalloc 0
[ 2337.195435][ T9034] shmem 312406016
[ 2337.195435][ T9034] zswap 0
[ 2337.195435][ T9034] zswapped 0
[ 2337.195435][ T9034] file_mapped 380928
[ 2337.195435][ T9034] file_dirty 0
[ 2337.195435][ T9034] file_writeback 0
[ 2337.195435][ T9034] swapcached 0
[ 2337.195435][ T9034] anon_thp 0
[ 2337.195435][ T9034] file_thp 0
[ 2337.195435][ T9034] shmem_thp 0
[ 2337.195435][ T9034] inactive_anon 62951424
[ 2337.195435][ T9034] active_anon 139264
[ 2337.195435][ T9034] inactive_file 0
[ 2337.195435][ T9034] active_file 0
[ 2337.195435][ T9034] unevictable 249430016
[ 2337.195435][ T9034] slab_reclaimable 964920
[ 2337.195435][ T9034] slab_unreclaimable 880720
[ 2337.195435][ T9034] slab 1845640
[ 2337.195435][ T9034] workingset_refault_anon 0
[ 2337.195435][ T9034] workingset_refault_file 0
[ 2337.195435][ T9034] workingset_activate_anon 0
[ 2337.195435][ T9034] workingset_activate_file 0
[ 2337.195435][ T9034] workingset_restore_anon 0
[ 2337.195435][ T9034] workingset_restore_file 0
[ 2337.195435][ T9034] workingset_nodereclaim 0
[ 2337.195435][ T9034] pgscan 49
[ 2337.195435][ T9034] pgsteal 49
[ 2337.195435][ T9034] pgscan_kswapd 0
[ 2337.195435][ T9034] pgscan_direct 49
[ 2337.195435][ T9034] pgscan_khugepaged 0
[ 2337.195435][ T9034] pgsteal_kswapd 0
[ 2337.195435][ T9034] pgsteal_direct 49
[ 2337.195435][ T9034] pgsteal_khugepaged 0
[ 2337.195435][ T9034] pgfault 1096025
[ 2337.195435][ T9034] pgmajfault 422
[ 2337.195435][ T9034] pgrefill 150
[ 2337.195435][ T9034] pgactivate 161
12:18:02 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
sendmsg$inet(r0, &(0x7f0000002ac0)={&(0x7f0000001380)={0x2, 0x0, @remote}, 0x10, &(0x7f0000005300)=[{&(0x7f0000001600)="590300e3b51877c16b4d6a261ad7c245cba9fb1cbe2f9de2bbe3856f8398b1d0152fce03aef13123ad404f8deb2338d6d7cf4dae8ad6ed1ab700835c30425678972189f5c296c8520309456998c836796670d6321506e66c014e62dfbe5a3588f1e45afe26033454ea473cee56ab86c4ad0f6c502bc31b899b500f6e83cbd9ce338528c19535627ddf30d4db3f8fa22da8e4ce5e6907d51206a3537eedbb9900f8124428ace56b8e1ff704ea2b554bb9260de4c5d735e6c9", 0xb8}, {&(0x7f00000016c0)="1359d8d4e9842746fdaf35f41b5ead36666f23b15cb15eeea62d671058a55108cdf15e8f1a08a47cc18dc441394bb1e391d5fbedc5f4dfe4ce564a84dc32936f26e29d030b258beba4432572db04b21d9e433dc9e75d1f760078f7", 0xffffff6f}, {&(0x7f0000001740)="f17d87a8b0d52da260c5c3fcb9f288291bfe7336d4b477370b0c1f5285e905ca0dcee7f1f70d90c5daade22216f82ba28cb5556c4681e5060d3c85cb922051c80ab3c82bcb9a3ac1cfd6c46dc4c2122d895eea9dfbb68251eb4283f23f215a727b5fc044c4dd874750", 0x69}, {&(0x7f00000017c0)="0cac8f078d9f940f427b978d895a203043fec6cdf7d2717905c1e6963780437a2eb2d769fd25f9daa381a7de0be06126431a4684ba3571c6771265329e116961c963db784925c1f5da63cce0d12858599a331c3de529ea85b7baf5e84dbe9ab0", 0x60}, {&(0x7f0000001840)="c34646b8f59f83a6d75cb421a2b0657dcd0ad552e282b850f231623fbfbef1b42d73dcb9723ef5201aa846ad33e58475fe9c5438c454e267f120e20ef564c08875e21702be769846be35dd32500b6ebf5e04e348f3ee1627d8c51fa36c201c3e28588ef699f800682ab02dcb77e73604c923da3ac0effedbe806f1f29e42548b9f3231cd9fed1166e4bcec94f30ba67ef5b3f8e1824ecccbb11feff1752462cf9bc2094ae37c9bb45695fec2a54d2663908bead0d665bb12b9177e1cb6f89601cf13616b39b07e28576d69954a619b", 0xcf}, {&(0x7f0000001940)="dde353102b738c390a07655b98058dc1a98b1c4d3cc0749eee3c2d7c52fe2c87b7a88dcfa997520892be8ebb17134d12c0697928e463d9b7ac28a2853f077316c533738fa07cb91b8460060e3f8574d1f500a82d3cde5dd7f73974a6870ba48987369146277a4861a6f5e22700e3233503c35b75b094c6dfc7107506bc65da7daf09614d90a1ea3bf76bf79144ba704295b843e1b40a07bd9375edf0fd4fd1987f71939d0425f3155571f0eac33bb6e7c21e778ad65cfb5f0669e9c041be7c1cbad97e751bb3c6a97fe84ee694d09af4262fb637c504d7bd3f41765e292cdc6aaafa42f10c608f047720d99d78c8f045e05717584ac120f59d4aafd74a5e0b82db8c37d4ea40f82d31d7590d74c83e83b67adf09927d5fcebcfc4686b50b80ed81ed50f9d48310ac6d4e48da0b5a8ccc1cc6eb09673620ac29c2018c81e50b1f833a6e3b0e7a9a59fb2756545ca904980fa0d6f5377e87997daba42154c340a942bb78ba936e7d6f415803d881ff54c94b7d11f413084b70baff9016443ec84c1f887b166b99e1847a783d76d67fac2035a5a8e4f468fd9f5d9a1b5c0f11c44694783bfb31a73b69fc5333dfa42bc3ae51f2af89bd1ece3ac38856755fc2d80a2086725af1c77ddd6dfcceaa49b7a0941f784f17bbdae9a4dcd0f3bca5f2d47d3c191dcc5f9ec9f661ab62939c52856a6043f342593711bccfee0810a142ecca7fa146163333c711e73b8d0462e9903d507b7a483bcefce4c225e3008b6a7b376539c8abd5439c4ebf3221a85651ce8a386469ecae2a190e6f129c6f3d9be5779df32ca61c204e9fc9e0bb988d51f86c8bbdeaed6466e704ef4588f1098276e27c63b00269c3b791a0e2063d26e184e9355f08b47a080d6cab6ed556d6ae870b72d94cba8c6511de2f48bba829915089b699b15f7945518ead1cfe7d7d49967154a9354960ad8481ff63a85be283e3b9463da677d98f7e33a371f9bbea48b54ae4e239d7030580742fa5b0575882f7dbce7bfc23eeb8a745eee2038a0f23344f9d80c5e0b8a615e10fd362387616346a3580fbd2d7665c5d6c4f9c60e36eea05dbf4e0f7684c4d662dc0d8cb4c572aafe8f72b1d722e93ce7bd1fccfc2df064a16cef195fc01787ccd100b77d0255fa1661b708eafad00dc9036904bd532bb79847a56764c3d2f902f48af14382ee0c5ceb44b77673c16ebe978b705f699d3d4f9c292d52d5d9419dc4952fdb947052c5c5b6c427fc891748ee669bb48a7cf05d68658dc388bb47abaf448e0b0637aa3d15de2b4f1ac123ba031d53d8d35b1d4c325d4c0da139f4cb503715b2781e1a5112a9f6cc7e847012ca385fc1e222d2674bef739e557febf8ca74a7bba3e1100c7f5d74ce04e763b74c0bcf59521cf1664499167bdd03d21bd2b58d90abb446af54665ba48b545727b2b30714a3a5cc9e2717b2d7912d059b09f2e408ba61c3bf78b7d9e16378610ef8435378d24624a355b511de5ef0c00cb497b4686627425c366e5ac6fe5a5544cc1ccb06aa4a39bbb83e8cf2d79a36288f2c92d9d5a9d1cbc77bdafad5dfafe7e3759505724f8606714ca7eaa2f4efe27767c1aef87d72450730acda42a41563ebf49de67357e6a66250742851c1751a7b08fbf0d1731076a407206075199248c5763867c95da1797fe03fed43f4bdb1b5cc9638e86a13c92ae133926c2188e923ef47add9d635d09c12d082f7f7ae7e332e1acdea30b63857d737241f2c3aa2e61fd2029424a83da14af63b2f12ca5832f68e586e6aa85af15a80aac0e5eea3ebba9d622a02d98142a8fc568cd3745d6238612f42df3a20688e855bcf74674caa95a198941f1001d306280a396abb6b69fdb8eb984ff30c5327f40d58c34fae3ced48b69bab211a688479e5385c7b428aff942c69f0ed91bb655bf3689d60fb12452ac9b886079109d6f25fcfac428bf5703a5a881d4e15792313dad3dfdcacf23463ffaf5d2eef2410907cf1ca70f6749371904c6d6e486d7b3b7ef86f8a78737fb64f2c990b681c0b6bf4436e1c96c3b6c9bb45c5ba8cce2756a3bea2a3553d361c0fd625b9bfe24834196badbf4d7e53badc1e3cac0b97603add1c1f409ce4dee2a54ada9e1e9de59abfdf66d7e9e7741ae83a3e61ce1bcc9a00fc42ccdd6596cf61b38bb6eaa84d5831e4c5b13edaf17d05704463ec3b39657aeafce63e95c20a53422546761fec2ceacbbb6d21b142415579a41b9f6f57d42cf1ad22076729471b0889b637957993c1012aef2253ca7de47ad25a7580b43905399f742e05820437d2368f14a97e3cfd207e286afdf64de53b8c357048d3c855d820ab3acf48f90c90acb093ca9af162db93ec8134b69cca26e1b9554d8ee78ed7471f3d033faa1bea76292686ea7e03193e88099516499bf90e54d2e3e70631d3e356000c68cc3c0adbcc2bc97611f9a89e851acd0ed5047d486ac0e09f2286bd81119b321c3a2e3404d30e5c1b889c9e8129bb95e0cfb4186b413215ce561fd971bf9d502febd445ebb7d1ae4ba9ddf5b9f4829a0bcfa7dbd754d1dbdbefc4537daee51e12af46ebb624f00f0bcc6d72897b296ca08fe483f85dae5d47104c16f66e43319354e57a21e1bcda5582f34fcbf564fde581b585a0e4b792262464b6efdecaecf12ca7e754539d2e7d1ab5d8adfce66666a157170c66f7a32eca0c6187bad300af8ed1f44b9e188660edf1c0939c05287834915c93a913bbcea85a362b32197e7d7d387547fc11e9c7742feb42999a2c976c040cc807e49be2edd6a07a399a4ecfe00211f09f5eb9d646c5ee166f4b8036b3445948e1455eed40e5d9753b875f20fe7461ac279ed1710c14412e77863eb3ac769b924d4079979a710c19099d3b5c3ffc4d23c36d4d81c2998de608735419db21a9f06885f8f4ff5880990f31b8b60b95dd9587371a1fe54b6212bb2d38c8fecd7387c1cc5049d8d87cb3166ff84f45cacf2216fb83e806ffb2eed045c75c7b9f13dbe00d8974668f461c996afbcd5735413c9b9d04fa58192a782ea9cc5a06acec4b308ed683e7f5a2beec82a860c9f37c6d8276d3d00985c7dea97c2551f508860fdafd606a9ddfaee29af32e7f933d2b12db3e9d5f8fa985154d95e3fc51f81acfcd7cd612ccbdbf6f609f1c30df4e3a9beca152c8d00e54c8e527909ca51b8e4770d832722c1ee689412e94794343e119ecbbe050501c89c606704dfbeb15562b01752dc90fd35b506b7ac5d8cf86fcc4c8d42af7aaa3af84229ea374e838faa1f6b75443b3967cd3f614ec1045e60d762c31fc1afe97f715b3cc308dca88ee385667d63c96a2cc83bdfd3972f722c256961dd7d8e67769967ebc40b8036e2610543cb9da07d061627c3065a330b18adbbd8e4933426c394a9f3366bb75230c960e6778e4bebb86d95d3ccc6ba0e263114b4f9a92e16a8f2dd8493328555debda0bdfcdf41c108c2621eb1f7a377f2a77ccb552e36dddaba44798e8a03518ee0fca6d54b1c4469953e02a971094494c7e6cebf9e0d8a56bac45c705cd87f64a91838fd02cd531961f9bf5c72f7e99672c6007492073fca2829e79a6d91aafe79a2da87a88aa8637bbef74fdbb24606d523ceb3c91e8eb15f4fa981221ecdc5ef4a954c718de4b1de92e716e93870a298a00b08dab19a1bcdc2f765b9f54af2eeecb8b2f4cf0d81d32ad02fd2f023c2505c737e8e240d7d13409eca0e5e992c51f971fb56259e2906333aa0870b45081f98da1be8c6385c679e5c04a40d4dab1e351b673489bd305487c47f9725142b883dd18776e2020ce32069605cb39146a24dd9b89737b6e1da58dd09878f3247002c58fc7d4e3deff6c7be9378b195b5b0a754629b972a3fa450f33563fe57645799ccf57bcdafeceb80dbc849dbd80847d0d437fe1e68b64483efe27cfb10453dd18675fd9b29d104f8bc147cc27f4a93219c061e70012df4d75bce93a1635b2b2d8cb080a222fab8551c3614fa33f303adf130e094fa84a869406d8e17027683ba60c1d971723140300bf0e03af1541aa623322b9ca002afe0ac3ffaee345b90baaabdb7f598a9e23a2eafee8445857368ae4f0f8c5ac384cbecfc5707ce6578de3c20750060966b301e72ee0a9aef288a0d1f57212e069bc9ec1e09026d250ee254dc161e082f8b914bcd5b3fb4f7b1efbb3550e00fca48c3f40090cfdfb7b0042a5746fead5049c51de989be71934d43f8f69dfa555317b9ce18c684c94270898ce897c25bbee897875fecb62e20c43e105b4166851d81be4ca2825701091cfcc97d6614c65a94c9162268d2dacde6fbce66b7bfa3ec3322a9b3b8f3b527c75f76ca3cfc4abc716d66e6d1e52f4457d202d8ccc50cb739bbfe8d40598ffbd9d26c8f3d6beab54904d99d450e7bab8fbcb7628f2d8bd32aff8d7de8c9d0631a1b1ab63a6b66c82b967a19d0a4ecadfe6b41524760591367d9890a62348a1ba9411c786e9e3eba122e4c0f1a24ccbdaf0d2badad59b23e29534607ab5ead338f3393e7d0f13dfcc9932ea61353f55c11c69548ac239fdb595cc11ebd7e020453246e495a5e5e230ae68d025f29fb31b121ff817de427b4838365a5f4cec6912b275fe0bdd556bdf273be7225142fe8788bf1c07154f2af46ad171f8500e2b65d96c6863e4373693eea1fa855149ea457f6b460b51df6a0b371d29eb19a19daf93ef84bb4f5af9ab3f1b622654ea866ce1cc11261673bee0d65a2cae4294987de24c87ea57cb1f737148347691862d7cbae096baea5212f3938e756995653b97d1632b4fdb9fe8fcce6140a4068146484b72138263c985aa087650eba34ff18da8a1bc1f5695a126984109e0595278dc99a72fd0c6922e723539bdb261c9b507710cf041f208af26f344326429cb3c8d9b366bf8370f4ecdc75d2299448ae8616bb834d3e44cd8115880bafa20304756d02747dd6b421e2eef7e3e5092d8e7410ee417482dd7b93e4a2f654b08ebeef1b3947b702ebdcf286df92c77592393dcbcd6808de79837e41917b735e39f893a618cb16674d0dbb2c32ebaf7835cb4ea8814dfb5f636d3f65d05a5c5c232e661ef23595450949c65382097ca62f9119ef5a0459d4bc26248694c58f8113490ec6ee7f09e42b9933b684b7059f6b227ed3952c707f7400b5f84f5a5029732339b54b7cea74a1a531b1769acdfdf58fdbc3fb825e3570f80ac8066e37f3ea7856eadd63e786022194cd671151f79491015f352aaf68f71e6cebfdf0e1e9a2c82b0d2f725f32aaf3b5f2fdb22cf01300cee3f469a12aea392083578fa3cd81f6acf1580ecaad9858345b9e926de32c1eadb7897ae21b146f34113b06fd0ad6eb3e823b9befce341ca5e62baaa1b25ec14e23af2118a83fe7a585b585a51a6aef4b046016142b7e54ddda02af38f2613e4cb714622575c67018a2ba354ad874667d70a703cae08617f1c3cb754e2b23b45a8e7ed2f26b9cc63b3a12f42f91d61709a5e01b75aec66c6cd19db44a8f63c9a7a48c75be4c5895d71ed62d0d1a3d0f797588f6e18d7615b326cbed0cea424e1d78ad9731df233b59236899001ba65c5ef7850de4c5705e05706ad153603d72567bb25c086438f959a951af7b6a596b5caf69a1d855892657a4d3548a373d5c464140e370183039c09c0607f29405778586052d90ddc245d9a8e9664ad7cc99d1370c1a043408aac1b86c3d98030bbae7472986874b3efb9287ac162d1aa527634e523fbb0f59278bd92952ec3d66269b018a6ea5899d2cc41b57de19eec9f0050687ad", 0x1000}], 0x6, &(0x7f00000029c0)=[@ip_retopts={{0xbc, 0x0, 0x7, {[@ssrr={0x89, 0x1f, 0x0, [@dev, @local, @dev, @local, @multicast2, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast]}, @ssrr={0x89, 0xb, 0x0, [@private, @rand_addr]}, @timestamp_addr={0x44, 0xc, 0x0, 0x1, 0x0, [{@broadcast}]}, @cipso={0x86, 0x4e, 0x0, [{0x0, 0x3, "80"}, {0x0, 0xf, "ae42dc3a29e98fdb2ce5402fac"}, {0x0, 0xf, "eb94e59a35f95266aa4b3845fb"}, {0x0, 0x12, "60564ee68cd83ef1dbd9204d563f1fa7"}, {0x0, 0x8, "91be2a5812be"}, {0x0, 0x4, "23e0"}, {0x0, 0x9, "cd0de016205a34"}]}, @timestamp={0x44, 0x28, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @dev, @multicast2}}}], 0xe0}, 0x0)

[ 2337.195435][ T9034] pgdeactivate 0
[ 2337.195435][ T9034] pglazyfree 0
[ 2337.195435][ T9034] pglazyfreed 0
[ 2337.195435][ T9034] zswpin 0
[ 2337.195435][ T9034] zswpout 0
[ 2337.381333][    C0] vkms_vblank_simulate: vblank timer overrun
12:18:02 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0x0, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2337.424479][ T9034] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9034,uid=0
[ 2337.440946][ T9034] Memory cgroup out of memory: Killed process 9034 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2337.522353][ T9047] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2337.532912][ T9047] CPU: 1 PID: 9047 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2337.542324][ T5556] usb 1-1: new high-speed USB device number 80 using dummy_hcd
[ 2337.542746][ T9047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2337.542769][ T9047] Call Trace:
[ 2337.542780][ T9047]  <TASK>
[ 2337.542792][ T9047]  dump_stack_lvl+0x136/0x150
[ 2337.571399][ T9047]  dump_header+0x10a/0xd70
[ 2337.575885][ T9047]  oom_kill_process+0x25d/0x600
[ 2337.580823][ T9047]  out_of_memory+0x35c/0x1650
[ 2337.585583][ T9047]  ? find_held_lock+0x2d/0x110
[ 2337.590406][ T9047]  ? oom_killer_disable+0x2b0/0x2b0
[ 2337.595683][ T9047]  ? rcu_read_unlock+0x9/0x60
[ 2337.600502][ T9047]  ? find_held_lock+0x2d/0x110
[ 2337.605330][ T9047]  mem_cgroup_out_of_memory+0x206/0x270
[ 2337.610945][ T9047]  ? mem_cgroup_margin+0x130/0x130
[ 2337.616101][ T9047]  ? lock_downgrade+0x690/0x690
[ 2337.620995][ T9047]  try_charge_memcg+0xf99/0x13a0
[ 2337.626070][ T9047]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2337.632096][ T9047]  ? get_mem_cgroup_from_objcg+0xa1/0x280
[ 2337.637891][ T9047]  ? lock_downgrade+0x690/0x690
[ 2337.642767][ T9047]  ? trace_lock_acquire+0x12d/0x180
[ 2337.648014][ T9047]  ? get_mem_cgroup_from_objcg+0x159/0x280
[ 2337.653849][ T9047]  ? lock_acquire+0x32/0xc0
[ 2337.658402][ T9047]  __memcg_kmem_charge_page+0x16e/0x3c0
[ 2337.664017][ T9047]  memcg_charge_kernel_stack.part.0+0x6c/0x150
12:18:02 executing program 3:
r0 = syz_open_dev$dri(&(0x7f0000000040), 0x0, 0x0)
ioctl$DRM_IOCTL_AGP_FREE(r0, 0x40206435, 0x0)

[ 2337.670222][ T9047]  copy_process+0x4e7/0x76b0
[ 2337.674844][ T9047]  ? __lock_acquire+0xbe1/0x5df0
[ 2337.679829][ T9047]  ? pidfd_pid+0x90/0x90
[ 2337.684138][ T9047]  ? lockdep_hardirqs_on_prepare+0x410/0x410
[ 2337.690157][ T9047]  ? psi_memstall_leave+0x174/0x250
[ 2337.695390][ T9047]  ? lock_downgrade+0x690/0x690
[ 2337.700289][ T9047]  kernel_clone+0xeb/0x890
[ 2337.704737][ T9047]  ? create_io_thread+0xe0/0xe0
[ 2337.709626][ T9047]  ? percpu_ref_put_many.constprop.0+0x6a/0x1b0
[ 2337.715898][ T9047]  ? lock_downgrade+0x690/0x690
[ 2337.720796][ T9047]  ? mem_cgroup_css_online+0x3b0/0x3b0
[ 2337.726361][ T9047]  ? mem_cgroup_css_online+0x3b0/0x3b0
[ 2337.731954][ T9047]  __do_sys_clone+0xba/0x100
[ 2337.736605][ T9047]  ? kernel_clone+0x890/0x890
[ 2337.741324][ T9047]  ? syscall_enter_from_user_mode+0x26/0x80
[ 2337.747252][ T9047]  do_syscall_64+0x39/0xb0
[ 2337.751728][ T9047]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2337.757680][ T9047] RIP: 0033:0x7f47dd28d521
[ 2337.762132][ T9047] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 2337.781872][ T9047] RSP: 002b:00007ffdbc005e08 EFLAGS: 00000206 ORIG_RAX: 0000000000000038
[ 2337.782198][ T5556] usb 1-1: Using ep0 maxpacket: 16
[ 2337.790298][ T9047] RAX: ffffffffffffffda RBX: 00007f47de072700 RCX: 00007f47dd28d521
[ 2337.790325][ T9047] RDX: 00007f47de0729d0 RSI: 00007f47de0722f0 RDI: 00000000003d0f00
[ 2337.790349][ T9047] RBP: 00007ffdbc006050 R08: 00007f47de072700 R09: 00007f47de072700
12:18:02 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
dup(r1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

[ 2337.790371][ T9047] R10: 00007f47de0729d0 R11: 0000000000000206 R12: 00007ffdbc005ebe
[ 2337.790394][ T9047] R13: 00007ffdbc005ebf R14: 00007f47de072300 R15: 0000000000022000
[ 2337.835728][ T9047]  </TASK>
[ 2337.847970][ T9047] memory: usage 307184kB, limit 307200kB, failcnt 13451
[ 2337.861970][ T9047] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2337.875227][ T9047] Memory cgroup stats for /syz1:
[ 2337.875511][ T9047] anon 106496
[ 2337.875511][ T9047] file 312406016
[ 2337.875511][ T9047] kernel 2031616
[ 2337.875511][ T9047] kernel_stack 32768
[ 2337.875511][ T9047] pagetables 81920
[ 2337.875511][ T9047] sec_pagetables 0
[ 2337.875511][ T9047] percpu 4928
[ 2337.875511][ T9047] sock 0
[ 2337.875511][ T9047] vmalloc 0
[ 2337.875511][ T9047] shmem 312406016
[ 2337.875511][ T9047] zswap 0
[ 2337.875511][ T9047] zswapped 0
[ 2337.875511][ T9047] file_mapped 380928
[ 2337.875511][ T9047] file_dirty 0
[ 2337.875511][ T9047] file_writeback 0
[ 2337.875511][ T9047] swapcached 0
[ 2337.875511][ T9047] anon_thp 0
[ 2337.875511][ T9047] file_thp 0
[ 2337.875511][ T9047] shmem_thp 0
[ 2337.875511][ T9047] inactive_anon 62951424
[ 2337.875511][ T9047] active_anon 131072
[ 2337.875511][ T9047] inactive_file 0
[ 2337.875511][ T9047] active_file 0
[ 2337.875511][ T9047] unevictable 249430016
[ 2337.875511][ T9047] slab_reclaimable 964920
[ 2337.875511][ T9047] slab_unreclaimable 879608
[ 2337.875511][ T9047] slab 1844528
[ 2337.875511][ T9047] workingset_refault_anon 0
[ 2337.875511][ T9047] workingset_refault_file 0
[ 2337.875511][ T9047] workingset_activate_anon 0
[ 2337.875511][ T9047] workingset_activate_file 0
[ 2337.875511][ T9047] workingset_restore_anon 0
[ 2337.875511][ T9047] workingset_restore_file 0
[ 2337.875511][ T9047] workingset_nodereclaim 0
[ 2337.875511][ T9047] pgscan 49
[ 2337.875511][ T9047] pgsteal 49
[ 2337.875511][ T9047] pgscan_kswapd 0
[ 2337.875511][ T9047] pgscan_direct 49
[ 2337.875511][ T9047] pgscan_khugepaged 0
[ 2337.875511][ T9047] pgsteal_kswapd 0
12:18:02 executing program 2:
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0)
open(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000440)=[{&(0x7f0000000180)='0', 0x1}], 0x1)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000000)={0x20, 0x8, 0x140, 0xa0, 0x0, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6})

[ 2337.875511][ T9047] pgsteal_direct 49
[ 2337.875511][ T9047] pgsteal_khugepaged 0
[ 2337.875511][ T9047] pgfault 1096066
[ 2337.875511][ T9047] pgmajfault 422
[ 2337.875511][ T9047] pgrefill 150
[ 2337.875511][ T9047] pgactivate 161
[ 2337.875511][ T9047] pgdeactivate 0
[ 2337.875511][ T9047] pglazyfree 0
[ 2337.875511][ T9047] pglazyfreed 0
[ 2337.875511][ T9047] zswpin 0
[ 2337.875511][ T9047] zswpout 0
12:18:02 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0x0, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:18:02 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000100), &(0x7f00000000c0)=0xfffffffffffffe9b)

[ 2338.093928][ T9047] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9047,uid=0
[ 2338.113376][ T9047] Memory cgroup out of memory: Killed process 9047 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2338.188048][ T5556] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2338.242473][ T5556] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2338.265848][ T9063] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2338.276901][ T9063] CPU: 0 PID: 9063 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2338.286876][ T9063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2338.296973][ T9063] Call Trace:
[ 2338.300277][ T9063]  <TASK>
[ 2338.303265][ T9063]  dump_stack_lvl+0x136/0x150
[ 2338.307981][ T9063]  dump_header+0x10a/0xd70
[ 2338.312434][ T9063]  oom_kill_process+0x25d/0x600
[ 2338.317331][ T9063]  out_of_memory+0x35c/0x1650
[ 2338.322072][ T9063]  ? find_held_lock+0x2d/0x110
[ 2338.326895][ T9063]  ? oom_killer_disable+0x2b0/0x2b0
[ 2338.332162][ T9063]  ? rcu_read_unlock+0x9/0x60
[ 2338.336890][ T9063]  ? find_held_lock+0x2d/0x110
[ 2338.341689][ T9063]  mem_cgroup_out_of_memory+0x206/0x270
[ 2338.347275][ T9063]  ? mem_cgroup_margin+0x130/0x130
[ 2338.352419][ T9063]  ? lock_downgrade+0x690/0x690
[ 2338.357385][ T9063]  try_charge_memcg+0xf99/0x13a0
[ 2338.362373][ T9063]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2338.368399][ T9063]  ? lock_downgrade+0x690/0x690
[ 2338.373282][ T9063]  ? trace_lock_acquire+0x12d/0x180
[ 2338.378512][ T9063]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2338.384106][ T9063]  ? lock_acquire+0x32/0xc0
[ 2338.388659][ T9063]  charge_memcg+0x90/0x3b0
[ 2338.393128][ T9063]  __mem_cgroup_charge+0x2b/0x90
[ 2338.398112][ T9063]  ? copy_mc_to_kernel+0x3e/0x90
[ 2338.403175][ T9063]  do_wp_page+0x8ac/0x3510
[ 2338.407647][ T9063]  ? lock_sync+0x190/0x190
[ 2338.412105][ T9063]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2338.417519][ T9063]  ? rcu_is_watching+0x12/0xb0
[ 2338.422326][ T9063]  ? do_raw_spin_lock+0x124/0x2b0
[ 2338.427390][ T9063]  ? spin_bug+0x1c0/0x1c0
[ 2338.431847][ T9063]  ? lock_acquire+0x32/0xc0
[ 2338.436384][ T9063]  ? __handle_mm_fault+0x1334/0x4180
[ 2338.441721][ T9063]  __handle_mm_fault+0x1547/0x4180
[ 2338.446970][ T9063]  ? vm_iomap_memory+0x190/0x190
[ 2338.451977][ T9063]  handle_mm_fault+0x2c0/0x9c0
[ 2338.456822][ T9063]  do_user_addr_fault+0x2ed/0x1240
[ 2338.462058][ T9063]  ? rcu_is_watching+0x12/0xb0
[ 2338.466882][ T9063]  exc_page_fault+0x98/0x170
[ 2338.471522][ T9063]  asm_exc_page_fault+0x26/0x30
[ 2338.476412][ T9063] RIP: 0033:0x7f47dd236f0e
[ 2338.480850][ T9063] Code: 10 4c 89 35 84 50 17 00 89 78 28 8b 7c 24 18 89 78 2c 8b 7c 24 54 89 78 78 48 8b 3c 24 88 4c 3a 04 8b 7c 24 4c 48 8b 54 24 40 <89> b8 80 00 00 00 0f 1f 40 00 48 8b 8c 14 50 01 00 00 48 83 c2 08
[ 2338.500481][ T9063] RSP: 002b:00007ffdbc005f40 EFLAGS: 00010246
[ 2338.506572][ T9063] RAX: 00007f47dd3abf80 RBX: 00007f47dd3abf8c RCX: 0000000000000000
[ 2338.514566][ T9063] RDX: 0000000000000000 RSI: 00007f47dd3abf88 RDI: 0000000000000000
[ 2338.522562][ T9063] RBP: 00007f47dd3abf80 R08: 00007f47de072700 R09: 00007f47de072700
[ 2338.530564][ T9063] R10: 00007f47de0729d0 R11: 0000000000000206 R12: 00007f47dd3abf8c
12:18:03 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000540)={&(0x7f00000001c0)={0x2, 0x4e24, @dev}, 0x10, 0x0, 0x0, &(0x7f0000000480)=[@ip_retopts={{0x14, 0x0, 0x7, {[@lsrr={0x83, 0x3, 0x9}]}}}], 0x18}, 0x0)

[ 2338.538557][ T9063] R13: 00007f47dce000a8 R14: 00007f47dd3abf80 R15: 0000000000000000
[ 2338.546571][ T9063]  </TASK>
[ 2338.549725][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2338.563700][ T9063] memory: usage 307192kB, limit 307200kB, failcnt 13552
[ 2338.576498][ T9063] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2338.588600][ T9063] Memory cgroup stats for /syz1:
[ 2338.588972][ T9063] anon 106496
[ 2338.588972][ T9063] file 312406016
[ 2338.588972][ T9063] kernel 2052096
[ 2338.588972][ T9063] kernel_stack 65536
[ 2338.588972][ T9063] pagetables 81920
[ 2338.588972][ T9063] sec_pagetables 0
[ 2338.588972][ T9063] percpu 4992
[ 2338.588972][ T9063] sock 0
[ 2338.588972][ T9063] vmalloc 0
[ 2338.588972][ T9063] shmem 312406016
[ 2338.588972][ T9063] zswap 0
[ 2338.588972][ T9063] zswapped 0
[ 2338.588972][ T9063] file_mapped 380928
[ 2338.588972][ T9063] file_dirty 0
[ 2338.588972][ T9063] file_writeback 0
[ 2338.588972][ T9063] swapcached 0
[ 2338.588972][ T9063] anon_thp 0
[ 2338.588972][ T9063] file_thp 0
[ 2338.588972][ T9063] shmem_thp 0
[ 2338.588972][ T9063] inactive_anon 62951424
[ 2338.588972][ T9063] active_anon 131072
[ 2338.588972][ T9063] inactive_file 0
[ 2338.588972][ T9063] active_file 0
[ 2338.588972][ T9063] unevictable 249430016
[ 2338.588972][ T9063] slab_reclaimable 964920
[ 2338.588972][ T9063] slab_unreclaimable 891984
[ 2338.588972][ T9063] slab 1856904
[ 2338.588972][ T9063] workingset_refault_anon 0
[ 2338.588972][ T9063] workingset_refault_file 0
[ 2338.588972][ T9063] workingset_activate_anon 0
[ 2338.588972][ T9063] workingset_activate_file 0
[ 2338.588972][ T9063] workingset_restore_anon 0
[ 2338.588972][ T9063] workingset_restore_file 0
[ 2338.588972][ T9063] workingset_nodereclaim 0
[ 2338.588972][ T9063] pgscan 49
[ 2338.588972][ T9063] pgsteal 49
[ 2338.588972][ T9063] pgscan_kswapd 0
[ 2338.588972][ T9063] pgscan_direct 49
[ 2338.588972][ T9063] pgscan_khugepaged 0
[ 2338.588972][ T9063] pgsteal_kswapd 0
[ 2338.588972][ T9063] pgsteal_direct 49
[ 2338.588972][ T9063] pgsteal_khugepaged 0
[ 2338.588972][ T9063] pgfault 1096106
[ 2338.588972][ T9063] pgmajfault 422
[ 2338.588972][ T9063] pgrefill 150
[ 2338.588972][ T9063] pgactivate 161
[ 2338.588972][ T9063] pgdeactivate 0
[ 2338.588972][ T9063] pglazyfree 0
[ 2338.588972][ T9063] pglazyfreed 0
[ 2338.588972][ T9063] zswpin 0
[ 2338.588972][ T9063] zswpout 0
[ 2338.786695][ T9063] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9063,uid=0
[ 2338.805885][ T9063] Memory cgroup out of memory: Killed process 9063 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2338.842395][ T5556] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2338.878776][ T5556] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2338.894786][ T5556] usb 1-1: Product: syz
[ 2338.894821][ T5556] usb 1-1: SerialNumber: syz
[ 2339.155835][ T5556] usb 1-1: USB disconnect, device number 80
12:18:04 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x2, &(0x7f0000000980)=@string={0x2}}]})

12:18:04 executing program 3:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000140))

12:18:04 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0x0, 0x0, 0x5, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:18:04 executing program 4:
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @hyper}, 0x10)
pselect6(0x40, &(0x7f0000000040), &(0x7f0000000080)={0x7}, &(0x7f00000000c0)={0x9}, &(0x7f0000000100)={0x77359400}, 0x0)

12:18:04 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
dup(r1)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)

12:18:04 executing program 2:
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f00000001c0)='./file0\x00', 0x808, &(0x7f0000000200)=ANY=[@ANYBLOB="00db16829f6f223801fbf346fbcb361a39ddaf9d9f3c0af9a8ab94c7941e0e3c9475e63359aed78788f36d3a46db8aec833c27bd3e04b336aad4e94458ea4c54b693746f778aee571c4196000005000000a2a5d06be49880db3e328d0ed6fe222fcfd1fc4111df0263d4e1e05f9b2b7969943681ca1edbb19a3ab3d79e2c96a3f281528a5f87018ff44d3446025929889bf379606d3cf3e50000000000000000000000007f3dd0c8e01c91244d054cddd790eea2f6714eba57910555eea84c0516a8e0b01d76f1fbc57484429c9f884d0200c95f3f0c2da8d75675d94f391939728fd37ad1a183a8906b1cb20bc7adfd1a563309a14772bc28a04eaaeb2975cc665df9d78165158170eef9b268c259fe12c43c970496535266b997c20a4e75df43f06b2fa7f27c1ac5aefcc163b6b13aa1aa3d027af71d35ecd47d08afa19746905041a8742c55000000000000000cc29d041d2511fc5c9ef862ce97493abf6adfcd06c4800d6a1a287c96a228e129e77cec5e998224d095a150eb8d1b376b4664844b8b544b5a90dcfc79b3d31cf6ba07cf00bfbfaf033cba704ac6d9a22c8675894b7452356fa8f600eb1b31b2bd471a5f43a27462d2d65777fa3cab7c0930f09ccb714d081efd3067d135f258fc02ed63ebcc485f16f88c3801030c70565a197e6e14c9c98dcd9ec50309ad000000"], 0x1, 0xa17, &(0x7f0000000400)="$eJzs3U2MW0cdAPCxd735LHFKQpc0NAmFtnx0t9ks4SOCpmouRE3FrVLFJUrTEpEGRCpBqx6SnLjRqgpXPsSplwoQEr2gqCculWgkLj0VDhyIglSJAxSSRdmd8dr/2Dx7dxOv17+fNDueN2PPPO/z8/N7b2YSMLbqi3/n56drKV1++41jf3/ob1tuLXm8VaK5+HeyLdVIKdVyejK83gcTS/GND1891S2upbnFvyWdnr7eeu62lNKFtD9dSc205/LV19+de+rExeOXDrz35pFrd2btAQBgvHzrypH53X/50/07P3rrgaNpU2t5OT5v5vT2fNx/NB/4l+P/eupM19pCu6lQbjKHeig30aVcez2NUG6yR/1T4XUbPcptqqh/om1Zt/WGUVa242aq1Wc60vX6zMzSb/K0+Lt+qjZz7szZ588PqaHAmvvnvpTSfkEQxjEs7Bj2HghgSbxeeJsL8czC6rRebbK/+q8/Ue/+fFgDd3v7V/9o1f+ri/Y4rJ2NujWV9Sqfo+05Ha8jxPuXBv38l9eL1yMafbaz13WEUbm+0KudE3e5HSvVq/1xu9iovp7j8j58I+S3f37i/3RU/sdAd/9y/l8QxjYsDHsHBKxb8b65hazkx/v6Yv6mivzNFflbKvK3VuRvq8iHcfbbl36SXqst/86Pv+kHPR9WzrPdk+OPDdieeD5y0Prjfb+DWm398X5iWM9+f/KZ01957tmrS/f/L2/LN/P2vj+nm/mzdSUXKecL43n11r3/zc566j3K3Rvac0+X8ouPd3WWq+1afp3Utp+5rR3Tnc/b0avc3s5yzVBuSw6bQ3vj8cnW8Lxy/FH2q+X9mgzr2wjrMRXaUfYrO3Mc2wErUbbHXvf/l+1zOjVqz585e/qxnC7b6R8nGptuLT94l9sNrF6//X+mU2f/n+2t5Y16+35hx/LyWvt+oRmWz/VYfiiny/fcdya2LC6fOfW9s8+t9crDmDv/8ivfPXn27OkfeOCBBx60Hgx7zwTcabMvvfj92fMvv/LomRdPvnD6hdPnDh0+fGhu7vBXD83PLh7Xz7Yf3QMbyfKX/rBbAgAAAAAAAAAAAPTrh8ePXf3zO19+f6n//3L/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/MUyYYDVqVCukcPHQ3t3hXp2h+d9Isetefxy//9SXRzXtbTnvrA8jt9byoXhBG4bL2UqjEES5wv8dI4v5fiXCYaotqX74hxXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3fehTay9u5Gd8JhryPQ3T+M/y0IYxsWFsziAawPw57/s5z3LPG5P3xz861Qil1/onN/GccvhdVY7/NPqn9jzf/Zmv+u7/1fmDGvubJ6//2za++3VZv29Ft/XP8yDvSuwer/KNdf1ubh1F/9C78I9ccLQn36T6h/a5/137b+e1dW/39z/eVte+TBfutfanGt3tmOeN64XP+L542LG2H9y9ie/ax/xwnFFU7UeDPXD+NsVOaZHdSozP/bS7wP40s5XXaE5T6HON/JoO0v91eU74Hd4fVrFd9v5v8dbV/LcdXnocz/W7bHZpd0vS3d6PLebtR9DYyqD1z/E4SxDQsLC11PKK12Hr1+reRs1qgcW46CO3s2s9qw/5fDrn/Y73+VOP9vPIaP8//G/Dj/b8yP8//G/Di/XsyP8//G9zPO/xvz7wuvG+cHnq7I/2RF/p6K/Psr8vdW5H+qIv9ARf4DFfn7KvLvrch/sCL/MxX5n63If6gi/5GK/M9V5G90pT/KuK4/jLPYP8/nH8ZHuf7T6/O/qyIfGF0/fevgk8/+5tvNpf7/U63zIeU63tGcbuTfzj/K6XjdO7Wlb+W9k9N/Dfnr/XwHjJM4fkb8fn+4Ih8YXeU+L59vGEO17iP29DtuVa/jfEbL53P8hRx/MceP5ngmx7M5Ppjjuf/3ovvWto2svSd//bsjr9WWf+/vCPn93k8e+wPFcaIO9dmeeH5g0PvZ4zh+g1pt/SvsDgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA09cW/8/PTtZQuv/3GsWdOnJm9teTxVonm4t/JtlSj9byUHsvxRI5/nh/c+PDVU+3xzRzX0lyqpVpreXr6equmbSmlC2l/upKaac/lq6+/O/fUiYvHLx14780j1+7cOwAAAAAb3/8CAAD//9XDDjc=")

12:18:04 executing program 2:
shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000e80))

12:18:04 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

12:18:04 executing program 4:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000000)={0x3, 'vlan1\x00'})

12:18:04 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

12:18:04 executing program 4:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$sock(r0, &(0x7f0000005380)=[{{&(0x7f0000000000)=@in={0x2, 0x4e23, @multicast1}, 0x80, 0x0, 0x0, &(0x7f00000002c0)=[@mark={{0x14}}], 0x18}}], 0x1, 0x0)
r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
r2 = socket$bt_cmtp(0x1f, 0x3, 0x5)
ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(r2, 0x8982, &(0x7f0000000100)={0x7, 'wg0\x00', {0xffffffff}, 0xea51})
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, 0x0)
getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f0000000080)={@private0}, &(0x7f00000000c0)=0x14)
syz_genetlink_get_family_id$nfc(&(0x7f0000000140), 0xffffffffffffffff)
r3 = socket$l2tp(0x2, 0x2, 0x73)
r4 = openat$mice(0xffffffffffffff9c, &(0x7f00000001c0), 0x3)
ioctl$DRM_IOCTL_AGP_ALLOC(r1, 0xc0206434, &(0x7f0000000200)={0x100, <r5=>0x0, 0x10001})
ioctl$DRM_IOCTL_SG_FREE(r4, 0x40106439, &(0x7f0000000240)={0x2, r5})
sendmmsg$sock(r3, &(0x7f0000005fc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000003200)=[@timestamping={{0x14}}, @txtime={{0x18}}], 0x30}}], 0x1, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r3, 0x8982, &(0x7f0000000180)={0x0, 'gretap0\x00'})

12:18:04 executing program 4:
bpf$MAP_UPDATE_ELEM(0x1e, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0}, 0x20)

[ 2339.840743][ T9074] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2339.903938][ T9074] CPU: 1 PID: 9074 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2339.913833][ T9074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2339.923975][ T9074] Call Trace:
[ 2339.927283][ T9074]  <TASK>
[ 2339.930250][ T9074]  dump_stack_lvl+0x136/0x150
[ 2339.935003][ T9074]  dump_header+0x10a/0xd70
[ 2339.939505][ T9074]  oom_kill_process+0x25d/0x600
[ 2339.944434][ T9074]  out_of_memory+0x35c/0x1650
[ 2339.949192][ T9074]  ? find_held_lock+0x2d/0x110
[ 2339.954015][ T9074]  ? oom_killer_disable+0x2b0/0x2b0
[ 2339.959288][ T9074]  ? rcu_read_unlock+0x9/0x60
[ 2339.964018][ T9074]  ? find_held_lock+0x2d/0x110
[ 2339.968846][ T9074]  mem_cgroup_out_of_memory+0x206/0x270
[ 2339.974460][ T9074]  ? mem_cgroup_margin+0x130/0x130
[ 2339.979612][ T9074]  ? lock_downgrade+0x690/0x690
[ 2339.984514][ T9074]  try_charge_memcg+0xf99/0x13a0
[ 2339.989488][ T9074]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2339.995503][ T9074]  ? lock_downgrade+0x690/0x690
[ 2340.000376][ T9074]  ? trace_lock_acquire+0x12d/0x180
[ 2340.005609][ T9074]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2340.011207][ T9074]  ? lock_acquire+0x32/0xc0
[ 2340.015765][ T9074]  charge_memcg+0x90/0x3b0
[ 2340.020230][ T9074]  __mem_cgroup_charge+0x2b/0x90
[ 2340.025197][ T9074]  do_wp_page+0x8ac/0x3510
[ 2340.029647][ T9074]  ? lock_sync+0x190/0x190
[ 2340.034089][ T9074]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2340.039487][ T9074]  ? rcu_is_watching+0x12/0xb0
[ 2340.044281][ T9074]  ? do_raw_spin_lock+0x124/0x2b0
[ 2340.049337][ T9074]  ? spin_bug+0x1c0/0x1c0
[ 2340.053705][ T9074]  ? lock_acquire+0x32/0xc0
[ 2340.058224][ T9074]  ? __handle_mm_fault+0x1334/0x4180
[ 2340.063577][ T9074]  __handle_mm_fault+0x1547/0x4180
[ 2340.068734][ T9074]  ? vm_iomap_memory+0x190/0x190
[ 2340.073721][ T9074]  handle_mm_fault+0x2c0/0x9c0
[ 2340.078530][ T9074]  do_user_addr_fault+0x2ed/0x1240
[ 2340.083683][ T9074]  ? rcu_is_watching+0x12/0xb0
[ 2340.088500][ T9074]  exc_page_fault+0x98/0x170
[ 2340.093131][ T9074]  asm_exc_page_fault+0x26/0x30
[ 2340.098002][ T9074] RIP: 0033:0x7f47dd2395a0
[ 2340.102445][ T9074] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2340.122377][ T9074] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2340.128476][ T9074] RAX: 00000000672f47ab RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2340.136457][ T9074] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fe32a
[ 2340.144441][ T9074] RBP: 00000000672f47ab R08: 00000000000007ab R09: 00000000672f47af
[ 2340.152466][ T9074] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2340.160533][ T9074] R13: 0000000000000001 R14: 0000000000000004 R15: ffffffff81e3d3ad
[ 2340.168518][ T9074]  ? build_open_flags+0x1d/0x720
[ 2340.173498][ T9074]  </TASK>
[ 2340.202875][ T9074] memory: usage 307188kB, limit 307200kB, failcnt 13630
[ 2340.210285][ T9074] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2340.219180][ T9074] Memory cgroup stats for /syz1:
[ 2340.219462][ T9074] anon 126976
[ 2340.219462][ T9074] file 312406016
[ 2340.219462][ T9074] kernel 2019328
[ 2340.219462][ T9074] kernel_stack 65536
[ 2340.219462][ T9074] pagetables 81920
[ 2340.219462][ T9074] sec_pagetables 0
[ 2340.219462][ T9074] percpu 4864
[ 2340.219462][ T9074] sock 0
[ 2340.219462][ T9074] vmalloc 0
[ 2340.219462][ T9074] shmem 312406016
[ 2340.219462][ T9074] zswap 0
[ 2340.219462][ T9074] zswapped 0
[ 2340.219462][ T9074] file_mapped 380928
[ 2340.219462][ T9074] file_dirty 0
[ 2340.219462][ T9074] file_writeback 0
[ 2340.219462][ T9074] swapcached 0
[ 2340.219462][ T9074] anon_thp 0
[ 2340.219462][ T9074] file_thp 0
[ 2340.219462][ T9074] shmem_thp 0
[ 2340.219462][ T9074] inactive_anon 62951424
[ 2340.219462][ T9074] active_anon 151552
[ 2340.219462][ T9074] inactive_file 0
[ 2340.219462][ T9074] active_file 0
[ 2340.219462][ T9074] unevictable 249430016
[ 2340.219462][ T9074] slab_reclaimable 964920
[ 2340.219462][ T9074] slab_unreclaimable 868808
[ 2340.219462][ T9074] slab 1833728
[ 2340.219462][ T9074] workingset_refault_anon 0
[ 2340.219462][ T9074] workingset_refault_file 0
[ 2340.219462][ T9074] workingset_activate_anon 0
[ 2340.219462][ T9074] workingset_activate_file 0
[ 2340.219462][ T9074] workingset_restore_anon 0
[ 2340.219462][ T9074] workingset_restore_file 0
[ 2340.219462][ T9074] workingset_nodereclaim 0
[ 2340.219462][ T9074] pgscan 49
[ 2340.219462][ T9074] pgsteal 49
[ 2340.219462][ T9074] pgscan_kswapd 0
[ 2340.219462][ T9074] pgscan_direct 49
[ 2340.219462][ T9074] pgscan_khugepaged 0
[ 2340.219462][ T9074] pgsteal_kswapd 0
[ 2340.219462][ T9074] pgsteal_direct 49
[ 2340.219462][ T9074] pgsteal_khugepaged 0
[ 2340.219462][ T9074] pgfault 1096158
[ 2340.219462][ T9074] pgmajfault 422
[ 2340.219462][ T9074] pgrefill 150
[ 2340.219462][ T9074] pgactivate 161
[ 2340.219462][ T9074] pgdeactivate 0
[ 2340.219462][ T9074] pglazyfree 0
[ 2340.219462][ T9074] pglazyfreed 0
[ 2340.219462][ T9074] zswpin 0
[ 2340.219462][ T9074] zswpout 0
[ 2340.410557][ T3038] usb 1-1: new high-speed USB device number 81 using dummy_hcd
[ 2340.410809][ T9074] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9074,uid=0
[ 2340.448391][ T9074] Memory cgroup out of memory: Killed process 9074 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2340.682173][ T3038] usb 1-1: Using ep0 maxpacket: 16
[ 2340.832540][ T3038] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2340.882551][ T3038] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2341.022386][ T3038] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2341.031578][ T3038] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2341.050340][ T3038] usb 1-1: Product: syz
[ 2341.054878][ T3038] usb 1-1: SerialNumber: syz
[ 2341.308115][ T3038] usb 1-1: USB disconnect, device number 81
12:18:06 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x2, &(0x7f0000000980)=@string={0x2}}]})

12:18:06 executing program 2:
clock_gettime(0x0, &(0x7f00000002c0)={<r0=>0x0})
pselect6(0x40, &(0x7f0000000180), &(0x7f00000001c0)={0x5}, 0x0, &(0x7f0000000300)={r0}, 0x0)

12:18:06 executing program 4:
open$dir(0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000080), 0x0, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x6088, &(0x7f0000000640), &(0x7f0000002000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000100)=<r3=>0x0, &(0x7f0000000140)=<r4=>0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd=r5, 0x0, &(0x7f0000000440)=""/18, 0x12}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000000180)=@pppol2tpv3, 0x80, 0x0}}], 0x1, 0x0)
io_uring_enter(r2, 0x300, 0x0, 0x0, 0x0, 0x0)

12:18:06 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

12:18:06 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:18:06 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

12:18:06 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

12:18:06 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000001a40)={&(0x7f0000000180)={0x2, 0x4e24, @private}, 0x10, 0x0, 0x0, &(0x7f00000018c0)=[@ip_retopts={{0x14, 0x0, 0x7, {[@end, @noop]}}}, @ip_tos_int={{0x14}}], 0x30}, 0x4800)

12:18:06 executing program 4:
ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000100)={'veth1_to_bond\x00', @ifru_ivalue})
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_TIOCINQ(r0, 0x541b, &(0x7f00000000c0))

12:18:06 executing program 3:
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

12:18:06 executing program 2:
mlock(&(0x7f0000ff9000/0x2000)=nil, 0x2000)
msync(&(0x7f0000ff3000/0xd000)=nil, 0xd000, 0x0)

12:18:06 executing program 4:
syz_genetlink_get_family_id$net_dm(0x0, 0xffffffffffffffff)
syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000001c40), 0xffffffffffffffff)

[ 2342.090419][ T9102] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2342.122918][ T9102] CPU: 0 PID: 9102 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2342.132900][ T9102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2342.143005][ T9102] Call Trace:
[ 2342.146326][ T9102]  <TASK>
[ 2342.149301][ T9102]  dump_stack_lvl+0x136/0x150
[ 2342.154055][ T9102]  dump_header+0x10a/0xd70
[ 2342.158579][ T9102]  oom_kill_process+0x25d/0x600
[ 2342.163535][ T9102]  out_of_memory+0x35c/0x1650
[ 2342.168295][ T9102]  ? find_held_lock+0x2d/0x110
[ 2342.173122][ T9102]  ? oom_killer_disable+0x2b0/0x2b0
[ 2342.178418][ T9102]  ? rcu_read_unlock+0x9/0x60
[ 2342.183131][ T9102]  ? find_held_lock+0x2d/0x110
[ 2342.187954][ T9102]  mem_cgroup_out_of_memory+0x206/0x270
[ 2342.193542][ T9102]  ? mem_cgroup_margin+0x130/0x130
[ 2342.198685][ T9102]  ? lock_downgrade+0x690/0x690
[ 2342.203590][ T9102]  try_charge_memcg+0xf99/0x13a0
[ 2342.208579][ T9102]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2342.214606][ T9102]  ? lock_downgrade+0x690/0x690
[ 2342.219492][ T9102]  ? trace_lock_acquire+0x12d/0x180
[ 2342.224728][ T9102]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2342.230314][ T9102]  ? lock_acquire+0x32/0xc0
[ 2342.234859][ T9102]  charge_memcg+0x90/0x3b0
[ 2342.239323][ T9102]  __mem_cgroup_charge+0x2b/0x90
[ 2342.244304][ T9102]  ? copy_mc_to_kernel+0x3e/0x90
[ 2342.249286][ T9102]  do_wp_page+0x8ac/0x3510
[ 2342.253758][ T9102]  ? lock_sync+0x190/0x190
[ 2342.258214][ T9102]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2342.263630][ T9102]  ? rcu_is_watching+0x12/0xb0
[ 2342.268449][ T9102]  ? do_raw_spin_lock+0x124/0x2b0
[ 2342.273517][ T9102]  ? spin_bug+0x1c0/0x1c0
[ 2342.277885][ T9102]  ? lock_acquire+0x32/0xc0
[ 2342.282430][ T9102]  ? __handle_mm_fault+0x1334/0x4180
[ 2342.287772][ T9102]  __handle_mm_fault+0x1547/0x4180
[ 2342.292945][ T9102]  ? vm_iomap_memory+0x190/0x190
[ 2342.297951][ T9102]  handle_mm_fault+0x2c0/0x9c0
[ 2342.302764][ T9102]  do_user_addr_fault+0x2ed/0x1240
[ 2342.307919][ T9102]  ? rcu_is_watching+0x12/0xb0
[ 2342.312725][ T9102]  exc_page_fault+0x98/0x170
[ 2342.317379][ T9102]  asm_exc_page_fault+0x26/0x30
[ 2342.322280][ T9102] RIP: 0033:0x7f47dd2364bd
[ 2342.326730][ T9102] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2342.346365][ T9102] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2342.352461][ T9102] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 000000000000056b
[ 2342.360452][ T9102] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 0000000095cd0aca
[ 2342.368479][ T9102] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 0000000095cd0ace
[ 2342.376474][ T9102] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2342.384473][ T9102] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2342.392483][ T9102]  </TASK>
[ 2342.395600][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2342.405593][T27624] usb 1-1: new high-speed USB device number 82 using dummy_hcd
[ 2342.409256][ T9102] memory: usage 307200kB, limit 307200kB, failcnt 13695
[ 2342.420809][ T9102] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2342.430294][ T9102] Memory cgroup stats for /syz1:
[ 2342.430538][ T9102] anon 147456
[ 2342.430538][ T9102] file 312406016
[ 2342.430538][ T9102] kernel 2019328
[ 2342.430538][ T9102] kernel_stack 65536
[ 2342.430538][ T9102] pagetables 81920
[ 2342.430538][ T9102] sec_pagetables 0
[ 2342.430538][ T9102] percpu 4864
[ 2342.430538][ T9102] sock 0
[ 2342.430538][ T9102] vmalloc 0
[ 2342.430538][ T9102] shmem 312406016
[ 2342.430538][ T9102] zswap 0
[ 2342.430538][ T9102] zswapped 0
[ 2342.430538][ T9102] file_mapped 380928
[ 2342.430538][ T9102] file_dirty 0
[ 2342.430538][ T9102] file_writeback 0
[ 2342.430538][ T9102] swapcached 0
[ 2342.430538][ T9102] anon_thp 0
[ 2342.430538][ T9102] file_thp 0
[ 2342.430538][ T9102] shmem_thp 0
[ 2342.430538][ T9102] inactive_anon 62951424
[ 2342.430538][ T9102] active_anon 172032
[ 2342.430538][ T9102] inactive_file 0
[ 2342.430538][ T9102] active_file 0
[ 2342.430538][ T9102] unevictable 249430016
[ 2342.430538][ T9102] slab_reclaimable 964920
[ 2342.430538][ T9102] slab_unreclaimable 868808
[ 2342.430538][ T9102] slab 1833728
[ 2342.430538][ T9102] workingset_refault_anon 0
[ 2342.430538][ T9102] workingset_refault_file 0
[ 2342.430538][ T9102] workingset_activate_anon 0
[ 2342.430538][ T9102] workingset_activate_file 0
[ 2342.430538][ T9102] workingset_restore_anon 0
[ 2342.430538][ T9102] workingset_restore_file 0
[ 2342.430538][ T9102] workingset_nodereclaim 0
[ 2342.430538][ T9102] pgscan 49
[ 2342.430538][ T9102] pgsteal 49
[ 2342.430538][ T9102] pgscan_kswapd 0
[ 2342.430538][ T9102] pgscan_direct 49
[ 2342.430538][ T9102] pgscan_khugepaged 0
[ 2342.430538][ T9102] pgsteal_kswapd 0
[ 2342.430538][ T9102] pgsteal_direct 49
[ 2342.430538][ T9102] pgsteal_khugepaged 0
[ 2342.430538][ T9102] pgfault 1096219
[ 2342.430538][ T9102] pgmajfault 422
[ 2342.430538][ T9102] pgrefill 150
[ 2342.430538][ T9102] pgactivate 161
[ 2342.430538][ T9102] pgdeactivate 0
[ 2342.430538][ T9102] pglazyfree 0
[ 2342.430538][ T9102] pglazyfreed 0
[ 2342.430538][ T9102] zswpin 0
[ 2342.430538][ T9102] zswpout 0
[ 2342.634618][ T9102] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9102,uid=0
[ 2342.650836][ T9102] Memory cgroup out of memory: Killed process 9102 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2342.832233][T27624] usb 1-1: Using ep0 maxpacket: 16
[ 2342.964838][T27624] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2343.012250][T27624] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2343.132293][T27624] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2343.141470][T27624] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2343.149640][T27624] usb 1-1: Product: syz
[ 2343.154012][T27624] usb 1-1: SerialNumber: syz
[ 2343.405690][T27624] usb 1-1: USB disconnect, device number 82
12:18:08 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x2, &(0x7f0000000980)=@string={0x2}}]})

12:18:08 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x95e0ff133ea557e5, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x80)

12:18:08 executing program 3:
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

12:18:08 executing program 2:
bpf$OBJ_GET_PROG(0x13, &(0x7f0000000380)={0x0, 0x0, 0x18}, 0x10)

12:18:08 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:18:08 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

12:18:08 executing program 3:
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

12:18:08 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000240)={0x40, r1, 0x20d, 0x0, 0x0, {}, [@HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg0\x00'}]}]}, 0x40}}, 0x0)

12:18:08 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x6, [@union={0x4, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x7}]}]}, {0x0, [0x0, 0x0, 0x0, 0x5f]}}, &(0x7f00000002c0)=""/154, 0x36, 0x9a, 0x1}, 0x20)

[ 2344.010806][ T9133] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2344.023351][ T9133] CPU: 1 PID: 9133 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2344.033246][ T9133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2344.043357][ T9133] Call Trace:
[ 2344.046679][ T9133]  <TASK>
[ 2344.049650][ T9133]  dump_stack_lvl+0x136/0x150
[ 2344.054397][ T9133]  dump_header+0x10a/0xd70
[ 2344.058888][ T9133]  oom_kill_process+0x25d/0x600
[ 2344.063809][ T9133]  out_of_memory+0x35c/0x1650
[ 2344.068571][ T9133]  ? find_held_lock+0x2d/0x110
[ 2344.073409][ T9133]  ? oom_killer_disable+0x2b0/0x2b0
[ 2344.078707][ T9133]  ? rcu_read_unlock+0x9/0x60
[ 2344.083443][ T9133]  ? find_held_lock+0x2d/0x110
[ 2344.088276][ T9133]  mem_cgroup_out_of_memory+0x206/0x270
[ 2344.093885][ T9133]  ? mem_cgroup_margin+0x130/0x130
[ 2344.099060][ T9133]  ? lock_downgrade+0x690/0x690
[ 2344.103995][ T9133]  try_charge_memcg+0xf99/0x13a0
[ 2344.109021][ T9133]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2344.115081][ T9133]  ? lock_downgrade+0x690/0x690
[ 2344.119993][ T9133]  ? trace_lock_acquire+0x12d/0x180
[ 2344.125949][ T9133]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2344.131561][ T9133]  ? lock_acquire+0x32/0xc0
[ 2344.136133][ T9133]  charge_memcg+0x90/0x3b0
[ 2344.140623][ T9133]  __mem_cgroup_charge+0x2b/0x90
[ 2344.145720][ T9133]  do_wp_page+0x8ac/0x3510
[ 2344.150215][ T9133]  ? lock_sync+0x190/0x190
[ 2344.154691][ T9133]  ? finish_mkwrite_fault+0x3d0/0x3d0
12:18:08 executing program 2:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0x30, 0x7d, [{{0x9, 0x4, 0x0, 0x3f, 0x1, 0x7, 0x1, 0x1, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x3f, 0x1, 0x3}}}}}]}}]}}, &(0x7f0000000100)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x0, 0x20, 0x80, 0x10, 0xfa}, 0x70, &(0x7f0000000080)={0x5, 0xf, 0x70, 0x1, [@generic={0x6b, 0x10, 0x1, "474a5fb0524c429fd0ec8671e33ca918061251443f4f37808fe8fea8d327cf05ee30bc033c21e9973c0ab58e9051c2ababda0086f33ad769d8dbaebda7ced7e9ff09dcce4a587cea730bd5234eed18541be5b63e1b7f405b141c7b708b4a41f4963dcaf62059cae7"}]}})

12:18:08 executing program 3:
socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

[ 2344.160131][ T9133]  ? rcu_is_watching+0x12/0xb0
[ 2344.164957][ T9133]  ? do_raw_spin_lock+0x124/0x2b0
[ 2344.170047][ T9133]  ? spin_bug+0x1c0/0x1c0
[ 2344.174442][ T9133]  ? lock_acquire+0x32/0xc0
[ 2344.179013][ T9133]  ? __handle_mm_fault+0x1334/0x4180
[ 2344.184380][ T9133]  __handle_mm_fault+0x1547/0x4180
[ 2344.189674][ T9133]  ? vm_iomap_memory+0x190/0x190
[ 2344.194719][ T9133]  handle_mm_fault+0x2c0/0x9c0
[ 2344.199573][ T9133]  do_user_addr_fault+0x2ed/0x1240
[ 2344.204748][ T9133]  ? rcu_is_watching+0x12/0xb0
12:18:09 executing program 4:
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4001, 0x0, @empty}, 0x1c)
write(r0, &(0x7f0000000000)="04", 0x2007e53d)

[ 2344.209581][ T9133]  exc_page_fault+0x98/0x170
[ 2344.214244][ T9133]  asm_exc_page_fault+0x26/0x30
[ 2344.219152][ T9133] RIP: 0033:0x7f47dd2395a0
[ 2344.223618][ T9133] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2344.243283][ T9133] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2344.249407][ T9133] RAX: 00000000e71e0d02 RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2344.257435][ T9133] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fe031
[ 2344.265482][ T9133] RBP: 00000000e71e0d02 R08: 0000000000000d02 R09: 00000000e71e0d06
[ 2344.273502][ T9133] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2344.281521][ T9133] R13: 0000000000000001 R14: 0000000000000008 R15: ffffffff81e3d4bb
[ 2344.289539][ T9133]  ? build_open_flags+0x12b/0x720
[ 2344.294653][ T9133]  </TASK>
[ 2344.339323][ T9133] memory: usage 307188kB, limit 307200kB, failcnt 13761
[ 2344.349987][ T9133] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2344.380722][ T9133] Memory cgroup stats for /syz1:
[ 2344.380974][ T9133] anon 135168
[ 2344.380974][ T9133] file 312406016
[ 2344.380974][ T9133] kernel 2019328
[ 2344.380974][ T9133] kernel_stack 65536
[ 2344.380974][ T9133] pagetables 81920
[ 2344.380974][ T9133] sec_pagetables 0
[ 2344.380974][ T9133] percpu 4864
[ 2344.380974][ T9133] sock 0
[ 2344.380974][ T9133] vmalloc 0
[ 2344.380974][ T9133] shmem 312406016
[ 2344.380974][ T9133] zswap 0
[ 2344.380974][ T9133] zswapped 0
[ 2344.380974][ T9133] file_mapped 380928
[ 2344.380974][ T9133] file_dirty 0
[ 2344.380974][ T9133] file_writeback 0
[ 2344.380974][ T9133] swapcached 0
[ 2344.380974][ T9133] anon_thp 0
[ 2344.380974][ T9133] file_thp 0
[ 2344.380974][ T9133] shmem_thp 0
[ 2344.380974][ T9133] inactive_anon 62951424
[ 2344.380974][ T9133] active_anon 159744
[ 2344.380974][ T9133] inactive_file 0
[ 2344.380974][ T9133] active_file 0
[ 2344.380974][ T9133] unevictable 249430016
[ 2344.380974][ T9133] slab_reclaimable 964920
[ 2344.380974][ T9133] slab_unreclaimable 868808
[ 2344.380974][ T9133] slab 1833728
[ 2344.380974][ T9133] workingset_refault_anon 0
[ 2344.380974][ T9133] workingset_refault_file 0
[ 2344.380974][ T9133] workingset_activate_anon 0
[ 2344.380974][ T9133] workingset_activate_file 0
[ 2344.380974][ T9133] workingset_restore_anon 0
[ 2344.380974][ T9133] workingset_restore_file 0
[ 2344.380974][ T9133] workingset_nodereclaim 0
[ 2344.380974][ T9133] pgscan 49
[ 2344.380974][ T9133] pgsteal 49
[ 2344.380974][ T9133] pgscan_kswapd 0
[ 2344.380974][ T9133] pgscan_direct 49
[ 2344.380974][ T9133] pgscan_khugepaged 0
[ 2344.380974][ T9133] pgsteal_kswapd 0
[ 2344.380974][ T9133] pgsteal_direct 49
[ 2344.380974][ T9133] pgsteal_khugepaged 0
[ 2344.380974][ T9133] pgfault 1096274
[ 2344.380974][ T9133] pgmajfault 422
[ 2344.380974][ T9133] pgrefill 150
[ 2344.380974][ T9133] pgactivate 161
[ 2344.380974][ T9133] pgdeactivate 0
[ 2344.380974][ T9133] pglazyfree 0
[ 2344.380974][ T9133] pglazyfreed 0
[ 2344.380974][ T9133] zswpin 0
[ 2344.380974][ T9133] zswpout 0
[ 2344.422257][ T8017] usb 1-1: new high-speed USB device number 83 using dummy_hcd
[ 2344.586575][ T9133] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9133,uid=0
[ 2344.603451][ T9133] Memory cgroup out of memory: Killed process 9133 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2344.712225][ T3038] usb 3-1: new high-speed USB device number 32 using dummy_hcd
[ 2344.882187][ T8017] usb 1-1: Using ep0 maxpacket: 16
[ 2344.972171][ T3038] usb 3-1: Using ep0 maxpacket: 16
[ 2345.002265][ T8017] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2345.052412][ T8017] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2345.112375][ T3038] usb 3-1: config 1 interface 0 altsetting 63 bulk endpoint 0x1 has invalid maxpacket 1023
[ 2345.123152][ T3038] usb 3-1: config 1 interface 0 has no altsetting 0
[ 2345.172307][ T8017] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2345.181473][ T8017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2345.189701][ T8017] usb 1-1: Product: syz
[ 2345.194323][ T8017] usb 1-1: SerialNumber: syz
[ 2345.282455][ T3038] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2345.291552][ T3038] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2345.305339][ T3038] usb 3-1: Product: syz
[ 2345.309536][ T3038] usb 3-1: Manufacturer: syz
[ 2345.316857][ T3038] usb 3-1: SerialNumber: syz
[ 2345.342484][ T9156] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[ 2345.455779][T27900] usb 1-1: USB disconnect, device number 83
[ 2345.665217][ T3038] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 32 if 0 alt 63 proto 1 vid 0x0525 pid 0xA4A8
[ 2345.680967][ T3038] usb 3-1: USB disconnect, device number 32
[ 2345.697252][ T3038] usblp0: removed
12:18:10 executing program 4:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0x2, &(0x7f0000000980)=@string={0x2}}]})

12:18:10 executing program 3:
socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

12:18:10 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x4, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

12:18:10 executing program 0:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f00000008c0)=@string={0x2}}, {0xd, &(0x7f0000000980)=@string={0xd, 0x3, "6e303a3618b9ec0015f0e1"}}]})

12:18:10 executing program 5:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000015000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235000800000f3066ba4100ed66b859000f00d0420f0f1f1cb9db0900000f32f2470f5d08b9a40800000f32410f79a8bd00000066baf80cb802f50286ef66bafc0c66ed3e0f01c9", 0x4e}], 0x1, 0x0, &(0x7f0000000280)=[@efer={0x2, 0x800}], 0x1)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

12:18:10 executing program 3:
socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000040)={'erspan0\x00', &(0x7f0000000000)=@ethtool_pauseparam={0x1b, 0x5}})

[ 2346.040913][ T9161] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2346.062572][ T9161] CPU: 0 PID: 9161 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2346.072479][ T9161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2346.082597][ T9161] Call Trace:
[ 2346.085910][ T9161]  <TASK>
[ 2346.088877][ T9161]  dump_stack_lvl+0x136/0x150
[ 2346.093621][ T9161]  dump_header+0x10a/0xd70
[ 2346.098109][ T9161]  oom_kill_process+0x25d/0x600
[ 2346.103034][ T9161]  out_of_memory+0x35c/0x1650
[ 2346.107781][ T9161]  ? find_held_lock+0x2d/0x110
[ 2346.112606][ T9161]  ? oom_killer_disable+0x2b0/0x2b0
[ 2346.117875][ T9161]  ? rcu_read_unlock+0x9/0x60
[ 2346.122604][ T9161]  ? find_held_lock+0x2d/0x110
[ 2346.127413][ T9161]  mem_cgroup_out_of_memory+0x206/0x270
[ 2346.133041][ T9161]  ? mem_cgroup_margin+0x130/0x130
[ 2346.138190][ T9161]  ? lock_downgrade+0x690/0x690
[ 2346.143089][ T9161]  try_charge_memcg+0xf99/0x13a0
[ 2346.148072][ T9161]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2346.154102][ T9161]  ? lock_downgrade+0x690/0x690
[ 2346.158988][ T9161]  ? trace_lock_acquire+0x12d/0x180
[ 2346.164225][ T9161]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2346.169808][ T9161]  ? lock_acquire+0x32/0xc0
[ 2346.174368][ T9161]  charge_memcg+0x90/0x3b0
[ 2346.178836][ T9161]  __mem_cgroup_charge+0x2b/0x90
[ 2346.183820][ T9161]  do_wp_page+0x8ac/0x3510
[ 2346.188331][ T9161]  ? lock_sync+0x190/0x190
[ 2346.192786][ T9161]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2346.198202][ T9161]  ? rcu_is_watching+0x12/0xb0
[ 2346.203008][ T9161]  ? do_raw_spin_lock+0x124/0x2b0
[ 2346.208093][ T9161]  ? spin_bug+0x1c0/0x1c0
[ 2346.212464][ T9161]  ? lock_acquire+0x32/0xc0
[ 2346.217003][ T9161]  ? __handle_mm_fault+0x1334/0x4180
[ 2346.222348][ T9161]  __handle_mm_fault+0x1547/0x4180
[ 2346.227531][ T9161]  ? vm_iomap_memory+0x190/0x190
[ 2346.232540][ T9161]  handle_mm_fault+0x2c0/0x9c0
[ 2346.237357][ T9161]  do_user_addr_fault+0x2ed/0x1240
[ 2346.242513][ T9161]  ? rcu_is_watching+0x12/0xb0
[ 2346.247323][ T9161]  exc_page_fault+0x98/0x170
[ 2346.251965][ T9161]  asm_exc_page_fault+0x26/0x30
[ 2346.256855][ T9161] RIP: 0033:0x7f47dd2395a0
[ 2346.261312][ T9161] Code: fe ff 49 39 dc 75 eb 48 8b 44 24 18 89 28 48 83 c4 28 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 44 00 00 41 89 c5 e9 75 fe ff ff <43> 89 2c 84 e9 a3 fe ff ff 0f 1f 80 00 00 00 00 49 39 d4 74 70 48
[ 2346.281045][ T9161] RSP: 002b:00007ffdbc005e60 EFLAGS: 00010246
[ 2346.287138][ T9161] RAX: 0000000018ecfdec RBX: 00007f47dd3ac018 RCX: 0000001b32520000
[ 2346.295138][ T9161] RDX: 0000000000000000 RSI: 0000001b32520018 RDI: 00000000090fdf78
[ 2346.303132][ T9161] RBP: 0000000018ecfdec R08: 0000000000001dec R09: 0000000018ecfdf0
[ 2346.311126][ T9161] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3a0000
[ 2346.319123][ T9161] R13: 0000000000000001 R14: 000000000000000f R15: ffffffff81e3d5e1
[ 2346.327123][ T9161]  ? build_open_flags+0x251/0x720
[ 2346.332228][ T9161]  </TASK>
12:18:11 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)

[ 2346.343308][ T9161] memory: usage 307200kB, limit 307200kB, failcnt 13827
[ 2346.350525][ T9161] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2346.357655][ T9161] Memory cgroup stats for /syz1:
[ 2346.357925][ T9161] anon 143360
[ 2346.357925][ T9161] file 312406016
[ 2346.357925][ T9161] kernel 2023424
[ 2346.357925][ T9161] kernel_stack 65536
[ 2346.357925][ T9161] pagetables 81920
[ 2346.357925][ T9161] sec_pagetables 0
[ 2346.357925][ T9161] percpu 4864
[ 2346.357925][ T9161] sock 0
[ 2346.357925][ T9161] vmalloc 0
[ 2346.357925][ T9161] shmem 312406016
[ 2346.357925][ T9161] zswap 0
[ 2346.357925][ T9161] zswapped 0
[ 2346.357925][ T9161] file_mapped 380928
[ 2346.357925][ T9161] file_dirty 0
[ 2346.357925][ T9161] file_writeback 0
[ 2346.357925][ T9161] swapcached 0
[ 2346.357925][ T9161] anon_thp 0
[ 2346.357925][ T9161] file_thp 0
[ 2346.357925][ T9161] shmem_thp 0
[ 2346.357925][ T9161] inactive_anon 62951424
[ 2346.357925][ T9161] active_anon 167936
[ 2346.357925][ T9161] inactive_file 0
[ 2346.357925][ T9161] active_file 0
[ 2346.357925][ T9161] unevictable 249430016
12:18:11 executing program 2:
syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x1, 0x30, 0x7d, [{{0x9, 0x4, 0x0, 0x3f, 0x1, 0x7, 0x1, 0x1, 0x4, "", {{{0x9, 0x5, 0x1, 0x2, 0x3ff, 0x3f, 0x1, 0x3}}}}}]}}]}}, &(0x7f0000000100)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x300, 0x0, 0x20, 0x80, 0x10, 0xfa}, 0x70, &(0x7f0000000080)={0x5, 0xf, 0x70, 0x1, [@generic={0x6b, 0x10, 0x1, "474a5fb0524c429fd0ec8671e33ca918061251443f4f37808fe8fea8d327cf05ee30bc033c21e9973c0ab58e9051c2ababda0086f33ad769d8dbaebda7ced7e9ff09dcce4a587cea730bd5234eed18541be5b63e1b7f405b141c7b708b4a41f4963dcaf62059cae7"}]}})

[ 2346.357925][ T9161] slab_reclaimable 967880
[ 2346.357925][ T9161] slab_unreclaimable 869456
[ 2346.357925][ T9161] slab 1837336
[ 2346.357925][ T9161] workingset_refault_anon 0
[ 2346.357925][ T9161] workingset_refault_file 0
[ 2346.357925][ T9161] workingset_activate_anon 0
[ 2346.357925][ T9161] workingset_activate_file 0
[ 2346.357925][ T9161] workingset_restore_anon 0
[ 2346.357925][ T9161] workingset_restore_file 0
[ 2346.357925][ T9161] workingset_nodereclaim 0
[ 2346.357925][ T9161] pgscan 49
[ 2346.357925][ T9161] pgsteal 49
[ 2346.357925][ T9161] pgscan_kswapd 0
[ 2346.357925][ T9161] pgscan_direct 49
[ 2346.357925][ T9161] pgscan_khugepaged 0
[ 2346.357925][ T9161] pgsteal_kswapd 0
[ 2346.357925][ T9161] pgsteal_direct 49
[ 2346.357925][ T9161] pgsteal_khugepaged 0
[ 2346.357925][ T9161] pgfault 1096333
[ 2346.357925][ T9161] pgmajfault 422
[ 2346.357925][ T9161] pgrefill 150
[ 2346.357925][ T9161] pgactivate 161
[ 2346.357925][ T9161] pgdeactivate 0
[ 2346.357925][ T9161] pglazyfree 0
[ 2346.357925][ T9161] pglazyfreed 0
[ 2346.357925][ T9161] zswpin 0
[ 2346.357925][ T9161] zswpout 0
12:18:11 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)

[ 2346.554762][ T9161] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9161,uid=0
12:18:11 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0)

12:18:11 executing program 1:
openat$uhid(0xffffffffffffff9c, &(0x7f0000000200), 0x802, 0x0)
timer_create(0x9, &(0x7f0000000100)={0x0, 0x12}, &(0x7f0000000180)=<r0=>0x0)
r1 = fanotify_init(0x4, 0x1000)
creat(&(0x7f0000000240)='./file0\x00', 0x0)
fanotify_mark(r1, 0x105, 0x800101b, 0xffffffffffffffff, 0x0)
timer_settime(r0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r2 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
ftruncate(r2, 0x800)
mlockall(0x2)
r3 = shmget$private(0x0, 0x400000, 0x20, &(0x7f000000e000/0x400000)=nil)
shmat(r3, &(0x7f00002f4000/0x2000)=nil, 0x5000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
write$P9_RWSTAT(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x7f, 0x2}, 0x7)
ioctl$BTRFS_IOC_BALANCE(r4, 0x5000940c, 0x0)
shmat(r3, &(0x7f00000a0000/0x3000)=nil, 0x6000)
shmctl$IPC_RMID(0x0, 0x0)
shmctl$SHM_LOCK(0x0, 0xb)
r6 = shmget(0x2, 0x3000, 0x130, &(0x7f0000074000/0x3000)=nil)
shmctl$IPC_STAT(r6, 0x2, &(0x7f00000001c0)=""/62)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000340)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x40410}, 0x4040044)
shmat(r3, &(0x7f00003c6000/0x3000)=nil, 0x4000)
shmctl$SHM_UNLOCK(0x0, 0xc)
shmctl$SHM_LOCK(r3, 0xb)
r7 = shmget$private(0x0, 0x3000, 0x54001800, &(0x7f000010d000/0x3000)=nil)
ioctl$BTRFS_IOC_BALANCE_V2(r5, 0xc4009420, &(0x7f0000000640)={0x0, 0x1, {0x81, @usage=0xd1, 0x0, 0xfffffffffffffffc, 0x10000, 0xffffffffffffffff, 0x0, 0x5, 0x0, @usage=0x1, 0x1ea7, 0xffffffc0, [0x5, 0x7, 0x5, 0xffffffffffffffff, 0xffff, 0x24f]}, {0x5, @struct={0x8da6, 0x46a}, 0x0, 0x3f, 0xff, 0x8, 0x9, 0x7f, 0x0, @struct={0x3, 0x8}, 0xffff0000, 0xffffffcb, [0x8, 0x27d9, 0x7, 0x7ff, 0x57175363, 0x8]}, {0x10001, @usage=0x9, 0x0, 0x4d2, 0x3b89, 0xfffffffffffffff9, 0x4, 0x7fffffff, 0x441, @usage=0x7000000000000, 0x9, 0x20000d5a, [0x2, 0x6, 0x5, 0x80, 0x4, 0x7735]}, {0x8000, 0xffffffffffffffff}})
shmat(r7, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffdfff)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000012c0)=[{{&(0x7f00000005c0)=@xdp, 0x80, 0x0, 0x0, &(0x7f0000000fc0)=""/83, 0x53}, 0x1}, {{&(0x7f0000001040)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @dev}}, 0x80, &(0x7f00000011c0)=[{&(0x7f00000010c0)=""/150, 0x96}, {&(0x7f0000001180)=""/5, 0x5}], 0x2, &(0x7f0000001200)=""/180, 0xb4}, 0x5}], 0x2, 0x0, &(0x7f0000001340)={0x0, 0x989680})

[ 2346.600436][ T9161] Memory cgroup out of memory: Killed process 9161 (syz-executor.1) total-vm:54540kB, anon-rss:380kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
12:18:11 executing program 3:
r0 = socket$l2tp(0x2, 0x2, 0x73)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'erspan0\x00', 0x0})

[ 2346.662461][ T8017] usb 1-1: new high-speed USB device number 84 using dummy_hcd
[ 2346.780244][ T9189] syz-executor.1 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000
[ 2346.793261][ T9189] CPU: 1 PID: 9189 Comm: syz-executor.1 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2346.802416][T27629] usb 3-1: new high-speed USB device number 33 using dummy_hcd
[ 2346.803124][ T9189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2346.820764][ T9189] Call Trace:
[ 2346.824056][ T9189]  <TASK>
[ 2346.827001][ T9189]  dump_stack_lvl+0x136/0x150
[ 2346.831714][ T9189]  dump_header+0x10a/0xd70
[ 2346.836260][ T9189]  oom_kill_process+0x25d/0x600
[ 2346.841174][ T9189]  out_of_memory+0x35c/0x1650
[ 2346.845896][ T9189]  ? find_held_lock+0x2d/0x110
[ 2346.850689][ T9189]  ? oom_killer_disable+0x2b0/0x2b0
[ 2346.855930][ T9189]  ? rcu_read_unlock+0x9/0x60
[ 2346.860632][ T9189]  ? find_held_lock+0x2d/0x110
[ 2346.865447][ T9189]  mem_cgroup_out_of_memory+0x206/0x270
[ 2346.871033][ T9189]  ? mem_cgroup_margin+0x130/0x130
[ 2346.876192][ T9189]  ? lock_downgrade+0x690/0x690
[ 2346.881087][ T9189]  try_charge_memcg+0xf99/0x13a0
[ 2346.886084][ T9189]  ? mem_cgroup_handle_over_high+0x520/0x520
[ 2346.892120][ T9189]  ? lock_downgrade+0x690/0x690
[ 2346.897015][ T9189]  ? trace_lock_acquire+0x12d/0x180
[ 2346.902260][ T9189]  ? get_mem_cgroup_from_mm+0x247/0x580
[ 2346.907854][ T9189]  ? lock_acquire+0x32/0xc0
[ 2346.912406][ T9189]  charge_memcg+0x90/0x3b0
[ 2346.916866][ T9189]  __mem_cgroup_charge+0x2b/0x90
[ 2346.921880][ T9189]  ? copy_mc_to_kernel+0x3e/0x90
[ 2346.926869][ T9189]  do_wp_page+0x8ac/0x3510
[ 2346.931336][ T9189]  ? lock_sync+0x190/0x190
[ 2346.935818][ T9189]  ? finish_mkwrite_fault+0x3d0/0x3d0
[ 2346.941231][ T9189]  ? rcu_is_watching+0x12/0xb0
[ 2346.946041][ T9189]  ? do_raw_spin_lock+0x124/0x2b0
[ 2346.951126][ T9189]  ? spin_bug+0x1c0/0x1c0
[ 2346.955526][ T9189]  ? lock_acquire+0x32/0xc0
[ 2346.960059][ T9189]  ? __handle_mm_fault+0x1334/0x4180
[ 2346.965413][ T9189]  __handle_mm_fault+0x1547/0x4180
[ 2346.970583][ T9189]  ? vm_iomap_memory+0x190/0x190
[ 2346.975591][ T9189]  handle_mm_fault+0x2c0/0x9c0
[ 2346.980443][ T9189]  do_user_addr_fault+0x2ed/0x1240
[ 2346.985592][ T9189]  ? rcu_is_watching+0x12/0xb0
[ 2346.990402][ T9189]  exc_page_fault+0x98/0x170
[ 2346.995039][ T9189]  asm_exc_page_fault+0x26/0x30
[ 2346.999929][ T9189] RIP: 0033:0x7f47dd2364bd
[ 2347.004371][ T9189] Code: 0c 48 89 df 41 83 c6 01 e8 00 f7 ff ff 48 83 c3 20 49 39 df 75 df 44 89 75 00 8b 05 4d 1b 17 00 48 8b 15 16 f2 c9 00 83 c0 01 <89> 05 3d 1b 17 00 89 02 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f
[ 2347.024009][ T9189] RSP: 002b:00007ffdbc005ec0 EFLAGS: 00010202
[ 2347.030102][ T9189] RAX: 0000000000000001 RBX: 00007f47dd3abf80 RCX: 00000000000003ed
[ 2347.038278][ T9189] RDX: 0000001b32520000 RSI: 0000001b32520018 RDI: 00000000b4a86bdd
[ 2347.046280][ T9189] RBP: 0000001b32520020 R08: 0000001b32920000 R09: 00000000b4a86be1
[ 2347.054297][ T9189] R10: 00007ffdbc006020 R11: 0000000000000246 R12: 00007f47dd3abf80
[ 2347.062311][ T9189] R13: 0000001b32520018 R14: 0000001b3252001c R15: 0000000000000032
[ 2347.070338][ T9189]  </TASK>
[ 2347.088006][ T9189] memory: usage 307200kB, limit 307200kB, failcnt 13897
[ 2347.095339][ T9189] swap: usage 0kB, limit 9007199254740988kB, failcnt 0
[ 2347.102908][ T9189] Memory cgroup stats for /syz1:
[ 2347.103179][ T9189] anon 147456
[ 2347.103179][ T9189] file 312406016
[ 2347.103179][ T9189] kernel 2019328
[ 2347.103179][ T9189] kernel_stack 65536
[ 2347.103179][ T9189] pagetables 81920
[ 2347.103179][ T9189] sec_pagetables 0
[ 2347.103179][ T9189] percpu 4864
[ 2347.103179][ T9189] sock 0
[ 2347.103179][ T9189] vmalloc 0
[ 2347.103179][ T9189] shmem 312406016
[ 2347.103179][ T9189] zswap 0
[ 2347.103179][ T9189] zswapped 0
[ 2347.103179][ T9189] file_mapped 380928
[ 2347.103179][ T9189] file_dirty 0
[ 2347.103179][ T9189] file_writeback 0
[ 2347.103179][ T9189] swapcached 0
[ 2347.103179][ T9189] anon_thp 0
[ 2347.103179][ T9189] file_thp 0
[ 2347.103179][ T9189] shmem_thp 0
[ 2347.103179][ T9189] inactive_anon 62951424
[ 2347.103179][ T9189] active_anon 172032
[ 2347.103179][ T9189] inactive_file 0
[ 2347.103179][ T9189] active_file 0
[ 2347.103179][ T9189] unevictable 249430016
[ 2347.103179][ T9189] slab_reclaimable 964920
[ 2347.103179][ T9189] slab_unreclaimable 868808
[ 2347.103179][ T9189] slab 1833728
[ 2347.103179][ T9189] workingset_refault_anon 0
[ 2347.103179][ T9189] workingset_refault_file 0
[ 2347.103179][ T9189] workingset_activate_anon 0
[ 2347.103179][ T9189] workingset_activate_file 0
[ 2347.103179][ T9189] workingset_restore_anon 0
[ 2347.103179][ T9189] workingset_restore_file 0
[ 2347.103179][ T9189] workingset_nodereclaim 0
[ 2347.103179][ T9189] pgscan 49
[ 2347.103179][ T9189] pgsteal 49
[ 2347.103179][ T9189] pgscan_kswapd 0
[ 2347.103179][ T9189] pgscan_direct 49
[ 2347.103179][ T9189] pgscan_khugepaged 0
[ 2347.103179][ T9189] pgsteal_kswapd 0
[ 2347.103179][ T9189] pgsteal_direct 49
[ 2347.103179][ T9189] pgsteal_khugepaged 0
[ 2347.103179][ T9189] pgfault 1096395
[ 2347.103179][ T9189] pgmajfault 422
[ 2347.103179][ T9189] pgrefill 150
[ 2347.103179][ T9189] pgactivate 161
[ 2347.103179][ T9189] pgdeactivate 0
[ 2347.103179][ T9189] pglazyfree 0
[ 2347.103179][ T9189] pglazyfreed 0
[ 2347.103179][ T9189] zswpin 0
[ 2347.103179][ T9189] zswpout 0
[ 2347.112293][ T8017] usb 1-1: Using ep0 maxpacket: 16
[ 2347.302012][ T9189] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz1,mems_allowed=0-1,oom_memcg=/syz1,task_memcg=/syz1,task=syz-executor.1,pid=9189,uid=0
[ 2347.318147][ T9189] Memory cgroup out of memory: Killed process 9189 (syz-executor.1) total-vm:54540kB, anon-rss:508kB, file-rss:8832kB, shmem-rss:0kB, UID:0 pgtables:88kB oom_score_adj:1000
[ 2347.342328][T27629] usb 3-1: Using ep0 maxpacket: 16
[ 2347.422338][ T8017] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2347.472443][T27629] usb 3-1: config 1 interface 0 altsetting 63 bulk endpoint 0x1 has invalid maxpacket 1023
[ 2347.482658][ T8017] usb 1-1: language id specifier not provided by device, defaulting to English
[ 2347.491726][T27629] usb 3-1: config 1 interface 0 has no altsetting 0
[ 2347.602369][ T8017] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2347.611757][ T8017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2347.620378][ T8017] usb 1-1: Product: syz
[ 2347.624989][ T8017] usb 1-1: Manufacturer: の㘺뤘ì
[ 2347.630699][ T8017] usb 1-1: SerialNumber: syz
[ 2347.652388][T27629] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2347.661613][T27629] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2347.670285][T27629] usb 3-1: Product: syz
[ 2347.674715][T27629] usb 3-1: Manufacturer: syz
[ 2347.679363][T27629] usb 3-1: SerialNumber: syz
[ 2347.712519][ T9180] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[ 2347.890817][ T8017] usb 1-1: USB disconnect, device number 84
[ 2348.032438][T27629] ==================================================================
[ 2348.040568][T27629] BUG: KASAN: slab-out-of-bounds in lockdep_register_key+0x396/0x410
[ 2348.048691][T27629] Read of size 8 at addr ffff888038755b60 by task kworker/0:17/27629
[ 2348.056774][T27629] 
[ 2348.059106][T27629] CPU: 0 PID: 27629 Comm: kworker/0:17 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2348.068852][T27629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2348.078934][T27629] Workqueue: usb_hub_wq hub_event
[ 2348.084018][T27629] Call Trace:
[ 2348.087304][T27629]  <TASK>
[ 2348.090280][T27629]  dump_stack_lvl+0xd9/0x150
[ 2348.094945][T27629]  print_address_description.constprop.0+0x2c/0x3c0
[ 2348.101681][T27629]  ? lockdep_register_key+0x396/0x410
[ 2348.107116][T27629]  kasan_report+0x11c/0x130
[ 2348.111660][T27629]  ? lockdep_register_key+0x396/0x410
[ 2348.117060][T27629]  lockdep_register_key+0x396/0x410
[ 2348.122284][T27629]  ? free_zapped_rcu+0x290/0x290
[ 2348.127248][T27629]  class_register+0xed/0x530
[ 2348.131949][T27629]  class_create+0x99/0x100
[ 2348.136428][T27629]  usb_register_dev+0x4e7/0x860
[ 2348.141385][T27629]  ? usb_open+0x2e0/0x2e0
[ 2348.145835][T27629]  ? usblp_ctrl_msg+0x14e/0x2e0
[ 2348.150765][T27629]  ? usblp_cache_device_id_string+0x68/0x3b0
[ 2348.156797][T27629]  usblp_probe+0xc91/0x16d0
[ 2348.161351][T27629]  ? usblp_disconnect+0x330/0x330
[ 2348.166414][T27629]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 2348.172268][T27629]  usb_probe_interface+0x30f/0x960
[ 2348.177432][T27629]  ? usb_match_dynamic_id+0x1a0/0x1a0
[ 2348.182873][T27629]  really_probe+0x240/0xca0
[ 2348.187423][T27629]  __driver_probe_device+0x1df/0x4d0
[ 2348.192756][T27629]  ? usb_match_id.part.0+0x15d/0x1b0
[ 2348.198082][T27629]  driver_probe_device+0x4c/0x1a0
[ 2348.203161][T27629]  __device_attach_driver+0x1d4/0x2e0
[ 2348.208587][T27629]  bus_for_each_drv+0x149/0x1d0
[ 2348.213482][T27629]  ? driver_probe_device+0x1a0/0x1a0
[ 2348.218808][T27629]  ? bus_for_each_dev+0x1c0/0x1c0
[ 2348.223875][T27629]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 2348.229729][T27629]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2348.234972][T27629]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 2348.240846][T27629]  __device_attach+0x1e4/0x4b0
[ 2348.245659][T27629]  ? device_driver_attach+0x210/0x210
[ 2348.251082][T27629]  ? do_raw_spin_unlock+0x175/0x230
[ 2348.256329][T27629]  bus_probe_device+0x17c/0x1c0
[ 2348.261219][T27629]  device_add+0x11c4/0x1c50
[ 2348.265762][T27629]  ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 2348.272658][T27629]  usb_set_configuration+0x10ee/0x1af0
[ 2348.278169][T27629]  usb_generic_driver_probe+0xcf/0x130
[ 2348.283751][T27629]  usb_probe_device+0xd8/0x2c0
[ 2348.288567][T27629]  ? usb_driver_release_interface+0x190/0x190
[ 2348.294670][T27629]  really_probe+0x240/0xca0
[ 2348.299212][T27629]  __driver_probe_device+0x1df/0x4d0
[ 2348.304536][T27629]  driver_probe_device+0x4c/0x1a0
[ 2348.309595][T27629]  __device_attach_driver+0x1d4/0x2e0
[ 2348.315011][T27629]  bus_for_each_drv+0x149/0x1d0
[ 2348.319890][T27629]  ? driver_probe_device+0x1a0/0x1a0
[ 2348.325210][T27629]  ? bus_for_each_dev+0x1c0/0x1c0
[ 2348.330260][T27629]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 2348.336095][T27629]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2348.341332][T27629]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 2348.347185][T27629]  __device_attach+0x1e4/0x4b0
[ 2348.352019][T27629]  ? device_driver_attach+0x210/0x210
[ 2348.357446][T27629]  ? do_raw_spin_unlock+0x175/0x230
[ 2348.362801][T27629]  bus_probe_device+0x17c/0x1c0
[ 2348.367694][T27629]  device_add+0x11c4/0x1c50
[ 2348.372291][T27629]  ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 2348.379193][T27629]  ? add_device_randomness+0xb8/0xe0
[ 2348.384599][T27629]  usb_new_device+0xcb2/0x19d0
[ 2348.389412][T27629]  ? hub_disconnect+0x510/0x510
[ 2348.394308][T27629]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2348.399548][T27629]  hub_event+0x2d9e/0x4e40
[ 2348.404025][T27629]  ? hub_port_debounce+0x3b0/0x3b0
[ 2348.409180][T27629]  ? lock_sync+0x190/0x190
[ 2348.413635][T27629]  ? rcu_is_watching+0x12/0xb0
[ 2348.418458][T27629]  ? trace_lock_acquire+0x12d/0x180
[ 2348.423868][T27629]  ? process_one_work+0x8b7/0x15e0
[ 2348.429065][T27629]  ? lock_acquire+0x32/0xc0
[ 2348.433602][T27629]  ? process_one_work+0x8b7/0x15e0
[ 2348.438757][T27629]  process_one_work+0x99a/0x15e0
[ 2348.443739][T27629]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 2348.449157][T27629]  ? rcu_is_watching+0x12/0xb0
[ 2348.453966][T27629]  ? spin_bug+0x1c0/0x1c0
[ 2348.458331][T27629]  ? lock_acquire+0x32/0xc0
[ 2348.462877][T27629]  ? worker_thread+0x16d/0x10c0
[ 2348.467767][T27629]  worker_thread+0x67d/0x10c0
[ 2348.472484][T27629]  ? process_one_work+0x15e0/0x15e0
[ 2348.477715][T27629]  kthread+0x33e/0x440
[ 2348.481867][T27629]  ? kthread_complete_and_exit+0x40/0x40
[ 2348.487532][T27629]  ret_from_fork+0x1f/0x30
[ 2348.492002][T27629]  </TASK>
[ 2348.495033][T27629] 
[ 2348.497369][T27629] Allocated by task 3038:
[ 2348.501810][T27629]  kasan_save_stack+0x22/0x40
[ 2348.506521][T27629]  kasan_set_track+0x25/0x30
[ 2348.511145][T27629]  __kasan_kmalloc+0xa2/0xb0
[ 2348.515768][T27629]  __kmalloc_node_track_caller+0x5f/0x1a0
[ 2348.521537][T27629]  kmalloc_reserve+0xf0/0x270
[ 2348.526245][T27629]  __alloc_skb+0x129/0x330
[ 2348.530691][T27629]  nsim_dev_trap_report_work+0x2b1/0xc80
[ 2348.536400][T27629]  process_one_work+0x99a/0x15e0
[ 2348.541364][T27629]  worker_thread+0x67d/0x10c0
[ 2348.546070][T27629]  kthread+0x33e/0x440
[ 2348.550248][T27629]  ret_from_fork+0x1f/0x30
[ 2348.554701][T27629] 
[ 2348.557034][T27629] Freed by task 3038:
[ 2348.561021][T27629]  kasan_save_stack+0x22/0x40
[ 2348.565755][T27629]  kasan_set_track+0x25/0x30
[ 2348.570408][T27629]  kasan_save_free_info+0x2e/0x40
[ 2348.575487][T27629]  ____kasan_slab_free+0x160/0x1c0
[ 2348.580634][T27629]  slab_free_freelist_hook+0x8b/0x1c0
[ 2348.586044][T27629]  __kmem_cache_free+0xaf/0x2d0
[ 2348.590951][T27629]  skb_free_head+0x108/0x1a0
[ 2348.595577][T27629]  skb_release_data+0x57a/0x820
[ 2348.600493][T27629]  consume_skb+0xd0/0x170
[ 2348.604876][T27629]  nsim_dev_trap_report_work+0x87c/0xc80
[ 2348.610546][T27629]  process_one_work+0x99a/0x15e0
[ 2348.615518][T27629]  worker_thread+0x67d/0x10c0
[ 2348.620224][T27629]  kthread+0x33e/0x440
[ 2348.624317][T27629]  ret_from_fork+0x1f/0x30
[ 2348.628769][T27629] 
[ 2348.631100][T27629] The buggy address belongs to the object at ffff888038754000
[ 2348.631100][T27629]  which belongs to the cache kmalloc-4k of size 4096
[ 2348.645342][T27629] The buggy address is located 2912 bytes to the right of
[ 2348.645342][T27629]  allocated 4096-byte region [ffff888038754000, ffff888038755000)
[ 2348.660202][T27629] 
[ 2348.662532][T27629] The buggy address belongs to the physical page:
[ 2348.668950][T27629] page:ffffea0000e1d400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x38750
[ 2348.679123][T27629] head:ffffea0000e1d400 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2348.688072][T27629] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[ 2348.696064][T27629] page_type: 0xffffffff()
[ 2348.700410][T27629] raw: 00fff00000010200 ffff888012442140 dead000000000122 0000000000000000
[ 2348.709104][T27629] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[ 2348.717811][T27629] page dumped because: kasan: bad access detected
[ 2348.724234][T27629] page_owner tracks the page as allocated
[ 2348.729955][T27629] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 3038, tgid 3038 (kworker/1:0), ts 2339232956846, free_ts 2339165945569
[ 2348.752400][T27629]  get_page_from_freelist+0xf75/0x2aa0
[ 2348.757900][T27629]  __alloc_pages+0x1cb/0x4a0
[ 2348.762524][T27629]  alloc_pages+0x1aa/0x270
[ 2348.767022][T27629]  allocate_slab+0x28e/0x380
[ 2348.771636][T27629]  ___slab_alloc+0xa91/0x1400
[ 2348.776354][T27629]  __slab_alloc.constprop.0+0x56/0xa0
[ 2348.781759][T27629]  __kmem_cache_alloc_node+0x136/0x320
[ 2348.787262][T27629]  __kmalloc_node_track_caller+0x4f/0x1a0
[ 2348.793022][T27629]  kmalloc_reserve+0xf0/0x270
[ 2348.797730][T27629]  __alloc_skb+0x129/0x330
[ 2348.802197][T27629]  nsim_dev_trap_report_work+0x2b1/0xc80
[ 2348.807860][T27629]  process_one_work+0x99a/0x15e0
[ 2348.812828][T27629]  worker_thread+0x67d/0x10c0
[ 2348.817537][T27629]  kthread+0x33e/0x440
[ 2348.821633][T27629]  ret_from_fork+0x1f/0x30
[ 2348.826087][T27629] page last free stack trace:
[ 2348.830766][T27629]  free_unref_page_prepare+0x4d8/0xb80
[ 2348.836264][T27629]  free_unref_page+0x33/0x370
[ 2348.840990][T27629]  __unfreeze_partials+0x17c/0x1a0
[ 2348.846132][T27629]  qlist_free_all+0x6a/0x170
[ 2348.850743][T27629]  kasan_quarantine_reduce+0x195/0x220
[ 2348.856233][T27629]  __kasan_slab_alloc+0x63/0x90
[ 2348.861139][T27629]  __kmem_cache_alloc_node+0x17c/0x320
[ 2348.866632][T27629]  __kmalloc_node+0x51/0x1a0
[ 2348.871257][T27629]  kvmalloc_node+0xa2/0x1a0
[ 2348.875790][T27629]  seq_read_iter+0x7fb/0x12d0
[ 2348.880504][T27629]  kernfs_fop_read_iter+0x4ce/0x690
[ 2348.885752][T27629]  vfs_read+0x68a/0x940
[ 2348.889938][T27629]  ksys_read+0x12b/0x250
[ 2348.894216][T27629]  do_syscall_64+0x39/0xb0
[ 2348.898672][T27629]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 2348.904597][T27629] 
[ 2348.906930][T27629] Memory state around the buggy address:
[ 2348.912571][T27629]  ffff888038755a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2348.920655][T27629]  ffff888038755a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2348.928731][T27629] >ffff888038755b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2348.937245][T27629]                                                        ^
[ 2348.944454][T27629]  ffff888038755b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2348.952648][T27629]  ffff888038755c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2348.960745][T27629] ==================================================================
[ 2348.968830][T27629] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 2348.976038][T27629] CPU: 0 PID: 27629 Comm: kworker/0:17 Not tainted 6.3.0-rc4-next-20230330-syzkaller #0
[ 2348.985781][T27629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
[ 2348.995857][T27629] Workqueue: usb_hub_wq hub_event
[ 2349.000922][T27629] Call Trace:
[ 2349.004220][T27629]  <TASK>
[ 2349.007427][T27629]  dump_stack_lvl+0xd9/0x150
[ 2349.012109][T27629]  panic+0x688/0x730
[ 2349.016104][T27629]  ? panic_smp_self_stop+0x90/0x90
[ 2349.021260][T27629]  ? lock_downgrade+0x690/0x690
[ 2349.026159][T27629]  check_panic_on_warn+0xb1/0xc0
[ 2349.031135][T27629]  end_report+0xe9/0x120
[ 2349.035420][T27629]  ? lockdep_register_key+0x396/0x410
[ 2349.040823][T27629]  kasan_report+0xf9/0x130
[ 2349.045382][T27629]  ? lockdep_register_key+0x396/0x410
[ 2349.050793][T27629]  lockdep_register_key+0x396/0x410
[ 2349.056024][T27629]  ? free_zapped_rcu+0x290/0x290
[ 2349.061001][T27629]  class_register+0xed/0x530
[ 2349.065668][T27629]  class_create+0x99/0x100
[ 2349.070118][T27629]  usb_register_dev+0x4e7/0x860
[ 2349.075022][T27629]  ? usb_open+0x2e0/0x2e0
[ 2349.079384][T27629]  ? usblp_ctrl_msg+0x14e/0x2e0
[ 2349.084452][T27629]  ? usblp_cache_device_id_string+0x68/0x3b0
[ 2349.090464][T27629]  usblp_probe+0xc91/0x16d0
[ 2349.095000][T27629]  ? usblp_disconnect+0x330/0x330
[ 2349.100053][T27629]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 2349.105896][T27629]  usb_probe_interface+0x30f/0x960
[ 2349.111155][T27629]  ? usb_match_dynamic_id+0x1a0/0x1a0
[ 2349.116554][T27629]  really_probe+0x240/0xca0
[ 2349.121090][T27629]  __driver_probe_device+0x1df/0x4d0
[ 2349.126422][T27629]  ? usb_match_id.part.0+0x15d/0x1b0
[ 2349.131732][T27629]  driver_probe_device+0x4c/0x1a0
[ 2349.136804][T27629]  __device_attach_driver+0x1d4/0x2e0
[ 2349.142209][T27629]  bus_for_each_drv+0x149/0x1d0
[ 2349.147092][T27629]  ? driver_probe_device+0x1a0/0x1a0
[ 2349.152411][T27629]  ? bus_for_each_dev+0x1c0/0x1c0
[ 2349.157459][T27629]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 2349.163312][T27629]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2349.168530][T27629]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 2349.174804][T27629]  __device_attach+0x1e4/0x4b0
[ 2349.179602][T27629]  ? device_driver_attach+0x210/0x210
[ 2349.185008][T27629]  ? do_raw_spin_unlock+0x175/0x230
[ 2349.190259][T27629]  bus_probe_device+0x17c/0x1c0
[ 2349.195141][T27629]  device_add+0x11c4/0x1c50
[ 2349.199670][T27629]  ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 2349.206561][T27629]  usb_set_configuration+0x10ee/0x1af0
[ 2349.212064][T27629]  usb_generic_driver_probe+0xcf/0x130
[ 2349.217580][T27629]  usb_probe_device+0xd8/0x2c0
[ 2349.222373][T27629]  ? usb_driver_release_interface+0x190/0x190
[ 2349.228468][T27629]  really_probe+0x240/0xca0
[ 2349.233006][T27629]  __driver_probe_device+0x1df/0x4d0
[ 2349.238333][T27629]  driver_probe_device+0x4c/0x1a0
[ 2349.243392][T27629]  __device_attach_driver+0x1d4/0x2e0
[ 2349.248797][T27629]  bus_for_each_drv+0x149/0x1d0
[ 2349.253677][T27629]  ? driver_probe_device+0x1a0/0x1a0
[ 2349.258995][T27629]  ? bus_for_each_dev+0x1c0/0x1c0
[ 2349.264045][T27629]  ? _raw_spin_unlock_irqrestore+0x54/0x70
[ 2349.269882][T27629]  ? lockdep_hardirqs_on+0x7d/0x100
[ 2349.275109][T27629]  ? _raw_spin_unlock_irqrestore+0x41/0x70
[ 2349.280957][T27629]  __device_attach+0x1e4/0x4b0
[ 2349.285753][T27629]  ? device_driver_attach+0x210/0x210
[ 2349.291155][T27629]  ? do_raw_spin_unlock+0x175/0x230
[ 2349.296395][T27629]  bus_probe_device+0x17c/0x1c0
[ 2349.301275][T27629]  device_add+0x11c4/0x1c50
[ 2349.305802][T27629]  ? __fw_devlink_link_to_consumers.isra.0+0x270/0x270
[ 2349.312679][T27629]  ? add_device_randomness+0xb8/0xe0
[ 2349.318010][T27629]  usb_new_device+0xcb2/0x19d0
[ 2349.322830][T27629]  ? hub_disconnect+0x510/0x510
[ 2349.327726][T27629]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2349.332956][T27629]  hub_event+0x2d9e/0x4e40
[ 2349.337443][T27629]  ? hub_port_debounce+0x3b0/0x3b0
[ 2349.342609][T27629]  ? lock_sync+0x190/0x190
[ 2349.347062][T27629]  ? rcu_is_watching+0x12/0xb0
[ 2349.351877][T27629]  ? trace_lock_acquire+0x12d/0x180
[ 2349.357111][T27629]  ? process_one_work+0x8b7/0x15e0
[ 2349.362260][T27629]  ? lock_acquire+0x32/0xc0
[ 2349.366792][T27629]  ? process_one_work+0x8b7/0x15e0
[ 2349.371950][T27629]  process_one_work+0x99a/0x15e0
[ 2349.376935][T27629]  ? pwq_dec_nr_in_flight+0x2a0/0x2a0
[ 2349.382346][T27629]  ? rcu_is_watching+0x12/0xb0
[ 2349.387151][T27629]  ? spin_bug+0x1c0/0x1c0
[ 2349.391515][T27629]  ? lock_acquire+0x32/0xc0
[ 2349.396060][T27629]  ? worker_thread+0x16d/0x10c0
[ 2349.400976][T27629]  worker_thread+0x67d/0x10c0
[ 2349.405714][T27629]  ? process_one_work+0x15e0/0x15e0
[ 2349.410968][T27629]  kthread+0x33e/0x440
[ 2349.415177][T27629]  ? kthread_complete_and_exit+0x40/0x40
[ 2349.420954][T27629]  ret_from_fork+0x1f/0x30
[ 2349.425429][T27629]  </TASK>
[ 2349.428780][T27629] Kernel Offset: disabled
[ 2349.433133][T27629] Rebooting in 86400 seconds..