last executing test programs: 17.613073259s ago: executing program 4 (id=1502): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x0, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) unshare(0x24060c80) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) close_range(r4, 0xffffffffffffffff, 0x0) 16.788790619s ago: executing program 4 (id=1507): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fstat(r5, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r6) ioctl$VT_RESIZE(r4, 0x5609, 0x0) r7 = syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, r7, 0x705, 0x0, 0x0, {0x34}}, 0x14}}, 0x0) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) 12.774868629s ago: executing program 1 (id=1517): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) unshare(0x24060c80) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) close_range(r4, 0xffffffffffffffff, 0x0) 11.521027995s ago: executing program 1 (id=1519): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) 9.579525909s ago: executing program 0 (id=1527): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000008dceba394fc9d73b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea2105600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000f87c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup3(r2, r0, 0x0) r3 = eventfd(0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 8.51078502s ago: executing program 0 (id=1528): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0xb) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000700)={0x10, 0x0, 0x0, 0x800000}, 0xc) sendmsg$nl_route(r2, 0x0, 0x0) 8.409546998s ago: executing program 3 (id=1529): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() getrlimit(0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xfffc, @multicast1}}]}, 0x80}}, 0x0) 8.328937725s ago: executing program 1 (id=1530): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) unshare(0x24060c80) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) close_range(r4, 0xffffffffffffffff, 0x0) 8.315741076s ago: executing program 0 (id=1531): r0 = openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0) ftruncate(0xffffffffffffffff, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x0, 0x0) getpid() socket$tipc(0x1e, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = syz_open_dev$sndctrl(0x0, 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r4, 0xc4c85513, 0x0) getdents64(r0, 0x0, 0x0) r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r5, 0xc0585605, &(0x7f0000000100)={0x1, 0x1, @raw_data=[0xe7, 0x0, 0x1013]}) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CAP_X2APIC_API(r6, 0x4068aea3, &(0x7f0000000200)={0x81, 0x0, 0x6}) io_setup(0x5, &(0x7f0000000000)) openat$sw_sync(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 7.08912473s ago: executing program 0 (id=1532): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./bus\x00', 0x0, &(0x7f0000020000)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75", @ANYRES64], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5") syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) write$binfmt_script(r0, &(0x7f00000003c0), 0xb) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r7 = dup3(r6, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f00000002c0)=[@acquire], 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c}) r8 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchmodat(r8, &(0x7f00000000c0)='./file1\x00', 0x0) openat(r8, &(0x7f00000001c0)='./file1\x00', 0x5, 0x0) r9 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800030090020000080004"], 0x44}, 0x1, 0xba01}, 0x0) write$binfmt_script(r9, &(0x7f0000000340)={'#! ', './file0', [{0x20, '\\@&&\x00'}, {0x20, '#! '}], 0xa, "bdb69cfb93e7f0ac45f09a7e1fd1b2e3189c7f64ff721353fdcb0bd4bc6f0c2a405e097f27235ebffdf292993541f79f84e313249d968f67b27040e08c051fd1a7fa0ba39747e19bb2d4ed2bc7ead91dfac761e689815f3f4730927baa8686b965"}, 0x76) 6.466646993s ago: executing program 2 (id=1533): socket$inet6_udplite(0xa, 0x2, 0x88) r0 = open(0x0, 0x6a8580, 0x3e) r1 = signalfd4(r0, 0x0, 0x0, 0x800) (async) epoll_create1(0x80000) (async) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) (async) r2 = socket$inet(0xa, 0x801, 0x84) connect$inet(r2, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) (async) accept4$inet(r2, &(0x7f00000003c0), 0x0, 0x0) (async) prlimit64(0x0, 0xd, 0x0, 0x0) gettid() (async) r3 = socket(0x10, 0x6, 0x3) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000000)={0x7f}, 0x10) (async) write(0xffffffffffffffff, &(0x7f00000001c0)="2400000039005f0214fffffffffffff8070000001d00000000000000080009000b2b8f55f1da66c01202000051e855a63faa3ea32da675bf56d094b9cae27dba392c98dc9b5928d5379dc031bee5cdac2da10aa100857fa2a21bb659a13e81f7ed64f043fef3606dab27a89245889fe7b157fb6dd025b49628c41cabebd1e21b18a5244c006a6045fab9e69e5a2152e67820a79b62b48e6fbd17c8482c35557635af01b5b248d0524aac3c52b119269052225a02b2ec45c6a7f82b4bc77059117dff9496b4985e36dfd3dbcb15ba9b736fe936e2e1c5299f5f2fc918489a6a86d2d2e27d91f42c2ac71f26128bb07e86e0868ccf223f159d9e66691e04b1e106c9145c2e3540ac0962915ef12f907f664614d2b20e9d21a3c6acd3c520aa561cff37134e99f60f4b36881addeb02", 0x12e) (async) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x749}) (async) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000180)={{&(0x7f0000288000/0x4000)=nil, 0x4000}, 0x3}) socket$inet_udplite(0x2, 0x2, 0x88) (async) r5 = epoll_create1(0x0) (async) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000300)={0x60000000}) (async) read$char_usb(0xffffffffffffffff, &(0x7f0000001980)=""/179, 0xb3) (async) r6 = epoll_create(0x8001) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000080)) (async) r7 = socket$netlink(0x10, 0x3, 0x0) getsockopt$sock_buf(r7, 0x1, 0x3b, &(0x7f0000000000)=""/123, &(0x7f0000000080)=0x7b) (async) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x0, 0x0, 0x8}, 0x48) (async) r8 = socket$igmp(0x2, 0x3, 0x2) io_setup(0x9, &(0x7f0000000140)=0x0) io_submit(r9, 0x1, &(0x7f00000002c0)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r8, 0x0}]) (async) io_cancel(r9, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x62}, 0x0) (async) setsockopt$inet_msfilter(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x1) 6.276920788s ago: executing program 2 (id=1534): socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x8, 0xe, 0x6}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private=0xa010101}, 0x0, 0x0, 0x4}}, 0x26) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x401, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc038563b, &(0x7f0000000080)={0x0, 0x0, {0x0, 0x0, 0x0, 0x5}}) r5 = dup(r2) socket$inet(0x2, 0x80001, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, 0x0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x19, &(0x7f00000000c0), 0x8) mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0) openat$cgroup_devices(r1, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0)={0x74, 0x1000fd}, 0x20) 5.697363188s ago: executing program 2 (id=1535): r0 = syz_open_dev$sg(&(0x7f0000001b40), 0x0, 0x0) ioctl$SG_SET_COMMAND_Q(r0, 0x227e, 0xfffffffffffffffe) syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file0\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII") openat(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a32000000001400000011"], 0x7c}}, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev={0xac, 0x14, 0x14, 0xff}, @remote}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "d8faebab25c9440f1e0b429560dea05fcfa134c5886328060189b9c9d245a4ec", "ddff6f80bb17115c263975c19a199a87b509ec91752b1f6b9fe52dd68897d0dd66c8047ecb3c1ccab1b385024cd3ef42", "7af3756acdedd1857ba2429edec68ec07113ef939e2683eb956c3100", {"e311f95152ce9fab74b351abd67a3e95", "f543716814ec69725136619246be0a0c"}}}}}}}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r6, &(0x7f0000000080)='D', 0x1, 0x1, 0x0, 0x0) sendmsg$sock(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000100)='&', 0x1}], 0x1}, 0x0) recvmmsg(r6, &(0x7f0000000440), 0x3, 0x40010102, 0x0) write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r5, 0x0) setsockopt$inet_opts(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)="ea00", 0x2) preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10) ioctl$KVM_RUN(r7, 0xae80, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101}, @NFT_MSG_DELRULE={0x14, 0x8, 0xa, 0x0, 0x0, 0x0, {0x2}}], {0x14}}, 0x50}}, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) 5.662301671s ago: executing program 3 (id=1536): sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0) recvmsg(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0) close(r0) open$dir(&(0x7f0000000740)='./file0\x00', 0x7a1201, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) (fail_nth: 6) 5.475550686s ago: executing program 1 (id=1537): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f00000005c0)={[{@discard}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) ioctl$BTRFS_IOC_ADD_DEV(r0, 0x5000940a, &(0x7f0000001b40)={{r1}, "d419c4a4e7a36c6882f2913a35fc6156758fd541c46293f3070417e1126c58d3a0c398c7f71bea3ca9e8d2c75239b4d5ffdf74f328c7ca2946bbcb09b57467926ad2b33c370ba2f05ca641e81cfbb07440c9ce93e356e44323989b5e5f2e05506bff9ee332de80ee47aa7b5284e4ab82ac78c7e12fae40c4b622b4acceb41d2d5f570c94dd6bfe67d1a5ed01d741a2b91a63be723797f167046a5a86d96e151ee911c8c77e7c620b0b3f75e373a4fba18ad352f2f24d41d72e71b516ee42bb53c0f6ca8a5bc05e298ff50915b5b1d81efb34042e74ccdf6f4d4011458a78670f3f678c239c69d02135839ec492b6b41b85c5e564b21173ac667be2aa5e7c78c19e836956fff83c8e77705a26abf8297fd6601aaf03989ad7efde7e95a0274b49eda099705192c11b2d2919f9e4f618f7a990c43d8fc72a45613d978447e57a77cc4a502fea39e1f9e62c62b55cb660c4462d2ad2e105c383a60dbeddccc88a2b3913488c7adc1e81177249461484670d87ffdb36bb45c1ba8370ab82779b4b4ceb181922afced2676bdc40701a0ae117ff7d3fe4d0e567b25bf88c9df881abb4817385b6593bd98cbe6c9fda53ff08f02942bec0ad99b08da7fb9e772212cdefbf7db1521107ca650a3f30abad43f9f3d8beaf34ebd6c34c07995c3381f9a22875c0f80182b4d1fdcdc418d1a9c227e507532f56293b04d5edb52e8682a8e169f7ea5d89711323f6ea3c7892285a7dedaee59977f29eb0043649720ee84675269c846ebca0423e5dcdd8d5fb384e94839856fa4697addba6f6f4f98a525ad66407dbb4b69ecdb0856126022768401bfea2522c0c77beb46eb727674577216434de0ad111754d6d45753747f3da2d1fffbb0e540cef0ecf26862e535bb26d5708d01fc7d252a6816ba35637febb2c714a2b5f0b42ea79f8192336e5f6e4819c4ce9b2b977f072d5c4599de0a999a9f5ec7e4f06680c3d7efd2459caff08595073efc826f19f2d87f837224e235bcd957a68875ee00052cc8187beecff5fcb70594be4538c9fe93e94f2f49b337423b2bd8b34323099731bd668274bf13fbfe110f7d01baed38b4710146399a22b7d4a6c3c49dc4fd7b3ea51679f5266d5e4ad3de37870f53751c83ffa405f27bfc064705aa0b2e38980b18c9dde1d5f749f5ed3ea247997af67cf102994b88c4107765b29ec3f67c7117a160144d061a3e002b9810ca92b04b44d2bde124d133da1a03a94f8bad5aa10255c24f4cce81b25770ca0547fa59eb12afc509f273852cb640198945c57997debe3a83bda7ee336a43d957c8ff57bcb73df4586eb41ad4546e27913859a7cb3f67cd1187aad7224d52effc6dc81452bbe966f6ea0de837066d872cafee13660e80b69e3a5c6bea719819281aa0dafd3ba385dc82e060a41e270d68bc92372079c998d7f9293b520d8333010ea8b6c7200d94207029ef047af0b53b591c9478419ee0cb3dabbb5f96d0ae9ed9cee57a218f490974a00a9ced885fc93ad5bcbfa9dcfd95673e12162e9da3053a235975a7d7e51b5b0c7229b8565271a7aa3d3b33dbcc6581b3b3523706d458675b07aea07645279d7f9bb21ceb09e1b839bcab5b8837550213659b2c73dbe03b45b17e96df235f9ef0436b0a80f629b9b1653795720f1492a7a92282f6bdc4d4bfb2449024d0aab6242bffe344790c18807b430392b06adcb6363117924ed4b25fae8eaf96cb3180b54da9123903d53d3cc90145245c4c2ca524bdb7836f7399d5188b8cb8b61a0e261f230f145e19ec49487a8ecdd6e43be1388a68dcb228f02ba9647cbf6366e292b3dab0c57833779f7c9eb6f25330d070af841bb9ed379a730f6cf7d51105ad636894a73d59148ce9c4024239fb37c97a9cb1928236a4f1f4c450a8f90c4748ae805d31f740e62843ca9b330e5a69ca6ef8603ac7c3642c84e2e1ac452205ffb46b87f8fadb722d64d64653c6f03a5dfacdd695eb2290f10bbec93f4b2c3d478e1f6be2322de71e63ddbc8750ad0535963a495849334dc334a7e238a81b4aad66b81098459571bb5120c9e600491da0d0623c1b8b65339ed8dbb025c173e54c00904034c0d1da720d00b0d471e6080002779519dc4e5bdf9717dba11a2e4ebfa1c1dafdc11cb549136ce749c74c63b1fc597976d87c17094405ffb8732635a856b58cf8907dfa82a7f6e8cc49c0eb11b9b4f12d90c1e60b9be228881de93d4eb8a7a5e192d69d25bdd91dedae635b52194dda2cb06573c567e70fb5c8167e283a1ebad89feae34739253e2a41d1056083f08dd075085f9eef0aea98d73eda93b9737350fff32c70c10d24709d005fb1bb0402689799b53112def7c5acc074da5887bb5ee5b45d66adcb68a63ce0837b59943df98537681a77d985947c6bf811a7bfe2afbabaeaf7f06febcdf50dacfe50b8ef276cadfcdcc2ffd1402b37d68d4c927f17257d1d7d5b8427385d1685f8a1abccc400b10d20337b978ff7c184f8437d72261ff5f80d44debd5db03ec0e668d454d1bb85e164fb580d0c1a61f287edec4ccdefd494a78497099278edf2fbee87dd1f4765204a2126968f877b51a05f62c73a3175ff12c4ad374cd45a15d263765f39511670723e3965c6a3b86171713c5cfe8ada41cd0de265cd8cbc426f50c487879ac8eb1ee09da1fd9db8c398145ea15348a88fff0b8db1ecec180f4b333d8f2d4e379daf702df4f981a2bdb31a4fab3fc1bc169f05252121c0d499ef771a2a3d958aa6523b0e6461b2742921fba6c6354a7b6fbbd5031c93fee636671a07faaa631ee76fdad21c30e00b0d5169e8b1ea02eedb51a3094398305585d15b13286a39c66e292c14b372649a5e04181d9dfee1f7df70fde002f83d0d071b229cd5bb595db92cb537075578fadc27ae896caa672d414295c53e0d453802d2ea1a07c83313636d7334bccb166e2a039c2ebc9df111e72d5ae20b08658f7b5417f48c93788d45962aa04e516b2319c7a44e742046166f83ef15732d13077a6dcaeab3256a91e385c30d9ad8e3c2649914edbd1805854b9305c969ebbe78ca8d4d157c42152ea42be12415cfc62956c7f2e91f2203eb5d5b888e1ba35ced04c700e47c6b9545718e7604dae9384efcd40e21f2ca2888c1ef777938b632b7d4ad2279873b4d9a0a5eb6cf9be3c2c979efea8d68eaad9f8fa87cff52a9314fbcb8557c515983b81fee309adee068b53fee5906720e1e872d1be494caf062e805a798561713365a02475a73748f64251eaedb153c80763455b99ca0f50c6315f93ce08db0d94863fa1432671559352bb54f6569312d355090bef1aa6d09d19c66dbaf58e2cd4f0e322aa8e26202d9fa87ced19a1a9c99609a9a74d80e0e803c09729bf9102fb6378b6aebec219d8f159f585a17a89309ff49681cdc9013b6e6ce4310e20cf48d25df7cb9ac48f157001929e0044fadc8144178c91870ea29ec0bba3e52227038845d9b84ee54bf5bce5e76035de2f735e7027f60dbd257a57aae5d9885b98d931397b27d1966c66f064ff90bc3cccfe3cd9905dc78ac87fbd214bd1d79baa7124b3f0fd671e8e44bef02c70800bc1305aa57250351cc9fc50294b6f883341798c4e9682a58f67d648c19f14e6e8b619e9605e74a671763759a9c28b6c5cfaf9f6da4209ba8d1e50760676325a277b3c823b5ad2d860f55becafd00628dc36ae3a379ccd3b52cc1a43fa07ef93d57d4c51e7f300aabea9f1fd115ba6ba75573fa529d4fc17c3d76f96c63a7fc0893774d077a112019f976c591e8897251efebb66d6ccc9cc9a7a671e0ea5a71dd800e1674532a5ec4b4be80d264312e7ca7b83b1daa6c291779ec0d33a3a008b282688698183ca1081b67c6d62c2950b6834d99196cd58d0bb4c62a1a13b34b559dbf12eea6ad7be6f5254f39838d0e8815e1fe97e97a39f24872a1429a17a63c9bce827f96c78df21535c150a603bb746c51687728cd29ee4af4dec1d692d8eb5d6c905aa450d1530f392549393c7ac5a9c90b98f4cca6e64ada3cef7a86b61fa07d4f2f16211fee520334b428ccdf76fbfb7be801f6480c76780afea95616e48be1f210bf5e51aea58fb9a9d738c510508e3ec765d9b38f3b4ec43e7fe0cf9827dbb8400c29f0b678909cf2a95435ace1ebdb471bbc8845733e928ad14de2a38f253c472c5e6709d38942e8cc99a354aadf0c489efc1cc0c78ea908a145db39094128d5a81f442715fa1816b63fa918d238a001f2f428d2959a7d563e863109498d4cd28189a21d2f6bace85d24a5584a1ae4f25b6049c4d85c35685373915e25ddf64010a292badc625ead0cd879c8bcc452d00b2ba5e2b170f41fc6a961ae6ba2386af689a8fc35e07f7d2f7f189278e070280d217a38296e3f7532450037958d9694aed145536e36ac51ac97f070b6c2b88e2eeca308d2adf2378b20cd8b99f195c30d1548049c3b7aafa5a1e94afc14a6db78d9b7482c1a1bd3ab25a75071ef2444aea030caf2a0d9605736a69f47c7396c6097d2c2ab8ff10455cef6ad60aa0f90f44932979b31f98f9b43cbb61e72c8a604001393db87b8e357c5c6fb396fed8b7899a7f75fd76fbeb30ced20bd03a3c615699b71ae1f668bceb2484c902f402a23231e12495b2c55dfa0d810f50ffaa99f1e5359c3a15c9732cf022556509f482cba250e73593ea99971e0491660eba0ac39ca0c96e9a6025d058afc31336c7b0cbc33b14a78572049276fe4ebf4cba54073955db26ffa93306ac4b6519bcf26d589087f6d7897b2f240cd16299425800ee8c38dd60f89366942d49c4f39325f45bcdeb83e93fe984b46a539ecf278ce9026f393097afd51328e9d36b78c7f4b3c4a3cb6715153550015fb41297d88190155867b952f8043e71d46570c86e64f8d808624c5d04429c13545e2a8dc8211973c45a90fa620a2e5a22857981083780455bec9138521902c2cd62789682743552c18d3462405efaf82a5150c7543bfe0162014023b021fdff45f3a287b765bd6ab689140dbe60da3c254673621472708061836d3068a1920e623acf462a92e34498aec8d2c61dfef64baf98a3f3683cff060d006bf005c41f62e5d34d1456f7f258ed95bc7ce85a67a30a97238d74d3ef290b4c96f4857b7e5c31ed1369e2a871f4de0cb92d0fb36939ef2f41fd43632a193afe024bc961ee31b816092193d8afb9f903932b3b541ace510ec156d7f484923397388f82cd05b11061727b48c7ca6826624a0c6959a105d90deb01236ea46a8f4b241713cebe79dfd19c515153c208958c2c807df5a8ec0dfe44eaf8f26ef40e1e47a45c644cefd146c3eec0c51bbaddad33f68ccc5c37d4816adacd5f385f71b741f846d164611fcec35d1b457b2d8cb94034f67dec6a1cfe4381c6aa5193303d34a6b71516f7872da0ec75b272b99e3be8bf9e1def7e15d0ce1fe11b7ec40eac3fceb24ecdc9577fd3df55bfd5b620eef6d3acf0e8a32be7c74fb68828d47d834882dae368e9b25a96cd2666b824c545625f68b26ca1b197f608ebae4ac2dc14a0a4c6a7d16dcb553efb0807ffcae3a89962709ab99df4cc4cd0d15e9ceacea089062fceca191d115a7caade2ed96d5997e1c3887a51162a1e64e8a058515ffdecc63c8e657267734f430212fadd47f044b77ea8fb073dd364c145ac21ae8c7fcb1504325ffc8add25d0d4fb62a724a5ce1db8854d1f5a4a0eb8a28569e721f2c368468d2c10496c5aec6be2b8a018c3b04637b8a5c9d1e83d2856f44dde7aeabe83d0"}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) preadv2(r3, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/184, 0xb8}], 0x1, 0x4, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) 4.895050546s ago: executing program 3 (id=1538): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000008dceba394fc9d73b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea2105600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000f87c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup3(r2, r0, 0x0) r3 = eventfd(0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 4.12757491s ago: executing program 0 (id=1539): openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) sendmsg$IPVS_CMD_GET_DAEMON(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x14, 0x0, 0x6c04073ee59f7719, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) 3.940898216s ago: executing program 3 (id=1540): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0xb) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000700)={0x10, 0x0, 0x0, 0x800000}, 0xc) sendmsg$nl_route(r2, 0x0, 0x0) 3.729012384s ago: executing program 3 (id=1541): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x5, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) getpid() mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='ufs\x00', 0x0, 0x0) 3.532897031s ago: executing program 1 (id=1542): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB="98030000", @ANYRES16, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff080211000001"], 0x398}}, 0x0) sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000280)={&(0x7f00000035c0)=ANY=[@ANYBLOB="a4180000f62ceb376c798b90eecfbbc8e7292b44f93fba02dab6b382c3eb79bcdae9bf058e797d3c759ad8990742642d28d1360d2afa552abc599bf7ee00921cec0aa6f6de4d1e233b850056024b3202b6473992d8b7613a8e5e4fa02d2268b7fb0504c5e557163da61f", @ANYRES16, @ANYBLOB], 0x18a4}, 0x1, 0x0, 0x0, 0x24000000}, 0x4) r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0xffffffffffffffff, 0x0, &(0x7f00000000c0), &(0x7f0000000240), 0x800, r6}, 0x38) unshare(0x24060c80) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r8 = fsopen(&(0x7f00000004c0)='gadgetfs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) close_range(r7, 0xffffffffffffffff, 0x0) 3.143304694s ago: executing program 2 (id=1543): mknodat$null(0xffffffffffffff9c, 0x0, 0x0, 0x103) r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB="2c726f6f746d0900dadfe4307533bc84303030303030303030010030303030242cf57365725f69643d00", @ANYBLOB]) syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x10000, &(0x7f0000000c00), 0x1, 0xb8e, &(0x7f00000017c0)="$eJzs3M9vVNUeAPDvvZ2WQgstLy/vPchLbGIQo3EolGjCClwbNdEFS8Z2SpoOP+yUxDYsCu7VhTEuSAx/gol7ceHKxAUuDP4FxEgM0Q24qLnzo0zoTFthhoP4+SRn7jlzhvl+v3PD3HOSuQ3gH2uqeMgjDkTEmSxiovV8HhEjjd5oxFrzdffvXp4tWhbr6+/8mkUWEffuXp5tv1fWOo61BqMRcfP1LP714ea49ZXVxUqtVl1qjY8sn7t4pL6y+srCucrZ6tnq+eMzrx2feXVmpo+13r743uf//+HNF65e/2j6rc/2fZfFyRhvzXXW0S9TMbXxmXQqRUSl38ESGWrV01lnVkqYEAAAW8o71nD/iYkYigeLt4n49sekyQEAAAB9sT4UsQ4AAAA84zL7fwAAAHjGtX8HcO/u5dl2S/uLhCfrzqmImGzW376/uTlTirXGcTSGI2LPb1l03taaNf/ZY5sqIn31fbVoMaD7kLeydiUi/tft/GeN+icbd3Fvrj+PiOk+xJ96aNy9/m53UffH49R/sg/xd1Y/APTXjVPNC9nm61++sf6JLte/Updr16NIff1rr//ub1r/Pah/qMf67+0dxjj4x0s3e811rv9Of/zTXBG/OD5WUX/BnSsRB0vd6s826s961H9mhzHGZm9fa/bWNy3kivqLetvtSde/fj3iUHSvvy3b6u8THZlfqFWnm489Yhz65vThXvE7z3/RivjtvcCTUJz/PT3q3+78X9xhjMn//nKg19z29ec/j2TvNnojrWc+qCwvLx2NGMne2Pz8sa1zab+m/R5F/S8+v/X//271F98Ja63PodgLXGkdi/HVh2KOHTr25aPXP1hF/XOPeP4/2WGML76+9n6vudT1AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD3kEfEeGR5eaOf5+VyxFhE/Dv25LUL9eWX5y9cOj9XzEVMxnA+v1CrTkfERHOcFeOjjf6D8bGHxjMRsT8iPp3Y3RiXZy/U5lIXDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIaxiBiPLC9HRB4Rv0/kebmcOisAAACg7yZTJwAAAAAMnP0/AAAAPPvs/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABiw/c/duJVFxNqJ3Y1WGGnNDSfNDBi0PHUCQDJDqRMAkimlTgBIxh4fyLaZH+05s6vvuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw9Dp84MatLCLWTuxutMJIa244aWbAoOWpEwCSGUqdAJBMKXUCQDL2+EC2zfxoz5ldfc8FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKfXeKNleTki8kY/z8vliL0RMRnD2fxCrTodEfsi4tLeiGJ8NHXSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9F19ZXWxUqtVl3R0dHQ2Oqm/mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAASKG+srpYqdWqS/XUmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACp1VdWFyu1WnVpgJ3UNQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAkM6fAQAA//9A0Qap") prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() getrlimit(0x8, &(0x7f0000000100)) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xfffc, @multicast1}}]}, 0x80}}, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r5, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r8, @ANYBLOB="010400000000000000003b00000008000300", @ANYRES32=r7, @ANYBLOB="d2023300802b0001080211000000080211"], 0x2f0}}, 0x0) 1.278318972s ago: executing program 4 (id=1509): bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000008500000023000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b703000000000000850000007200000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0xc2) openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006100000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000800000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x98, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x53, 0xe, {{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @random, 0x0, @void, @void, @void, @void, @val={0x6, 0x2}, @val={0x5, 0x3}, @void, @void, @val={0x3c, 0x4}, @val={0x2d, 0x1a}, @void, @void, @void}}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}, @NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x5, 0x2, [{0x0, 0xa}]}]}]}]}, 0x98}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32], 0x0}, 0x90) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000200)={'wlan0\x00', 0x0}) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0) close(r8) r9 = socket$inet_sctp(0x2, 0x5, 0x84) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r12 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r12, 0x8933, &(0x7f0000001200)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000000c0)={0x54, r11, 0x3, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x8}], @NL80211_ATTR_FRAME={0x25, 0x33, @auth={{{}, {}, @device_b, @device_a, @from_mac=@broadcast}, 0x0, 0x0, 0x0, @val={0x10, 0x1}}}]}, 0x54}}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r9, 0x84, 0xc, &(0x7f0000000240)=@assoc_value={0x0}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r8, 0x84, 0x17, &(0x7f0000000000)={r14, 0x0, 0x1, "cd"}, 0x9) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000)={0x9, 0x8001, 0x28, 0x8000, r14}, 0x10) sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000300)={0x40, r5, 0xb97534d5fe9700cf, 0x0, 0x0, {{0x12}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_WME={0x14, 0x81, [@NL80211_STA_WME_MAX_SP={0x12}, @NL80211_STA_WME_UAPSD_QUEUES={0x5}]}]}, 0x40}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) 1.276698902s ago: executing program 2 (id=1544): socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0x8, 0xe, 0x6}) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000300)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @private=0xa010101}, 0x0, 0x0, 0x4}}, 0x26) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) getpid() sched_setscheduler(0x0, 0x0, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r4 = syz_open_dev$video4linux(&(0x7f0000000040), 0x401, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r4, 0xc038563b, &(0x7f0000000080)={0x0, 0x0, {0x0, 0x0, 0x0, 0x5}}) r5 = dup(r2) socket$inet(0x2, 0x80001, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f00000001c0)=@assoc_value, 0x0) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x19, &(0x7f00000000c0), 0x8) mprotect(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0) openat$cgroup_devices(r1, &(0x7f0000000300)='devices.deny\x00', 0x2, 0x0) mount_setattr(0xffffffffffffffff, 0x0, 0x0, &(0x7f00000003c0)={0x74, 0x1000fd}, 0x20) 941.13018ms ago: executing program 4 (id=1545): syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={0x0}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$unix(0x1, 0x0, 0x0) listen(r0, 0x0) socket$unix(0x1, 0x1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff02159f02c26ed638eeb738256e06a40e07fff0797e", 0x140) socket$nl_generic(0x10, 0x3, 0x10) 831.56494ms ago: executing program 2 (id=1546): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() getrlimit(0x0, 0x0) sched_setscheduler(r0, 0x2, &(0x7f0000000200)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x0) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0xfffc, @multicast1}}]}, 0x80}}, 0x0) 724.158528ms ago: executing program 3 (id=1547): syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={0x0}, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r0 = socket$unix(0x1, 0x0, 0x0) listen(r0, 0x0) socket$unix(0x1, 0x1, 0x0) connect$unix(0xffffffffffffffff, &(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e) r1 = socket$netlink(0x10, 0x3, 0x4) write(r1, &(0x7f00000000c0)="29000000140005b7ff000000040860eb0101b6ff02159f02c26ed638eeb738256e06a40e07fff0797e", 0x140) (fail_nth: 1) socket$nl_generic(0x10, 0x3, 0x10) 329.588442ms ago: executing program 4 (id=1548): syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x2000c96, &(0x7f0000000180)=ANY=[@ANYBLOB="636865636b3d72656c617865642c696f636861727365743d69736f383835392d312c6f76657272696465726f636b7065726d2c646d6f64653d3078303030303030300030303030303030392c686964652c6f76657272696465726f636b7065726d2c636865636b3d7374726963742c6d61703d6f66662c6d6f64653d3078303030303030303030303030303030312c696f636861727365743d63703933322c6e6f726f636b2c646d6f64653d3078666666666666666666666666666366612c6d61703d6e6f72bf616c2c6d61703d61636f726e2c6d6f1c113d3078302330303030303030303030303030352c686964652c657569643e9bffbbc8dc0831f1f71752c0ec6370d60ec0e169761a3a8f175112119b57f387cea723b9c1ceb05c28c44fa818248d2baadc1b5d05f2db2b872312abba57baab497f38ff34f39d07", @ANYRES8=0x0, @ANYBLOB="2c6f815abdc1e3d22493d6626a5f757365723d", @ANYRES8, @ANYBLOB="b8dd7a36e920d213dee765f8b23cbcdcd3"], 0x12, 0x9e8, &(0x7f0000000440)="$eJzs3c1vHOd9B/Dv8EWiaUOSbdV1BdtayZVM2yxFUrVUwYdWIlcSXb4UJAVY6MFyLaoQxNat3QK2UaAyUPRUowVa9JDcjJxyMuBLfAl8S27JKYcAgf8FIyflxGBml9SSXHJJhW+WPx9id+flN8/zm53Zebi7s/OE75alo6vGlpaq2yOO3/jxHmTMAXZl/JvPv/isvH16P4fSnTeKnyR9SWpJT5Lnk96x8dmZqQ4F3UtuJfk6KZIcTuNxS26l+O889XD86xQ/LOvd0KGtlkwnS3yv7ff+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1ExNj48PFIcysT0jbdrDUltnbHx2ZkiS0vr5ywv0/BV1et38VXHepOivKWvb7mr7+ePP5z9XJLa6bzQGHuh6pA8ffnkyeeOvflsT9fy8htl8wc5vPViP/z4k3vvLi4ufLAriRx81+rTE3MzE1OXr9VrE3MztUsXLgyfu351rnZ1YrI+d3Nuvj5VG5utX56fma0NjL1aG7l06XytPnRz5sb0tfGhyfryxIt/Njo8fKH21tDf1C/Pzs1Mn3traG7s+sTk5MT0tSqmnF3GXCx3xL+emK/N1y9P1Wp37i4unF+TU3fW7L9l0EinNSmDRjsFjQ6Pjo6MjI6OfNrsPXtlwoU3Lr1xcXi4Z3iNrIvYpZ2Wg+WJjTfzzh/E4RF1Ndr/ZDITmc6NvJ1a27+xjGc2M5naYH7Tcvt/5lx903pb2/9mK9/TMvtEeXc6LzVH+zZo/zfIZe/+PszH+ST38m4Ws5iFfLDvGe3t37XUM52JzGUmE5nK5WpKrTmllku5kAsZzju5npOZSy1XM5HJ1DOXm5nLfOrVHjWW2dRzOfOZyWxqGchYXk0tI7mUSzmfWuoZys3M5Eamcy3juVyVcid3q+f9/CY5rgSNbCVodJOgdY35ttv/+tp/Tvje2fmDODyipWb7f6hz6MDYXiQEAAAA7Lg/+XmOHH/mZ79JirxYfS5/dWKyPrzfaQEAAAA7qDpd74XyobccejGF9/8AAADwuCmq39gVSfpzsjG0/EsoHwIAAADAY6L6/v+lFCcfTvD+HwAAAB4zna+x3zGiGFy+/G/tduPxdjOiMVb0X52YrA+NzUy+OZKz1VUGql8arCutOyl6q58fvJZTjahT/Y3H/ocllnX2lVEjQ2+O5LWcbq7IwMvlw8sDbSJHG5GvNCJfaY3szqrI82UkADzuTm/SHm+1/X8tg42IwRNVk99zok0bPKxlBYCDYqWPnd81uzRr0/43I17aqP3/803e/5cRz+TOycYpBUN5L+9nMbczmOYZByfblbrcG0HjNITBDp8G9DdPWfjlxa4Mrvs8oG9lXVtjFzKawbafCLSUWyzncL4R17072wAA9trpTdvhrbX/gx3e//c7pRAADpSVHux3cWC/1xEAWE0rDQAAAAAAAAAAAAAAAAAAAAAAAAAAADtvSxfw/8XZZHFxIdmDzgJWBvq2k+HmA13Zo5z3faA7yX7V/pfZ9lLlNj4oT52B1QP7fGACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgTxRJd7vpXcnhJMNJzu19Vrvn/n4nsFNqj7ZY8SAP8lGO7HQ6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADfd83r/3el8fhkY1J6upIzSW4l+dv9znEnPdjvBPbNP1T3Ldf/70p6s1Skp7HZU/SOjc/OTJWbvzhczv/m8y8+K2+dy17fq0JZQFnDqs4lmjW0TOldvdTT1VL94wsf3vuX9/+pNn6l2jGvzF+dHJ+6NvtXDwOfK75sdIHQ2g3Ccr7/duan/9My+VCz8i/LNW1vbb1Xq3rH19f7x+2W3qDeLbi7uDBa1jRff3v+X//x7kcts57JqeTlgWRgdU1/X942qOnU2udzteLb4j+LI/n/3Kq2f/lsFEtFuYmOVuv/xJ27iwtD772/eHslp39fldOxnExyO+nbek4nq+NJW9Ve19Vb1jpcBZV3xzuUt6mWEkc2eF6frnaZ/m2tQ23jdah0eN6bGZ1vm9H//vOzObvtLX22Q41tFd8Wvy6u51f5j5b+P7rK7X8mbV+dbYqoIlv2lNZ5q15eXY3Ias1HW2e8s7bMDV+V7IL/yt/lL1a2f1fL8b+5rfbmeNRSY/vXRbL918WPjq5rUR6qWqTja1qk5tFno2WaeR5vRG2Q5x/l9aTnxLaOKK93OKLs1uv/B8VAfpv7+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOviLpbje9KzmT5FiSo+V4LVlaG3P/Eerr6i8eJc0d8yg5f/cUG65o8SAP8lGO7HVGAAAAAAAAAOyOK+PffP7FZ+Wt+j6+O3/a1ZxTS3qSHCv+r3dsfHZmqkNBvcmt5a/0+7aXw63y7qmH41+XY893WGh/Tx8AgO+03wcAAP//BZNu0Q==") r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0}, &(0x7f00000000c0)=0x5) setuid(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) r4 = socket(0x10, 0x2, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140), 0x24}}, 0x0) getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000004600)=@newtfilter={0x84, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xc}}, [@filter_kind_options=@f_basic={{0xa}, {0x54, 0x2, [@TCA_BASIC_EMATCHES={0x50, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_LIST={0x44, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1}, @TCF_EM_U32={0x1c}, @TCF_EM_IPSET={0x10, 0x3}]}, @TCA_EMATCH_TREE_HDR={0x8}]}]}}]}, 0x84}}, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) r9 = memfd_create(&(0x7f0000001c00)='\x00\xc2\xea\x99\xbb\x1c\xdfjl]\x8f\x99\xa5\xbc\n\\q\xbf\t\x8c\xe0\x19`\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\b \xff\x13\x96\xe3\xc4\x02\x00\x00\xe4V\xe2\xfe\v8\x04\xa5\xb9\xc4:\xf3\xf6y_w\xd8\xcf\x90k\x05\x00\xf9\x1e\xe8m\xec\x12\xa015\xc2\xb3}|K\x111\xd4\f<\xeb\x18\xad\xbb!1\x85\x96P\x1b\xa1\x9a\x81\xf8\xb1\xecB)\xe5\xaa,_D\xe5|\xb1j\f\xafP\x85I\xd5\xa0I\xb0\x02\x01w\x9f9\xd6[\x1e\xad \xd9^p\x95\xaf\xb5\x8b\\\x05\xd7G\xcbV\x8e\xd0\xac\x87I7\xbd\xc6\x9bI\x92\xb2\x87.\xb3\x1fs\xe7%\xdd+\xca*4\x92\xc0\xee\r\xb4\x117\xa7ei~\xb8\x16\xd1P\xf2\x84\x89K\x16\xd0F|\xa3\x89\xc9~9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \xb2\xba3,\xb2\xe0t\x11d!\xe1\x82\x80\x93\x80<\x13\x8d\x8fmI2\x90t\x1c\xa1\x12R\x7fH\xa8\xa6Jy\xaf\xc7)\xf8\xb5Qk\x920&6r\x93c;p\xcd \x83QW\x00\xe2@Da\xd4v>\xbb\x91^>,\xa1b5\xde\xc9\x02\x96\x1c\xb9\x9fIl\x12\xa3\x19\xd4\x03\x97\x06\x87I\xfd \xf0\xfc\xb4\x0e)\xf2\x9e\x9b\x94\xd0\xda\xc8\"\x00\x00\x00\x00\x00\x91\xfa\xd1\x13[\x02\\\xb1\x1c\xa7t\xe7\x17\x94\xa7hk\xe7\x81\xeb\x1b\xc9~\"\xceD\xcb\xdc\v@\xb8\x11\xfe1mK\x15\xf1\"?\x8d\xa6\xd2/}S[\xd7\xfd\x193\x88\xf5\xa13<\x98D5\xdbx\x1b\xd2\af5\xab>rL\xd2\xc1\xb8\xd4\v\x8c\xd2\xe9/\x9a\xd4=\xab\xf7\"\xca\xe8\x85u\x1cq]1\xfd\x04|\xf54\xbe-\xb1Wu\xf0\xdf\x93\x8d(F\xef^&\x8b\xa9mw\xbc\x0f^\xa5e\x93\xf3!\x8fy\xf7[\xeac\xc0c\x8c\xfc(+D\x83\xd7Y\x95mB\x01\xc3\xed\xf3\xe9\f\xae\x1f\xbdI8\xefJ\xebaA\xce\xa6\xe7,\xb1\xe59\xd1\xc6F\"w\x97\x9f\x10\xf5a\xa9\xcaQ\xc3\xd6E\xc2N\x18\r;m\x02\x88\xe7\x87\x7f8%^o\xbb\xedN\xd0u\x97k;\x16\x8f\x02\xf6\x94\x84\xb8R\x9c2;#K%\xe0\xd0\x82\x8e/\x01]l\x864v\xbc,%\xc7\x89\x86ly<)\xe0ZE\x7fR\xc5(\x85\xf9\xc7\x8b\xe0\x96-\xd3\xd9\x0e\x02@q\xca\x8f\x9e\x1f\xf2\x05ZJ\vg\'A\xa9=\xa6\xb0\xab\x002c-=}\"[\x86I\x85\xd6\x9c8p\xed\xba\xe0\xe4\xfe\xbd\'', 0x4) fchown(r9, r3, r8) open(&(0x7f0000000100)='.\x00', 0x0, 0x0) 285.943596ms ago: executing program 0 (id=1549): syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000ac0)='./bus\x00', 0x0, &(0x7f0000020000)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1548f5e0b33006bd1049ca45bd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc96eb384dbb4268c50943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906bde2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75", @ANYRES64], 0x1, 0x5511, &(0x7f0000015b80)="$eJzs3E1rY9UfB/CTdjqdp//8i7hwNxcGoYVJmPRh0F3VGXzADsWHhStNkzRkJsktTZrWrly4FBe+Djei4Mql+BIEXbsTF4o7Qck9pzIdFdRmkqn9fOD2e+/JzS+/E0rLuQk3AGfWQvbzj6VwNVwMIcyGEK6EUOyX0lZYj/FUCOFaCGHmga2Uxn8fOB9CuBRCuDoqHmuW0kMf3RheX/vhlZ+++Hr+3OVPPv92erMGpu3pEEJ3J+7vd2PmrZj30nht2C6yuzpMGR/o3k/Hecz95lZRYb92dF6tyJVWPD/f2euPcrtTq4+y1d4uxnd68QX7w9ZRneIJ92q7xXGjuVVku58X2TqMfR0cxr9th/1BrNNI9d4tyofB4CjjePOgGeczf7/Iem+QxmPdvNE8GOUwZXq5UM87jaKPrZO804+3V9u9vYNs2Nztt/NetlapPlOp3ipXd/NGc9BcLde6jVur2WKrMzqtPGjWuuutPG91mpV63l3KFlv1erlazRZvN7fatV5WrVZWKjfLa0tp70b24t03s04jWxzl8+3e3qDd6Wfb+W4Wn7GULVdWnl3Krlez1zc2s83X7tzZ2Hzj7dtv3X1u4+UX0kl/aCtbXL65vFyu3iwvV5dO7/xH/+v/0fzfT02Pcf5wIqVpNwBw+lj/A5P28VcxT/P6P/yb9f+O9f/DrP/P9vzhRKz/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADOrO/mPn2p2FmIx5fT+P/S0BPpuBRCmAkh/PonZsP5YzVnU525vzh/7qEeviyFosLoNebTdimEsJ62X/7/qN8FAAAA+O/67L1rH8bVevyxMO2GmKR40WbmyjtjqlcKIcwtfD+GKiFdbApPnryraPT7fS4cjKlacQHrwpiKxUtu58ZV7W+ZPRYXHohSjJmJtgMAAEzE8ZXAZFchAAAATNIH026A6Sg+aU3fxU9f4J+PkT4QvHjsCAAAADiFStNuAAAAAHjkivX/43P/v2+Kfff/AwAAgPGK9/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiNnfvJSR2K4gB8Wuh7vD9GYpy7FWewDFdgHDo0LMBNsATcghtgDThzCQYMbYnWYKLhto3k+5K23Bvy45QwOfeSAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCmp2Ixfbi7uD80Z705TJq7AQAAAPZZFYtp+WJcjf/V8yf11Fk9ziIij4h9vfsgfjUyB3VO8cn7iw81PEaUCdvP+F0ffyPisj5eTtv+FgAAAOB4LWfzSdWtV6dx3wXRpWrRJv9/lSgvi4hi/JwoLd+ezhOFlb/vYdwmSisXsEaJwqolt2GqtC8ZNC6jd5esuuSdlgMAAHSi2Ql024UAAADQpZu+C6AfWey2Mnd7weU/7982BP80RgAAAMAPlPVdAAAAANC6sv/3/D8AAAA4btXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGjTqlhMl7P5pDF5/f2c9eYw6e4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXtmfdxQIgTAIg73rO5O5/2GlQUNjkyoQPv7GYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYn9eUiAEgiAK5oz/nfT9DysJegYRIqDhUUUtGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYud+XuOo4gCAf3dnZ2urYoySQ0QUPOjFptva2qsHJXjwTxBCuq3RrT/aHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU89VCZ2ZnkdS24WjqzST4fePO+Mwzzvm8SQr7zZhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDa+L29OCs2C5O4Wx27df/aetHfnuoLN7bvLBetiDtNJr0PPHgYr6b7naX2cgEAAODwyOr6PiLu5jurRd9dKOv/vD6nqPl/eH4S1/X8dN1f93XtX7Tff7v38u5AC5Nxioue3xgNT/wzld7Tm+V8e+Ffz+iVd7589pKVP5Duh1svjfPyfna+u3nz/X4ZHmkiWwDg/zhe91VQ/z9U9IM2EwPg0OglhXdd/2cL7eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IT+Vjxbx52IWO7txYXb96+tl/3U/o3tO8t1O3P9+nZ6zeISeUSc3xgNTzQ1kX3g8pWrn62NRsNLzQevRUR7o1fBxzOcE9FmhoInDbrV7/q85LM/gpb/MAEAcODkVSvq+rv5zmpxrLMY8fDHR+v/N5M40vp/qk/r/3ufnLmVjpXW/4PGZjj/VjYvfrly+crVtzcurl0YXhh+/s7JwbuDU2dPnz67Uj4rWfHEBAAAgCfTr1pa/3cXI8ZT6//HkjhmrP+/+n7wTTpWpv5/rL1Fv7YzAQAAONxefP2vPzuPOd7p9+Prtc3NS4PJdnf/5GTbQqr/2ZGqpfV/tth2VgAAAEATxludR9b/zyVxzLj+/9xPr/ySXjOLiKPV+v/x9S9G55qbTksezHRWEx8nfupTBQAAYK4drVq6/p+X7/93d1956EbEW29M4uprAGeq/7MPvv05HSt9//9Uc1OcS92lyf0o+6WI3lLbGQEAAHCQPVO1otj/I99Z/fTXYx/1vf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LS/AwAA//+xhkJ5") syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf9, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) write$binfmt_script(r0, &(0x7f00000003c0), 0xb) syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) r7 = dup3(r6, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f00000002c0)=[@acquire], 0x0, 0x0, 0x0}) mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c}) r8 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) fchmodat(r8, &(0x7f00000000c0)='./file1\x00', 0x0) openat(r8, &(0x7f00000001c0)='./file1\x00', 0x5, 0x0) r9 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800030090020000080004"], 0x44}, 0x1, 0xba01}, 0x0) write$binfmt_script(r9, &(0x7f0000000340)={'#! ', './file0', [{0x20, '\\@&&\x00'}, {0x20, '#! '}], 0xa, "bdb69cfb93e7f0ac45f09a7e1fd1b2e3189c7f64ff721353fdcb0bd4bc6f0c2a405e097f27235ebffdf292993541f79f84e313249d968f67b27040e08c051fd1a7fa0ba39747e19bb2d4ed2bc7ead91dfac761e689815f3f4730927baa8686b965"}, 0x76) 78.684333ms ago: executing program 1 (id=1550): openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000006380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000008dceba394fc9d73b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e7ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea2105600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000f87c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) dup3(r2, r0, 0x0) r3 = eventfd(0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESDEC=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4]) 0s ago: executing program 4 (id=1551): r0 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000a40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000800000095000000000000009500a5050000000077d8f3b423cdac8d8000000000000020e16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d10bfe150a7487535f7866907dc6751dfb265a0e3ccae669e173a649c1cfd6587d452d46b7c57d77578f4c35235138d5521f9453559c3421eed73d5661cfeecf9c66c54c3b3ffe1b4ce25d7c983c044c03bf3ff03fe3e26e7a23129d6606fd28a7f9105f82317874b33d96b39fa4e045469989d552af6200000003a00000000000000abecc2f4a3799af2551ce935b0f327cb3f011a7d06602e2fd5234712596b696418f1623ed38ae89d24e14b40234756ddcebfba2f87925bfacba83109753f543ad027edd68149ee99eebc6f7d6dd4aed4afe1f44ccb19e810879b70a70900000000000000000000d7900a820b6327944e9a217b9800e02a92895614cd50cbf83a1ed25268816b004519c9c5cff097d8000000000009d27d753a30a147b24a48435bd8a568669596e9e08679b3ce48e90defb6670c3d6209000000c773713a66b223fa8b148871c8d31d24000025449f106b99893ed20fa7a050fbbef90327e827e513e9606800000000e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e69ee52b59d13182e1f24ed208ada12f7a1525320e71666f472a972d5eb1affb87ba55b2d72078e9f40b4ae7dc3b2aeb0d11cd22c35d32940f19dff00ffffffff080000ff003853e59de7621e348955735264f34b1046a1813668297a7edad187ef106ae7fcbb25090f17d0baadeb8ae190a1fb5a315f8347fb0379659500000000000000000000000000000000000000002fdf0193ec79c90ed210ebc2fbed6d4216770c1b0dec886b388d138c2b69c6aacb714e7264093061c660a5100b7cc165889eb94c8d7c77b6fa06f1a4f8e4a6b6cb37e319c5c22f276b03cae853f42b07ca0b03b1eb32a6b1a81cd511fd0b59d57a11c6a3ebf9731464ad21f07f618efc31023ac60007426162b57e803519954d7c956fda392fa84be38e937d36af1c35138e05a9e8d6dc0272de72c41500000000304402e22af23437126f330f8eb4075daaeae3134ece35cd86d95bd9836bd186c4b6565e967a4e3e86f299b7400994ba136b4eccf3b0f001a266c0d160b3ce1182001d64b52a5ce7f506295d59eea6903b84ffbabf5a5b91c1d6ecce8728a224aec66c610e3becd60a35e848c224f8251947eed20e2b612cb099bfe8924d33ba7f0691fed04a43e9c64b7a1e3165e86cdb9871c678a6bbb14821f441c6c14d1bd78d8ffdfea12c19ea04264335d60b6b7a7da6fb83f33101db32f6ab137d943dd3c1e8db9f3e1263573dc721ae82fe0bc63598751a5092c9f7dbfc39d564834e3703492c2a651643d8ce5c36d97a4812cf73fc8ea0d68d7489cfcb0176"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kmem_cache_free\x00', r1}, 0xb) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) r2 = socket$netlink(0x10, 0x3, 0x0) bind$netlink(r2, &(0x7f0000000700)={0x10, 0x0, 0x0, 0x800000}, 0xc) sendmsg$nl_route(r2, 0x0, 0x0) kernel console output (not intermixed with test programs): mode: writeback. [ 417.736292][ T9257] ext4 filesystem being mounted at /20/file0 supports timestamps until 2038 (0x7fffffff) [ 417.809747][ T9263] loop4: detected capacity change from 0 to 2048 [ 417.891548][ T9263] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 418.004022][ T9271] FAULT_INJECTION: forcing a failure. [ 418.004022][ T9271] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 418.073384][ T9271] CPU: 0 PID: 9271 Comm: syz.0.1196 Not tainted 5.15.164-syzkaller #0 [ 418.081558][ T9271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 418.091626][ T9271] Call Trace: [ 418.094911][ T9271] [ 418.097844][ T9271] dump_stack_lvl+0x1e3/0x2d0 [ 418.102547][ T9271] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 418.108181][ T9271] ? panic+0x860/0x860 [ 418.112251][ T9271] ? __lock_acquire+0x1ff0/0x1ff0 [ 418.117288][ T9271] should_fail+0x38a/0x4c0 [ 418.121717][ T9271] _copy_from_iter+0x243/0xe90 [ 418.126597][ T9271] ? copy_mc_pipe_to_iter+0x760/0x760 [ 418.131979][ T9271] ? __virt_addr_valid+0x3bb/0x460 [ 418.137090][ T9271] ? 0xffffffff81000000 [ 418.141242][ T9271] ? __check_object_size+0x300/0x410 [ 418.146535][ T9271] netlink_sendmsg+0x800/0xd60 [ 418.151315][ T9271] ? netlink_getsockopt+0x5b0/0x5b0 [ 418.156520][ T9271] ? aa_sock_msg_perm+0x91/0x150 [ 418.161460][ T9271] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 418.166747][ T9271] ? security_socket_sendmsg+0x7d/0xa0 [ 418.172203][ T9271] ? netlink_getsockopt+0x5b0/0x5b0 [ 418.177405][ T9271] ____sys_sendmsg+0x59e/0x8f0 [ 418.182172][ T9271] ? iovec_from_user+0x300/0x390 [ 418.187129][ T9271] ? __sys_sendmsg_sock+0x30/0x30 [ 418.192170][ T9271] ___sys_sendmsg+0x252/0x2e0 [ 418.196857][ T9271] ? __sys_sendmsg+0x260/0x260 [ 418.201660][ T9271] ? __fdget+0x191/0x220 [ 418.205914][ T9271] __se_sys_sendmsg+0x19a/0x260 [ 418.210787][ T9271] ? __x64_sys_sendmsg+0x80/0x80 [ 418.215733][ T9271] ? syscall_enter_from_user_mode+0x2e/0x240 [ 418.221716][ T9271] ? lockdep_hardirqs_on+0x94/0x130 [ 418.226916][ T9271] ? syscall_enter_from_user_mode+0x2e/0x240 [ 418.232903][ T9271] do_syscall_64+0x3b/0xb0 [ 418.237337][ T9271] ? clear_bhb_loop+0x15/0x70 [ 418.242081][ T9271] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 418.247983][ T9271] RIP: 0033:0x7f6a127c43b9 [ 418.252412][ T9271] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.272271][ T9271] RSP: 002b:00007f6a10c43048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 418.280699][ T9271] RAX: ffffffffffffffda RBX: 00007f6a12952f80 RCX: 00007f6a127c43b9 [ 418.288680][ T9271] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 418.296656][ T9271] RBP: 00007f6a10c430a0 R08: 0000000000000000 R09: 0000000000000000 [ 418.304632][ T9271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.312621][ T9271] R13: 000000000000000b R14: 00007f6a12952f80 R15: 00007ffe79edb248 [ 418.320609][ T9271] [ 418.374607][ T9277] loop1: detected capacity change from 0 to 16 [ 418.454846][ T9277] erofs: (device loop1): mounted with root inode @ nid 36. [ 418.492528][ T9277] attempt to access beyond end of device [ 418.492528][ T9277] loop1: rw=0, want=24, limit=16 [ 419.712671][ T9287] loop1: detected capacity change from 0 to 8192 [ 420.479254][ T6246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 420.543045][ T6246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 420.760944][ T9287] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 420.770412][ T9287] REISERFS (device loop1): using ordered data mode [ 420.811256][ T9287] reiserfs: using flush barriers [ 420.926022][ T9287] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 421.267639][ T9287] REISERFS (device loop1): checking transaction log (loop1) [ 421.423122][ T6246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 421.588256][ T9303] syz.0.1206 (9303) used obsolete PPPIOCDETACH ioctl [ 421.837854][ T9287] REISERFS (device loop1): Using tea hash to sort names [ 421.889581][ T9287] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 421.917914][ T9306] loop2: detected capacity change from 0 to 8192 [ 422.011486][ T9311] loop3: detected capacity change from 0 to 16 [ 422.076487][ T9306] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 422.098866][ T9311] erofs: (device loop3): mounted with root inode @ nid 36. [ 422.150982][ T9306] REISERFS (device loop2): using ordered data mode [ 422.172059][ T9311] FAULT_INJECTION: forcing a failure. [ 422.172059][ T9311] name failslab, interval 1, probability 0, space 0, times 0 [ 422.200876][ T9306] reiserfs: using flush barriers [ 422.220973][ T9311] CPU: 1 PID: 9311 Comm: syz.3.1208 Not tainted 5.15.164-syzkaller #0 [ 422.229236][ T9311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 422.239297][ T9311] Call Trace: [ 422.242577][ T9311] [ 422.245517][ T9311] dump_stack_lvl+0x1e3/0x2d0 [ 422.250237][ T9311] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 422.255873][ T9311] ? panic+0x860/0x860 [ 422.259939][ T9311] ? __might_sleep+0xc0/0xc0 [ 422.264525][ T9311] ? __lock_acquire+0x1295/0x1ff0 [ 422.269551][ T9311] should_fail+0x38a/0x4c0 [ 422.273977][ T9311] should_failslab+0x5/0x20 [ 422.278475][ T9311] slab_pre_alloc_hook+0x53/0xc0 [ 422.283408][ T9311] ? __d_alloc+0x2a/0x700 [ 422.287735][ T9311] kmem_cache_alloc+0x3f/0x280 [ 422.292495][ T9311] __d_alloc+0x2a/0x700 [ 422.296644][ T9311] ? rcu_lock_release+0x5/0x20 [ 422.301405][ T9311] d_alloc_parallel+0xca/0x1390 [ 422.306255][ T9311] ? __d_lookup+0x671/0x730 [ 422.310749][ T9311] ? d_hash_and_lookup+0x1b0/0x1b0 [ 422.315858][ T9311] path_openat+0x96f/0x2f20 [ 422.320375][ T9311] ? do_filp_open+0x460/0x460 [ 422.325067][ T9311] do_filp_open+0x21c/0x460 [ 422.329572][ T9311] ? vfs_tmpfile+0x2e0/0x2e0 [ 422.334168][ T9311] ? _raw_spin_unlock+0x24/0x40 [ 422.339008][ T9311] ? alloc_fd+0x598/0x630 [ 422.343336][ T9311] do_sys_openat2+0x13b/0x4f0 [ 422.348010][ T9311] ? do_sys_open+0x220/0x220 [ 422.352599][ T9311] __x64_sys_openat+0x243/0x290 [ 422.357467][ T9311] ? __ia32_sys_open+0x270/0x270 [ 422.362405][ T9311] ? syscall_enter_from_user_mode+0x2e/0x240 [ 422.368390][ T9311] ? lockdep_hardirqs_on+0x94/0x130 [ 422.373582][ T9311] ? syscall_enter_from_user_mode+0x2e/0x240 [ 422.379559][ T9311] do_syscall_64+0x3b/0xb0 [ 422.383971][ T9311] ? clear_bhb_loop+0x15/0x70 [ 422.388643][ T9311] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 422.394534][ T9311] RIP: 0033:0x7f556460e3b9 [ 422.398949][ T9311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 422.418627][ T9311] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 422.427037][ T9311] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9 [ 422.435003][ T9311] RDX: 000000000000275a RSI: 0000000020000040 RDI: ffffffffffffff9c [ 422.442984][ T9311] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 422.450949][ T9311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.458912][ T9311] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8 [ 422.466886][ T9311] [ 422.472821][ T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 422.485695][ T9306] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 422.508439][ T9319] loop4: detected capacity change from 0 to 256 [ 422.524681][ T9306] REISERFS (device loop2): checking transaction log (loop2) [ 422.541435][ T9319] exfat: Bad value for 'uid' [ 422.787899][ T9317] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1209'. [ 422.865500][ T9306] REISERFS (device loop2): Using tea hash to sort names [ 422.885529][ T9306] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 423.390890][ T3580] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 424.374442][ T9342] IPv6: NLM_F_CREATE should be specified when creating new route [ 424.390829][ T3580] usb 2-1: Using ep0 maxpacket: 8 [ 424.396232][ T9342] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 424.403939][ T9342] IPv6: NLM_F_CREATE should be set when creating new route [ 424.518913][ T3580] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 424.538232][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 424.552177][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 425.402893][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 425.490958][ T3580] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 425.498630][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 425.530508][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 425.607905][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 425.710935][ T3580] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 425.731267][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 425.770898][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 425.820816][ T3580] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 426.464020][ T3580] usb 2-1: string descriptor 0 read error: -71 [ 426.470352][ T3580] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 426.518143][ T3580] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.610876][ T3580] usb 2-1: can't set config #168, error -71 [ 426.645344][ T3580] usb 2-1: USB disconnect, device number 20 [ 426.838399][ T9378] loop4: detected capacity change from 0 to 164 [ 426.864503][ T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 426.976737][ T9380] loop3: detected capacity change from 0 to 8192 [ 427.077607][ T9380] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 427.092976][ T9380] REISERFS (device loop3): using ordered data mode [ 427.107736][ T9380] reiserfs: using flush barriers [ 427.167709][ T9380] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 427.194144][ T9380] REISERFS (device loop3): checking transaction log (loop3) [ 427.251850][ T9388] loop1: detected capacity change from 0 to 256 [ 427.458653][ T9398] FAULT_INJECTION: forcing a failure. [ 427.458653][ T9398] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.473176][ T9391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1224'. [ 427.504873][ T3645] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 427.507809][ T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 427.549308][ T9380] REISERFS (device loop3): Using tea hash to sort names [ 427.560639][ T9380] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 427.560871][ T9398] CPU: 1 PID: 9398 Comm: syz.4.1226 Not tainted 5.15.164-syzkaller #0 [ 427.577894][ T9398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 427.587956][ T9398] Call Trace: [ 427.591242][ T9398] [ 427.594182][ T9398] dump_stack_lvl+0x1e3/0x2d0 [ 427.598964][ T9398] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 427.604615][ T9398] ? panic+0x860/0x860 [ 427.608711][ T9398] ? __lock_acquire+0x1ff0/0x1ff0 [ 427.613750][ T9398] should_fail+0x38a/0x4c0 [ 427.618184][ T9398] _copy_from_iter+0x243/0xe90 [ 427.623057][ T9398] ? copy_mc_pipe_to_iter+0x760/0x760 [ 427.628446][ T9398] ? __virt_addr_valid+0x3bb/0x460 [ 427.633663][ T9398] ? 0xffffffff81000000 [ 427.637828][ T9398] ? __check_object_size+0x300/0x410 [ 427.643137][ T9398] netlink_sendmsg+0x800/0xd60 [ 427.647933][ T9398] ? netlink_getsockopt+0x5b0/0x5b0 [ 427.653149][ T9398] ? aa_sock_msg_perm+0x91/0x150 [ 427.658087][ T9398] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 427.663368][ T9398] ? security_socket_sendmsg+0x7d/0xa0 [ 427.668829][ T9398] ? netlink_getsockopt+0x5b0/0x5b0 [ 427.674023][ T9398] ____sys_sendmsg+0x59e/0x8f0 [ 427.678778][ T9398] ? iovec_from_user+0x300/0x390 [ 427.683732][ T9398] ? __sys_sendmsg_sock+0x30/0x30 [ 427.688763][ T9398] ___sys_sendmsg+0x252/0x2e0 [ 427.693439][ T9398] ? __sys_sendmsg+0x260/0x260 [ 427.698226][ T9398] ? __fdget+0x191/0x220 [ 427.702487][ T9398] __se_sys_sendmsg+0x19a/0x260 [ 427.707340][ T9398] ? __x64_sys_sendmsg+0x80/0x80 [ 427.712284][ T9398] ? syscall_enter_from_user_mode+0x2e/0x240 [ 427.718273][ T9398] ? lockdep_hardirqs_on+0x94/0x130 [ 427.723562][ T9398] ? syscall_enter_from_user_mode+0x2e/0x240 [ 427.729546][ T9398] do_syscall_64+0x3b/0xb0 [ 427.733958][ T9398] ? clear_bhb_loop+0x15/0x70 [ 427.738636][ T9398] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 427.744540][ T9398] RIP: 0033:0x7f352555f3b9 [ 427.748958][ T9398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 427.768553][ T9398] RSP: 002b:00007f35239de048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 427.776962][ T9398] RAX: ffffffffffffffda RBX: 00007f35256edf80 RCX: 00007f352555f3b9 [ 427.785015][ T9398] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000003 [ 427.792981][ T9398] RBP: 00007f35239de0a0 R08: 0000000000000000 R09: 0000000000000000 [ 427.800941][ T9398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 427.808905][ T9398] R13: 000000000000000b R14: 00007f35256edf80 R15: 00007ffdac52bb28 [ 427.816874][ T9398] [ 428.161699][ T9416] ufs: You didn't specify the type of your ufs filesystem [ 428.161699][ T9416] [ 428.161699][ T9416] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 428.161699][ T9416] [ 428.161699][ T9416] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 428.192463][ T9416] ufs: ufstype=old is supported read-only [ 428.198444][ T3645] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 428.206618][ T9416] ufs: ufs_fill_super(): bad magic number [ 428.470886][ T3645] usb 5-1: Using ep0 maxpacket: 8 [ 428.600976][ T3645] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 428.610904][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 428.664775][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 428.686655][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 428.862714][ T3645] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 428.888253][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 428.937864][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 428.984772][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 429.078481][ T9432] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1234'. [ 429.090766][ T5893] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 429.172789][ T3645] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 429.186700][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 429.209296][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 429.223795][ T3645] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 429.237378][ T7520] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 429.501626][ T3645] usb 5-1: string descriptor 0 read error: -22 [ 429.508915][ T3645] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 429.530840][ T5893] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 429.545033][ T3645] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 429.656058][ T3645] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 429.810892][ T5893] usb 2-1: Using ep0 maxpacket: 16 [ 429.824839][ T9441] loop2: detected capacity change from 0 to 512 [ 429.865123][ T3645] usb 5-1: USB disconnect, device number 22 [ 429.880699][ T9441] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.1237: casefold flag without casefold feature [ 429.897368][ T9441] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #12: comm syz.2.1237: missing EA_INODE flag [ 429.909588][ T9441] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.1237: error while reading EA inode 12 err=-117 [ 429.922658][ T9441] EXT4-fs (loop2): 1 orphan inode deleted [ 429.928406][ T9441] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 429.941019][ T7520] usb 4-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 429.958603][ T7520] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.970958][ T5893] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 429.972086][ T7520] usb 4-1: config 0 descriptor?? [ 429.996307][ T5893] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 430.022707][ T7520] gspca_main: spca508-2.14.0 probing 8086:0110 [ 430.076137][ T7] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 430.181085][ T5893] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 430.190824][ T5893] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.198937][ T5893] usb 2-1: Product: syz [ 430.260854][ T5893] usb 2-1: Manufacturer: syz [ 430.267653][ T7520] gspca_spca508: reg_read err -32 [ 430.286617][ T5893] usb 2-1: SerialNumber: syz [ 430.344712][ T9454] netlink: 'syz.0.1240': attribute type 1 has an invalid length. [ 430.419104][ T9457] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1240'. [ 430.516829][ T9423] udc-core: couldn't find an available UDC or it's busy [ 430.531139][ T9423] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 430.563471][ T9457] bond2 (unregistering): Released all slaves [ 430.586896][ T9454] device bond1 entered promiscuous mode [ 430.593566][ T9454] 8021q: adding VLAN 0 to HW filter on device bond1 [ 430.604331][ T9423] loop3: detected capacity change from 0 to 1024 [ 430.620347][ T9464] loop4: detected capacity change from 0 to 256 [ 430.667672][ T5893] usb 2-1: 0:192 : does not exist [ 430.676652][ T9464] exfat: Bad value for 'uid' [ 430.736685][ T5893] usb 2-1: USB disconnect, device number 21 [ 430.795639][ T9423] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:476: comm syz.3.1232: Invalid block bitmap block 0 in block_group 0 [ 430.830862][ T7520] gspca_spca508: reg_read err -110 [ 430.850936][ T7520] gspca_spca508: reg_read err -32 [ 430.870898][ T7520] gspca_spca508: reg_read err -32 [ 430.907299][ T7520] gspca_spca508: reg write: error -32 [ 430.914635][ T7520] spca508: probe of 4-1:0.0 failed with error -32 [ 430.934162][ T9423] Quota error (device loop3): write_blk: dquota write failed [ 430.963625][ T9423] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 430.981431][ T3860] udevd[3860]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 430.991903][ T9423] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz.3.1232: Failed to acquire dquot type 0 [ 431.015629][ T9423] EXT4-fs error (device loop3): ext4_free_blocks:6226: comm syz.3.1232: Freeing blocks not in datazone - block = 0, count = 4096 [ 431.069342][ T9423] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.1232: Invalid inode bitmap blk 0 in block_group 0 [ 431.084420][ T9423] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem [ 431.090273][ T9] Quota error (device loop3): remove_tree: Getting block too big (0 >= 9) [ 431.111184][ T9423] EXT4-fs (loop3): 1 orphan inode deleted [ 431.116937][ T9423] EXT4-fs (loop3): mounted filesystem without journal. Opts: €; sysvgroups,stripe=0x0000000000000000,auto_da_alloc,quota,nogrpid,norecovery,bsddf,bsdgroups,,errors=continue. Quota mode: writeback. [ 431.130850][ T9] EXT4-fs error (device loop3): ext4_release_dquot:6219: comm kworker/u4:0: Failed to release dquot type 0 [ 431.514007][ T3580] usb 4-1: USB disconnect, device number 17 [ 431.683186][ T9482] fuse: Bad value for 'fd' [ 431.687576][ T9477] loop1: detected capacity change from 0 to 32768 [ 431.771155][ T9477] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1244 (9477) [ 431.800502][ T9484] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1246'. [ 431.828866][ T9477] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 431.841039][ T9477] BTRFS info (device loop1): using free space tree [ 431.847558][ T9477] BTRFS info (device loop1): has skinny extents [ 432.016954][ T9423] syz.3.1232 (9423) used greatest stack depth: 19392 bytes left [ 432.047919][ T9477] BTRFS info (device loop1): enabling ssd optimizations [ 432.059220][ T9508] FAULT_INJECTION: forcing a failure. [ 432.059220][ T9508] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 432.081102][ T9508] CPU: 0 PID: 9508 Comm: syz.2.1248 Not tainted 5.15.164-syzkaller #0 [ 432.089272][ T9508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 432.099364][ T9508] Call Trace: [ 432.102650][ T9508] [ 432.105592][ T9508] dump_stack_lvl+0x1e3/0x2d0 [ 432.110280][ T9508] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 432.115916][ T9508] ? panic+0x860/0x860 [ 432.119995][ T9508] ? snprintf+0xd6/0x120 [ 432.124245][ T9508] should_fail+0x38a/0x4c0 [ 432.128686][ T9508] _copy_to_user+0x2d/0x130 [ 432.133199][ T9508] simple_read_from_buffer+0xc6/0x150 [ 432.138587][ T9508] proc_fail_nth_read+0x1a3/0x210 [ 432.143623][ T9508] ? proc_fault_inject_write+0x390/0x390 [ 432.149265][ T9508] ? fsnotify_perm+0x442/0x590 [ 432.154032][ T9508] ? proc_fault_inject_write+0x390/0x390 [ 432.159666][ T9508] vfs_read+0x2fc/0xe10 [ 432.160880][ T9] Quota error (device loop3): remove_tree: Getting block too big (0 >= 9) [ 432.163829][ T9508] ? kernel_read+0x1f0/0x1f0 [ 432.176885][ T9508] ? __fget_files+0x413/0x480 [ 432.181581][ T9508] ? mutex_lock_nested+0x17/0x20 [ 432.186524][ T9508] ? __fdget_pos+0x2cb/0x380 [ 432.191120][ T9508] ? ksys_read+0x77/0x2c0 [ 432.195468][ T9508] ksys_read+0x1a2/0x2c0 [ 432.199737][ T9508] ? print_irqtrace_events+0x210/0x210 [ 432.205210][ T9508] ? vfs_write+0xe50/0xe50 [ 432.209638][ T9508] ? syscall_enter_from_user_mode+0x2e/0x240 [ 432.215620][ T9508] ? lockdep_hardirqs_on+0x94/0x130 [ 432.217463][ T9] EXT4-fs error (device loop3): ext4_release_dquot:6219: comm kworker/u4:0: Failed to release dquot type 0 [ 432.220823][ T9508] ? syscall_enter_from_user_mode+0x2e/0x240 [ 432.220850][ T9508] do_syscall_64+0x3b/0xb0 [ 432.220868][ T9508] ? clear_bhb_loop+0x15/0x70 [ 432.220891][ T9508] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 432.253131][ T9508] RIP: 0033:0x7fed098c6dfc [ 432.257559][ T9508] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 432.277172][ T9508] RSP: 002b:00007fed07d26040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 432.285604][ T9508] RAX: ffffffffffffffda RBX: 00007fed09a57058 RCX: 00007fed098c6dfc [ 432.293583][ T9508] RDX: 000000000000000f RSI: 00007fed07d260b0 RDI: 0000000000000006 [ 432.301561][ T9508] RBP: 00007fed07d260a0 R08: 0000000000000000 R09: 0000000000000000 [ 432.309536][ T9508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.317510][ T9508] R13: 000000000000006e R14: 00007fed09a57058 R15: 00007fff842b4868 [ 432.325522][ T9508] [ 432.626856][ T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 432.696711][ T9519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1252'. [ 432.767242][ T9519] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1252'. [ 432.894281][ T9535] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1254'. [ 433.130805][ T7520] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 433.202640][ T9538] loop4: detected capacity change from 0 to 32768 [ 433.261098][ T9] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 433.306006][ T9538] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop4 scanned by syz.4.1254 (9538) [ 433.489612][ T9540] loop3: detected capacity change from 0 to 2048 [ 433.496581][ T9538] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 433.500896][ T7520] usb 2-1: Using ep0 maxpacket: 8 [ 433.527269][ T9538] BTRFS info (device loop4): using free space tree [ 433.543963][ T9540] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 433.581661][ T9538] BTRFS info (device loop4): has skinny extents [ 433.611165][ T9540] UDF-fs: error (device loop3): udf_read_inode: (ino 1329) failed !bh [ 433.656928][ T7520] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 433.676543][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 433.756868][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 433.770591][ T9552] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1258'. [ 433.797429][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 433.997075][ T9538] BTRFS info (device loop4): enabling ssd optimizations [ 434.020418][ T4183] BTRFS warning (device loop4): checksum verify failed on 5267456 wanted 0xd36f28683bcc071ebd9001b116f0a96c43b53005e93ac30efa4e4ee37cf90c76 found 0x760816d3414036959456d1dc15ead4b4635ccc0c15a841b0d042202459e42d17 level 0 [ 434.029622][ T7520] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 434.050886][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 434.062195][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 434.073280][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 434.134115][ T9570] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1257'. [ 434.141018][ T9538] BTRFS warning (device loop4): failed to read fs tree: -5 [ 434.171083][ T7520] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 434.178495][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 434.219461][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 434.251615][ T7520] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 434.331528][ T9538] BTRFS error (device loop4): open_ctree failed [ 434.382045][ T9575] sctp: [Deprecated]: syz.3.1260 (pid 9575) Use of int in maxseg socket option. [ 434.382045][ T9575] Use struct sctp_assoc_value instead [ 434.423997][ T9574] FAULT_INJECTION: forcing a failure. [ 434.423997][ T9574] name failslab, interval 1, probability 0, space 0, times 0 [ 434.440890][ T9574] CPU: 0 PID: 9574 Comm: syz.2.1261 Not tainted 5.15.164-syzkaller #0 [ 434.449058][ T9574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 434.459112][ T9574] Call Trace: [ 434.462391][ T9574] [ 434.465327][ T9574] dump_stack_lvl+0x1e3/0x2d0 [ 434.470025][ T9574] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 434.475657][ T9574] ? panic+0x860/0x860 [ 434.479733][ T9574] ? __might_sleep+0xc0/0xc0 [ 434.484350][ T9574] should_fail+0x38a/0x4c0 [ 434.488785][ T9574] should_failslab+0x5/0x20 [ 434.493290][ T9574] slab_pre_alloc_hook+0x53/0xc0 [ 434.498235][ T9574] __kmalloc_node_track_caller+0x6b/0x390 [ 434.503963][ T9574] ? inet6_netconf_notify_devconf+0xf8/0x1b0 [ 434.509956][ T9574] ? kmem_cache_alloc_node+0x154/0x2c0 [ 434.511483][ T7520] usb 2-1: string descriptor 0 read error: -22 [ 434.515422][ T9574] ? __alloc_skb+0xdd/0x590 [ 434.515468][ T9574] ? inet6_netconf_notify_devconf+0xf8/0x1b0 [ 434.528484][ T7520] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 434.532062][ T9574] __alloc_skb+0x12c/0x590 [ 434.532091][ T9574] inet6_netconf_notify_devconf+0xf8/0x1b0 [ 434.532117][ T9574] addrconf_ifdown+0x1879/0x1bb0 [ 434.532148][ T9574] ? addrconf_cleanup+0x260/0x260 [ 434.561350][ T9574] ? tls_dev_event+0x832/0x1040 [ 434.566216][ T9574] ? clusterip_netdev_event+0x425/0x440 [ 434.566663][ T7520] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.571781][ T9574] addrconf_notify+0x432/0xf30 [ 434.571805][ T9574] ? ip6mr_device_event+0x1d1/0x1f0 [ 434.571830][ T9574] raw_notifier_call_chain+0xd0/0x170 [ 434.595087][ T9574] unregister_netdevice_many+0xf1b/0x18f0 [ 434.600840][ T9574] ? alloc_netdev_mqs+0xc10/0xc10 [ 434.605887][ T9574] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 434.611887][ T9574] ? print_irqtrace_events+0x210/0x210 [ 434.617358][ T9574] ? lockdep_hardirqs_off+0x70/0x100 [ 434.622663][ T9574] ? do_raw_spin_unlock+0x137/0x8b0 [ 434.627879][ T9574] unregister_netdevice_queue+0x2e6/0x350 [ 434.633613][ T9574] ? list_netdevice+0x450/0x450 [ 434.635287][ T7520] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 434.638474][ T9574] ? linkwatch_fire_event+0xb2/0x3c0 [ 434.638502][ T9574] ? netif_carrier_on+0xc1/0x130 [ 434.656056][ T9574] __tun_detach+0x6b6/0x1600 [ 434.660671][ T9574] tun_chr_close+0x104/0x1b0 [ 434.665276][ T9574] ? tun_chr_open+0x4d0/0x4d0 [ 434.669975][ T9574] __fput+0x3fe/0x8e0 [ 434.673994][ T9574] task_work_run+0x129/0x1a0 [ 434.678611][ T9574] exit_to_user_mode_loop+0x106/0x130 [ 434.683998][ T9574] exit_to_user_mode_prepare+0xb1/0x140 [ 434.689560][ T9574] syscall_exit_to_user_mode+0x5d/0x240 [ 434.695127][ T9574] do_syscall_64+0x47/0xb0 [ 434.699556][ T9574] ? clear_bhb_loop+0x15/0x70 [ 434.704250][ T9574] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 434.710247][ T9574] RIP: 0033:0x7fed098c83b9 [ 434.714674][ T9574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 434.734294][ T9574] RSP: 002b:00007fed07d47048 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 434.742742][ T9574] RAX: 0000000000000000 RBX: 00007fed09a56f80 RCX: 00007fed098c83b9 [ 434.750726][ T9574] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 434.758706][ T9574] RBP: 00007fed07d470a0 R08: 0000000000000000 R09: 0000000000000000 [ 434.766683][ T9574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 434.774661][ T9574] R13: 000000000000000b R14: 00007fed09a56f80 R15: 00007fff842b4868 [ 434.782664][ T9574] [ 434.858291][ T5891] usb 2-1: USB disconnect, device number 22 [ 434.982979][ T9576] loop3: detected capacity change from 0 to 4096 [ 435.051125][ T9576] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 435.286158][ T9583] fuse: Bad value for 'fd' [ 435.316911][ T9583] 9pnet: Insufficient options for proto=fd [ 435.325402][ T9585] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1264'. [ 435.345621][ T9585] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1264'. [ 435.861797][ T9593] loop2: detected capacity change from 0 to 8192 [ 435.959237][ T9593] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 435.972252][ T9593] REISERFS (device loop2): using ordered data mode [ 435.980473][ T9593] reiserfs: using flush barriers [ 436.006420][ T9593] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 436.069086][ T9593] REISERFS (device loop2): checking transaction log (loop2) [ 436.340416][ T9593] REISERFS (device loop2): Using tea hash to sort names [ 436.353685][ T9611] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1270'. [ 436.355483][ T9593] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 436.722999][ T9619] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1272'. [ 436.755756][ T26] audit: type=1326 audit(1722543017.510:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9608 comm="syz.0.1269" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a127c43b9 code=0x0 [ 436.899390][ T9622] loop4: detected capacity change from 0 to 512 [ 436.911191][ T9624] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1274'. [ 437.129016][ T9635] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1277'. [ 437.173229][ T9635] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1277'. [ 437.324410][ T9638] fuse: Bad value for 'fd' [ 437.330932][ T5891] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 437.581844][ T5888] Bluetooth: hci2: command 0x0401 tx timeout [ 437.605292][ T9622] loop4: detected capacity change from 0 to 32768 [ 437.658418][ T9622] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.1275 (9622) [ 437.681424][ T9624] loop3: detected capacity change from 0 to 32768 [ 437.708268][ T9622] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 437.730808][ T5891] usb 2-1: Using ep0 maxpacket: 8 [ 437.734555][ T9624] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.1274 (9624) [ 437.740606][ T9622] BTRFS info (device loop4): using free space tree [ 437.790900][ T9622] BTRFS info (device loop4): has skinny extents [ 437.808845][ T9624] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 437.831553][ T9624] BTRFS info (device loop3): using free space tree [ 437.840451][ T9624] BTRFS info (device loop3): has skinny extents [ 437.870998][ T5891] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 437.878395][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 437.919680][ T9624] BTRFS info (device loop3): enabling ssd optimizations [ 437.935468][ T1187] BTRFS warning (device loop3): checksum verify failed on 5267456 wanted 0xd36f28683bcc071ebd9001b116f0a96c43b53005e93ac30efa4e4ee37cf90c76 found 0x760816d3414036959456d1dc15ead4b4635ccc0c15a841b0d042202459e42d17 level 0 [ 437.943324][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 437.966976][ T9624] BTRFS warning (device loop3): failed to read fs tree: -5 [ 438.079123][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 438.100007][ T9624] BTRFS error (device loop3): open_ctree failed [ 438.181076][ T5891] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 438.188539][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 438.205862][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 438.223324][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 438.231032][ T9622] BTRFS info (device loop4): enabling ssd optimizations [ 438.311101][ T5891] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 438.318651][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 438.370753][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 438.382833][ T1187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 438.464774][ T5891] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 438.794031][ T5891] usb 2-1: string descriptor 0 read error: -22 [ 438.800860][ T5891] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 438.840438][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.858112][ T9687] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1282'. [ 438.952100][ T5891] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 439.022218][ T1187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 439.182424][ T9522] usb 2-1: USB disconnect, device number 23 [ 439.224536][ T9691] loop2: detected capacity change from 0 to 4096 [ 439.336747][ T9691] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 439.682811][ T5891] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 439.732421][ T1390] ieee802154 phy0 wpan0: encryption failed: -22 [ 439.732487][ T1390] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.188600][ T9707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1287'. [ 440.225130][ T5891] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 440.381253][ T9711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1288'. [ 440.399036][ T9711] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1288'. [ 440.448302][ T9709] loop3: detected capacity change from 0 to 4096 [ 440.520224][ T9700] loop4: detected capacity change from 0 to 32768 [ 440.580021][ T9709] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 440.629080][ T9700] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1281 (9700) [ 440.648986][ T9709] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 440.712993][ T9720] fuse: Bad value for 'fd' [ 440.723229][ T9700] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 440.751949][ T9723] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1289'. [ 440.820792][ T9700] BTRFS info (device loop4): using free space tree [ 440.827423][ T9700] BTRFS info (device loop4): has skinny extents [ 441.332509][ T9741] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1294'. [ 441.765216][ T9700] BTRFS info (device loop4): enabling ssd optimizations [ 441.856541][ T9750] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1293'. [ 441.889065][ T9756] udc-core: couldn't find an available UDC or it's busy [ 441.895630][ T9754] loop1: detected capacity change from 0 to 256 [ 441.936812][ T9756] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 441.985768][ T9754] exfat: Deprecated parameter 'namecase' [ 441.999850][ T9754] exfat: Deprecated parameter 'utf8' [ 442.086377][ T9754] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f41, chksum : 0xf6e84b2e, utbl_chksum : 0xe619d30d) [ 442.535005][ T9758] loop3: detected capacity change from 0 to 32768 [ 442.564664][ T9014] exFAT-fs (loop1): error, invalid access to FAT (entry 0x00000005) bogus content (0x61616161) [ 442.586202][ T9014] exFAT-fs (loop1): Filesystem has been set read-only [ 442.595692][ T9014] exFAT-fs (loop1): error, invalid access to FAT (entry 0x00000005) bogus content (0x61616161) [ 442.638043][ T9763] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1300'. [ 442.653502][ T9758] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.1293 (9758) [ 442.694400][ T9763] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1300'. [ 442.752774][ T9758] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 442.787016][ T9758] BTRFS info (device loop3): using free space tree [ 442.828896][ T9758] BTRFS info (device loop3): has skinny extents [ 443.108164][ T9758] BTRFS info (device loop3): enabling ssd optimizations [ 443.118621][ T9093] BTRFS warning (device loop3): checksum verify failed on 5267456 wanted 0xd36f28683bcc071ebd9001b116f0a96c43b53005e93ac30efa4e4ee37cf90c76 found 0x760816d3414036959456d1dc15ead4b4635ccc0c15a841b0d042202459e42d17 level 0 [ 443.178209][ T150] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.229362][ T9758] BTRFS warning (device loop3): failed to read fs tree: -5 [ 443.266915][ T9766] loop2: detected capacity change from 0 to 40427 [ 443.336205][ T9758] BTRFS error (device loop3): open_ctree failed [ 443.346251][ T9766] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 443.376063][ T9766] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 443.479306][ T150] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.537471][ T9766] F2FS-fs (loop2): Found nat_bits in checkpoint [ 443.588499][ T9798] fuse: Bad value for 'fd' [ 443.603802][ T150] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.667528][ T9766] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 443.695984][ T150] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 443.736370][ T9766] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 443.812702][ T9766] fscrypt (loop2, inode 3): Error -61 getting encryption context [ 444.186730][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 444.808149][ T9805] sched: RT throttling activated [ 444.842206][ T3810] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 446.240916][ T5888] Bluetooth: hci1: command 0x0409 tx timeout [ 446.264668][ T9813] loop3: detected capacity change from 0 to 2048 [ 446.412835][ T9817] udc-core: couldn't find an available UDC or it's busy [ 446.419790][ T9817] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 446.526355][ T9813] EXT4-fs error (device loop3): ext4_fill_super:4840: inode #2: comm syz.3.1310: casefold flag without casefold feature [ 446.630268][ T9813] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 446.683285][ T9800] chnl_net:caif_netlink_parms(): no params data found [ 446.727309][ T9813] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 446.761915][ T9813] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 447.042069][ T9833] ufs: You didn't specify the type of your ufs filesystem [ 447.042069][ T9833] [ 447.042069][ T9833] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 447.042069][ T9833] [ 447.042069][ T9833] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 447.073197][ T9833] ufs: ufstype=old is supported read-only [ 447.079442][ T9833] ufs: ufs_fill_super(): bad magic number [ 447.154094][ T9813] overlayfs: conflicting lowerdir path [ 447.263337][ T9800] bridge0: port 1(bridge_slave_0) entered blocking state [ 447.308194][ T9800] bridge0: port 1(bridge_slave_0) entered disabled state [ 447.383995][ T9800] device bridge_slave_0 entered promiscuous mode [ 447.396046][ T9812] loop4: detected capacity change from 0 to 32768 [ 447.402452][ T9839] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1312'. [ 447.419346][ T9839] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1312'. [ 447.455351][ T9800] bridge0: port 2(bridge_slave_1) entered blocking state [ 447.468197][ T9800] bridge0: port 2(bridge_slave_1) entered disabled state [ 447.474053][ T9812] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1309 (9812) [ 447.523099][ T9812] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 447.525964][ T9800] device bridge_slave_1 entered promiscuous mode [ 447.537417][ T9812] BTRFS info (device loop4): using free space tree [ 447.581086][ T9812] BTRFS info (device loop4): has skinny extents [ 447.729646][ T9800] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 447.901820][ T9800] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 448.196881][ T9812] BTRFS info (device loop4): enabling ssd optimizations [ 448.301045][ T7516] Bluetooth: hci1: command 0x041b tx timeout [ 448.584103][ T9800] team0: Port device team_slave_0 added [ 448.623908][ T9800] team0: Port device team_slave_1 added [ 448.719774][ T9800] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 448.750098][ T9800] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.816914][ T9800] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 448.829258][ T9800] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 448.836276][ T9800] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 448.936284][ T9800] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 448.969934][ T9881] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1317'. [ 449.038327][ T9891] FAULT_INJECTION: forcing a failure. [ 449.038327][ T9891] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 449.066354][ T9891] CPU: 0 PID: 9891 Comm: syz.2.1318 Not tainted 5.15.164-syzkaller #0 [ 449.074519][ T9891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 449.084570][ T9891] Call Trace: [ 449.087840][ T9891] [ 449.090758][ T9891] dump_stack_lvl+0x1e3/0x2d0 [ 449.095427][ T9891] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 449.101064][ T9891] ? panic+0x860/0x860 [ 449.105127][ T9891] ? rcu_is_watching+0x11/0xa0 [ 449.109887][ T9891] ? kmem_cache_free+0x146/0x1f0 [ 449.114818][ T9891] should_fail+0x38a/0x4c0 [ 449.119246][ T9891] _copy_to_user+0x2d/0x130 [ 449.123734][ T9891] do_fcntl+0xc52/0x1600 [ 449.127968][ T9891] ? rcu_lock_release+0x20/0x20 [ 449.132807][ T9891] ? __fget_files+0x413/0x480 [ 449.137471][ T9891] ? tomoyo_file_fcntl+0x7c/0x200 [ 449.142480][ T9891] ? bpf_lsm_file_fcntl+0x5/0x10 [ 449.147405][ T9891] ? security_file_fcntl+0x7d/0xa0 [ 449.152506][ T9891] __se_sys_fcntl+0xd8/0x1b0 [ 449.157085][ T9891] do_syscall_64+0x3b/0xb0 [ 449.161487][ T9891] ? clear_bhb_loop+0x15/0x70 [ 449.166155][ T9891] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 449.172033][ T9891] RIP: 0033:0x7fed098c83b9 [ 449.176443][ T9891] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 449.196033][ T9891] RSP: 002b:00007fed07d47048 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 449.204434][ T9891] RAX: ffffffffffffffda RBX: 00007fed09a56f80 RCX: 00007fed098c83b9 [ 449.212396][ T9891] RDX: 0000000020000200 RSI: 0000000000000005 RDI: 0000000000000005 [ 449.220354][ T9891] RBP: 00007fed07d470a0 R08: 0000000000000000 R09: 0000000000000000 [ 449.228315][ T9891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 449.236271][ T9891] R13: 000000000000000b R14: 00007fed09a56f80 R15: 00007fff842b4868 [ 449.244240][ T9891] [ 449.254039][ T9800] device hsr_slave_0 entered promiscuous mode [ 449.261471][ T9800] device hsr_slave_1 entered promiscuous mode [ 449.263751][ T9526] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 449.278350][ T9800] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 449.289452][ T9800] Cannot create hsr debugfs directory [ 449.500527][ T9902] fuse: Bad value for 'fd' [ 449.619260][ T150] device hsr_slave_0 left promiscuous mode [ 449.639576][ T150] device hsr_slave_1 left promiscuous mode [ 449.674995][ T150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 449.690767][ T150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 449.701995][ T150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 449.709503][ T150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 449.721304][ T150] device bridge_slave_1 left promiscuous mode [ 449.750266][ T150] bridge0: port 2(bridge_slave_1) entered disabled state [ 449.787076][ T150] device bridge_slave_0 left promiscuous mode [ 449.818114][ T150] bridge0: port 1(bridge_slave_0) entered disabled state [ 449.860569][ T150] device veth1_macvtap left promiscuous mode [ 449.878997][ T150] device veth0_macvtap left promiscuous mode [ 449.898439][ T150] device veth1_vlan left promiscuous mode [ 449.909429][ T150] device veth0_vlan left promiscuous mode [ 450.702876][ T3638] Bluetooth: hci1: command 0x040f tx timeout [ 450.880015][ T150] team0 (unregistering): Port device team_slave_1 removed [ 450.922693][ T150] team0 (unregistering): Port device team_slave_0 removed [ 450.954299][ T150] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 450.969665][ T150] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 451.082298][ T5891] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 451.361042][ T5891] usb 4-1: Using ep0 maxpacket: 8 [ 451.491437][ T5891] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 451.511130][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 451.686960][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 451.698577][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 451.757680][ T150] bond0 (unregistering): Released all slaves [ 451.790962][ T5891] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 451.801707][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 451.814327][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 451.821257][ T3666] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 451.827133][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 451.855814][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 451.877813][ T9914] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1323'. [ 451.887110][ T9914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1323'. [ 451.970961][ T5891] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 451.987940][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 452.009889][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 452.050094][ T5891] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 452.635047][ T5891] usb 4-1: string descriptor 0 read error: -22 [ 452.722093][ T5891] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 452.732285][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.981393][ T5891] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 453.093290][ T5795] Bluetooth: hci1: command 0x0419 tx timeout [ 453.120001][ T5891] usb 4-1: USB disconnect, device number 18 [ 453.266936][ T9940] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1328'. [ 453.428705][ T9953] fuse: Invalid rootmode [ 453.512596][ T9800] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 453.530364][ T9800] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 453.557406][ T9800] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 453.574649][ T9800] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 454.152791][ T9800] 8021q: adding VLAN 0 to HW filter on device bond0 [ 454.552460][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 454.560280][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 454.601826][ T9800] 8021q: adding VLAN 0 to HW filter on device team0 [ 454.661309][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 454.856382][ T7519] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 454.865578][ T7519] bridge0: port 1(bridge_slave_0) entered blocking state [ 454.872681][ T7519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 454.891483][ T9971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1335'. [ 454.901123][ T9971] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1335'. [ 454.931628][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 455.081029][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 455.243008][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 455.447045][ T5795] bridge0: port 2(bridge_slave_1) entered blocking state [ 455.454152][ T5795] bridge0: port 2(bridge_slave_1) entered forwarding state [ 455.781016][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 455.800476][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 455.828827][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 455.863301][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 455.892393][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 455.922212][ T7516] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 455.939721][ T9955] loop2: detected capacity change from 0 to 32768 [ 455.957915][ T3638] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 455.986433][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 456.015531][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 456.049452][ T9955] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1331 (9955) [ 456.070051][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 456.107409][ T5795] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 456.128373][ T9955] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 456.138806][ T9800] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 456.175937][ T9955] BTRFS info (device loop2): using free space tree [ 456.206781][ T9955] BTRFS info (device loop2): has skinny extents [ 456.689856][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 456.710141][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 456.751615][ T9800] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 456.824344][ T9981] loop4: detected capacity change from 0 to 32768 [ 456.846823][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 456.861517][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 456.876710][ T9955] BTRFS error (device loop2): open_ctree failed [ 457.062410][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 457.070483][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 457.272140][ T9800] device veth0_vlan entered promiscuous mode [ 457.512632][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 457.520527][ T5891] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 457.583562][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 457.594840][ T3810] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 457.621188][ T9800] device veth1_vlan entered promiscuous mode [ 457.727569][ T9981] XFS (loop4): Mounting V5 Filesystem [ 457.769035][T10041] loop2: detected capacity change from 0 to 1024 [ 457.777916][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 457.823667][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 457.827627][T10041] EXT4-fs (loop2): Ignoring removed nobh option [ 457.841570][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 457.850045][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 457.861771][ T9800] device veth0_macvtap entered promiscuous mode [ 457.883020][T10037] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1340'. [ 457.924955][ T9981] XFS (loop4): Ending clean mount [ 457.983736][T10041] EXT4-fs (loop2): mounted filesystem without journal. Opts: user_xattr,init_itable=0x0000000000000003,nobh,usrquota,inode_readahead_blks=0x0000000000010000,max_dir_size_kb=0x00000000000007b1,jqfmt=vfsv1,min_batch_time=0x000000000000088d,delalloc,discard,nojournal_checksum,,errors=continue. Quota mode: writeback. [ 458.017658][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 458.063181][ T9800] device veth1_macvtap entered promiscuous mode [ 458.100802][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 458.170741][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.211243][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 458.315937][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.389320][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 458.437976][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.474484][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 458.518161][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.564808][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 458.594999][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.631990][ T9800] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 458.653626][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 458.671641][ T3615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 458.718290][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 458.746311][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.775285][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 458.798414][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.817300][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 458.849935][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.871610][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 458.900585][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 458.921352][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 458.979270][ T9800] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 459.008806][ T9800] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 459.040583][ T9800] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 459.055766][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 459.066633][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 459.104244][ T9800] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.125275][ T9800] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.167171][ T9800] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.186113][ T9800] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.311131][ T5027] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 459.369937][ T3649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.395465][ T3649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 459.426130][ T3666] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 459.434970][ T3666] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 459.468025][T10041] overlayfs: failed to resolve '/per': -2 [ 459.487518][ T5791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 459.671734][ T5791] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 459.784295][ T8997] XFS (loop4): Unmounting Filesystem [ 459.871790][ T3615] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 459.891348][ T13] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 459.941043][ T5027] usb 4-1: Using ep0 maxpacket: 8 [ 460.081106][ T5027] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 460.088729][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 460.125610][T10106] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1345'. [ 460.137404][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 460.155028][T10106] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1345'. [ 460.190937][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 460.320955][ T5027] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 460.328373][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 460.365134][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 460.380842][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 460.516378][ T5027] usb 4-1: config 168 descriptor has 1 excess byte, ignoring [ 460.526399][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 460.557295][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 460.592733][ T5027] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 460.726221][T10111] loop2: detected capacity change from 0 to 32768 [ 460.951022][ T5027] usb 4-1: string descriptor 0 read error: -22 [ 460.958005][ T5027] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 460.972228][T10111] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1348 (10111) [ 461.136549][ T5027] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.193031][ T5027] adutux 4-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 461.615953][T10111] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 461.728933][T10111] BTRFS info (device loop2): using free space tree [ 461.979833][T10111] BTRFS info (device loop2): has skinny extents [ 462.061546][ T5895] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 462.112373][ T3580] usb 4-1: USB disconnect, device number 19 [ 462.307698][T10138] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1351'. [ 462.758808][T10111] BTRFS info (device loop2): enabling ssd optimizations [ 463.142917][T10154] FAULT_INJECTION: forcing a failure. [ 463.142917][T10154] name failslab, interval 1, probability 0, space 0, times 0 [ 463.202627][T10157] udc-core: couldn't find an available UDC or it's busy [ 463.229306][T10157] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 463.270805][T10154] CPU: 0 PID: 10154 Comm: syz.3.1354 Not tainted 5.15.164-syzkaller #0 [ 463.279060][T10154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 463.289108][T10154] Call Trace: [ 463.292371][T10154] [ 463.295287][T10154] dump_stack_lvl+0x1e3/0x2d0 [ 463.299959][T10154] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 463.305591][T10154] ? panic+0x860/0x860 [ 463.309644][T10154] ? __might_sleep+0xc0/0xc0 [ 463.314246][T10154] should_fail+0x38a/0x4c0 [ 463.318652][T10154] should_failslab+0x5/0x20 [ 463.323140][T10154] slab_pre_alloc_hook+0x53/0xc0 [ 463.328063][T10154] __kmalloc+0x6e/0x300 [ 463.332200][T10154] ? tomoyo_realpath_from_path+0xd8/0x5e0 [ 463.337904][T10154] tomoyo_realpath_from_path+0xd8/0x5e0 [ 463.343471][T10154] tomoyo_path_number_perm+0x225/0x810 [ 463.348922][T10154] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 463.354407][T10154] ? __fget_files+0x413/0x480 [ 463.359080][T10154] security_file_ioctl+0x6d/0xa0 [ 463.364002][T10154] __se_sys_ioctl+0x47/0x160 [ 463.368577][T10154] do_syscall_64+0x3b/0xb0 [ 463.372980][T10154] ? clear_bhb_loop+0x15/0x70 [ 463.377661][T10154] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 463.383589][T10154] RIP: 0033:0x7f556460e3b9 [ 463.387986][T10154] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 463.407571][T10154] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 463.415970][T10154] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9 [ 463.423930][T10154] RDX: 0000000020000080 RSI: 00000000c008561b RDI: 0000000000000003 [ 463.431888][T10154] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 463.439847][T10154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 463.447801][T10154] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8 [ 463.455851][T10154] [ 463.479637][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 463.491089][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 463.520020][T10154] ERROR: Out of memory at tomoyo_realpath_from_path. [ 463.636775][T10162] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 464.416963][T10177] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1358'. [ 464.448576][T10177] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1358'. [ 464.536393][T10171] loop1: detected capacity change from 0 to 32768 [ 464.620794][T10171] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1360 (10171) [ 464.860839][T10184] ufs: You didn't specify the type of your ufs filesystem [ 464.860839][T10184] [ 464.860839][T10184] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 464.860839][T10184] [ 464.860839][T10184] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 464.893646][T10184] ufs: ufstype=old is supported read-only [ 464.902442][T10184] ufs: ufs_fill_super(): bad magic number [ 464.919468][T10171] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 464.978575][T10171] BTRFS info (device loop1): force zlib compression, level 3 [ 465.680870][T10171] BTRFS info (device loop1): setting nodatasum [ 465.687233][T10171] BTRFS info (device loop1): enabling auto defrag [ 465.721856][T10171] BTRFS info (device loop1): max_inline at 0 [ 465.759448][T10171] BTRFS info (device loop1): using free space tree [ 465.773412][T10195] loop3: detected capacity change from 0 to 256 [ 465.799906][T10171] BTRFS info (device loop1): has skinny extents [ 465.971371][T10195] exfat: Bad value for 'uid' [ 466.120806][ T3614] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 466.150856][T10171] BTRFS info (device loop1): enabling ssd optimizations [ 466.161111][T10215] loop2: detected capacity change from 0 to 4096 [ 466.229780][T10215] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 466.360775][ T3614] usb 5-1: Using ep0 maxpacket: 8 [ 466.481408][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 467.213472][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 467.240787][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 467.252326][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 467.343904][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 467.362942][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 467.390101][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 467.477833][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 467.580936][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 467.595705][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 467.639668][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 467.688672][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 468.111425][ T3614] usb 5-1: string descriptor 0 read error: -22 [ 468.123297][ T3614] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 468.225433][ T3614] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.630157][ T3614] usb 5-1: can't set config #168, error -71 [ 468.642888][ T3614] usb 5-1: USB disconnect, device number 23 [ 468.652280][ T6246] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 468.724106][T10246] loop1: detected capacity change from 0 to 4096 [ 468.759959][T10252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1373'. [ 468.769950][T10252] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1373'. [ 468.823140][T10246] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 468.875416][T10246] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 468.886710][T10246] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 468.914599][T10248] ufs: You didn't specify the type of your ufs filesystem [ 468.914599][T10248] [ 468.914599][T10248] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 468.914599][T10248] [ 468.914599][T10248] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 468.945424][T10248] ufs: ufstype=old is supported read-only [ 468.951876][T10248] ufs: ufs_fill_super(): bad magic number [ 469.031510][T10246] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 469.453756][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 469.503743][T10246] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 469.513978][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 469.551998][T10254] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1376'. [ 469.658213][T10246] ntfs: volume version 3.1. [ 469.708716][T10246] ntfs: (device loop1): load_and_init_quota(): Failed to find inode number for $Quota. [ 469.739506][T10246] ntfs: (device loop1): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 470.086249][T10272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1382'. [ 470.929509][T10280] loop3: detected capacity change from 0 to 4096 [ 471.085239][T10280] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 471.953137][T10295] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1386'. [ 472.000873][T10295] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1386'. [ 472.470812][ T3614] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 472.672347][T10302] ufs: You didn't specify the type of your ufs filesystem [ 472.672347][T10302] [ 472.672347][T10302] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 472.672347][T10302] [ 472.672347][T10302] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 472.703223][T10302] ufs: ufstype=old is supported read-only [ 472.709463][T10302] ufs: ufs_fill_super(): bad magic number [ 472.720850][ T3614] usb 4-1: Using ep0 maxpacket: 8 [ 472.840902][ T3614] usb 4-1: config 0 has an invalid descriptor of length 12, skipping remainder of the config [ 472.860897][ T3614] usb 4-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 472.899034][ T3614] usb 4-1: config 0 interface 0 has no altsetting 0 [ 472.915189][ T3614] usb 4-1: New USB device found, idVendor=2247, idProduct=0001, bcdDevice= 0.00 [ 472.933127][T10297] loop1: detected capacity change from 0 to 65536 [ 472.934617][ T3614] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 472.967960][ T3614] usb 4-1: config 0 descriptor?? [ 473.013219][ T3614] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 473.096792][T10297] XFS (loop1): Mounting V5 Filesystem [ 473.150064][T10297] XFS (loop1): Ending clean mount [ 473.460865][ T6246] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 473.497460][T10319] loop4: detected capacity change from 0 to 1024 [ 473.568284][T10319] EXT4-fs (loop4): Ignoring removed nobh option [ 473.601874][T10319] EXT4-fs (loop4): mounted filesystem without journal. Opts: user_xattr,init_itable=0x0000000000000003,nobh,usrquota,inode_readahead_blks=0x0000000000010000,max_dir_size_kb=0x00000000000007b1,jqfmt=vfsv1,min_batch_time=0x000000000000088d,delalloc,discard,nojournal_checksum,,errors=continue. Quota mode: writeback. [ 473.946293][ T6246] usb 2-1: config 0 has an invalid interface number: 106 but max is 0 [ 473.967396][ T6246] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 474.015328][ T6246] usb 2-1: config 0 has no interface number 0 [ 474.039301][ T6246] usb 2-1: config 0 interface 106 altsetting 0 endpoint 0xF has invalid maxpacket 13600, setting to 64 [ 474.091498][ T6246] usb 2-1: config 0 interface 106 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 77 [ 474.128845][ T6246] usb 2-1: config 0 interface 106 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 474.146251][ T6246] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=df.bb [ 474.180827][ T6246] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 474.199522][T10329] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1394'. [ 474.225580][ T6246] usb 2-1: config 0 descriptor?? [ 474.261164][T10297] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 474.303737][ T6246] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 474.382160][T10336] fuse: Bad value for 'rootmode' [ 474.450089][T10319] overlayfs: failed to resolve '/per': -2 [ 474.861099][ T150] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 475.189754][ T3645] usb 2-1: USB disconnect, device number 24 [ 475.225247][ T1187] usb 2-1: Failed to submit usb control message: -71 [ 475.263706][ T1187] usb 2-1: unable to send the bmi data to the device: -71 [ 475.341341][ T1187] usb 2-1: unable to get target info from device [ 475.347692][ T1187] usb 2-1: could not get target info (-71) [ 475.373698][ T1187] usb 2-1: could not probe fw (-71) [ 475.403762][ T3614] usb 4-1: USB disconnect, device number 20 [ 475.459531][T10354] loop2: detected capacity change from 0 to 4096 [ 475.511841][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 475.676859][T10354] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 475.871266][ T9800] XFS (loop1): Unmounting Filesystem [ 476.688106][T10373] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior. [ 477.473712][T10382] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1407'. [ 477.528612][T10385] FAULT_INJECTION: forcing a failure. [ 477.528612][T10385] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 477.543387][T10385] CPU: 0 PID: 10385 Comm: syz.3.1408 Not tainted 5.15.164-syzkaller #0 [ 477.551643][T10385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 477.561711][T10385] Call Trace: [ 477.564992][T10385] [ 477.567930][T10385] dump_stack_lvl+0x1e3/0x2d0 [ 477.572618][T10385] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 477.578261][T10385] ? panic+0x860/0x860 [ 477.582339][T10385] ? __lock_acquire+0x1ff0/0x1ff0 [ 477.587378][T10385] should_fail+0x38a/0x4c0 [ 477.591811][T10385] _copy_from_iter+0x243/0xe90 [ 477.596593][T10385] ? copy_mc_pipe_to_iter+0x760/0x760 [ 477.601974][T10385] ? __virt_addr_valid+0x3bb/0x460 [ 477.607091][T10385] ? 0xffffffff81000000 [ 477.611247][T10385] ? __check_object_size+0x300/0x410 [ 477.616548][T10385] netlink_sendmsg+0x800/0xd60 [ 477.621330][T10385] ? netlink_getsockopt+0x5b0/0x5b0 [ 477.626538][T10385] ? aa_sock_msg_perm+0x91/0x150 [ 477.631486][T10385] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 477.636771][T10385] ? security_socket_sendmsg+0x7d/0xa0 [ 477.642239][T10385] ? netlink_getsockopt+0x5b0/0x5b0 [ 477.647442][T10385] ____sys_sendmsg+0x59e/0x8f0 [ 477.652213][T10385] ? iovec_from_user+0x300/0x390 [ 477.657165][T10385] ? __sys_sendmsg_sock+0x30/0x30 [ 477.662214][T10385] ___sys_sendmsg+0x252/0x2e0 [ 477.666906][T10385] ? __sys_sendmsg+0x260/0x260 [ 477.671712][T10385] ? __fdget+0x191/0x220 [ 477.675965][T10385] __se_sys_sendmsg+0x19a/0x260 [ 477.680824][T10385] ? __x64_sys_sendmsg+0x80/0x80 [ 477.685777][T10385] ? syscall_enter_from_user_mode+0x2e/0x240 [ 477.691763][T10385] ? lockdep_hardirqs_on+0x94/0x130 [ 477.696966][T10385] ? syscall_enter_from_user_mode+0x2e/0x240 [ 477.702953][T10385] do_syscall_64+0x3b/0xb0 [ 477.707371][T10385] ? clear_bhb_loop+0x15/0x70 [ 477.712062][T10385] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 477.717960][T10385] RIP: 0033:0x7f556460e3b9 [ 477.722380][T10385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 477.741984][T10385] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 477.750403][T10385] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9 [ 477.758382][T10385] RDX: 0000000000000000 RSI: 00000000200002c0 RDI: 0000000000000003 [ 477.766355][T10385] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 477.774364][T10385] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 477.782349][T10385] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8 [ 477.790339][T10385] [ 477.822071][T10388] fuse: Bad value for 'rootmode' [ 477.950419][T10390] loop2: detected capacity change from 0 to 4096 [ 478.067263][ T3645] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 478.103819][T10390] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 479.025993][T10401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1412'. [ 479.088941][T10401] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1412'. [ 479.215101][T10392] loop3: detected capacity change from 0 to 32768 [ 479.331580][T10392] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 479.331580][T10392] [ 479.342921][ T3645] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 479.507517][T10409] loop1: detected capacity change from 0 to 8192 [ 479.531233][ T9] read_mapping_page failed! [ 479.540103][ T9] ERROR: (device loop3): txCommit: [ 479.540103][ T9] [ 479.580894][ T9] jfs_write_inode: jfs_commit_inode failed! [ 479.644126][T10409] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 479.658122][T10409] REISERFS (device loop1): using ordered data mode [ 479.681636][T10409] reiserfs: using flush barriers [ 479.708810][T10409] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 479.741066][T10409] REISERFS (device loop1): checking transaction log (loop1) [ 479.856429][T10409] REISERFS (device loop1): Using tea hash to sort names [ 479.876921][T10409] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 480.541595][ T3649] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 480.636075][ T9] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 480.754301][T10417] loop3: detected capacity change from 0 to 40427 [ 480.770210][T10433] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1421'. [ 480.857723][T10417] F2FS-fs (loop3): Invalid log blocks per segment (4278190089) [ 480.868306][T10417] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 480.900595][T10417] F2FS-fs (loop3): invalid crc value [ 480.966559][T10442] fuse: Unknown parameter 'use00000000000000000000' [ 480.981145][T10417] F2FS-fs (loop3): Found nat_bits in checkpoint [ 481.116252][T10417] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 481.133663][T10417] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 481.171949][T10417] attempt to access beyond end of device [ 481.171949][T10417] loop3: rw=2049, want=45112, limit=40427 [ 481.858267][T10453] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1426'. [ 481.925376][T10453] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1426'. [ 482.092152][T10458] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1427'. [ 482.120362][T10456] loop3: detected capacity change from 0 to 4096 [ 482.171232][T10458] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1427'. [ 482.317407][T10466] capability: warning: `syz.2.1429' uses deprecated v2 capabilities in a way that may be insecure [ 482.350404][T10456] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 483.018640][ T3614] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 483.261046][ T3614] usb 2-1: Using ep0 maxpacket: 16 [ 483.386968][ T3614] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 483.411854][ T3614] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 483.440842][ T3614] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 483.464143][ T3614] usb 2-1: New USB device found, idVendor=056a, idProduct=0022, bcdDevice= 0.00 [ 483.489657][ T3614] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.524844][ T3614] usb 2-1: config 0 descriptor?? [ 483.680113][T10495] fuse: Unknown parameter 'use00000000000000000000' [ 483.689727][T10496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1437'. [ 483.705506][T10496] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1437'. [ 483.767928][T10469] loop1: detected capacity change from 0 to 256 [ 483.839485][T10504] 9pnet: Insufficient options for proto=fd [ 483.903828][T10469] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 483.991544][ T26] audit: type=1800 audit(1722543064.750:47): pid=10469 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1430" name="file1" dev="loop1" ino=1048647 res=0 errno=0 [ 484.127051][T10511] loop4: detected capacity change from 0 to 256 [ 484.151304][T10511] exfat: Bad value for 'uid' [ 484.379512][T10469] exFAT-fs (loop1): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930444) [ 484.379512][T10469] [ 484.436149][T10469] exFAT-fs (loop1): Filesystem has been set read-only [ 484.463380][T10469] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880652eb560 iblock : 32, err : -5) [ 484.537492][T10469] exFAT-fs (loop1): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930444) [ 484.537492][T10469] [ 484.564384][ T3614] wacom 0003:056A:0022.0012: Unknown device_type for 'HID 056a:0022'. Assuming pen. [ 484.575425][T10469] exFAT-fs (loop1): error, failed to bmap (inode : ffff8880652eb560 iblock : 32, err : -5) [ 484.611296][ T3614] wacom 0003:056A:0022.0012: hidraw0: USB HID v0.00 Device [HID 056a:0022] on usb-dummy_hcd.1-1/input0 [ 484.688089][ T3614] input: Wacom Intuos 9x12 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:056A:0022.0012/input/input9 [ 484.801176][ T3614] usb 2-1: USB disconnect, device number 25 [ 485.363674][T10529] loop3: detected capacity change from 0 to 256 [ 485.468805][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1448'. [ 485.479714][T10531] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1448'. [ 485.514443][T10520] udc-core: couldn't find an available UDC or it's busy [ 485.530933][ T3614] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 485.570214][T10520] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 485.673206][ T4209] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 485.690180][T10535] loop1: detected capacity change from 0 to 8192 [ 485.717148][T10541] fuse: Unknown parameter 'use00000000000000000000' [ 485.746740][T10535] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 485.759037][T10535] REISERFS (device loop1): using ordered data mode [ 485.773360][T10535] reiserfs: using flush barriers [ 485.779436][T10535] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 485.798208][ T3614] usb 5-1: Using ep0 maxpacket: 8 [ 485.802556][T10535] REISERFS (device loop1): checking transaction log (loop1) [ 485.870255][T10535] REISERFS (device loop1): Using tea hash to sort names [ 485.877610][T10535] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 485.892101][T10535] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 485.930949][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 485.938507][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 485.950060][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 485.959701][T10535] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 6) not found (pos 2) [ 485.961826][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 485.994882][T10535] overlayfs: upper fs needs to support d_type. [ 486.002360][T10535] overlayfs: upper fs does not support tmpfile. [ 486.011646][T10535] overlayfs: upper fs does not support RENAME_WHITEOUT. [ 486.024942][T10535] overlayfs: failed to resolve './file0': -2 [ 486.061225][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 486.076186][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 486.088464][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 486.103752][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 486.150929][T10545] 9pnet: Insufficient options for proto=fd [ 486.190963][ T3614] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 486.198904][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 486.230592][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 486.250803][ T3614] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 486.451276][ T4184] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 486.543076][T10552] FAULT_INJECTION: forcing a failure. [ 486.543076][T10552] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 486.583201][T10552] CPU: 0 PID: 10552 Comm: syz.2.1458 Not tainted 5.15.164-syzkaller #0 [ 486.591462][T10552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 486.601520][T10552] Call Trace: [ 486.604799][T10552] [ 486.605208][T10554] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1459'. [ 486.607729][T10552] dump_stack_lvl+0x1e3/0x2d0 [ 486.621300][T10552] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 486.626937][T10552] ? panic+0x860/0x860 [ 486.631013][T10552] ? __lock_acquire+0x1ff0/0x1ff0 [ 486.636050][T10552] should_fail+0x38a/0x4c0 [ 486.640478][T10552] _copy_from_iter+0x243/0xe90 [ 486.645264][T10552] ? copy_mc_pipe_to_iter+0x760/0x760 [ 486.650659][T10552] ? __virt_addr_valid+0x3bb/0x460 [ 486.650971][ T3614] usb 5-1: string descriptor 0 read error: -22 [ 486.655770][T10552] ? 0xffffffff81000000 [ 486.666036][T10552] ? __check_object_size+0x300/0x410 [ 486.671332][T10552] netlink_sendmsg+0x800/0xd60 [ 486.675259][ T3614] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 486.676217][T10552] ? netlink_getsockopt+0x5b0/0x5b0 [ 486.690396][T10552] ? aa_sock_msg_perm+0x91/0x150 [ 486.695347][T10552] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 486.700646][T10552] ? security_socket_sendmsg+0x7d/0xa0 [ 486.701323][ T3614] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.706105][T10552] ? netlink_getsockopt+0x5b0/0x5b0 [ 486.719247][T10552] ____sys_sendmsg+0x59e/0x8f0 [ 486.724021][T10552] ? iovec_from_user+0x300/0x390 [ 486.728968][T10552] ? __sys_sendmsg_sock+0x30/0x30 [ 486.734008][T10552] ___sys_sendmsg+0x252/0x2e0 [ 486.738703][T10552] ? __sys_sendmsg+0x260/0x260 [ 486.743504][T10552] ? __fdget+0x191/0x220 [ 486.747762][T10552] __se_sys_sendmsg+0x19a/0x260 [ 486.752624][T10552] ? __x64_sys_sendmsg+0x80/0x80 [ 486.757584][T10552] ? syscall_enter_from_user_mode+0x2e/0x240 [ 486.763572][T10552] ? lockdep_hardirqs_on+0x94/0x130 [ 486.768775][T10552] ? syscall_enter_from_user_mode+0x2e/0x240 [ 486.770371][ T3614] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux1 [ 486.774762][T10552] do_syscall_64+0x3b/0xb0 [ 486.774788][T10552] ? clear_bhb_loop+0x15/0x70 [ 486.774816][T10552] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 486.797098][T10552] RIP: 0033:0x7fed098c83b9 [ 486.801513][T10552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 486.821126][T10552] RSP: 002b:00007fed07d47048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 486.829543][T10552] RAX: ffffffffffffffda RBX: 00007fed09a56f80 RCX: 00007fed098c83b9 [ 486.837518][T10552] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000003 [ 486.845499][T10552] RBP: 00007fed07d470a0 R08: 0000000000000000 R09: 0000000000000000 [ 486.853488][T10552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 486.861461][T10552] R13: 000000000000000b R14: 00007fed09a56f80 R15: 00007fff842b4868 [ 486.869451][T10552] [ 487.084199][ T5895] usb 5-1: USB disconnect, device number 24 [ 487.110925][T10562] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.172204][T10566] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.672408][ T5895] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 487.687391][T10569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1462'. [ 487.718246][T10569] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1462'. [ 487.820817][T10244] Bluetooth: hci0: command 0x0406 tx timeout [ 487.877372][T10576] FAULT_INJECTION: forcing a failure. [ 487.877372][T10576] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.920946][T10576] CPU: 0 PID: 10576 Comm: syz.2.1465 Not tainted 5.15.164-syzkaller #0 [ 487.929204][T10576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 487.939255][T10576] Call Trace: [ 487.942544][T10576] [ 487.945474][T10576] dump_stack_lvl+0x1e3/0x2d0 [ 487.950163][T10576] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 487.955905][T10576] ? panic+0x860/0x860 [ 487.959993][T10576] ? snprintf+0xd6/0x120 [ 487.964246][T10576] should_fail+0x38a/0x4c0 [ 487.968673][T10576] _copy_to_user+0x2d/0x130 [ 487.973185][T10576] simple_read_from_buffer+0xc6/0x150 [ 487.978564][T10576] proc_fail_nth_read+0x1a3/0x210 [ 487.983590][T10576] ? proc_fault_inject_write+0x390/0x390 [ 487.989224][T10576] ? fsnotify_perm+0x442/0x590 [ 487.993997][T10576] ? proc_fault_inject_write+0x390/0x390 [ 487.999636][T10576] vfs_read+0x2fc/0xe10 [ 488.003811][T10576] ? kernel_read+0x1f0/0x1f0 [ 488.008417][T10576] ? __fget_files+0x413/0x480 [ 488.013105][T10576] ? mutex_lock_nested+0x17/0x20 [ 488.018044][T10576] ? __fdget_pos+0x2cb/0x380 [ 488.022637][T10576] ? ksys_read+0x77/0x2c0 [ 488.026976][T10576] ksys_read+0x1a2/0x2c0 [ 488.031216][T10576] ? print_irqtrace_events+0x210/0x210 [ 488.036680][T10576] ? vfs_write+0xe50/0xe50 [ 488.041097][T10576] ? syscall_enter_from_user_mode+0x2e/0x240 [ 488.047081][T10576] ? lockdep_hardirqs_on+0x94/0x130 [ 488.052280][T10576] ? syscall_enter_from_user_mode+0x2e/0x240 [ 488.058266][T10576] do_syscall_64+0x3b/0xb0 [ 488.062687][T10576] ? clear_bhb_loop+0x15/0x70 [ 488.067367][T10576] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 488.073259][T10576] RIP: 0033:0x7fed098c6dfc [ 488.077677][T10576] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8d 02 00 48 [ 488.097301][T10576] RSP: 002b:00007fed07d47040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 488.105742][T10576] RAX: ffffffffffffffda RBX: 00007fed09a56f80 RCX: 00007fed098c6dfc [ 488.113726][T10576] RDX: 000000000000000f RSI: 00007fed07d470b0 RDI: 0000000000000005 [ 488.121700][T10576] RBP: 00007fed07d470a0 R08: 0000000000000000 R09: 0000000000000000 [ 488.129676][T10576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 488.137648][T10576] R13: 000000000000000b R14: 00007fed09a56f80 R15: 00007fff842b4868 [ 488.145641][T10576] [ 488.211831][T10579] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1466'. [ 488.334410][T10582] 9pnet: Insufficient options for proto=fd [ 488.617660][T10587] fuse: Unknown parameter 'user_i00000000000000000000' [ 488.714374][T10590] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1471'. [ 488.854603][T10593] sp0: Synchronizing with TNC [ 488.947993][T10599] loop4: detected capacity change from 0 to 64 [ 488.990497][T10600] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 489.158485][T10583] udc-core: couldn't find an available UDC or it's busy [ 489.175302][T10583] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 489.221645][T10607] loop4: detected capacity change from 0 to 1024 [ 489.310354][T10607] EXT4-fs (loop4): Test dummy encryption mode enabled [ 489.317776][T10607] EXT4-fs (loop4): Ignoring removed orlov option [ 489.331156][T10607] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption,debug_want_extra_isize=0x0000000000000084,stripe=0x0000000000000007,commit=0x0000000000000005,orlov,barrier=0x0000000000000005,max_batch_time=0x0000000000000000,data_err=abort,,errors=continue. Quota mode: writeback. [ 489.419879][T10607] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 489.737888][T10626] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1479'. [ 490.113741][T10640] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1484'. [ 490.134024][T10641] loop3: detected capacity change from 0 to 1024 [ 490.241506][T10641] hfsplus: unable to parse mount options [ 490.528269][T10654] fuse: Unknown parameter 'user_i00000000000000000000' [ 490.872370][ T4209] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 491.530303][T10668] loop3: detected capacity change from 0 to 4096 [ 491.585493][ T26] audit: type=1107 audit(1722543072.340:48): pid=10672 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 491.633344][T10668] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 491.809781][T10244] usb 2-1: new full-speed USB device number 26 using dummy_hcd [ 492.020991][T10244] usb 2-1: device descriptor read/64, error -71 [ 492.154588][ T1187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 492.525491][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1496'. [ 492.604602][T10671] loop4: detected capacity change from 0 to 40427 [ 492.659314][T10671] F2FS-fs (loop4): invalid crc value [ 492.660894][T10244] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 492.700556][T10671] F2FS-fs (loop4): Found nat_bits in checkpoint [ 492.824660][T10671] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 492.860951][T10244] usb 2-1: device descriptor read/64, error -71 [ 493.045790][T10244] usb usb2-port1: attempt power cycle [ 493.514798][T10682] attempt to access beyond end of device [ 493.514798][T10682] loop4: rw=2049, want=45120, limit=40427 [ 493.558056][T10677] udc-core: couldn't find an available UDC or it's busy [ 493.565391][T10677] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 493.574102][T10698] fuse: Unknown parameter 'user_i00000000000000000000' [ 493.715686][ T8997] attempt to access beyond end of device [ 493.715686][ T8997] loop4: rw=524288, want=45072, limit=40427 [ 493.738578][ T8997] attempt to access beyond end of device [ 493.738578][ T8997] loop4: rw=0, want=45072, limit=40427 [ 493.810792][T10244] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 493.907173][T10244] usb 2-1: device descriptor read/8, error -71 [ 494.119257][ T3649] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.180882][T10244] usb 2-1: new full-speed USB device number 29 using dummy_hcd [ 494.196373][ T3649] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.285710][T10244] usb 2-1: device descriptor read/8, error -71 [ 494.302681][ T3649] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.376661][ T3649] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 494.410966][T10244] usb usb2-port1: unable to enumerate USB device [ 494.483488][T10706] loop1: detected capacity change from 0 to 1024 [ 494.614516][T10706] EXT4-fs (loop1): Ignoring removed orlov option [ 494.624532][T10706] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 494.728157][T10706] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 495.730143][T10708] loop2: detected capacity change from 0 to 32768 [ 496.027241][T10708] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1505 (10708) [ 496.164554][T10708] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 496.217741][T10708] BTRFS info (device loop2): setting nodatacow, compression disabled [ 496.263073][T10737] loop1: detected capacity change from 0 to 1764 [ 496.269467][T10708] BTRFS info (device loop2): use zlib compression, level 3 [ 496.298735][T10708] BTRFS info (device loop2): setting nodatasum [ 496.333895][T10708] BTRFS info (device loop2): turning on flush-on-commit [ 496.352280][T10708] BTRFS info (device loop2): max_inline at 8 [ 496.393395][T10708] BTRFS info (device loop2): using free space tree [ 496.399920][T10708] BTRFS info (device loop2): has skinny extents [ 496.631190][ T3666] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 496.804216][T10730] chnl_net:caif_netlink_parms(): no params data found [ 496.817630][T10708] BTRFS info (device loop2): enabling ssd optimizations [ 497.473349][ T5895] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 497.585722][T10782] loop1: detected capacity change from 0 to 2048 [ 497.673913][ T3649] device hsr_slave_0 left promiscuous mode [ 497.696352][T10782] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 497.728442][ T3649] device hsr_slave_1 left promiscuous mode [ 497.753628][T10782] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 497.779055][ T3649] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 497.810999][ T3649] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 497.931269][ T1187] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 498.665641][ T1203] Bluetooth: hci3: command 0x0409 tx timeout [ 498.701773][ T3649] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 498.709200][ T3649] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 498.728534][ T1203] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 498.761666][T10795] fuse: Unknown parameter 'user_id00000000000000000000' [ 498.812924][ T3649] device bridge_slave_1 left promiscuous mode [ 498.819177][ T3649] bridge0: port 2(bridge_slave_1) entered disabled state [ 498.836950][ T3649] device bridge_slave_0 left promiscuous mode [ 498.845804][ T3649] bridge0: port 1(bridge_slave_0) entered disabled state [ 498.881713][ T3649] device veth1_macvtap left promiscuous mode [ 499.010411][ T3649] device veth0_macvtap left promiscuous mode [ 499.020553][ T3649] device veth1_vlan left promiscuous mode [ 499.054353][ T3649] device veth0_vlan left promiscuous mode [ 499.810479][T10803] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1518'. [ 500.133899][ T3649] team0 (unregistering): Port device team_slave_1 removed [ 500.163545][ T3649] team0 (unregistering): Port device team_slave_0 removed [ 500.190310][ T3649] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 500.216684][ T3649] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 500.347357][ T3649] bond0 (unregistering): Released all slaves [ 500.376968][ T26] audit: type=1326 audit(1722543081.130:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 500.400238][ T26] audit: type=1326 audit(1722543081.130:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 500.423993][ T26] audit: type=1326 audit(1722543081.130:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 500.492801][T10809] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 500.560232][ T26] audit: type=1326 audit(1722543081.150:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 500.584078][ T26] audit: type=1326 audit(1722543081.150:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 500.621195][ T26] audit: type=1326 audit(1722543081.150:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 500.664521][ T26] audit: type=1326 audit(1722543081.150:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 500.735059][ T26] audit: type=1326 audit(1722543081.150:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 500.768761][ T1203] Bluetooth: hci3: command 0x041b tx timeout [ 500.977372][ T26] audit: type=1326 audit(1722543081.150:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10808 comm="syz.3.1520" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f556460e3b9 code=0x7ffc0000 [ 501.016270][T10730] bridge0: port 1(bridge_slave_0) entered blocking state [ 501.031699][T10730] bridge0: port 1(bridge_slave_0) entered disabled state [ 501.039798][T10730] device bridge_slave_0 entered promiscuous mode [ 501.057585][T10730] bridge0: port 2(bridge_slave_1) entered blocking state [ 501.076502][T10730] bridge0: port 2(bridge_slave_1) entered disabled state [ 501.084704][T10730] device bridge_slave_1 entered promiscuous mode [ 501.102350][ T1390] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.108811][ T1390] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.157037][T10730] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 501.178791][T10730] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 501.318937][T10730] team0: Port device team_slave_0 added [ 501.352996][T10730] team0: Port device team_slave_1 added [ 501.412035][T10730] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 501.432621][T10730] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 501.499339][T10730] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 501.545297][T10730] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 501.584840][T10730] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 501.635124][T10730] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 501.796763][T10844] loop3: detected capacity change from 0 to 2048 [ 501.886743][T10730] device hsr_slave_0 entered promiscuous mode [ 501.906593][T10730] device hsr_slave_1 entered promiscuous mode [ 501.906771][T10849] fuse: Unknown parameter 'user_id00000000000000000000' [ 501.928801][T10844] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 501.959579][T10730] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 501.975059][T10730] Cannot create hsr debugfs directory [ 501.981077][T10844] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 502.485302][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 502.964967][ T13] Bluetooth: hci3: command 0x040f tx timeout [ 503.671675][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 504.098686][T10730] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 504.132632][T10730] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 504.165691][T10730] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 504.202255][T10730] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 504.447732][T10730] 8021q: adding VLAN 0 to HW filter on device bond0 [ 504.515113][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 504.541536][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 504.567590][T10730] 8021q: adding VLAN 0 to HW filter on device team0 [ 504.610641][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 504.629980][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 504.670289][ T3580] bridge0: port 1(bridge_slave_0) entered blocking state [ 504.677386][ T3580] bridge0: port 1(bridge_slave_0) entered forwarding state [ 504.758759][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 504.771288][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 504.808941][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 504.845207][T10244] bridge0: port 2(bridge_slave_1) entered blocking state [ 504.852333][T10244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 504.897708][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 504.948153][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 505.015663][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 505.030896][ T1203] Bluetooth: hci3: command 0x0419 tx timeout [ 505.039743][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 505.085261][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 505.128946][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 505.306640][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 505.315484][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 505.324309][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 505.332789][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 505.343383][T10730] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 505.388088][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 505.762270][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 505.769825][ T5027] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 505.799499][T10922] FAULT_INJECTION: forcing a failure. [ 505.799499][T10922] name failslab, interval 1, probability 0, space 0, times 0 [ 505.813376][T10730] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 505.877451][T10922] CPU: 1 PID: 10922 Comm: syz.3.1536 Not tainted 5.15.164-syzkaller #0 [ 505.885728][T10922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 505.895800][T10922] Call Trace: [ 505.899076][T10922] [ 505.902007][T10922] dump_stack_lvl+0x1e3/0x2d0 [ 505.906698][T10922] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 505.912340][T10922] ? panic+0x860/0x860 [ 505.916421][T10922] ? __might_sleep+0xc0/0xc0 [ 505.921028][T10922] should_fail+0x38a/0x4c0 [ 505.925462][T10922] should_failslab+0x5/0x20 [ 505.929977][T10922] slab_pre_alloc_hook+0x53/0xc0 [ 505.934939][T10922] __kmalloc+0x6e/0x300 [ 505.939111][T10922] ? tomoyo_realpath_from_path+0xd8/0x5e0 [ 505.944846][T10922] tomoyo_realpath_from_path+0xd8/0x5e0 [ 505.950421][T10922] tomoyo_path_number_perm+0x225/0x810 [ 505.955897][T10922] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 505.961373][T10922] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 505.967394][T10922] ? d_alloc_parallel+0x125d/0x1390 [ 505.972601][T10922] tomoyo_path_mknod+0x172/0x1b0 [ 505.977540][T10922] ? tomoyo_path_symlink+0x110/0x110 [ 505.982825][T10922] ? d_hash_and_lookup+0x1b0/0x1b0 [ 505.987938][T10922] security_path_mknod+0xf1/0x150 [ 505.991213][T10928] loop1: detected capacity change from 0 to 1024 [ 505.992964][T10922] path_openat+0xc78/0x2f20 [ 506.004215][T10922] ? do_filp_open+0x460/0x460 [ 506.008933][T10922] do_filp_open+0x21c/0x460 [ 506.013457][T10922] ? vfs_tmpfile+0x2e0/0x2e0 [ 506.018074][T10922] ? _raw_spin_unlock+0x24/0x40 [ 506.022928][T10922] ? alloc_fd+0x598/0x630 [ 506.027270][T10922] do_sys_openat2+0x13b/0x4f0 [ 506.030910][T10919] loop2: detected capacity change from 0 to 8192 [ 506.031946][T10922] ? do_sys_open+0x220/0x220 [ 506.042822][T10922] __x64_sys_openat+0x243/0x290 [ 506.047674][T10922] ? __ia32_sys_open+0x270/0x270 [ 506.052610][T10922] ? syscall_enter_from_user_mode+0x2e/0x240 [ 506.058583][T10922] ? lockdep_hardirqs_on+0x94/0x130 [ 506.063773][T10922] ? syscall_enter_from_user_mode+0x2e/0x240 [ 506.069742][T10922] do_syscall_64+0x3b/0xb0 [ 506.074146][T10922] ? clear_bhb_loop+0x15/0x70 [ 506.078812][T10922] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 506.084696][T10922] RIP: 0033:0x7f556460e3b9 [ 506.089106][T10922] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.108700][T10922] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 506.117105][T10922] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9 [ 506.125077][T10922] RDX: 000000000000275a RSI: 0000000020000280 RDI: ffffffffffffff9c [ 506.133047][T10922] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 506.141006][T10922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 506.148964][T10922] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8 [ 506.156940][T10922] [ 506.253146][T10928] EXT4-fs (loop1): Ignoring removed orlov option [ 506.269724][T10928] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 506.311451][T10919] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 506.345478][T10919] REISERFS (device loop2): using ordered data mode [ 506.352302][T10922] ERROR: Out of memory at tomoyo_realpath_from_path. [ 506.419796][T10919] reiserfs: using flush barriers [ 506.471610][T10919] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 506.541791][T10938] fuse: Unknown parameter 'user_id00000000000000000000' [ 507.021497][T10919] REISERFS (device loop2): checking transaction log (loop2) [ 507.270894][ T1203] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 507.311578][T10928] EXT4-fs (loop1): mounted filesystem without journal. Opts: discard,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,nomblk_io_submit,,errors=continue. Quota mode: none. [ 507.384371][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 507.486501][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 507.573751][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 507.594076][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 507.602369][T10919] REISERFS (device loop2): Using tea hash to sort names [ 507.619776][T10919] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 507.635267][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 507.653251][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 507.827274][T10730] device veth0_vlan entered promiscuous mode [ 507.854156][T10730] device veth1_vlan entered promiscuous mode [ 507.878191][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 507.899946][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 507.911529][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 507.926747][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 507.955440][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 507.971392][T10969] ufs: You didn't specify the type of your ufs filesystem [ 507.971392][T10969] [ 507.971392][T10969] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 507.971392][T10969] [ 507.971392][T10969] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 508.028176][T10730] device veth0_macvtap entered promiscuous mode [ 508.066509][T10730] device veth1_macvtap entered promiscuous mode [ 508.165291][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 508.217154][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.258049][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 508.282810][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.307367][T10969] ufs: ufstype=old is supported read-only [ 508.310498][ T1203] Bluetooth: hci4: command 0x0406 tx timeout [ 508.323101][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 508.340967][T10969] ufs: ufs_fill_super(): bad magic number [ 508.351147][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.390823][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 508.420785][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.440825][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 508.472570][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.492027][T10730] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 508.521704][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 508.529758][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 508.593394][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 508.611539][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 508.632339][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 508.670781][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.680589][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 508.740728][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.750547][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 508.812317][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.852190][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 508.870765][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.892736][T10730] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 508.919776][T10730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 508.957459][T10730] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 509.010187][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 509.024255][T10244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 509.062245][T10730] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.081674][T10730] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.099097][T10730] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.131136][T10730] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 509.147183][T10992] loop2: detected capacity change from 0 to 4096 [ 509.219458][T10992] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 509.293718][ T3649] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 509.340967][ T3649] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 509.430793][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 509.442008][ T3666] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 509.453738][ T144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 509.695626][ T144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 509.939320][ T3614] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 510.283882][T11007] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1509'. [ 510.780238][T11025] FAULT_INJECTION: forcing a failure. [ 510.780238][T11025] name failslab, interval 1, probability 0, space 0, times 0 [ 510.830872][T11025] CPU: 1 PID: 11025 Comm: syz.3.1547 Not tainted 5.15.164-syzkaller #0 [ 510.839139][T11025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 510.849203][T11025] Call Trace: [ 510.852497][T11025] [ 510.855443][T11025] dump_stack_lvl+0x1e3/0x2d0 [ 510.860144][T11025] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 510.865805][T11025] ? panic+0x860/0x860 [ 510.869895][T11025] ? __might_sleep+0xc0/0xc0 [ 510.874499][T11025] ? netlink_insert+0xcac/0x1280 [ 510.879454][T11025] should_fail+0x38a/0x4c0 [ 510.883906][T11025] should_failslab+0x5/0x20 [ 510.888413][T11025] slab_pre_alloc_hook+0x53/0xc0 [ 510.893364][T11025] kmem_cache_alloc_node+0x49/0x2c0 [ 510.898569][T11025] ? __alloc_skb+0xdd/0x590 [ 510.903085][T11025] __alloc_skb+0xdd/0x590 [ 510.907436][T11025] netlink_sendmsg+0x6f8/0xd60 [ 510.912223][T11025] ? netlink_getsockopt+0x5b0/0x5b0 [ 510.917429][T11025] ? aa_sock_msg_perm+0x91/0x150 [ 510.922417][T11025] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 510.927708][T11025] ? security_socket_sendmsg+0x7d/0xa0 [ 510.933267][T11025] ? netlink_getsockopt+0x5b0/0x5b0 [ 510.938485][T11025] sock_write_iter+0x39b/0x530 [ 510.943258][T11025] ? sock_read_iter+0x480/0x480 [ 510.948117][T11025] ? common_file_perm+0x17d/0x1d0 [ 510.953149][T11025] ? iov_iter_init+0x4a/0x170 [ 510.957836][T11025] vfs_write+0xacd/0xe50 [ 510.962089][T11025] ? file_end_write+0x250/0x250 [ 510.966946][T11025] ? __fget_files+0x413/0x480 [ 510.971631][T11025] ? __fdget_pos+0x1e9/0x380 [ 510.976220][T11025] ? ksys_write+0x77/0x2c0 [ 510.980641][T11025] ksys_write+0x1a2/0x2c0 [ 510.984976][T11025] ? print_irqtrace_events+0x210/0x210 [ 510.990447][T11025] ? __ia32_sys_read+0x80/0x80 [ 510.995222][T11025] ? syscall_enter_from_user_mode+0x2e/0x240 [ 511.001211][T11025] ? lockdep_hardirqs_on+0x94/0x130 [ 511.006412][T11025] ? syscall_enter_from_user_mode+0x2e/0x240 [ 511.012395][T11025] do_syscall_64+0x3b/0xb0 [ 511.016808][T11025] ? clear_bhb_loop+0x15/0x70 [ 511.021490][T11025] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 511.027396][T11025] RIP: 0033:0x7f556460e3b9 [ 511.031810][T11025] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 511.051412][T11025] RSP: 002b:00007f5562a8d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 511.059832][T11025] RAX: ffffffffffffffda RBX: 00007f556479cf80 RCX: 00007f556460e3b9 [ 511.067805][T11025] RDX: 0000000000000140 RSI: 00000000200000c0 RDI: 0000000000000004 [ 511.075779][T11025] RBP: 00007f5562a8d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 511.083751][T11025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 511.091724][T11025] R13: 000000000000000b R14: 00007f556479cf80 R15: 00007fff532e9bb8 [ 511.099722][T11025] [ 511.167147][T11032] loop4: detected capacity change from 0 to 1764 [ 511.362017][T11040] fuse: Bad value for 'fd' [ 511.362653][ T27] INFO: task syz.0.1009:8382 blocked for more than 143 seconds. [ 511.383297][ T27] Not tainted 5.15.164-syzkaller #0 [ 511.389241][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 511.403111][ T27] task:syz.0.1009 state:D stack:22424 pid: 8382 ppid: 6639 flags:0x00004004 [ 511.420839][ T27] Call Trace: [ 511.432425][ T27] [ 511.435679][ T27] __schedule+0x12c4/0x45b0 [ 511.440224][ T27] ? release_firmware_map_entry+0x190/0x190 [ 511.464935][ T27] ? lockdep_hardirqs_on_prepare+0x438/0x7a0 [ 511.471145][ T27] ? print_irqtrace_events+0x210/0x210 [ 511.476620][ T27] ? _raw_spin_lock_irq+0xdb/0x110 [ 511.481920][ T27] schedule+0x11b/0x1f0 [ 511.486137][ T27] io_schedule+0x88/0x100 [ 511.490475][ T27] wait_on_page_bit_common+0xa13/0x1180 [ 511.496242][ T27] ? wait_on_page_bit+0x50/0x50 [ 511.501302][ T27] ? rcu_lock_release+0x20/0x20 [ 511.506413][ T27] ? jfs_error+0x2b3/0x2e0 [ 511.511199][ T27] ? workingset_activation+0x601/0x750 [ 511.516806][ T27] ? __get_metapage+0xa88/0x1070 [ 511.523155][ T27] release_metapage+0x120/0xe00 [ 511.528154][ T27] __get_metapage+0xc07/0x1070 [ 511.533258][ T27] dtSplitPage+0x8e3/0x3ec0 [ 511.537811][ T27] ? up_write+0x19d/0x580 [ 511.542930][ T27] ? clear_nonspinnable+0x60/0x60 [ 511.547981][ T27] ? __up_read+0x690/0x690 [ 511.552895][ T27] ? dtSplitRoot+0x1920/0x1920 [ 511.557689][ T27] ? dbNextAG+0x630/0x630 [ 511.562419][ T27] ? dtInsert+0x881/0x6b00 [ 511.573488][ T27] dtInsert+0x14fc/0x6b00 [ 511.577967][ T27] ? kfree+0xf1/0x270 [ 511.586014][ T27] ? mark_lock+0x98/0x340 [ 511.590547][ T27] ? UniStrupr+0x2c0/0x2c0 [ 511.599079][ T27] ? read_lock_is_recursive+0x10/0x10 [ 511.608470][ T27] ? txLock+0x235/0x1b30 [ 511.616660][ T27] ? do_raw_spin_lock+0x14a/0x370 [ 511.625676][ T27] ? txLock+0xf29/0x1b30 [ 511.630101][ T27] jfs_create+0x7b2/0xbb0 [ 511.639390][ T27] ? jfs_lookup+0x400/0x400 [ 511.648159][ T27] ? jfs_get_parent+0xa0/0xa0 [ 511.666383][ T27] ? make_kgid+0x6f0/0x6f0 [ 511.680756][ T27] ? generic_permission+0x21c/0x4f0 [ 511.686106][ T27] ? inode_permission+0xf7/0x450 [ 511.700722][ T27] ? bpf_lsm_inode_create+0x5/0x10 [ 511.705855][ T27] ? security_inode_create+0xb4/0x100 [ 511.720738][ T27] ? jfs_lookup+0x400/0x400 [ 511.725263][ T27] path_openat+0x130a/0x2f20 [ 511.729899][ T27] ? do_filp_open+0x460/0x460 [ 511.751843][ T27] do_filp_open+0x21c/0x460 [ 511.756484][ T27] ? vfs_tmpfile+0x2e0/0x2e0 [ 511.761397][ T27] ? _raw_spin_unlock+0x24/0x40 [ 511.766258][ T27] ? alloc_fd+0x598/0x630 [ 511.770602][ T27] do_sys_openat2+0x13b/0x4f0 [ 511.790787][ T27] ? do_sys_open+0x220/0x220 [ 511.800959][ T27] __x64_sys_openat+0x243/0x290 [ 511.805829][ T27] ? __ia32_sys_open+0x270/0x270 [ 511.820773][ T27] ? syscall_enter_from_user_mode+0x2e/0x240 [ 511.826769][ T27] ? lockdep_hardirqs_on+0x94/0x130 [ 511.843751][ T27] ? syscall_enter_from_user_mode+0x2e/0x240 [ 511.849916][ T27] do_syscall_64+0x3b/0xb0 [ 511.860789][ T27] ? clear_bhb_loop+0x15/0x70 [ 511.865679][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 511.875900][ T27] RIP: 0033:0x7f198c5993b9 [ 511.880572][ T27] RSP: 002b:00007f198aa18048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 511.889640][ T27] RAX: ffffffffffffffda RBX: 00007f198c727f80 RCX: 00007f198c5993b9 [ 511.912640][ T27] RDX: 000000000000275a RSI: 0000000020000100 RDI: ffffffffffffff9c [ 511.935704][ T27] RBP: 00007f198c6068e6 R08: 0000000000000000 R09: 0000000000000000 [ 511.944164][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 511.953056][ T27] R13: 000000000000000b R14: 00007f198c727f80 R15: 00007ffdc73d3518 [ 511.961609][ T27] [ 511.966797][ T27] [ 511.966797][ T27] Showing all locks held in the system: [ 511.976229][ T27] 1 lock held by khungtaskd/27: [ 511.983288][ T27] #0: ffffffff8c91fb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 511.996029][ T27] 4 locks held by kworker/u4:3/155: [ 512.001575][ T27] #0: ffff88814074c138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 512.012595][ T27] #1: ffffc90001ee7d20 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 512.031946][ T27] #2: ffff888076a520e0 (&type->s_umount_key#109){++++}-{3:3}, at: trylock_super+0x1b/0xf0 [ 512.050797][ T27] #3: ffff8880580e3008 (&jfs_ip->commit_mutex){+.+.}-{3:3}, at: jfs_commit_inode+0x242/0x580 [ 512.073758][ T27] 3 locks held by kworker/0:2/1203: [ 512.085905][ T27] 1 lock held by udevd/3027: [ 512.103804][ T27] #0: ffff8880b9a3a358 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x26/0x140 [ 512.135993][ T27] 2 locks held by getty/3325: [ 512.146666][ T27] #0: ffff88814a8fd098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 512.211404][ T27] #1: ffffc9000209b2e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6af/0x1db0 [ 512.233126][ T27] 3 locks held by kworker/1:4/3580: [ 512.254194][ T27] #0: ffff888011c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 512.285566][ T27] #1: ffffc90002ec7d20 (binder_deferred_work){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 512.320978][ T27] #2: ffffffff8c9240e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x350/0x740 [ 512.332223][ T27] 4 locks held by syz.0.1009/8382: [ 512.337407][ T27] #0: ffff888076a52460 (sb_writers#28){.+.+}-{0:0}, at: mnt_want_write+0x3b/0x80 [ 512.349022][ T27] #1: ffff8880580e33c0 (&type->i_mutex_dir_key#21){++++}-{3:3}, at: path_openat+0x824/0x2f20 [ 512.360779][ T27] #2: ffff8880580e3008 (&jfs_ip->commit_mutex){+.+.}-{3:3}, at: jfs_create+0x22d/0xbb0 [ 512.371970][ T27] #3: ffff8880580e5508 (&jfs_ip->commit_mutex/1){+.+.}-{3:3}, at: jfs_create+0x248/0xbb0 [ 512.382644][ T27] 2 locks held by kworker/1:20/10244: [ 512.389597][ T27] #0: ffff888011c72138 ((wq_completion)rcu_gp){+.+.}-{0:0}, at: process_one_work+0x78a/0x10c0 [ 512.544204][ T27] #1: ffffc90003ae7d20 ((work_completion)(&rew.rew_work)){+.+.}-{0:0}, at: process_one_work+0x7d0/0x10c0 [ 512.562208][ T27] 2 locks held by syz-executor/10730: [ 512.568624][ T27] #0: ffff88801bca5118 (&disk->open_mutex){+.+.}-{3:3}, at: blkdev_put+0xfb/0x790 [ 512.584033][ T27] #1: ffff88814725b468 (&lo->lo_mutex){+.+.}-{3:3}, at: __loop_clr_fd+0xa9/0xbe0 [ 512.594550][ T27] 2 locks held by syz.2.1546/11019: [ 512.600211][ T27] #0: ffff8880580c5010 (&sb->s_type->i_mutex_key#11){+.+.}-{3:3}, at: sock_close+0x98/0x230 [ 512.610524][ T27] #1: ffffffff8c9240e8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x280/0x740 [ 512.621885][ T27] [ 512.624439][ T27] ============================================= [ 512.624439][ T27] [ 513.119832][ T27] NMI backtrace for cpu 1 [ 513.124187][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.164-syzkaller #0 [ 513.132266][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 513.142327][ T27] Call Trace: [ 513.145623][ T27] [ 513.148550][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 513.153228][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 513.158857][ T27] ? panic+0x860/0x860 [ 513.162927][ T27] ? nmi_cpu_backtrace+0x23b/0x4a0 [ 513.168044][ T27] nmi_cpu_backtrace+0x46a/0x4a0 [ 513.172984][ T27] ? __wake_up_klogd+0xd5/0x100 [ 513.177836][ T27] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 513.183985][ T27] ? _printk+0xd1/0x120 [ 513.188137][ T27] ? panic+0x860/0x860 [ 513.192208][ T27] ? __wake_up_klogd+0xcc/0x100 [ 513.197055][ T27] ? panic+0x860/0x860 [ 513.201123][ T27] ? __rcu_read_unlock+0x92/0x100 [ 513.206145][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 513.212209][ T27] nmi_trigger_cpumask_backtrace+0x181/0x2a0 [ 513.218190][ T27] watchdog+0xe72/0xeb0 [ 513.222353][ T27] kthread+0x3f6/0x4f0 [ 513.226426][ T27] ? hungtask_pm_notify+0x50/0x50 [ 513.231464][ T27] ? kthread_blkcg+0xd0/0xd0 [ 513.236064][ T27] ret_from_fork+0x1f/0x30 [ 513.240498][ T27] [ 513.244148][ T27] Sending NMI from CPU 1 to CPUs 0: [ 513.250125][ C0] NMI backtrace for cpu 0 [ 513.250135][ C0] CPU: 0 PID: 144 Comm: kworker/u4:1 Not tainted 5.15.164-syzkaller #0 [ 513.250150][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 513.250159][ C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet [ 513.250182][ C0] RIP: 0010:__lock_acquire+0x553/0x1ff0 [ 513.250197][ C0] Code: 41 8b 1f 81 e3 ff 1f 00 00 89 d8 c1 e8 06 48 8d 3c c5 c0 00 c7 8f be 08 00 00 00 e8 17 7f 67 00 48 0f a3 1d ff 48 64 0e 73 1f <48> 8d 04 5b 48 c1 e0 06 48 8d 98 c0 5f 96 8f 48 ba 00 00 00 00 00 [ 513.250210][ C0] RSP: 0018:ffffc900010df800 EFLAGS: 00000057 [ 513.250221][ C0] RAX: 0000000000000001 RBX: 0000000000000015 RCX: ffffffff8162b7b9 [ 513.250232][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8fc700c0 [ 513.250241][ C0] RBP: 000000000000000f R08: dffffc0000000000 R09: fffffbfff1f8e019 [ 513.250252][ C0] R10: 0000000000000000 R11: dffffc0000000001 R12: 0000000000000003 [ 513.250261][ C0] R13: ffff8880135a28a8 R14: 0000000000000002 R15: ffff8880135a2948 [ 513.250272][ C0] FS: 0000000000000000(0000) GS:ffff8880b9a00000(0000) knlGS:0000000000000000 [ 513.250285][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 513.250295][ C0] CR2: fffffffffffffffd CR3: 000000006256d000 CR4: 00000000003506f0 [ 513.250308][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 513.250317][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 513.250325][ C0] Call Trace: [ 513.250330][ C0] [ 513.250335][ C0] ? nmi_cpu_backtrace+0x39f/0x4a0 [ 513.250351][ C0] ? read_lock_is_recursive+0x10/0x10 [ 513.250366][ C0] ? nmi_trigger_cpumask_backtrace+0x2a0/0x2a0 [ 513.250388][ C0] ? nmi_cpu_backtrace_handler+0x8/0x10 [ 513.250403][ C0] ? nmi_handle+0xf7/0x370 [ 513.250419][ C0] ? __lock_acquire+0x553/0x1ff0 [ 513.250432][ C0] ? default_do_nmi+0x62/0x150 [ 513.250447][ C0] ? exc_nmi+0xa8/0x100 [ 513.250460][ C0] ? end_repeat_nmi+0x16/0x31 [ 513.250479][ C0] ? __lock_acquire+0x549/0x1ff0 [ 513.250492][ C0] ? __lock_acquire+0x553/0x1ff0 [ 513.250506][ C0] ? __lock_acquire+0x553/0x1ff0 [ 513.250519][ C0] ? __lock_acquire+0x553/0x1ff0 [ 513.250538][ C0] [ 513.250542][ C0] [ 513.250553][ C0] lock_acquire+0x1db/0x4f0 [ 513.250566][ C0] ? rcu_lock_acquire+0x5/0x30 [ 513.250583][ C0] ? read_lock_is_recursive+0x10/0x10 [ 513.250596][ C0] ? _local_bh_enable+0xa0/0xa0 [ 513.250610][ C0] ? rcu_lock_release+0x5/0x20 [ 513.250624][ C0] ? __lock_acquire+0x1ff0/0x1ff0 [ 513.250640][ C0] ? batadv_tvlv_container_ogm_append+0x456/0x4c0 [ 513.250659][ C0] rcu_lock_acquire+0x2a/0x30 [ 513.250673][ C0] ? rcu_lock_acquire+0x5/0x30 [ 513.250689][ C0] batadv_iv_ogm_schedule+0x429/0x1000 [ 513.250709][ C0] ? skb_push+0x93/0x100 [ 513.250727][ C0] ? batadv_iv_send_outstanding_bat_ogm_packet+0x800/0x800 [ 513.250745][ C0] ? batadv_send_skb_packet+0x3bc/0x5f0 [ 513.250765][ C0] batadv_iv_send_outstanding_bat_ogm_packet+0x6fa/0x800 [ 513.250788][ C0] process_one_work+0x8a1/0x10c0 [ 513.250810][ C0] ? worker_detach_from_pool+0x260/0x260 [ 513.250827][ C0] ? _raw_spin_lock_irqsave+0x120/0x120 [ 513.250842][ C0] ? kthread_data+0x4e/0xc0 [ 513.250856][ C0] ? wq_worker_running+0x97/0x170 [ 513.250871][ C0] worker_thread+0xaca/0x1280 [ 513.250895][ C0] kthread+0x3f6/0x4f0 [ 513.250908][ C0] ? rcu_lock_release+0x20/0x20 [ 513.250922][ C0] ? kthread_blkcg+0xd0/0xd0 [ 513.250936][ C0] ret_from_fork+0x1f/0x30 [ 513.250956][ C0] [ 513.595300][ T9093] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 513.631573][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 513.638430][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted 5.15.164-syzkaller #0 [ 513.646405][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 513.656458][ T27] Call Trace: [ 513.659730][ T27] [ 513.662654][ T27] dump_stack_lvl+0x1e3/0x2d0 [ 513.667334][ T27] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 513.673066][ T27] ? panic+0x860/0x860 [ 513.677160][ T27] panic+0x318/0x860 [ 513.681052][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 513.686681][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 513.692831][ T27] ? fb_is_primary_device+0xd0/0xd0 [ 513.698027][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 513.699352][ T1203] Bluetooth: hci5: command 0x0406 tx timeout [ 513.704097][ T27] ? nmi_trigger_cpumask_backtrace+0x221/0x2a0 [ 513.704122][ T27] ? nmi_trigger_cpumask_backtrace+0x281/0x2a0 [ 513.722336][ T27] ? nmi_trigger_cpumask_backtrace+0x286/0x2a0 [ 513.728499][ T27] watchdog+0xeb0/0xeb0 [ 513.732670][ T27] kthread+0x3f6/0x4f0 [ 513.736742][ T27] ? hungtask_pm_notify+0x50/0x50 [ 513.741776][ T27] ? kthread_blkcg+0xd0/0xd0 [ 513.746371][ T27] ret_from_fork+0x1f/0x30 [ 513.750805][ T27] [ 513.754081][ T27] Kernel Offset: disabled [ 513.758404][ T27] Rebooting in 86400 seconds..