last executing test programs: 6.733125721s ago: executing program 2 (id=674): r0 = openat$selinux_context(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000000000085000000a5000000180100002020640500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000a50000000800000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r8, 0x8914, &(0x7f0000000080)={'lo\x00'}) connect$inet6(r7, &(0x7f0000000380)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xb}, 0x8}, 0x1c) sendmmsg$inet6(r7, &(0x7f0000003900)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001500)=[{{0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f0000000040)="8c8a594a31164c9f12a4294214eac725", 0x10}], 0x1}}], 0x1, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r4, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r6, 0xae9a) ioctl$KVM_RUN(r6, 0xae80, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r2}, 0x10) write$selinux_context(r0, &(0x7f0000000240)='system_u:object_r:setrans_initrc_exec_t:s0\x00', 0x2b) 4.41996255s ago: executing program 0 (id=685): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0x0, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mkdir(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0xfffffdfc, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_clone(0x11000000, 0x0, 0x0, 0x0, 0x0, 0x0) 4.337256687s ago: executing program 2 (id=687): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_DELETE_ELEM(0x2, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',privport,access=', @ANYRESDEC=r1]) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff}) fstat(r2, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000001600)='./file1\x00', 0x0, &(0x7f0000001a40)=ANY=[@ANYRES32=r4, @ANYRES8=0x0, @ANYRESOCT=0x0, @ANYRESDEC, @ANYBLOB="215aa15bf29ed2ff6f9241ff60693d298a3d41143bfc9091146111b4930c37eddcf542d641b821af229e7d8780d50b6f47fa3e5928555eb4d6d507d92b87b0b01c19c789895e02891afc082bb85a470e7f168a6aa2c2bc51a3f3a404a4a1e6e2fbad00d592df65bd2a593f488bf41dbc7ea43fe2554fbe34e4a77f606f35e445aff55aaa19f7ffffffffffffff19bd4739c80c9e6681229c48e0c6de634c35c029c4eb3b43412c95089416a3d607800000303758410658a4ec52e5b778eda9cd1bd8834e145c111690b0da927087e805000000000100008fd8b9bdfbdaa777db54127463a589ee1925c34b6459505702f3a45f285c53c1f15bab2eef6324d67ad8d7e247317d80ff3ad9120b4e2294e67de9adaab76fa991571a187cd8f7fbc49bf45d6f8dbf69ef0d765a02ad98e802b1688148a8c017e3af238f82c49bbd8ba542fbfec5693d82158e3216b95656986f9d7eec7244a27dfaf8623fc76943bf142a6159d6c622dbcac3d324d07be5a5cc88f85a857ff9d45924424d3453c969afa37d952940f3147d5af234b39c3ff742a2e5300e10ee692a32f5c3321d44eadaa8c44bf9d534b52fe758082299e04f839e529a6d0293bf12770ac948730a0c367e117137c6fd930b1f306138163b7180e111d6926255a71bd227b1d27f2897721e3bda884b0792a81134d8fbc9aafc732b15aee5c9e0a835ac17b457efa36ce1095a3196d278207846ea81172826d49b87aac6e662bb824f16b0b65fc6989395ba022bd6af2f1830375c311bdf55f15d9830564e65dc76e5b7c9a91e857dbcef3909cfd628649337de6ff04a398f4325a430467aee51d7fa12ef61bc0b67d1e18e62754d8a2b65fbb8e01450b2882a99f414220f9fb94009492270cc703569cfef8cc0d520b023ce6bf947c3f301b8320f12966a7736956fd7aba87b9ea3f90699ec8b916bf539b348d44069af48c413fe58e99f10ba139d16450158e3001d388e9fd31b105ee2a6c8810570469938f3d6e4bb63ea045bb4eebb1504d5457d4460bd7fe9344ffbfbef28fce0aef35003a99826f893acdfb4dd460c41d1e31f49e331993bf0a7825e2968ef4f735f20a92672e5921c05a8b4b2c4402e38f524856365d1cdeb179e3491b2d546f7b6a441136f4293857dc7a0f48b10a41825eb6c05e8386d021dcf4f1b19b7067f32877acccf22810db3cf4870f61f0ac08dd51993813f72f75a1dcdb5e9c01e87dbadc00220c06cd0628363dbc4a1da0482524b32c7292aedd9bfb5eed00fbdbdc59f8c2543bb6285441b966ec995b63c4a7a7cf279c59f5c385dcceacb520905098607b0b46f81ebf9ca2563fda18024314292dc02a6e226beb6b63bf8f190a4b2865a9246094cbeff3d593f42b5df77e5c875265ff15c8fbceb6f5310f07606ad5cbe38a86c06742a1ce62f890f05e23c67204612c7ab0500000034a829c8749455d880057b4665f6964f37f2e07dfb9654db40a56633f7751f15e392a9c73fe02135ff9a7dbd66292a0e91f7ceec617c3759e18dd7d6f16a3a597cf55efedbf42345aec4970686800085ffb22b09f5418a5d74620a7e30713c50d734a8e9da4c2815acec2afc37ed8c8a9c2354acba756f6a09d8e33706ccda743a624708cf9ccbc016a7b2c5302cc131ededaf8f54dbce508d1e27ddb0ac254426c25b851cfbd6ab4d9474d34cf486bfffe0a87055ebba5f14ee", @ANYRESDEC=0x0, @ANYRES8, @ANYRES32, @ANYRES8=0xffffffffffffffff, @ANYRESOCT=r3, @ANYRES8, @ANYRES8=0x0, @ANYRES8], 0x1, 0x1f1, &(0x7f0000000900)="$eJzsmb2LE0EYxp+Z3cveHSLYWNhYeOCJ3n5F5ZorThArQThFLYO3CcFNIskKSUAk2NhYigi2/gMWFqks7OxstVBBsDClYCGMzOy4mSRuSLgigbw/yOR53/l6Z0ieLRYEQaws377++vLsyu7NCwCOYQuOzv+whmM4kEWfXz48/3zv6qs3n16/rx9/1B9fbx2AELPvvwHg3b6FREVCiMej/VuyeTGauwWOc1rfBoObyj9CkQYRGO4qZQOZBhobWsSRe68RH5arceTLJpBNKJuiuZecPegxHGZnE4IZ/a1O934pjqPmuFgT//aZ6JpXTLs/Vd8+x56OZX0cwJ2nT3oy1ncDHzy9SwABOAKti2A40HoXDlzXHV6Jcf5T9nB9a5bzL0qw3+nPQGZO7Cy+npURwlmKMmYQbDwj/9BZ5uSg/2Fy1vdlKT5fMOQ4jjIuAFnmmh7zcTOOrx9h04LecbLLMv2J2cBZw59s2Jl/eEntgdfqdHeqtVIlqkT1MCxe9i/6/qXQK1cd+J6yoyn+t678adNYf80cYDxQCqyAdilJmkEbSJpBFodpazjuwdvGTzWHK//j2D6TriEvWR3b+X89TH+4+pZq28otniAIgiAIgiAIgiAIgiAIYi5OgyF9BaJeVIkcwhtq9N8AAAD//zSFbeI=") newfstatat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x100) r7 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) getresgid(&(0x7f0000000040)=0x0, &(0x7f0000000180)=0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x2000, &(0x7f00000009c0)=ANY=[@ANYBLOB, @ANYRES8=0xffffffffffffffff, @ANYRESHEX=r9, @ANYRES8=r7, @ANYRESDEC=r9, @ANYRESOCT=r8]) r11 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r12) r13 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) fstat(r13, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000140)='./file1\x00', 0x100080d, &(0x7f0000003f80)=ANY=[@ANYRES32=r15, @ANYRESOCT, @ANYRES8=r15, @ANYRESDEC, @ANYBLOB="215aa15bf29ed2ff6f9241ff60693d298a3d41143bfc9091146111b4930c37eddcf542d641b821af229e7d8780d50b6f47fa3e5928555eb4d6d507d92b87b0b01c19c789895e02891afc082bb85a470e7f168a6aa2c2bc51a3f3a404a4a1e6e2fbad00d592df65bd2a593f488bf41dbc7ea43fe2554fbe34e4a77f606f35e445aff55aaa19f7ffffffffffffff19bd4739c80c9e6681229c48e0c6de634c35c029c4eb3b43412c95089416a3d607800000303758410658a4ec52e5b778eda9cd1bd8834e145c111690b0da927087e805000000000100008fd8b9bdfbdaa777db54127463a589ee1925c34b6459505702f3a45f285c53c1f15bab2eef6324d67ad8d7e247317d80ff3ad9120b4e2294e67de9adaab76fa991571a187cd8f7fbc49bf45d6f8dbf69ef0d765a02ad98e802b1688148a8c017e3af238f82c49bbd8ba542fbfec5693d82158e3216b95656986f9d7eec7244a27dfaf8623fc76943bf142a6159d6c622dbcac3d324d07be5a5cc88f85a857ff9d45924424d3453c969afa37d952940f3147d5af234b39c3ff742a2e5300e10ee692a32f5c3321d44eadaa8c44bf9d534b52fe758082299e04f839e529a6d0293bf12770ac948730a0c367e117137c6fd930b1f306138163b7180e111d6926255a71bd227b1d27f2897721e3bda884b0792a81134d8fbc9aafc732b15aee5c9e0a835ac17b457efa36ce1095a3196d278207846ea81172826d49b87aac6e662bb824f16b0b65fc6989395ba022bd6af2f1830375c311bdf55f15d9830564e65dc76e5b7c9a91e857dbcef3909cfd628649337de6ff04a398f4325a430467aee51d7fa12ef61bc0b67d1e18e62754d8a2b65fbb8e01450b2882a99f414220f9fb94009492270cc703569cfef8cc0d520b023ce6bf947c3f301b8320f12966a7736956fd7aba87b9ea3f90699ec8b916bf539b348d44069af48c413fe58e99f10ba139d16450158e3001d388e9fd31b105ee2a6c8810570469938f3d6e4bb63ea045bb4eebb1504d5457d4460bd7fe9344ffbfbef28fce0aef35003a99826f893acdfb4dd460c41d1e31f49e331993bf0a7825e2968ef4f735f20a92672e5921c05a8b4b2c4402e38f524856365d1cdeb179e3491b2d546f7b6a441136f4293857dc7a0f48b10a41825eb6c05e8386d021dcf4f1b19b7067f32877acccf22810db3cf4870f61f0ac08dd51993813f72f75a1dcdb5e9c01e87dbadc00220c06cd0628363dbc4a1da0482524b32c7292aedd9bfb5eed00fbdbdc59f8c2543bb6285441b966ec995b63c4a7a7cf279c59f5c385dcceacb520905098607b0b46f81ebf9ca2563fda18024314292dc02a6e226beb6b63bf8f190a4b2865a9246094cbeff3d593f42b5df77e5c875265ff15c8fbceb6f5310f07606ad5cbe38a86c06742a1ce62f890f05e23c67204612c7ab0500000034a829c8749455d880057b4665f6964f37f2e07dfb9654db40a56633f7751f15e392a9c73fe02135ff9a7dbd66292a0e91f7ceec617c3759e18dd7d6f16a3a597cf55efedbf42345aec4970686800085ffb22b09f5418a5d74620a7e30713c50d734a8e9da4c2815acec2afc37ed8c8a9c2354acba756f6a09d8e33706ccda743a624708cf9ccbc016a7b2c5302cc131ededaf8f54dbce508d1e27ddb0ac254426c25b851cfbd6ab4d9474d34cf486bfffe0a87055ebba5f14ee", @ANYRESHEX, @ANYRESOCT=0x0, @ANYRES32, @ANYRES8, @ANYRESOCT=r14, @ANYRESDEC, @ANYRES8=r15, @ANYRES8=r13], 0xff, 0x1f1, &(0x7f0000000900)="$eJzsmb2LE0EYxp+Z3cveHSLYWNhYeOCJ3n5F5ZorThArQThFLYO3CcFNIskKSUAk2NhYigi2/gMWFqks7OxstVBBsDClYCGMzOy4mSRuSLgigbw/yOR53/l6Z0ieLRYEQaws377++vLsyu7NCwCOYQuOzv+whmM4kEWfXz48/3zv6qs3n16/rx9/1B9fbx2AELPvvwHg3b6FREVCiMej/VuyeTGauwWOc1rfBoObyj9CkQYRGO4qZQOZBhobWsSRe68RH5arceTLJpBNKJuiuZecPegxHGZnE4IZ/a1O934pjqPmuFgT//aZ6JpXTLs/Vd8+x56OZX0cwJ2nT3oy1ncDHzy9SwABOAKti2A40HoXDlzXHV6Jcf5T9nB9a5bzL0qw3+nPQGZO7Cy+npURwlmKMmYQbDwj/9BZ5uSg/2Fy1vdlKT5fMOQ4jjIuAFnmmh7zcTOOrx9h04LecbLLMv2J2cBZw59s2Jl/eEntgdfqdHeqtVIlqkT1MCxe9i/6/qXQK1cd+J6yoyn+t678adNYf80cYDxQCqyAdilJmkEbSJpBFodpazjuwdvGTzWHK//j2D6TriEvWR3b+X89TH+4+pZq28otniAIgiAIgiAIgiAIgiAIYi5OgyF9BaJeVIkcwhtq9N8AAAD//zSFbeI=") fstat(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0}) newfstatat(0xffffffffffffff9c, &(0x7f0000000980)='./file0\x00', &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000002bc0)=ANY=[@ANYRESDEC=r5, @ANYRES64=0x0, @ANYBLOB="03000000000000000300000000000000f9ffffffffffffff05000000000000000200000007000000050000000000000000000000000000000100000001000000080000000000000005000000000000000000000000000080060000000000000005000000006000003bbafa41", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="71ffffff020000000000000005000000000000006906000000000000080000000c000000297b2b7d23252627040000000000000003000000000000006f7600000000000006000000000000000200000004000000000000000000000007000000000000000500000000000000ffffffffffffff7f0400000000000000ff0700000000000005000000090000000604000000c0000003000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0600000003000000000000000100000000000000000000000000008001000000030000002f000000000000000600000000000000010000000000000004000000000000000700000000000000840b00000e00000002000000000000000800000000000000070000000000000002000000000000000100000000000000ff0300000000000006000000001000000800000000c0000046050000", @ANYRES32=0xee01, @ANYRES32=0x0, @ANYBLOB="bc00000004000000000000000600000000000000ffffffffffffffff0a0000000900000073797a6b616c6c6572000000000000000300000000000000000000000000000403000000000000000300000000000000ffffff7f000000000600000000000000dd04000000000000010000000000000008000000000000004900000000000000050000000000000004000000090000000900000010600000c00d0000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="4b09000005000000000000000200000000000000000000000000000002000000070000002f91000000000000040000000000000001000000000000000c00000000000000feffffffffffffff650b0000070000000200000000000000ff000000000000000800000000000000f8ffffffffffffff050000000000000000010000000000000000000000800000090000000040000080000000", @ANYRES32=r1, @ANYRESHEX=r16, @ANYBLOB="ff0700000100000000000000020000000000000007000000000000000d000000030000006e656967685f6372656174650000000006000000000000000100000000000000b7020000000000009b0000000000000007000000ffffffff01000000000000000900000000000000040000000000000000000000000000000cfdffffffffffff01000100000000000300000005000000060000000040000006040000", @ANYRES32=r6, @ANYRES32=r8, @ANYBLOB="01000000ff0f00000000000005000000000000000f000000000000000c00000001000000213a2b2d7de3fd2d5e7b258a000000000000000000000000000000000000000008000000000000000020010000000000020000000700000003000000000000000400000000000000090000000000000001000000000000000200000000000000ffffffffffffffff0600000000000010f902000000a0000001000000", @ANYRES32=r12, @ANYRES32=r15, @ANYRES32=r10, @ANYRES32=r17, @ANYRES32=r18, @ANYBLOB="030000000100040000000003000000007501faa6cd404014edd86bd0a60000f9ffffff5d0079ab4dfb038b00bf1c0421172908fd3f3287eb2e0bb94251d4c9d231ad5239752dca4d6f88d123a8f751b0e15d5e3c3affab863141a807015765cfb6e30c3963bac9ee1b6272f6336d7372cb258a67ad95a0c044bb70cc1a67c6e065b70d1b3a1b11f412356753c591bcbc1f2672abafab39ed14b1d11e96d70d16cdf449ee888889ed356a274c8de81a3673bb3a309d5509ebf21c703aa66cba5abda35e359912aa0136451cce5c645539511820b3bc232606938766911dbbbeb3fd231ae9d5bf74c6ff88a1aa6275affcabfd2349224209920cb2b3a392596605a97ea9d7435a1839a43844e19a3110f554439cab0da7ab6c9aa3da84f4a226a6555c07f0ec2c7cbae0c04045b042aeedfe2395ed5dd8dfb39fee"], 0x528) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r19 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000b40)='neigh_create\x00', r19}, 0x10) r20 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000c80)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d64050000000000650404000100000004040000fb007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e1a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080e71113610e10d858e8327edb1fb6c86adac12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18c65ae1bd4f4390af9a9ceafd07ed00b0000002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a469398685211bbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72c7ead0509d380578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9624d37c10223fdae7ed04935c3c9068000000bc8619d73415cda2130f5011e4845500a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b40000000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b60c2499d16d7d9158ffffffff00000000ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a9e90d7676074a0bde4471414c99d4894ee7f8139dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b2042b8ff8c21ad702cca54728acad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd20785f653b621491dc6aaee0d409731091f4fb94c06006e3c1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e1590bab105b0cb578af7dc7d5e87d48d376444e2de02f47c61e8e84ff828de453f34c2b08660b080efc707e676e1fb4d5865c0ca177a4c7fbb4e829ab0894a1062b445c00f576b2b5cc7f819abd0f885cc4806f47ffb966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d3676329bb8cda690d192a070886df42b2708398773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169cdfaa4252d4ea6b8f6216ff202b5b5a182cb5e8380100632d03a7ca6f6d0339f9953c30930804fdc3690d10ecb65dc5b47481edbf1eee2e8893e903054d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026def743f1213bf817becd9e5a225d67521d1128eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979030000007081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f324661351df747aa6a65872dfdcfa68f65bd06b4082d43e121861b5cc09b986bf56c747d9a1cc5b506892c3a16ff10feea20bdac89bfb758cf3500000000000000000000000000000098e6db5a96055e764a3bfd4ccb20d2e800994f4b602d25b2c076f21c7102687e054bb93b2d013be6227fd99902b074c0de00733128c81c48c5e140b17d71ac48f137d10798c4272826d2ba55bbda0059636528c132ed06759d880d1bc291beea56ed7ee8bcb392fdf886dbc74879ec4b831904d7c101ebbaef3c0ae6d0cf0000000000000000000000000000000011cb735f66a559ef0cdb5163a15c0bb986474bf5d9542e3e48805ce53127e4c076d69d868df543717aaaa07d7aca056f7f036c2bcba0795d1a64868a29ac5321b3cd6ef5b1a741afc7124e16b64a5d1d68b45fcfd7e531090ceae2f05536a4d5d6a4081e743827fb9c031d1fc9f195c2da189c49eaed6c30c71da0452e502ef393efeb02ebe82b1851cae5fa7c958ba23110b5e0e5b890803f28a356b2920e74564e0f8377b0ba515d4cc28d702287fed2882b4780a1bcb583f1cb1470003ef9b592b9461328cfc01ebfce0ecdcea714a517dc40000000000000000000000000006bd0561e1cc72880cc3ec1bdf35eb670a9040e3b53cd826b94ad8aeb014e74787fe89fb3247a87d8bfb6d400142369f88964708d1d4d"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r20, 0x18000000000002a0, 0xfe, 0x60000004, &(0x7f0000000100)="b9ff03076044238cb89e14f008000de0ffff00184000633c77fbac141412e000002062079f4b4d2f87e5feca6aab845013f2325f1a3903050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x25, &(0x7f0000000040)="ded6e0966ec1cf6ba4b897a54e4e062b311453dcbb62932a01105d0a8066ca8e5e1f2f575d0d6e996b57fd408d420abb7337934e59815d75b4eb3e7206afce", &(0x7f0000000380)="af5fa441b438b5156d8a9fcc090f586e979858f64170cde36889dcc8539ffcca62621a4c3ea3f7acee366e6fb0b94314f90931dec60fed6c9fee64af416c29f65e47110b81f6b4da06db5e1aad1f627acb", 0x0, 0x3}, 0x2c) 4.193799048s ago: executing program 2 (id=688): pipe2(&(0x7f0000000040), 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000070018110000", @ANYRES32=r0], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000300)=0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000340)=0x1) r3 = getpid() rt_tgsigqueueinfo(0x0, 0x0, 0x0, &(0x7f0000000240)) getsockopt$inet_opts(0xffffffffffffffff, 0x6, 0x0, 0xffffffffffffffff, 0x0) sched_setscheduler(r3, 0x1, &(0x7f0000000100)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) syz_mount_image$exfat(&(0x7f00000016c0), &(0x7f0000000100)='./file0\x00', 0x1000806, &(0x7f0000002240)=ANY=[@ANYBLOB='errors=remount-ro,discard,dmask=000000000000,iocharset=maccenteuro,fmask=00000000000000000000003,iocharset=cp932,iocharset=cp863,fmask=00000000000000000000010,\x00'/171], 0x9, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=") (fail_nth: 25) 3.68120501s ago: executing program 3 (id=689): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 3.598885127s ago: executing program 3 (id=690): prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000340)={0x3, &(0x7f0000000000)=[{0x200000000006, 0x0, 0x0, 0x7ffc1fff}, {0x36, 0x0, 0x79, 0xeaf}, {0x748, 0x3, 0x2, 0x3}]}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001780), 0x30500, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"}) syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1000806, &(0x7f00000016c0)=ANY=[@ANYBLOB='errors=remount-ro,discard,dmask=00000000000000000000000,iocharset=maccenteurO,fmask=00000000000000000000003,iocharset=cp932,iocharset=iso8859-6,fmask=00000000000000000000010,\x00'], 0x9, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=") open(&(0x7f0000000000)='./bus\x00', 0x20342, 0x0) syz_open_pts(r0, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000140)={0x46b, 0x0, 0x0, 0x0, 0x0, "4cca8e4d4235a1f6"}) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000000), 0x20000000}, 0x20) bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r1, 0x0) syz_emit_ethernet(0x82, &(0x7f00000003c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x18, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @sack_perm, @md5sig={0x13, 0x3c, "91d785d58954605c802acf9f965fe399"}]}}}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) r7 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r6, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) write$binfmt_script(r2, &(0x7f0000000140), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 3.495127036s ago: executing program 3 (id=692): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x10000000) 3.491897736s ago: executing program 4 (id=693): sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000801) r0 = socket$packet(0x11, 0x0, 0x300) (async) syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x7, 0x4a9, &(0x7f0000000b40)="$eJzs3E9sFFUYAPBvtru0gEhFREHUIhobjS0UFA5eMJp40MSIBz02bSFIoYbWRAjRkhg8GhLvxqNXD17Vm/Fk4hUPHkwMCTFcAE9jZnem3e6flrbbLri/X7L0vZk3+963b97s23m7BNCzhrJ/koiHIuJ6ROysZZcWGKr9uXPr8sTdW5cnYj5NT/6TVMvdzvK54rjteWa4FFH6Iml4wprZi5fOjk9PT13I86Nz5z4enb146eUz58ZPT52eOj92/PjRI4ePvTr2yuqDalFfFtftfZ/N7N/71ofX3pkoF9sH8r/1cXTKUAy1akrV852urMt21KWTchcbwqpk53/WXZXq+N8ZfaHzoFekaZr2t989nza60rQFeGAl0e0WAN1RvNFnn3+LxyZNPe4LN0/UPgBlcd/JH7U95SjlZSoNn287aSgiPpj/95vsEcvdh/hzgxoAAPScn04UM8HG+V8p9tSVezhfQxmMiEciYldEPBoRuyPisYhq2ccj4onGCpKIdJn6dzfkm+c/pRvriW8l2fzvtXxta+n8r5j9xWBfntsRUUyYpw7lr8lwVPpPnZmeOrxMHT+/8ftX7fbVz/+yR1Z/MRfM23Gj3HCDbnJ8bnzNATe4eSViX7kx/qScdVyxEpBExN6I2LeK5x2sS5958bv9C5nK0nIrx1+VtlxH68BSRfptxAu1/p+PJf2/WGOy/Prk6EBMTx0azc6CQy3r+PW3q++2q3/F+H/4q/GQN4/9eHK9YS/I+n9b3fkfxfrtYvyDSUSysF47u/o6rv7xZfV5hw4271vr+b8leb+a3pJv+3R8bu7C4YgtydvN28cWjy3yRfks/uGDrcf/rvyY7JV4MiKyk/ipiHg6Ip7J234gIp6NiBahLfjl9ec+arfvHs//DZPFP9ny+rek/xfX69eQ6Dt74PrdNhePe+v/o9XUcL6l9fUvWXKJuNcGduAlBAAAgPteKarf/S+NLKRLpZGR2j2g3bGtND0zO/fSqZlPzk/WfiMwGJVScaerdj+4khT3Pwfr8mMN+SP5feOv+7ZW8yMTM9OT3Q4eetz26phPmsZ/5u++brcO2HB+8gO9a6Xxv+faJjUE2HTe/6F31Y3/+TZF5n1TBv6fvP9D72o1/j9fwzHAgyU1lqGnGf/Qu8rx3kK61NWWAJvN+z/0pPX8rn/lRNrfetdANBeOgY1pxtYWdXUlkc2sulL71rUcVfxvCm3LRGl1T9gfzbv6otMhVyJixcKn93T85E/z78p3uge/35Rx2irRlcsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAx/0XAAD//8p53a4=") (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) (async) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) (async) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000100)='./file2\x00', 0x0, &(0x7f0000000000)={[{@mblk_io_submit}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x1000000}}, {@nombcache}]}, 0x1, 0x48c, &(0x7f0000001440)="$eJzs3M1vFOUfAPDvzG7Lj7dfV8QXEKWKRqKxpQWVgwcwmnjQxEQPeKxtIUihhtZECNHiAY+GxLvxaOJf4EkuRj2ZeNW7ISGGC+hpzOzO9GW7uyll6VL280mWfZ554fl+d+bZfWYehgD61nD+RxKxIyL+iIihRnXlBsONt9s3L03+c/PSZBJZ9t7fSX27WzcvTZablvttLysLxfKF1e3OXbh4ZmJmZvp8UR+dP/vx6NyFiy+dPjtxavrU9Lnxo0ePHB579ZXxl9sHn6w9zzymW3s/m923560Prr4zeeLqh798n5T5N+XRJcMtllXKwnNdbqzXdi4rJ9WiUOlRMKxZfojywzVQ7/9DUYnq4rqhePOLngYH3FNZlmVb2q1MYiEDHmBJ9DoCoDfKn/r8+rd8bdjg4z5w43jjAijP+3bxaqypRlpsM9B0fdtN+dXWiYV/v8lfcW/uQwAArPDj8cb76vFfGo8u2+5YMTdUi4iHImJXRDwcEbsj4pGI+raPRcTjS7tka5meaZ4kWT3+Sa+vM7U1ycd/rxVzWyvHf+XoL2qVoraznv9AcvL0zPShiPh/RByMgS15faxDG9fe+P2rduuGI7Jy/Je/8vbLsWARR9q8z9TE/MT6M17pxuWIvdVW+SeLMwH5cdwTEXv3r6+N0y98t6/duuFl49/W+XdQXV88y2XfRjzfOP4L0ZR/Kek8Pzn6v5iZPjRanhWr/frblXfbtX9X+XdBfvy3tTz/F/OvJcvna+fqy1adk51c+fPLltc0A53zLwJIr1ebblDn5/9g8n69PFgs+3Rifv78WMRg8nax/NjS8vGlfct6uX2e/8EDrfv/rlj6JJ6IiPwkfjIinoqI/UXsT0fEMxFxoEP+P7/+7Eft1t0Px3/qjo7/nRcqZ376YUWjtQ75J9H8/Xe9uuVIvXSwWLKW77/24Szd88jTWu/nBgAAAJtJGhE7IklHFstpOjLS+Pfyu2NbOjM7N//iydlPzk01nhGoxUBa3ukaWnY/dKy4Y1DWx4vL/LJ+uLhv/HVla70+Mjk7M9Xr5KHPbW/T/3N/eX4DHnxdmEcDNqn19v8syz7vcijABvP7D/1L/4f+1aL/b22qt/0/AoDNrdXvvwt76A/G/9C/9H/oX/o/9K9qxOi1XgcBbLS7ea6/KFxu/7B9VlnT35OPP+46jA0sZNlGtZVlK9oa7H3ui4VI74sw7lUhah1PgCzbkDBqvfsQev3NBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0B3/BQAA//8/GOnV") (async) r3 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet(r4, &(0x7f0000001840)=[{{&(0x7f0000000000)={0x2, 0x4e22, @remote}, 0x10, 0x0}}, {{&(0x7f00000000c0)={0x2, 0x4e20, @loopback}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@ip_retopts={{0x18, 0x0, 0x34, {[@generic={0x0, 0x2}, @rr={0x7, 0x3}]}}}], 0x18}}], 0x2, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) (async) r5 = socket(0x10, 0x3, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000401000030400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000024001280080001006772650018000280060003000000000006000e000000000004001200"], 0x44}}, 0x0) (async) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000300), r6) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r6, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000a80)={0x24, r7, 0x1, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast2}]}, 0x24}}, 0x0) (async) io_setup(0x202, &(0x7f0000000200)=0x0) mount$9p_fd(0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYRES16=r8]) io_submit(r8, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x16000}]) (async) ioctl$FS_IOC_GETFSMAP(r1, 0x8010661b, 0x0) (async) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e173610ef171e7234c101020301090232e7000000000009"], 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(r9, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000340)={0x14, r10, 0x313, 0x0, 0x0, {0x2f}}, 0x14}}, 0x0) sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000740)={0x224, r10, 0x300, 0x70bd26, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x69d}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0xc}, {0x6, 0x11, 0x800}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x101}, {0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x8000}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x4}, {0x6, 0x11, 0xfffd}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0xf}, {0x6}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0xe}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x37}, {0x6, 0x11, 0x4}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x1}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x2}}, {0x8, 0xb, 0x80}, {0x6, 0x11, 0x69d6}}]}, 0x224}, 0x1, 0x0, 0x0, 0x11}, 0xc840) 3.43730925s ago: executing program 4 (id=694): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000200850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1810314, &(0x7f0000000340)={[{@grpid}, {@abort}, {@norecovery}, {@sysvgroups}, {@init_itable}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xa}}, {@usrjquota}, {@nombcache}, {@dioread_lock}]}, 0xff, 0x471, &(0x7f0000000640)="$eJzs289rHFUcAPDvTDZpbbWJtVZbWxutQvBH0qRVexBEUfCgIOihHmOSltptI00EW4JGkXqUgnfxKPgXePIk6knwWo+CFIoWodWLK7M7kx/b3TQxm07Ifj6w7Xszb95738y82bfzdgPoWoPZP0nE3RFxJSL6G9nlBQYb/928Pjfx9/W5iSRqtTf/SOrlblyfm6jliuN25nUOpRHpp0neSPQurXbmwsUz49Xq1Pk8PzJ79r2RmQsXnz59dvzU1Kmpc2PHjx87Ovrcs2PPtOj1b5fXGmcW3439H04f2Pfq25dfnzhx+Z0fv8n6u/dgY38Wx1rrvJ3BLPA/G3+b5n2Pd7qxkv1bW4wzqZTdG1arJyIq+eC8Ev3RE4snrz9e+aTUzgEbKrtnb2u/e74GbGFJlN0DoBzFG332+bd43aGpx6Zw7cXGB6As7pv5q7GnEmlepncD2x+MiBPz/3yZvaLpOUStxXMDAID1+i6b/zzVav6Xxt4l5Xbla0MDEXFvROyOiPsiYk9E3B9RL/tARDy4xvYHm/K3zj/Tq/8rsFXK5n/P52tby+d/xewvBnry3D31+HuTk6erU0fyv8lQ9G7L8qOtKi+qePmXz9u1v3T+l72y9ou5YF7J1UrjAd32Ysvk+Ox4pyal1z6O2F9pFX+ysBKQRMS+iNi/tqp3FYnTT3x9oF2h28e/gg6sM9W+KiqZm4+m+AvJyuuTI9ujOnVkpLgqbvXTz5feaNf+uuLvgOz871h+/TeV6P8rWbpeO7Ow44XVtnHp18/afqasrP76X5Bd/33JW/U13b582wfjs7PnRyP6ktfq+WXbxxaPLfJF+Sz+ocOtx//u/Jgs/ociIruID0bEwxFxKD93j0TEoxFxeIX4f3jpsXfb7dsM53+y5f1v4fofWH7+157oOfP9t+3aX93971g9NZRvqd//bqN9d4rbaNPVDAAAAFtYWv9ufJIOL6TTdHi48R3+PbEjrU7PzD55cvr9c5ON79APRG9aPOnqX/I8dDSZz2ts5MfyZ8XF/qP5c+Mveu6q54cnpquTJccO3W5nm/Gf+b2n7N4BG87vtaB7NY//tKR+AHee93/oXsY/dKle4x+6Wavx/1FT3loAbEW1/rJ7AJTH/B+6l/EP3cv4h660nt/1b1SissKv9yXWk+hb1+FJxPzilkhLD2dTJQ5totFU6cDoLvnGBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0CH/BQAA//+O8/d5") mkdir(&(0x7f0000000300)='./bus\x00', 0x0) chdir(&(0x7f0000000140)='./bus\x00') r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc1ffb}]}) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) clock_getres(0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x16c5}) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) r5 = gettid() r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_opts(r6, 0x29, 0x4d, &(0x7f0000000140)=ANY=[@ANYRESDEC=r0], 0x8) setsockopt$inet6_int(r6, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r7, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) recvmsg(r6, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/41, 0x29}, 0x0) r8 = gettid() tkill(r5, 0x12) signalfd4(r0, &(0x7f0000000080)={[0xffffffff00000001]}, 0x8, 0x400) tkill(r5, 0x1) tkill(r8, 0x16) 3.43673282s ago: executing program 3 (id=695): syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="6e6f626172726965722c6e6f657874656e745f63616368652c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474720000693a653d3078303030303030303030303030303766662c736d61636b6673726f6f080000006673f52b00e58abba2d0cc27be339f6f4fe5ad35a724e1531a622f050000008586eb5ba3614d2c24abf5a2614c0f111e057112dafd66336a5e3b6512b81cda80be6e9a34ccc2b88c0100008000000000e3f5def862b95c20ee847008000b0c22653d2ff39b36732e46b56357afe57094f42ba61c5e8b4e184d7dd50000000000000000c0469264c247cd3c7fcb39043dda97538456bc294ae31e525d3b664cf8e83b52b1885b866b58698b3f132aced62a4fc7c8c400b805173d7488a35708d2523190c0014689f57be6ee3f5d28935a0000000000000000000000000000000000000059c1403d010001008ab61fa90695a8b268c277645c1e357ec9316354f659d4244fe126a8364eaa0de6bf4ba21c767782a04bdbb8c86d0cc7e3f03f8ef15c0ee311768cccb8affb0ae5d7cd0000000097676c046a6c754c98dd5f400ad99a588d983ae6e07b4e0e0907266aca53b30a815a84295fb5eab2f263613d36994dc15562892c33ed149270907e9c2e4d0cac7dd9735621a0c6768d4f70c664699157854bb1b85ce3f6ea44456e4f1ae1575315d77f2b995ce4d6ce21b17ca891c155ddd9916e997c32e78231e8d54675e4edf480980023b9736180ff98cf93f888eb70abb728b7e91a5d75b7e43e54f92b6e679249576f12533bef1c93aa993977f15c0a7b595423444db6e87480c46c408f6d48afa1ba"], 0x1, 0x551d, &(0x7f0000005c80)="$eJzs3M1rI/UbAPAn7Xbff/sr4sHbDixCC5uw6baL3qru4gt2KasePGmapCG7SaY0aVp78uBRPHj2nxAFTx79Gzx49iYeFG/CSmamuvUFLE1S2/18YPLMfPOdZ55vKIVnJiSAp9Z88stPpbgWlyJiNiKuRmT7pWLLrObhuYi4HhEzT2ylYvz3gfMRcTkiro2S5zlLxVuf3hzeWPnxjZ+//vbCuSuff/Xdya0aOGnPR0R3K9/f7eYxbeXxYTFeG7az2F0eFjF/o/uoOE7zuNvcyDLs1g7m1bJ4u5XPT7d2+qO42anVR7HV3szGt3r5BfvD1kGe7ISHte3suNHcyGK7n2axtZ/Xtbef/2/b7w/yPI0i3wdZ+hgMDmI+3txr5uvZepTFem9QjOd500ZzbxSHRSwuF/W008jq2DjOJ/3f9ma7t7P3eNjc7rfTXrJSqb5Qqd4pV7fTRnPQXC7Xuo07y8lCqzOaVh40a93VVpq2Os1KPe0uJguter1crSYLd5sb7VovqVYrtyu3yiuLxd7N5NX77ySdRrIwii+3ezuDdqefbKbbSX7GYrJUuf3iYnKjmry1tp6sP7h3b2397ffuvnv/pbXXXykm/aWsZGHp1tJSuXqrvFRdHMP6k1Oy/o+Kose4fjiW0tGmX5hUHQCniP4fOAmT6/+3H0RMvv8P/f9YnKr+d2L9/2dP7frhWI7Y/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHZ8P/fFa9nOfH58pRj/XzH0THFcioiZiHj8N2bj/KGcs0WeuX+YP/enGr4pRZZhdI0LxXY5IlaL7df/T/pTAAAAgLPryw+vf5J36/nL/EkXxDTlN21mrr4/pnyliJib/2FM2WZGL8+OKVn2930u9saULbuBdXFMyfJbbufGle1fmT0ULj4RSnmYmWo5AADAVBzuBKbbhQAAADBNHx/5jK2J1MGUleLgUebBs+Dsm/d/PBC8dOgIAAAAOIVKJ10AAAAAMHFZ/+/3/wAAAOBsy3//DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB+Y+d+ctMGojgAPxtc6D8VVd23R+kOjtEjdNllxQF6CY5Ar5ALcAayyxEiiPA4KERJFMVjWyHfJ5lhLPj5GeHFzEgDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTpslov/v/9/q9tzm7fzgsv+6Nt3QAAAPAWbKv1on4zS/2PzfnPzamvTb+IiDIiHhq7j+LdSeaoyake+Xx1r4aLiDrhcI1Jc3yIiJ/Ncf2l618BAAAAztdmuZqn0Xp6mQ1dEH1Kkzblp1+Z8oqIqGZXmdLKQ963TGH1/3scfzKl1RNY00xhacptnCvtWerH/ThrN73TFKkpn/5+tnsHAAB6NDpp+h2FAAAA0KffQxfAMIq4Xco8LgVOUtMs770/6QEAAACvUDF0AQAAAEDn6vG//f8AAADgvKX9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjStlovNsvVvG3Obt9OnrsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAb9ucdBUIgDMJg7/rOZO5/WGnQ1NSkCoSPvzEYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAePO7v/yfmBpnkrnXxtLzSLJ2amydGnvnxtEfxtevAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYn9sUAEEgDINb2de/8P6HjRf0DBHMgPCwi4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCP3DOWcWqdsSWeqmqZJvaMe1UdWSXOrBJXLvTxYOsf/ggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAl537eY2jigMA/mZmZ5NWxTXKHiJiwYNebLqtrb2JByV48E8QQrqtsVt/tDnYUoRcvEnOvYgeRQQl3vo/9NxCL/XWwx4qeK7Mr2Ty47AKO7PJfj7w5n1nGOZ93yyEfPe9BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYZ/zhXpxkh14Rx+W1h8/urmf9owN95v724+WsZXHUZNLHwxv1k6hfO1lsPhkAAADmQ1LV9yGEJ+nOatbHvbz+T6t7spr/p5eKuKrnD9b9VV/V/ln784+nr+0O1CvGyR56dWM0PHc4lc70ZjnDnr88wU2d/M3n370k+QcSf7L16jjN32f0w4MHH3XzcGH66QIA/8/Zqi+D6vehrB+0mRgAc6NTK7yr+j/ptZsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBPGW+GFKo5CCMudvTjz6Nnd9aP6+9uPl6t26d697fozs0ekIYSrG6PhubDY4Gxm263bd66vjUbDm80Hb4YQ2hr9g3L61z+b4OYQppTGmZbe/JwFcflhz0o+xyNo8YcSAAAnUlq2rK5/ku6sZteipRCe/7y//n+7FocJ6/+nn196WB+rXv8PGpvh7FvZvPH1yq3bd97duLF2bXht+OV75wfvDy5cvnjx8kr+XUlxbDtNAAAAjrFu2er1f7x0eP3/dC0OE9b/3/w4+K4+VqL+P9Leol/bmQAAAMy3V87883d0xPWo2w3frm1u3hwUx93z88WxhVT/s4Wy1ev/ZKntrAAAAIAmjLeifev/V2pxmHD9/8VfXv+t/swkhHCqXP8/u/7V6Epz05lpU/nj4YXy4XYWAAAAUNbjpw6s/6f5/v94d8tDHEJ4560iLv8N4ET1f/Lx97/Wx6rv/7/Q3BRnUtwv3kfe90Po9NvOCAAAgJNsMW+9vP7/K91Z/eL305927f8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaNq/AQAA//9YdT1o") bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200), 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0) ftruncate(r6, 0x8001) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) r8 = dup(r7) ioctl$TIOCL_SETSEL(r8, 0x4b4b, &(0x7f0000001900)={0x2, {0xc}}) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x6, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r9}, 0x10) socket$nl_route(0x10, 0x3, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0xc000000, @mcast1={0xff, 0x5}}, 0x1c) 2.837797039s ago: executing program 0 (id=696): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x0}, 0x0) socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fchownat(0xffffffffffffffff, &(0x7f00000005c0)='./file0\x00', 0xee00, 0x0, 0x1000) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000005000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) accept(r3, 0x0, &(0x7f0000001280)) mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r6 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000edff0000000000000000850000000f00000018010000646c012500000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000800000850000000600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r8 = socket$netlink(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000340)='sched_kthread_stop_ret\x00', r7}, 0x10) sendmsg$nl_route(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="4000000010001fff000000000000000000060000", @ANYRES32=0x0, @ANYBLOB="0000000000000000180012800e0001007769726567756172640000000400028008000a00b8", @ANYRESDEC=r0, @ANYRES16=r5, @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x40480c5}, 0x800) mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r6, @ANYRESDEC=0x0, @ANYBLOB="2c67726f7570cc9b643ddc16b5ebf44bb40b0898a212ba3bd1eb9bf41f530d9e4eda6d1291e4afafe9c936adfce90fba8efcee4b7f48", @ANYBLOB=',\x00']) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x0, 0x2, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[], 0x44}}, 0x4) sendmsg$TIPC_NL_KEY_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010074000000000017000000480006803c00040067636d286165f9ffffffffffffff000000000000000064aeeaa040af2f0000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca4198908000600000000000000a55049f1a30392f8fb5377f0420e5e1e23229f463a55afb1b5ebfc075b6eff57b51ea3016208d4a2645ac370bd23b4d6f56a2bf3deb4446ef2936e8cfb3c2f567a82a5c660c28e0a2557eb114b87f001"], 0x5c}}, 0x0) 2.753887146s ago: executing program 2 (id=697): syz_open_dev$vcsn(&(0x7f00000000c0), 0x6, 0xc2100) (async) r0 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x6, 0xc2100) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x6, 0x4, 0x4, 0x9}, 0x48) syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0) (async) r1 = syz_mount_image$fuse(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x1, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) chdir(&(0x7f0000000400)='./file0\x00') (async) chdir(&(0x7f0000000400)='./file0\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) lseek(r2, 0xfffffffffffffffd, 0x2) (async) lseek(r2, 0xfffffffffffffffd, 0x2) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (async) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r4 = dup(r0) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) (async) ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) r5 = socket$inet(0x2, 0x2, 0x1) setsockopt$inet_int(r5, 0x0, 0xf, 0x0, 0x0) (async) setsockopt$inet_int(r5, 0x0, 0xf, 0x0, 0x0) bind$inet(r5, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text16={0x10, &(0x7f0000000700)="0f01cf66b9e708000066b8d300000066ba000000000f30ba420066edb804018ee066660f3a149f040050660f38f67cce0f090f072e3e0f01ca6766c7442400030000006766c74424024add00006766c744240600000000670f011c24"}], 0xaaaaaaaaaaaac2e, 0x0, 0x0, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x1, 0x4, 0x1, 0x2, 0x0, 0x1, 0xffffffff}, 0x48) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000200)=ANY=[@ANYBLOB="1802000000000000000000000000000018010000786c6c2500000000070000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006", @ANYRES32=r6], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r8, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @mcast1}, 0x1c) listen(r8, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaabbbbbbbbbb00000000000000000000000001fc0100000000000000000000000000fd00004e2200"/58, @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0) syz_emit_ethernet(0x56, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000001dd600a84f013287c0000000000bbfe8000000000000000000000000000aa00004e2291131033c272ebc67d7ed1fb7c9b1124d6317d709418e48d6e6d2c442dab93c42273a23602b2c715cc42bcf4fdccc6", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8004000090780000080a000000000000000000"], 0x0) (async) syz_emit_ethernet(0x56, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000001dd600a84f013287c0000000000bbfe8000000000000000000000000000aa00004e2291131033c272ebc67d7ed1fb7c9b1124d6317d709418e48d6e6d2c442dab93c42273a23602b2c715cc42bcf4fdccc6", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="8004000090780000080a000000000000000000"], 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='ext4_allocate_inode\x00', r7}, 0x10) socket$igmp6(0xa, 0x3, 0x2) (async) socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async) r9 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r9, 0x6, 0x3, &(0x7f0000000040)=0x30, 0x5e) connect$bt_l2cap(r9, &(0x7f00000002c0)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x3}, 0xe) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x3, 0x8, &(0x7f0000000680)=ANY=[@ANYBLOB="627a000000000000000000000000000018120000", @ANYRESOCT=r1, @ANYBLOB="0000000000000000b7030000070000008500000021000000b70000000000000095"], &(0x7f0000000640)='GPL\x00', 0xfffffffd, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.118837298s ago: executing program 0 (id=698): syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10) socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) mmap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x12, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x0, 0x4002, @mcast2, 0x16}, 0x1c) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$pppl2tp(0x18, 0x1, 0x1) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0x0) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) poll(0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x44, 0x0, &(0x7f0000000280)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffcf8, 0x0, 0x0, 0x0, 0x16}, 0x90) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) 2.118398307s ago: executing program 2 (id=699): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x8a, &(0x7f0000000300)={[{@jqfmt_vfsold}, {@usrjquota}, {@min_batch_time={'min_batch_time', 0x3d, 0x1}}, {@noload}, {@nombcache}, {@usrjquota, 0x22}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@noacl}, {@data_err_abort}]}, 0xfe, 0x451, &(0x7f00000016c0)="$eJzs3M9PHFUcAPDv7rK0tEWw/iy2ilYj8QcU+sMevNRo4kETEz3UeEKgDXZbTMHENkTRAx5NE+/Go4l/gRfrxagnE696NybEcLF6WjO7M3SBXVhgYWv380kG3tv3Nu99Z+btvn2zswF0rMHkTy7iUET8FhF91ezqCoPVf7eW5yf+WZ6fyEW5/OZfuUq9v5fnJ7Kq2fMOVjPl8gbtLr4TMV4qTV1N8yNzl98fmb12/fnpy+MXpy5OXRk7e/bUyWPdZ8ZOtyTO3qSvAx/NHD3y6ts3Xp84f+Pdn75J+nsoLa+No1UGq3u3rqda3Vib9dakc11t7AhbUoiI5HAVK+O/LwrRs1LWF6982tbOAbuqXM6X9zUuXigDd7Fkog50ouyNPvn8m217NPW4Iyydi5V1jFvpVi3pinxap5h+RtoNgxFxfuHfL5MtdmkdAgCg1s1zEfFcvflfPh6sqXdPem2oPyLujYjDEXFfRNwfEQ9EVOo+FBEPb7H9tVdI1s9/yn3bCqxJyfzvxfTa1ur5Xzb7i/5CmuutxF/MXZguTZ1I98lQFPcl+dEN2vj+5V8/b1RWO/9LtqT9bC6Y9uPPrjULdJPjc+M7ibnW0icRA1314s+tzHmT+fGRiBjYZhvTz3x9tFFZ/6bxb6AFk/LyVxFPV4//QqyJP5NreH1y9IUzY6dH9kdp6sRIdlas9/Mvi280an/z47+7lm6W40Dd838l/v7c/ojZa9cvVa7Xzm69jcXfP2v4mWa753937q1Kujt97MPxubmroxHdudfWPz52+7lZPqufnP9Dx+uP/8Nxe088EhHJSXwsIh6NiMfSvj8eEU9ExPEN4v/xpSff23r8G6zKt1AS/+Rmxz9qj//WE4VLP3xbt/Fis8f/VCU1lD7SzOtfsx3c4e4DAACA/4V85TvwufzwSjqfHx6OWKis7R7Il2Zm5569MPPBlcnqd+X7o5jPVrr6atZDR9O1vCw/tiZ/Ml03/qLQU8kPT8yUJtsdPHS4g9n4L6we/4k/Cu3uHbDr3K8Fncv4h85l/EPnMv6hcxn/0Lnqjf+P29APYO9t8v7fs1f9APae+T90LuMfOpfxDx2p4b3x+R3d8i/RpsR33Tv7rYbmE5G/Q0K+axLFqFvU1fSPWWwzsa9uUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrjvwAAAP//gk3jgQ==") memfd_create(&(0x7f00000004c0)='\xf3e\t\x05\x00\vty\x01sen\x01C\x1f\xc6\xcf\x12\xd3A\xbbZ%\xb2\xc8<\xf8\xff\xff\xff\xe2\x8e\x9a:\x1c\xec\x87\x87\xcf\x83\xcf\x14\xb0\xfcK\xb9\x1a\xa9\xec{\xb7bn`\xbb\x0e_\bm\x1f\xb1x\x05;,\xf1h\x8cwR-\x81^T\xa8\x90\x17\x03B\x99\x85\x93scH\xe4\xfb\xda\xe7\xaa\x93ZY\xe4\xa0\x040\x8cw#\xfd\x12\xddi \xf62\xee\xe5\x92u\xd8\x06H\xbb*xN\x8c\xe1a\xe8\xcf\x99\x8f\xbe\xbe\aaC\xb0\x9d\x19*3_\xc4\xf9\xecEunE\xfa\xe82\x9f\x8d\xd4\x1d\xfeD\xba*\xef\xdb\xa4U\xfd4v\x8ei\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa7L\xbf\x9c\xe6\x89\xe1Vij\xd1yy\xefg\x8cn\xb2N\xc8Sc\x9cbF[\xecM\x15Z\xbe\xdf\x00+\x89\xcc/.\x95\x11\x97\xade\x9eZvM\x1c\xd0\xc2\x89j\x1e\xe1\xee\xf7J\x17.\xfdl\x99\x82\xf1\x05\xd9C\x1b\xceK\r\xcc', 0x2) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20) syz_open_dev$usbmon(&(0x7f0000000140), 0x4, 0x0) syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000020000008500000082"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.118176917s ago: executing program 4 (id=700): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x10) pipe2(&(0x7f0000000040)={0xffffffffffffffff}, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 2.018734796s ago: executing program 1 (id=701): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x7, 0xfc, 0x0, 0x1, 0xd}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) (async, rerun: 64) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan0\x00'}) (async, rerun: 64) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000200), 0x4) (async, rerun: 32) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1d, 0x9, 0x1, 0xc1c, 0x23, r0, 0xffff, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x2, 0x4}, 0x48) (async, rerun: 32) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r5}, 0x10) (async) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x2000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r6}, 0x10) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10) r8 = socket(0x10, 0x3, 0x0) connect$netlink(r8, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc) (async) sendmsg$nl_route(r8, &(0x7f0000000240)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3400000012000700"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000014003500776730"], 0x34}}, 0x800) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r1, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) (async) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async, rerun: 32) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (rerun: 32) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r9}, 0x10) (async) r10 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSETD(r10, 0x5423, &(0x7f0000000080)=0x2) (async) read(r10, 0x0, 0x0) ioctl$TIOCVHANGUP(r10, 0x5437, 0x0) 1.937052353s ago: executing program 0 (id=702): socket(0x2, 0x3, 0x100000001) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000fc850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000005b80)={{{@in6=@remote, @in6=@rand_addr=' \x01\x00', 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in, 0x0, 0x6c}, 0x0, @in6=@dev}}, 0xe8) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @random="f368656e065b", @void, {@ipv4={0x88f7, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1}, @time_exceeded={0x4, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @dev}}}}}}, 0x0) 1.936730283s ago: executing program 1 (id=703): prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000340)={0x3, &(0x7f0000000000)=[{0x200000000006, 0x0, 0x0, 0x7ffc1fff}, {0x36, 0x0, 0x79, 0xeaf}, {0x748, 0x3, 0x2, 0x3}]}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001780), 0x30500, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"}) syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1000806, &(0x7f00000016c0)=ANY=[@ANYBLOB='errors=remount-ro,discard,dmask=00000000000000000000000,iocharset=maccenteurO,fmask=00000000000000000000003,iocharset=cp932,iocharset=iso8859-6,fmask=00000000000000000000010,\x00'], 0x9, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=") open(&(0x7f0000000000)='./bus\x00', 0x20342, 0x0) syz_open_pts(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1, 0xc, 0x103ba, 0x1}, 0x48) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000140)={r1, &(0x7f0000000000), 0x20000000}, 0x20) bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) r2 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r2, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r2, 0x0) syz_emit_ethernet(0x82, &(0x7f00000003c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x18, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @sack_perm, @md5sig={0x13, 0x3c, "91d785d58954605c802acf9f965fe399"}]}}}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r5}, 0x10) r6 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r7 = socket$tipc(0x1e, 0x2, 0x0) r8 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r7, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) write$binfmt_script(r3, &(0x7f0000000140), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1.936275613s ago: executing program 4 (id=704): prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000340)={0x3, &(0x7f0000000000)=[{0x200000000006, 0x0, 0x0, 0x7ffc1fff}, {0x36, 0x0, 0x79, 0xeaf}, {0x748, 0x3, 0x2, 0x3}]}) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001780), 0x30500, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "2af01c3d0040fbffffffffffffff00"}) syz_mount_image$exfat(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1000806, &(0x7f00000016c0)=ANY=[@ANYBLOB='errors=remount-ro,discard,dmask=00000000000000000000000,iocharset=maccenteurO,fmask=00000000000000000000003,iocharset=cp932,iocharset=iso8859-6,fmask=00000000000000000000010,\x00'], 0x9, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=") open(&(0x7f0000000000)='./bus\x00', 0x20342, 0x0) syz_open_pts(r0, 0x0) ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000140)={0x46b, 0x0, 0x0, 0x0, 0x0, "4cca8e4d4235a1f6"}) bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000140)={0xffffffffffffffff, &(0x7f0000000000), 0x20000000}, 0x20) bpf$ITER_CREATE(0x21, &(0x7f00000001c0), 0x8) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000380)={0x2, 0x4e22}, 0x10) listen(r1, 0x0) syz_emit_ethernet(0x82, &(0x7f00000003c0)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x18, 0x0, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @sack_perm, @md5sig={0x13, 0x3c, "91d785d58954605c802acf9f965fe399"}]}}}}}}}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000080eff95"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x3, 0x5}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x0, 0x3, 0x3}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) r7 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$tipc(r6, &(0x7f00000002c0)={&(0x7f0000000000), 0x10, 0x0}, 0x0) write$binfmt_script(r2, &(0x7f0000000140), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1.857418359s ago: executing program 0 (id=705): bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000340)=ANY=[], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, 0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x0, 0xb, 0x0, &(0x7f0000000500)='syzkaller\x00', 0x8000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x5, &(0x7f0000000200)=0x200004) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_dev$rtc(&(0x7f0000000000), 0x2000000003, 0x50dc82) r2 = inotify_init1(0x0) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000100)={0x0, 0x0}) r4 = getpid() kcmp$KCMP_EPOLL_TFD(r3, r4, 0x5, 0xffffffffffffffff, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000000000010000020000fd000000000038f2ff070001ffff1414bb"], 0x24}}, 0x0) 1.84341373s ago: executing program 4 (id=706): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0x0, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, 0x0}, 0x20) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x0, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mkdir(0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0xfffffdfc, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_clone(0x11000000, 0x0, 0x0, 0x0, 0x0, 0x0) 1.60628315s ago: executing program 1 (id=707): r0 = open(&(0x7f0000000140)='./file0\x00', 0x149442, 0x0) ftruncate(r0, 0x200002) (async) r1 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) r2 = socket$pppl2tp(0x18, 0x1, 0x1) (async) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000480)={0x2, 0x0, @dev}, 0x10) (async) setsockopt$inet_IP_XFRM_POLICY(r3, 0x0, 0x11, &(0x7f0000000080)={{{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee00}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@private0, 0x0, 0x32}, 0x0, @in=@private, 0x0, 0x4}}, 0xe8) (async) connect$pppl2tp(r2, &(0x7f00000002c0)=@pppol2tpin6={0x18, 0x1, {0x0, r3, 0x4, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @mcast2}}}, 0x32) (async) unshare(0x400) (async, rerun: 64) bpf$BPF_PROG_DETACH(0x6, &(0x7f0000000080)={@map, 0xffffffffffffffff, 0x5}, 0x10) (rerun: 64) sendfile(r2, r1, 0x0, 0x80001d00c0d0) 1.302272114s ago: executing program 3 (id=708): prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0x5) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000580)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b700000000000000950000000000000071dc16d4cf0a4add2a69935df395bc29960b345fe03bb87ff7b73616d9c193d91d1163312dead0"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='mm_lru_insertion\x00', r4}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0) syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP") r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0) ioctl$F2FS_IOC_START_ATOMIC_WRITE(r6, 0xf501, 0x0) r7 = open(&(0x7f0000000140)='./file0\x00', 0x2, 0x0) write$FUSE_IOCTL(r7, &(0x7f0000000100)={0x20}, 0x20) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r6, 0xf502, 0x0) write$cgroup_int(r5, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r5, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x4, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffefb, 0x0, 0x0, 0x0, 0xffffffff}, 0x90) r8 = syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) ioctl$EXT4_IOC_MIGRATE(r8, 0x6609) r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10) ioctl$TIOCSTI(0xffffffffffffffff, 0x5437, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) 1.23347766s ago: executing program 1 (id=709): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@bridge_getlink={0x3c, 0x12, 0x1, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_EXT_MASK={0x8}]}, 0x3c}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) process_mrelease(0xffffffffffffffff, 0x700) 1.212373501s ago: executing program 1 (id=710): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x3}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000002000000000000000000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000080)={0xc}, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) prlimit64(0x0, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x0, &(0x7f0000000080)=0x7) getpid() syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x3810744, &(0x7f00000003c0)={[{@noauto_da_alloc}, {@errors_continue}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x9}}, {@data_err_abort}, {@errors_remount}, {@noinit_itable}, {@mblk_io_submit}, {@i_version}, {@acl}]}, 0xff, 0x451, &(0x7f0000000d00)="$eJzs281vVFUbAPDn3pkCL/DSivgBglbR2PjR0oLKwo1GExeamOgCl7UtBBmooTUR0mg1BpeGxL1xaeJf4MqVUVcmbnVvSIg2JqAbx9yZe9vOdKb0Y8pU5vdLBs6Ze+ae8+Tcc+fMOb0B9KzB7J8kYm9E/BIR/fVsY4HB+n83F+Ym/lqYm0iiWn3j96RW7sbC3ERRtPjcnjwzlEaknyR5JY1mLl0+N16pTF3M8yOz598dmbl0+emz58fPTJ2ZujB28uSJ46PPPTv2TEfizNp049AH04cPvvLW1dcmTl19+4evs/bee6R+fHkcnTKYBf5Htab52GOdrqzL/qkuxZmUu90a1qoUEVl39dXGf3+UYqnz+uPlj7vaOGBLZffsne0Pz1eBO1gS3W4B0B3FF332+7d43aapx7Zw/YX6D6As7pv5q36kHGlepm8L6x+MiFPzf3+RvaJpHaLaYt0AAGCzvs3mP0+tnP/V9kaWlUvyvaGBiLgrIvZHxN0RcSAi7snL3hcR96+z/uatoZXzz/TaBkNbk2z+93y+t9U4/ytmfzFQynP/r8Xfl5w+W5k6FhH7ImIo+nZm+dFWJy9O8dLPn7Wrf/n8L3tl9Rdzwfwk18pNC3ST47PjnZqUXv8o4lC5VfzJ4k5A1vcHI+LQ+k69r0icfeKrw+0K3Tr+VXRgn6n6ZcTj9f6fj6b4C8nq+5Mju6IydWykuCpW+vGnK6+3q39T8XdA1v+7G6//phL9fybL92tn1l/HlV8/bfubsrzB639H8mZtz3pH/t7747OzF0cjdiSv1vIN748tfbbIF+Wz+IeOth7/+/PPZPE/EBHZRXwkIh6MiIfyvns4Ih6JiKOrxP/9i4++0+7Yduj/yZb3v8Xrf6Cx/9efKJ377pt29a/t/neilhrK36nd/26hfXN25SU2ejUDAADAf08aEXsjSYcX02k6PFz/e/kDsTutTM/MPnl6+r0Lk/VnBAaiLy1WuvqXrYeOJvP5Gev5sXytuDh+PF83/rz0v1p+eGK6Mtnl2KHX7Wkz/jO/lbrdOmDLeV4Lelfz+E+71A7g9vP9D73L+IfeZfxD72o1/j9sytsLgDuT73/oXcY/9C7jH3qX8Q89aTPP9W9VorzK0/sS2yUR6bZohkSLRLkDo7vLNyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAO+TcAAP//uZjx6g==") r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r3, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) r6 = getpid() process_vm_readv(r6, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x2, 0x0, &(0x7f0000000140)={0x0, 0x0}) 886.359538ms ago: executing program 4 (id=711): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FIGETBSZ(r2, 0x5421, &(0x7f0000000040)) socket$inet6_udp(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00', r6}, 0x10) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0xfe3b) sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32=r8, @ANYBLOB="0000000000000000280012000900"], 0x48}}, 0x44045) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=@delchain={0x24, 0x25, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0x0, 0xfff1}}}, 0x24}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newneigh={0x24, 0x1c, 0x0, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x40, 0x6}, [@NDA_IFINDEX={0x8, 0x8, r8}]}, 0x24}}, 0x0) mlockall(0x1) 505.384819ms ago: executing program 2 (id=712): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x800448f0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=@ipv6_newrule={0x1c, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}}, 0x1c}}, 0x0) syz_emit_ethernet(0xee, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60"], 0x0) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x4, &(0x7f0000000000), 0x1, 0x625, &(0x7f0000001400)="$eJzs3c9rXNUeAPDvncnvvPeShsd7r2/xXkC0BW3SpK0UEWwRXJVSfywEN45NWmqnP2gimlppAnUjiBsXgisX1oX/gxYEV/4DLty4kkoR6UYpOnInd8ZpMjeZxMxMm/l8YDr33HNzz7nJfHvOnDnnTgA9azL9pxCxNyIuJxETDXl9kWVOrh539+drp9NHEpXKiz8lce16stx4riR7Ho2INOO3sUi+joiJ4vpyF5auni+Vy/NXsvT04oXL0wtLVw+cu1A6O392/uLsk7NHjxw+cnTmYMNPnXluq9e3p2H7xI3X3xx77+Qrn358L5n57LuTSRyrVzq9rq2eezOTMRmVTOP+9Pd6dKcL65Ji/XXyp2TtjrWebWOF2JLa368/Iv4dY1Fs+GuOxbvPd7VyQFtVkqi3UUCvScQ/9KhaP6D23r6198EDbe6VAJ1w53jEY/X474+I1fg/NpuNDcZQdWxg5G5y3zhPEhEHd6D8tIxvvjp5I31Em8bhgOaWVwazIfC17X9Sjc3xGKqmRu4W7ov/QjaMO56NH76wcTFjeRmTa9JZ+YPbvR6gdcsrEfGfZv3/zeP/1ew53f/aNsvPiX8AAAAAAABgG24dj4gnmn3+V6jP/xloMv9nNCKO7UD5m3/+V7i9A8UATdw5HvF00/m/hdoh48Us9ffqfID+5My58vzBiPhHROyP/sE0PdN40s8bfjoiDrw/8VFe+Y3z/9JHWn5tLmBWj9t9a2YDzZUWSztw6dDz7qxE/Lcvf/5P2v4nTdr/NL4vt1jGxKM3T+XlbR7/QLtUPonY17T9T+rHJBvfn2O62h+YrvUK1vvf2x98kVe++IfuSdv/kY3jfzBpvF/PwtbOPxARh5b6Knn52+3/DyQvFaNhJeJbpcXFKzMRA8mJ9ftnt1ZneJgMtX7oOxFRjYdavKTxv/+Rjcf/6v3/hjgczu7x1Yp//T76fV6e9h+6J43/uY3b//H72/+tb8zeHP8yr/xTLbX/h6tt+v5sj/E/2FirAdrtegIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAw6gQEX+LpDBV3y4UpqYiRiPinzFSKF9aWHz8zKU3Ls6ledXv/y/Uvul3bDWd1L7/f7whPbsmfSgi9kTEh8Xhanrq9KXyXLcvHgAAAAAAAAAAAAAAAAAAAB4Qo6tP69b/p34odrVqQCf0Zc/iHXpPX7crAHSN+IfeJf6hd+XH/y/3KlUdrQ7QQa22/5Xrba4I0HHb7P/7uAB2Ae//oVf1t3bYULvrAXSD9h8AAAAAAHaVPf+/9W0SEctPDVcfqYEsr/7B4HC3age0UyEvY7Cz9QA6zxxe6F2m/kDvanHyL7CLJfWtX5su9s+f/Z+0p0IAAAAAAAAAAAAAwDr79raw/h/YlXLX/wO73gbr/5st7HG7ANhFrP+H3uU2X0Cts5/3Tf/W/wMAAAAAAAAAAADAA2Do6vlSuTx/ZWGp5Y3rWzn4r2/8GHlZz9Q2VjpQjUpxZ86zXOrcr+4h3+iPiDVZlbHVl+35Uvnl6Gx9ahHTibIGOlhWzkaX/j8CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADW+SMAAP//fSQouA==") r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000180)={0x0, 'pimreg1\x00', {0x1}, 0xd8}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000540)='sock_rcvqueue_full\x00', r2}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x0) r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000080), 0xfd32) bind$bt_hci(r3, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) 505.004909ms ago: executing program 1 (id=713): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) r2 = inotify_init1(0x0) fcntl$setown(r2, 0x8, 0xffffffffffffffff) fcntl$getownex(r2, 0x10, &(0x7f0000000140)={0x0, 0x0}) r4 = syz_open_procfs(r3, &(0x7f0000000600)='fd/4\x00') r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000140)={0x0, 0x1, 0x0, 0x2000, &(0x7f0000fe5000/0x2000)=nil}) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000034d564b0000000001"]) r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000280)='netlink_extack\x00', r8}, 0x10) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r10, 0x8933, &(0x7f0000000000)={'wg0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@ipv4_newroute={0x2c, 0x18, 0x811, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, 0x2}, [@RTA_OIF={0x8, 0x4, r11}, @RTA_PREFSRC={0x8, 0x7, @multicast2}]}, 0x2c}}, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) write$cgroup_type(r4, &(0x7f0000000040), 0x9) ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r4, 0x40286608, &(0x7f0000000180)={@desc={0x39d, 0x2000000, @desc3}}) r12 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000001ec0)='kmem_cache_free\x00', r12}, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) 47.172767ms ago: executing program 0 (id=714): bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x6, 0x8, 0xb}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) r3 = socket$vsock_stream(0x28, 0x1, 0x0) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000100)=0x80000001, 0x8) bind$vsock_stream(r3, &(0x7f0000000440)={0x28, 0x0, 0x0, @local}, 0x10) listen(r3, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x0, &(0x7f0000000040)}) r4 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r4, &(0x7f0000000000)={0x28, 0x0, 0x2000000, @local}, 0x10) writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000080)='?', 0x20000081}], 0x1) 0s ago: executing program 3 (id=715): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0xfd, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x4, 0x900}, 0x38) kernel console output (not intermixed with test programs): aned up [ 83.488909][ T1506] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 83.489590][ T26] usb 4-1: device descriptor read/8, error -71 [ 83.608264][ T489] usb 3-1: USB disconnect, device number 10 [ 83.623539][ T489] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 83.657767][ T489] ftdi_sio 3-1:0.0: device disconnected [ 83.706197][ T494] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 84.755887][ T494] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 84.775787][ T494] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 84.783592][ T494] usb 5-1: Product: syz [ 84.789512][ T494] usb 5-1: Manufacturer: syz [ 84.794107][ T494] usb 5-1: SerialNumber: syz [ 84.799451][ T494] usb 5-1: config 0 descriptor?? [ 84.816002][ T1498] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 85.006087][ T26] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 85.067930][ T1537] loop0: detected capacity change from 0 to 256 [ 85.080786][ T1536] loop2: detected capacity change from 0 to 128 [ 85.115856][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 85.127360][ T1536] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 85.137829][ T1536] ext4 filesystem being mounted at /41/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 85.158626][ T411] Bluetooth: hci0: Frame reassembly failed (-84) [ 85.265875][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.286521][ T494] usb 5-1: USB disconnect, device number 10 [ 85.408202][ T327] udevd[327]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 85.452321][ T26] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.491626][ T1545] device syzkaller0 entered promiscuous mode [ 85.522437][ T26] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 85.531697][ T26] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.539994][ T26] usb 4-1: config 0 descriptor?? [ 85.585674][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 85.591810][ T30] audit: type=1400 audit(1720984935.320:661): avc: denied { name_bind } for pid=1547 comm="syz.2.334" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 85.946111][ T494] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 86.036633][ T26] savu 0003:1E7D:2D5A.000E: item fetching failed at offset 2/5 [ 86.044179][ T26] savu 0003:1E7D:2D5A.000E: parse failed [ 86.049683][ T26] savu: probe of 0003:1E7D:2D5A.000E failed with error -22 [ 86.165810][ T820] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 86.195796][ T494] usb 5-1: Using ep0 maxpacket: 16 [ 86.241479][ T26] usb 4-1: USB disconnect, device number 15 [ 86.258350][ T6] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 86.309761][ T1564] netlink: 104 bytes leftover after parsing attributes in process `syz.2.338'. [ 86.315862][ T494] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 86.329693][ T494] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 86.338513][ T494] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.347035][ T494] usb 5-1: config 0 descriptor?? [ 86.545859][ T820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 86.555399][ T820] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 86.645882][ T6] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 86.658426][ T6] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 86.668375][ T6] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 86.681088][ T6] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 86.689852][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.698844][ T6] usb 1-1: config 0 descriptor?? [ 86.746066][ T820] usb 2-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 86.755298][ T6] usb-storage 1-1:0.0: USB Mass Storage device detected [ 86.762111][ T820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.770416][ T820] usb 2-1: Product: syz [ 86.774690][ T820] usb 2-1: Manufacturer: syz [ 86.779732][ T6] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 86.787343][ T820] usb 2-1: SerialNumber: syz [ 86.796909][ T820] usb 2-1: config 0 descriptor?? [ 86.806209][ T1545] UDC core: couldn't find an available UDC or it's busy: -16 [ 86.813556][ T1545] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 86.827873][ T494] hid (null): unknown global tag 0x83 [ 86.833113][ T494] hid (null): unknown global tag 0xc [ 86.838398][ T494] hid (null): global environment stack underflow [ 86.845616][ T494] hid-generic 0003:0158:0100.000F: unknown main item tag 0x1 [ 86.852890][ T494] hid-generic 0003:0158:0100.000F: unexpected long global item [ 86.860345][ T494] hid-generic: probe of 0003:0158:0100.000F failed with error -22 [ 86.975255][ T494] usb 1-1: USB disconnect, device number 11 [ 87.108538][ T1557] loop1: detected capacity change from 0 to 128 [ 87.202837][ T1574] netlink: 104 bytes leftover after parsing attributes in process `syz.2.340'. [ 87.230699][ T30] audit: type=1400 audit(1720984936.970:662): avc: denied { mounton } for pid=1556 comm="syz.1.337" path="/64/file0" dev="loop1" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 87.664369][ T6] usb 5-1: USB disconnect, device number 11 [ 87.808441][ T1581] loop0: detected capacity change from 0 to 40427 [ 87.888647][ T1581] F2FS-fs (loop0): Unrecognized mount option "nV‚Í¢d²" or missing value [ 87.905815][ T26] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 87.993129][ T1589] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=1589 comm=syz.2.345 [ 88.120983][ T1593] loop2: detected capacity change from 0 to 1024 [ 88.156470][ T1593] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 88.166786][ T1593] EXT4-fs (loop2): orphan cleanup on readonly fs [ 88.173650][ T1593] EXT4-fs error (device loop2): ext4_free_blocks:6216: comm syz.2.346: Freeing blocks not in datazone - block = 0, count = 4096 [ 88.187436][ T1593] EXT4-fs (loop2): 1 orphan inode deleted [ 88.193226][ T1593] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 88.215804][ T26] usb 4-1: Using ep0 maxpacket: 16 [ 88.355942][ T26] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 88.515922][ T26] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 88.538838][ T26] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.546945][ T26] usb 4-1: Product: syz [ 88.578938][ T26] usb 4-1: Manufacturer: syz [ 88.583363][ T26] usb 4-1: SerialNumber: syz [ 88.620790][ T26] usb 4-1: config 0 descriptor?? [ 88.666345][ T26] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 88.673892][ T26] usb 4-1: Detected FT232RL [ 88.875819][ T26] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 88.926263][ T820] snd-usb-audio: probe of 2-1:0.0 failed with error -12 [ 88.933798][ T820] usb 2-1: USB disconnect, device number 13 [ 88.995893][ T60] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 89.013877][ T1609] netlink: 104 bytes leftover after parsing attributes in process `syz.1.350'. [ 89.111982][ T1611] loop2: detected capacity change from 0 to 256 [ 89.119212][ T26] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 89.211390][ T1611] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 89.255809][ T60] usb 5-1: Using ep0 maxpacket: 16 [ 89.320089][ T26] usb 4-1: USB disconnect, device number 16 [ 89.327018][ T26] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 89.336496][ T26] ftdi_sio 4-1:0.0: device disconnected [ 89.406211][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 89.417088][ T60] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 89.426710][ T60] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 89.435605][ T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.446412][ T60] usb 5-1: config 0 descriptor?? [ 89.452629][ T30] audit: type=1326 audit(1720984939.190:663): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1616 comm="syz.0.353" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f41496ccbd9 code=0x0 [ 89.595820][ T20] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 89.810675][ T30] audit: type=1400 audit(1720984939.550:664): avc: denied { relabelfrom } for pid=1620 comm="syz.1.354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 89.830321][ T30] audit: type=1400 audit(1720984939.550:665): avc: denied { relabelto } for pid=1620 comm="syz.1.354" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1 [ 89.926823][ T1625] FAULT_INJECTION: forcing a failure. [ 89.926823][ T1625] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 89.940733][ T60] savu 0003:1E7D:2D5A.0010: item fetching failed at offset 2/5 [ 89.945951][ T1625] CPU: 1 PID: 1625 Comm: syz.1.356 Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 89.948679][ T60] savu 0003:1E7D:2D5A.0010: parse failed [ 89.957727][ T1625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 89.957744][ T1625] Call Trace: [ 89.957749][ T1625] [ 89.957757][ T1625] dump_stack_lvl+0x151/0x1b7 [ 89.957785][ T1625] ? io_uring_drop_tctx_refs+0x190/0x190 [ 89.963259][ T60] savu: probe of 0003:1E7D:2D5A.0010 failed with error -22 [ 89.973087][ T1625] ? __mod_memcg_lruvec_state+0x11c/0x1b0 [ 89.973111][ T1625] dump_stack+0x15/0x17 [ 90.005553][ T1625] should_fail+0x3c6/0x510 [ 90.009799][ T1625] should_fail_alloc_page+0x5a/0x80 [ 90.014831][ T1625] prepare_alloc_pages+0x15c/0x700 [ 90.019780][ T1625] ? __alloc_pages_bulk+0xe40/0xe40 [ 90.024817][ T1625] __alloc_pages+0x18c/0x8f0 [ 90.029249][ T1625] ? prep_new_page+0x110/0x110 [ 90.033846][ T1625] ? __pte_map_lock+0x559/0x620 [ 90.038542][ T1625] ? do_wp_page+0x6fa/0xb60 [ 90.042218][ T1627] loop3: detected capacity change from 0 to 1024 [ 90.042867][ T1625] handle_pte_fault+0xea0/0x24d0 [ 90.053808][ T1625] ? fault_around_bytes_set+0xc0/0xc0 [ 90.059012][ T1625] ? trace_raw_output_vm_unmapped_area+0x220/0x220 [ 90.065346][ T1625] ? do_handle_mm_fault+0x1578/0x23a0 [ 90.070555][ T1625] ? memcpy+0x56/0x70 [ 90.074372][ T1625] do_handle_mm_fault+0x1ea9/0x23a0 [ 90.079408][ T1625] ? numa_migrate_prep+0xe0/0xe0 [ 90.084177][ T1625] ? memset+0x35/0x40 [ 90.087997][ T1625] ? get_unmapped_area+0x31d/0x380 [ 90.092942][ T1625] ? userfaultfd_unmap_prep+0x4a0/0x4a0 [ 90.098327][ T1625] ? debug_smp_processor_id+0x17/0x20 [ 90.103532][ T1625] ? exc_page_fault+0x222/0x830 [ 90.108217][ T1625] ? access_error+0x246/0x270 [ 90.112732][ T1625] exc_page_fault+0x26f/0x830 [ 90.117250][ T1625] asm_exc_page_fault+0x27/0x30 [ 90.121935][ T1625] RIP: 0033:0x7f6c0ff19453 [ 90.126186][ T1625] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 90.145626][ T1625] RSP: 002b:00007f6c0f2d44b0 EFLAGS: 00010202 [ 90.151526][ T1625] RAX: 0000000000023000 RBX: 00007f6c0f2d4550 RCX: 00007f6c06eb5000 [ 90.159340][ T1625] RDX: 00007f6c0f2d46f0 RSI: 0000000000000001 RDI: 00007f6c0f2d45f0 [ 90.167149][ T1625] RBP: 0000000000000063 R08: 0000000000000007 R09: 0000000000000042 [ 90.174958][ T1625] R10: 000000000000004e R11: 00007f6c0f2d4550 R12: 0000000000000001 [ 90.182772][ T1625] R13: 00007f6c100d3f80 R14: 0000000000000073 R15: 00007f6c0f2d45f0 [ 90.190588][ T1625] [ 90.193579][ T20] usb 3-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 90.202756][ T30] audit: type=1400 audit(1720984939.940:666): avc: denied { unlink } for pid=82 comm="syslogd" name="messages.0" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 90.206733][ T20] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 90.228687][ T1625] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 90.242801][ T20] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 90.248327][ T1625] loop1: detected capacity change from 0 to 512 [ 90.259279][ T20] usb 3-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 90.273727][ T20] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.274066][ T1627] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 90.282258][ T60] usb 5-1: USB disconnect, device number 12 [ 90.294942][ T1627] EXT4-fs (loop3): orphan cleanup on readonly fs [ 90.295407][ T20] usb 3-1: config 0 descriptor?? [ 90.307647][ T1627] EXT4-fs error (device loop3): ext4_free_blocks:6216: comm syz.3.357: Freeing blocks not in datazone - block = 0, count = 4096 [ 90.323246][ T1627] EXT4-fs (loop3): 1 orphan inode deleted [ 90.329361][ T1627] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 90.344627][ T1625] EXT4-fs (loop1): orphan cleanup on readonly fs [ 90.352458][ T1625] EXT4-fs (loop1): 1 orphan inode deleted [ 90.367422][ T20] usb-storage 3-1:0.0: USB Mass Storage device detected [ 90.375915][ T1625] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 90.411197][ T20] usb-storage 3-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 90.488154][ T1642] loop1: detected capacity change from 0 to 256 [ 90.547942][ T1642] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 90.574393][ T1634] loop3: detected capacity change from 0 to 40427 [ 90.582184][ T60] usb 3-1: USB disconnect, device number 11 [ 90.624975][ T1646] loop1: detected capacity change from 0 to 1024 [ 90.668199][ T1634] F2FS-fs (loop3): Unrecognized mount option "nV‚Í¢d²" or missing value [ 90.689575][ T1646] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 90.705486][ T1646] EXT4-fs (loop1): orphan cleanup on readonly fs [ 90.722425][ T1646] EXT4-fs error (device loop1): ext4_free_blocks:6216: comm syz.1.363: Freeing blocks not in datazone - block = 0, count = 4096 [ 90.746378][ T1646] EXT4-fs (loop1): 1 orphan inode deleted [ 90.752246][ T1646] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 91.484261][ T1674] loop2: detected capacity change from 0 to 1024 [ 91.568578][ T1674] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 91.576922][ T1674] EXT4-fs (loop2): orphan cleanup on readonly fs [ 91.583193][ T1674] EXT4-fs error (device loop2): ext4_free_blocks:6216: comm syz.2.371: Freeing blocks not in datazone - block = 0, count = 4096 [ 91.596533][ T1674] EXT4-fs (loop2): 1 orphan inode deleted [ 91.602100][ T1674] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 91.735877][ T26] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 91.797744][ T1682] loop1: detected capacity change from 0 to 256 [ 91.831830][ T1684] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 91.839874][ T30] audit: type=1400 audit(1720984941.580:667): avc: denied { mounton } for pid=1683 comm="syz.2.374" path="/proc/161/cgroup" dev="proc" ino=19299 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 91.879420][ T1682] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 92.035796][ T26] usb 1-1: Using ep0 maxpacket: 8 [ 92.043744][ T30] audit: type=1400 audit(1720984941.780:668): avc: denied { create } for pid=1689 comm="syz.4.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 92.065105][ T30] audit: type=1400 audit(1720984941.810:669): avc: denied { connect } for pid=1689 comm="syz.4.377" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 92.091953][ T1691] loop1: detected capacity change from 0 to 2048 [ 92.155806][ T820] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 92.155827][ T26] usb 1-1: config 135 has an invalid interface number: 230 but max is 0 [ 92.171402][ T26] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 92.181442][ T26] usb 1-1: config 135 has no interface number 0 [ 92.187612][ T26] usb 1-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30 [ 92.198679][ T26] usb 1-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53 [ 92.211943][ T26] usb 1-1: config 135 interface 230 has no altsetting 0 [ 92.220353][ T1691] EXT4-fs error (device loop1): ext4_orphan_get:1423: comm syz.1.376: bad orphan inode 8192 [ 92.230885][ T1691] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 92.375855][ T26] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 92.381223][ T1697] loop3: detected capacity change from 0 to 512 [ 92.384720][ T26] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.384742][ T26] usb 1-1: Product: syz [ 92.403066][ T26] usb 1-1: Manufacturer: syz [ 92.408396][ T1697] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 92.408396][ T1697] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 92.408396][ T1697] [ 92.415793][ T820] usb 3-1: Using ep0 maxpacket: 16 [ 92.426487][ T26] usb 1-1: SerialNumber: syz [ 92.437300][ T1697] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 92.446014][ T1697] EXT4-fs (loop3): 1 truncate cleaned up [ 92.451471][ T1697] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 92.615845][ T820] usb 3-1: unable to get BOS descriptor or descriptor too short [ 92.681098][ T1668] loop0: detected capacity change from 0 to 256 [ 92.695857][ T820] usb 3-1: config 1 has an invalid descriptor of length 227, skipping remainder of the config [ 92.708909][ T820] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 92.717833][ T820] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 92.748088][ T1668] exfat: Unknown parameter '' [ 92.755823][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 92.869659][ T30] audit: type=1400 audit(1720984942.610:670): avc: denied { create } for pid=1667 comm="syz.0.369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=appletalk_socket permissive=1 [ 92.890319][ T30] audit: type=1400 audit(1720984942.610:671): avc: denied { getopt } for pid=1667 comm="syz.0.369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 92.909585][ T820] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 92.909614][ T820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.909632][ T820] usb 3-1: Product: syz [ 92.926212][ T26] usb 1-1: Found UVC 0.00 device syz (18ec:3288) [ 92.926245][ T26] usb 1-1: No valid video chain found. [ 92.929005][ T26] usb 1-1: USB disconnect, device number 12 [ 92.932639][ T820] usb 3-1: Manufacturer: syz [ 92.953726][ T820] usb 3-1: SerialNumber: syz [ 93.007321][ T820] cdc_ncm 3-1:1.0: CDC Union missing and no IAD found [ 93.013959][ T820] cdc_ncm 3-1:1.0: bind() failure [ 93.227883][ T494] usb 3-1: USB disconnect, device number 12 [ 93.247832][ T1708] FAULT_INJECTION: forcing a failure. [ 93.247832][ T1708] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.267086][ T1708] CPU: 1 PID: 1708 Comm: syz.1.380 Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 93.276727][ T1708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 93.286619][ T1708] Call Trace: [ 93.289740][ T1708] [ 93.292518][ T1708] dump_stack_lvl+0x151/0x1b7 [ 93.297031][ T1708] ? io_uring_drop_tctx_refs+0x190/0x190 [ 93.302501][ T1708] dump_stack+0x15/0x17 [ 93.306492][ T1708] should_fail+0x3c6/0x510 [ 93.310745][ T1708] should_fail_usercopy+0x1a/0x20 [ 93.315605][ T1708] _copy_from_user+0x20/0xd0 [ 93.320030][ T1708] __sys_connect+0x137/0x410 [ 93.324457][ T1708] ? fput_many+0x160/0x1b0 [ 93.328712][ T1708] ? __sys_connect_file+0x170/0x170 [ 93.333747][ T1708] ? debug_smp_processor_id+0x17/0x20 [ 93.338951][ T1708] ? fpregs_assert_state_consistent+0xb6/0xe0 [ 93.344853][ T1708] __x64_sys_connect+0x7a/0x90 [ 93.349458][ T1708] do_syscall_64+0x3d/0xb0 [ 93.353704][ T1708] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 93.359434][ T1708] RIP: 0033:0x7f6c10053bd9 [ 93.363688][ T1708] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.383128][ T1708] RSP: 002b:00007f6c0f2b4048 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 93.391373][ T1708] RAX: ffffffffffffffda RBX: 00007f6c101e2038 RCX: 00007f6c10053bd9 [ 93.399182][ T1708] RDX: 0000000000000010 RSI: 0000000020000040 RDI: 0000000000000009 [ 93.406996][ T1708] RBP: 00007f6c0f2b40a0 R08: 0000000000000000 R09: 0000000000000000 [ 93.414806][ T1708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.422617][ T1708] R13: 000000000000006e R14: 00007f6c101e2038 R15: 00007ffeab33cae8 [ 93.430432][ T1708] [ 93.895790][ T820] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 93.912035][ T1724] loop1: detected capacity change from 0 to 256 [ 93.950036][ T30] audit: type=1400 audit(1720984943.690:672): avc: denied { ioctl } for pid=1727 comm="syz.2.387" path="socket:[20645]" dev="sockfs" ino=20645 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 93.975880][ T1728] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=1728 comm=syz.2.387 [ 93.993837][ T1722] loop4: detected capacity change from 0 to 40427 [ 94.018017][ T1724] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 94.041868][ T1729] netem: change failed [ 94.059391][ T1722] F2FS-fs (loop4): Unrecognized mount option "nV‚Í¢d²" or missing value [ 94.109331][ T1733] loop1: detected capacity change from 0 to 512 [ 94.167541][ T1733] EXT4-fs (loop1): orphan cleanup on readonly fs [ 94.328818][ T1733] EXT4-fs (loop1): 1 orphan inode deleted [ 94.390912][ T1733] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 94.455820][ T30] audit: type=1326 audit(1720984944.190:673): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1737 comm="syz.1.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 94.455878][ T820] usb 4-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 94.478971][ T30] audit: type=1326 audit(1720984944.190:674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1737 comm="syz.1.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 94.515371][ T820] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 94.525633][ T820] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 94.538522][ T820] usb 4-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 94.558207][ T1741] loop0: detected capacity change from 0 to 512 [ 94.561786][ T820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 94.575272][ T30] audit: type=1326 audit(1720984944.190:675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1737 comm="syz.1.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 94.598371][ T1743] loop1: detected capacity change from 0 to 512 [ 94.604577][ T1741] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 94.604577][ T1741] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 94.604577][ T1741] [ 94.624429][ T820] usb 4-1: config 0 descriptor?? [ 94.629380][ T1743] EXT4-fs (loop1): Mount option "noacl" will be removed by 3.5 [ 94.629380][ T1743] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 94.629380][ T1743] [ 94.640501][ T30] audit: type=1326 audit(1720984944.190:676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1737 comm="syz.1.390" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 94.678762][ T1741] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 94.678793][ T1743] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 94.696193][ T820] usb-storage 4-1:0.0: USB Mass Storage device detected [ 94.697562][ T1743] EXT4-fs (loop1): 1 truncate cleaned up [ 94.709863][ T1743] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 94.735922][ T1741] EXT4-fs (loop0): 1 truncate cleaned up [ 94.741517][ T1741] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 94.741849][ T820] usb-storage 4-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 94.908759][ T494] usb 4-1: USB disconnect, device number 17 [ 95.530014][ T1767] loop2: detected capacity change from 0 to 2048 [ 95.614025][ T1753] loop4: detected capacity change from 0 to 40427 [ 95.626732][ T1767] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 95.723824][ T1753] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 95.731697][ T1753] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 95.744779][ T1753] F2FS-fs (loop4): invalid crc value [ 95.751747][ T1753] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 95.759461][ T1778] loop0: detected capacity change from 0 to 256 [ 95.781155][ T1753] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 95.788183][ T1753] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 95.806864][ T1753] gretap0: refused to change device tx_queue_len [ 95.816358][ T1778] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 95.822783][ T1753] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 95.941600][ T1788] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=1788 comm=syz.0.399 [ 96.027635][ T1788] netem: change failed [ 96.284147][ T1800] loop4: detected capacity change from 0 to 1024 [ 96.359802][ T1800] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 96.375633][ T1800] EXT4-fs (loop4): orphan cleanup on readonly fs [ 96.382240][ T1800] EXT4-fs error (device loop4): ext4_free_blocks:6216: comm syz.4.403: Freeing blocks not in datazone - block = 0, count = 4096 [ 96.395716][ T1800] EXT4-fs (loop4): 1 orphan inode deleted [ 96.401451][ T1800] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 96.476336][ T1802] loop2: detected capacity change from 0 to 40427 [ 96.481969][ T1807] loop4: detected capacity change from 0 to 512 [ 96.507460][ T1807] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5 [ 96.507460][ T1807] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 96.507460][ T1807] [ 96.526116][ T1807] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 96.534798][ T1807] EXT4-fs (loop4): 1 truncate cleaned up [ 96.540349][ T1807] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 96.586140][ T1802] F2FS-fs (loop2): Unrecognized mount option "nV‚Í¢d²" or missing value [ 97.003936][ T1825] loop3: detected capacity change from 0 to 256 [ 97.110767][ T1830] netlink: 104 bytes leftover after parsing attributes in process `syz.1.410'. [ 97.128964][ T1829] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 97.168262][ T1825] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 97.345675][ T1837] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=1837 comm=syz.2.413 [ 97.383512][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 97.383525][ T30] audit: type=1400 audit(1720984947.120:714): avc: denied { unmount } for pid=419 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 97.421213][ T1838] netem: change failed [ 97.468863][ T1842] loop4: detected capacity change from 0 to 8192 [ 97.535823][ T494] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 97.695784][ T39] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 97.735795][ T820] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 97.896079][ T494] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 255 [ 97.896131][ T494] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 97.896218][ T494] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 97.896356][ T494] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 97.896403][ T494] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.899364][ T494] usb 1-1: config 0 descriptor?? [ 97.936228][ T494] usb-storage 1-1:0.0: USB Mass Storage device detected [ 97.964268][ T494] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 97.978438][ T30] audit: type=1400 audit(1720984947.720:715): avc: denied { ioctl } for pid=1848 comm="syz.1.417" path="socket:[21610]" dev="sockfs" ino=21610 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 98.007027][ T30] audit: type=1400 audit(1720984947.750:716): avc: denied { setopt } for pid=1848 comm="syz.1.417" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 98.075832][ T39] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 98.105833][ T820] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 98.166035][ T20] usb 1-1: USB disconnect, device number 13 [ 98.235837][ T39] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 98.244751][ T39] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.252527][ T39] usb 4-1: Product: syz [ 98.256801][ T39] usb 4-1: Manufacturer: syz [ 98.261205][ T39] usb 4-1: SerialNumber: syz [ 98.266672][ T39] usb 4-1: config 0 descriptor?? [ 98.285855][ T820] usb 3-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 98.294700][ T820] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.302630][ T1840] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 98.309472][ T820] usb 3-1: Product: syz [ 98.313370][ T820] usb 3-1: Manufacturer: syz [ 98.317935][ T820] usb 3-1: SerialNumber: syz [ 98.322812][ T820] usb 3-1: config 0 descriptor?? [ 98.355883][ T1844] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 98.533494][ T409] Bluetooth: hci0: Frame reassembly failed (-84) [ 98.580037][ T412] Bluetooth: hci0: Frame reassembly failed (-84) [ 98.588355][ T39] usb 4-1: USB disconnect, device number 18 [ 98.639156][ T820] usb 3-1: USB disconnect, device number 13 [ 98.648161][ T327] udevd[327]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 98.667057][ T322] udevd[322]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card1/controlC1/../uevent} for writing: No such file or directory [ 99.105803][ T494] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 99.145253][ T1871] loop2: detected capacity change from 0 to 256 [ 99.226989][ T1869] loop3: detected capacity change from 0 to 40427 [ 99.242639][ T1871] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 99.258760][ T1873] loop4: detected capacity change from 0 to 512 [ 99.286888][ T1873] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5 [ 99.286888][ T1873] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 99.286888][ T1873] [ 99.287541][ T1869] F2FS-fs (loop3): Unrecognized mount option "nV‚Í¢d²" or missing value [ 99.314095][ T1873] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 99.323085][ T1873] EXT4-fs (loop4): 1 truncate cleaned up [ 99.331988][ T1873] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 99.357423][ T30] audit: type=1400 audit(1720984949.100:717): avc: denied { mount } for pid=1872 comm="syz.4.425" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 100.469918][ T494] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 100.483787][ T494] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 100.494612][ T494] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 100.504173][ T494] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 100.608033][ T1891] netlink: 104 bytes leftover after parsing attributes in process `syz.0.427'. [ 100.646064][ T494] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 100.668128][ T494] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 100.717036][ T494] usb 2-1: Manufacturer: syz [ 100.751640][ T494] usb 2-1: config 0 descriptor?? [ 100.822919][ T1898] fuse: Unknown parameter 'fÁvMÍÆ©' [ 100.898668][ T1904] netem: incorrect ge model size [ 100.903445][ T1904] netem: change failed [ 100.935337][ T1906] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=24 sclass=netlink_tcpdiag_socket pid=1906 comm=syz.4.433 [ 101.226582][ T494] appleir 0003:05AC:8243.0011: unknown main item tag 0x0 [ 101.233653][ T494] appleir 0003:05AC:8243.0011: No inputs registered, leaving [ 101.242402][ T494] appleir 0003:05AC:8243.0011: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0 [ 101.407923][ T489] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 101.441718][ T1917] loop0: detected capacity change from 0 to 256 [ 101.488519][ T1917] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 101.765828][ T489] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 101.784830][ T1928] loop2: detected capacity change from 0 to 8192 [ 101.945837][ T489] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 101.954757][ T489] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.962530][ T489] usb 5-1: Product: syz [ 101.966530][ T489] usb 5-1: Manufacturer: syz [ 101.970903][ T489] usb 5-1: SerialNumber: syz [ 101.992446][ T489] usb 5-1: config 0 descriptor?? [ 102.016105][ T1913] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 102.250391][ T409] Bluetooth: hci0: Frame reassembly failed (-84) [ 102.333515][ T489] usb 5-1: USB disconnect, device number 13 [ 102.518362][ T820] usb 2-1: USB disconnect, device number 14 [ 102.533820][ T30] audit: type=1400 audit(1720984952.270:718): avc: denied { read } for pid=1937 comm="syz.3.443" name="msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 102.557180][ T30] audit: type=1400 audit(1720984952.270:719): avc: denied { open } for pid=1937 comm="syz.3.443" path="/dev/cpu/0/msr" dev="devtmpfs" ino=85 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1 [ 102.841473][ T1946] FAULT_INJECTION: forcing a failure. [ 102.841473][ T1946] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 102.854927][ T1946] CPU: 1 PID: 1946 Comm: syz.4.445 Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 102.864552][ T1946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 102.874443][ T1946] Call Trace: [ 102.877567][ T1946] [ 102.880344][ T1946] dump_stack_lvl+0x151/0x1b7 [ 102.884857][ T1946] ? io_uring_drop_tctx_refs+0x190/0x190 [ 102.891021][ T1946] ? page_ext_put+0x1c/0x30 [ 102.895359][ T1946] dump_stack+0x15/0x17 [ 102.899351][ T1946] should_fail+0x3c6/0x510 [ 102.903604][ T1946] should_fail_alloc_page+0x5a/0x80 [ 102.908638][ T1946] prepare_alloc_pages+0x15c/0x700 [ 102.913588][ T1946] ? __alloc_pages_bulk+0xe40/0xe40 [ 102.918618][ T1946] ? __update_load_avg_cfs_rq+0xb1/0x2f0 [ 102.924097][ T1946] __alloc_pages+0x18c/0x8f0 [ 102.928513][ T1946] ? prep_new_page+0x110/0x110 [ 102.933112][ T1946] ? __switch_to+0x62a/0x1190 [ 102.937627][ T1946] ? dev_map_hash_lookup_elem+0x116/0x180 [ 102.943182][ T1946] ? compat_start_thread+0x20/0x20 [ 102.948130][ T1946] wp_page_copy+0x1d4/0x1b00 [ 102.952555][ T1946] ? __kasan_check_write+0x14/0x20 [ 102.957502][ T1946] ? insert_page_into_pte_locked+0x4e0/0x4e0 [ 102.963315][ T1946] ? __schedule+0xcd4/0x1590 [ 102.967745][ T1946] ? __pte_map_lock+0x559/0x620 [ 102.972439][ T1946] ? vm_normal_page+0x1e1/0x1f0 [ 102.977117][ T1946] do_wp_page+0x6fa/0xb60 [ 102.981284][ T1946] handle_pte_fault+0x7c0/0x24d0 [ 102.986056][ T1946] ? irqentry_exit_cond_resched+0x2a/0x30 [ 102.991609][ T1946] ? irqentry_exit+0x30/0x40 [ 102.996035][ T1946] ? sysvec_reschedule_ipi+0x7d/0x150 [ 103.001243][ T1946] ? fault_around_bytes_set+0xc0/0xc0 [ 103.006463][ T1946] ? do_handle_mm_fault+0x15c0/0x23a0 [ 103.011659][ T1946] do_handle_mm_fault+0x1ea9/0x23a0 [ 103.016694][ T1946] ? __this_cpu_preempt_check+0x13/0x20 [ 103.022096][ T1946] ? numa_migrate_prep+0xe0/0xe0 [ 103.026848][ T1946] ? _raw_spin_unlock+0x4d/0x70 [ 103.031531][ T1946] ? finish_task_switch+0x167/0x7b0 [ 103.036570][ T1946] ? __kasan_check_write+0x14/0x20 [ 103.041514][ T1946] ? switch_fpu_return+0x1ed/0x3d0 [ 103.046461][ T1946] ? fpu_flush_thread+0xf0/0xf0 [ 103.051157][ T1946] ? __kasan_check_read+0x11/0x20 [ 103.056021][ T1946] ? exc_page_fault+0x222/0x830 [ 103.060694][ T1946] ? access_error+0x246/0x270 [ 103.065209][ T1946] exc_page_fault+0x26f/0x830 [ 103.069726][ T1946] asm_exc_page_fault+0x27/0x30 [ 103.074407][ T1946] RIP: 0033:0x7f668baa1453 [ 103.078665][ T1946] Code: 1f 84 00 00 00 00 00 3d 00 01 00 00 75 29 45 31 f6 48 83 c4 18 44 89 f0 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 40 00 49 8b 0f <44> 88 34 01 49 83 47 10 01 eb 92 66 90 8d 90 ff fe ff ff 83 fa 1c [ 103.098103][ T1946] RSP: 002b:00007f668ae5c4b0 EFLAGS: 00010202 [ 103.104002][ T1946] RAX: 0000000000022008 RBX: 00007f668ae5c550 RCX: 00007f6682a3d000 [ 103.111814][ T1946] RDX: 00007f668ae5c6f0 RSI: 0000000000000017 RDI: 00007f668ae5c5f0 [ 103.119625][ T1946] RBP: 000000000000004c R08: 0000000000000009 R09: 00000000000001b7 [ 103.127437][ T1946] R10: 00000000000001be R11: 00007f668ae5c550 R12: 0000000000000001 [ 103.135247][ T1946] R13: 00007f668bc5bf80 R14: 00000000000000f2 R15: 00007f668ae5c5f0 [ 103.143064][ T1946] [ 103.146203][ T1946] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 103.158033][ T1946] loop4: detected capacity change from 0 to 512 [ 103.228666][ T1950] netlink: 104 bytes leftover after parsing attributes in process `syz.2.446'. [ 103.230927][ T1946] EXT4-fs (loop4): orphan cleanup on readonly fs [ 103.250238][ T1946] EXT4-fs (loop4): 1 orphan inode deleted [ 103.266855][ T1946] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 103.346505][ T1954] loop3: detected capacity change from 0 to 1024 [ 103.355947][ T820] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 103.386810][ T1954] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 103.395127][ T1954] EXT4-fs (loop3): orphan cleanup on readonly fs [ 103.406037][ T1954] EXT4-fs error (device loop3): ext4_free_blocks:6216: comm syz.3.448: Freeing blocks not in datazone - block = 0, count = 4096 [ 103.420553][ T1954] EXT4-fs (loop3): 1 orphan inode deleted [ 103.426240][ T1954] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 103.471420][ T30] audit: type=1400 audit(1720984953.210:720): avc: denied { setopt } for pid=1955 comm="syz.4.449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 103.516503][ T30] audit: type=1400 audit(1720984953.210:721): avc: denied { bind } for pid=1955 comm="syz.4.449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 103.537488][ T30] audit: type=1400 audit(1720984953.210:722): avc: denied { listen } for pid=1955 comm="syz.4.449" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 103.695499][ T30] audit: type=1400 audit(1720984953.430:723): avc: denied { name_bind } for pid=1960 comm="syz.3.450" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 103.735825][ T489] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 103.805869][ T820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.816615][ T820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.826134][ T820] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 103.835023][ T820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.843358][ T820] usb 2-1: config 0 descriptor?? [ 104.015979][ T489] usb 1-1: too many configurations: 65, using maximum allowed: 8 [ 104.485811][ T6] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 104.535920][ T820] usb 2-1: language id specifier not provided by device, defaulting to English [ 104.715992][ T489] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 104.733343][ T489] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.798646][ T6] usb 5-1: Using ep0 maxpacket: 8 [ 104.985952][ T6] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 188, using maximum allowed: 30 [ 104.996726][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.008371][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.008498][ T1952] UDC core: couldn't find an available UDC or it's busy: -16 [ 105.018813][ T6] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 188 [ 105.025483][ T1952] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 105.038079][ T6] usb 5-1: New USB device found, idVendor=05ac, idProduct=1440, bcdDevice= 0.00 [ 105.054183][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.062571][ T6] usb 5-1: config 0 descriptor?? [ 105.254425][ T1952] UDC core: couldn't find an available UDC or it's busy: -16 [ 105.261727][ T1952] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 105.269676][ T30] audit: type=1400 audit(1720984955.020:724): avc: denied { ioctl } for pid=1951 comm="syz.0.447" path="/dev/input/event2" dev="devtmpfs" ino=178 ioctlcmd=0x4592 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 105.276362][ T1952] fuse: Unknown parameter 'r000000000000' [ 105.335859][ T489] usb 1-1: string descriptor 0 read error: -71 [ 105.342917][ T489] usb 1-1: Found UVC 0.00 device (046d:08c1) [ 105.354738][ T489] usb 1-1: No valid video chain found. [ 105.360925][ T489] usb 1-1: USB disconnect, device number 14 [ 105.586483][ T6] appleir 0003:05AC:1440.0013: unexpected long global item [ 105.594494][ T6] appleir 0003:05AC:1440.0013: parse failed [ 105.600257][ T6] appleir: probe of 0003:05AC:1440.0013 failed with error -22 [ 105.806749][ T489] usb 5-1: USB disconnect, device number 14 [ 105.838605][ T1983] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.845499][ T1983] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.852866][ T1983] device bridge_slave_0 entered promiscuous mode [ 105.859628][ T1983] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.866488][ T1983] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.873593][ T1983] device bridge_slave_1 entered promiscuous mode [ 105.915693][ T1983] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.922606][ T1983] bridge0: port 2(bridge_slave_1) entered forwarding state [ 105.929689][ T1983] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.936563][ T1983] bridge0: port 1(bridge_slave_0) entered forwarding state [ 105.954881][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 105.962477][ T20] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.969895][ T20] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.986604][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 105.994563][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.001415][ T313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.008579][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 106.016623][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.023455][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.030804][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 106.039188][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 106.056042][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 106.064200][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 106.072016][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 106.079312][ T20] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 106.089937][ T1983] device veth0_vlan entered promiscuous mode [ 106.100013][ T489] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 106.105780][ T6] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 106.116535][ T1983] device veth1_macvtap entered promiscuous mode [ 106.125572][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 106.139809][ T489] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 106.245816][ T820] uclogic 0003:256C:006D.0012: failed retrieving string descriptor #100: -71 [ 106.256427][ T412] device bridge_slave_1 left promiscuous mode [ 106.258274][ T820] uclogic 0003:256C:006D.0012: failed retrieving pen parameters: -71 [ 106.270054][ T412] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.270399][ T820] uclogic 0003:256C:006D.0012: failed probing pen v1 parameters: -71 [ 106.285819][ T820] uclogic 0003:256C:006D.0012: failed probing parameters: -71 [ 106.286223][ T412] device bridge_slave_0 left promiscuous mode [ 106.293146][ T820] uclogic: probe of 0003:256C:006D.0012 failed with error -71 [ 106.294264][ T820] usb 2-1: USB disconnect, device number 15 [ 106.302645][ T412] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.324590][ T412] device veth1_macvtap left promiscuous mode [ 106.330738][ T412] device veth0_vlan left promiscuous mode [ 106.415858][ T6] usb 3-1: too many configurations: 65, using maximum allowed: 8 [ 106.435778][ T489] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 106.603383][ T30] audit: type=1400 audit(1720984956.340:725): avc: denied { mount } for pid=1992 comm="syz.1.458" name="/" dev="ramfs" ino=21993 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1 [ 106.866339][ T489] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 107.055856][ T489] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 107.064787][ T489] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.072584][ T489] usb 1-1: Product: syz [ 107.076584][ T489] usb 1-1: Manufacturer: syz [ 107.080972][ T489] usb 1-1: SerialNumber: syz [ 107.085972][ T489] usb 1-1: config 0 descriptor?? [ 107.105830][ T1989] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 107.236443][ T6] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 107.245502][ T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.329171][ T412] Bluetooth: hci0: Frame reassembly failed (-84) [ 107.388624][ T489] usb 1-1: USB disconnect, device number 15 [ 107.398399][ T322] udevd[322]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 107.515938][ T6] usb 3-1: string descriptor 0 read error: -22 [ 107.522245][ T6] usb 3-1: Found UVC 0.00 device (046d:08c1) [ 107.529091][ T6] usb 3-1: No valid video chain found. [ 108.454658][ T1980] device wireguard0 entered promiscuous mode [ 108.456004][ T2023] loop3: detected capacity change from 0 to 1024 [ 108.498651][ T30] audit: type=1326 audit(1720984958.240:726): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=1979 comm="syz.2.455" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb9532c8bd9 code=0x0 [ 108.521675][ T2023] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 108.530000][ T2023] EXT4-fs (loop3): orphan cleanup on readonly fs [ 108.536407][ T2023] EXT4-fs error (device loop3): ext4_free_blocks:6216: comm syz.3.465: Freeing blocks not in datazone - block = 0, count = 4096 [ 108.550473][ T2023] EXT4-fs (loop3): 1 orphan inode deleted [ 108.556118][ T2023] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 108.575994][ T494] usb 3-1: USB disconnect, device number 14 [ 108.670894][ T2033] loop3: detected capacity change from 0 to 1024 [ 108.757641][ T2033] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 108.765721][ T2033] EXT4-fs (loop3): orphan cleanup on readonly fs [ 108.772000][ T2033] EXT4-fs error (device loop3): ext4_free_blocks:6216: comm syz.3.468: Freeing blocks not in datazone - block = 0, count = 4096 [ 108.785820][ T2033] EXT4-fs (loop3): 1 orphan inode deleted [ 108.791363][ T2033] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 109.191776][ T2045] loop0: detected capacity change from 0 to 256 [ 109.221532][ T2048] loop2: detected capacity change from 0 to 1024 [ 109.336047][ T2048] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 109.353782][ T30] audit: type=1400 audit(1720984959.090:727): avc: denied { setattr } for pid=2046 comm="syz.2.471" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 110.196846][ T30] audit: type=1400 audit(1720984959.090:728): avc: denied { rename } for pid=2046 comm="syz.2.471" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 110.245794][ T30] audit: type=1400 audit(1720984959.090:729): avc: denied { unlink } for pid=2046 comm="syz.2.471" name="file1" dev="loop2" ino=14 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 110.270484][ T295] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 110.281637][ T2070] loop1: detected capacity change from 0 to 512 [ 110.299100][ T2074] loop3: detected capacity change from 0 to 1024 [ 110.461504][ T2074] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 110.470586][ T2074] EXT4-fs (loop3): orphan cleanup on readonly fs [ 110.477168][ T2074] EXT4-fs error (device loop3): ext4_free_blocks:6216: comm syz.3.480: Freeing blocks not in datazone - block = 0, count = 4096 [ 110.490740][ T2074] EXT4-fs (loop3): 1 orphan inode deleted [ 110.496735][ T2074] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 110.512133][ T2070] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled [ 110.549608][ T2070] EXT4-fs (loop1): mounted filesystem without journal. Opts: nombcache,quota,jqfmt=vfsold,resgid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 110.669472][ T2070] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038 (0x7fffffff) [ 110.775844][ T30] audit: type=1400 audit(1720984960.510:730): avc: denied { rmdir } for pid=2069 comm="syz.1.478" name="file0" dev="loop1" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 110.797552][ T2070] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 110.797620][ T2070] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 110.825321][ T30] audit: type=1326 audit(1720984960.560:731): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2069 comm="syz.1.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 110.848884][ T30] audit: type=1326 audit(1720984960.560:732): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2069 comm="syz.1.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 110.872946][ T30] audit: type=1326 audit(1720984960.560:733): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2069 comm="syz.1.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 110.896060][ T295] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 110.947041][ T2103] netlink: 8 bytes leftover after parsing attributes in process `syz.3.487'. [ 111.576538][ T295] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 111.677826][ T295] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.739568][ T295] usb 5-1: Product: syz [ 111.743722][ T295] usb 5-1: Manufacturer: syz [ 111.748184][ T295] usb 5-1: SerialNumber: syz [ 111.753349][ T295] usb 5-1: config 0 descriptor?? [ 111.776090][ T2059] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 111.993319][ T2125] loop1: detected capacity change from 0 to 1024 [ 112.064868][ T2125] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 112.073437][ T2125] EXT4-fs (loop1): orphan cleanup on readonly fs [ 112.080162][ T2125] EXT4-fs error (device loop1): ext4_free_blocks:6216: comm syz.1.494: Freeing blocks not in datazone - block = 0, count = 4096 [ 112.094390][ T2125] EXT4-fs (loop1): 1 orphan inode deleted [ 112.104266][ T2125] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 112.115825][ T26] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 112.140030][ T2131] loop3: detected capacity change from 0 to 8192 [ 112.159506][ T295] usb 5-1: USB disconnect, device number 15 [ 112.187374][ T2133] loop1: detected capacity change from 0 to 8192 [ 112.235036][ T631] udevd[631]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 112.435819][ T26] usb 3-1: Using ep0 maxpacket: 16 [ 112.585879][ T26] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 112.815870][ T26] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 112.832153][ T2142] 9pnet: Insufficient options for proto=fd [ 112.834145][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.846115][ T26] usb 3-1: Product: syz [ 112.850135][ T26] usb 3-1: Manufacturer: syz [ 112.854552][ T26] usb 3-1: SerialNumber: syz [ 112.879280][ T26] usb 3-1: config 0 descriptor?? [ 112.925840][ T39] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 112.935207][ T26] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 112.944072][ T26] usb 3-1: Detected FT232RL [ 113.185846][ T26] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 113.196453][ T2147] loop3: detected capacity change from 0 to 40427 [ 113.215787][ T39] usb 1-1: Using ep0 maxpacket: 32 [ 113.226466][ T2147] F2FS-fs (loop3): Unrecognized mount option "nV‚Í¢d²" or missing value [ 113.437199][ T26] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 113.475868][ T39] usb 1-1: config 3 has an invalid interface number: 185 but max is 0 [ 113.483939][ T39] usb 1-1: config 3 has no interface number 0 [ 113.489837][ T39] usb 1-1: config 3 interface 185 altsetting 16 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 113.500624][ T39] usb 1-1: config 3 interface 185 altsetting 16 has an invalid endpoint with address 0x80, skipping [ 113.511164][ T39] usb 1-1: config 3 interface 185 altsetting 16 has a duplicate endpoint with address 0xB, skipping [ 113.521740][ T39] usb 1-1: config 3 interface 185 altsetting 16 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 113.532641][ T39] usb 1-1: config 3 interface 185 altsetting 16 endpoint 0x4 has invalid maxpacket 1024, setting to 64 [ 113.543478][ T39] usb 1-1: config 3 interface 185 has no altsetting 0 [ 113.622898][ T2155] netlink: 104 bytes leftover after parsing attributes in process `syz.4.503'. [ 113.637638][ T26] usb 3-1: USB disconnect, device number 15 [ 113.644783][ T26] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 113.654901][ T26] ftdi_sio 3-1:0.0: device disconnected [ 113.725884][ T39] usb 1-1: Dual-Role OTG device on HNP port [ 113.755893][ T39] usb 1-1: New USB device found, idVendor=19d2, idProduct=0090, bcdDevice=8c.d1 [ 113.764783][ T39] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.772626][ T39] usb 1-1: Product:  [ 113.776584][ T39] usb 1-1: Manufacturer: ဇ [ 113.780992][ T39] usb 1-1: SerialNumber: 怛賬䳻咀꩚㜧먖áŽê“¿å¾µè”§á¦¶ã¿¼æ ‰ì¾‡á©ï©³è¿—錒á’൦牼ç­êŸ¶â¨‘࿮๬â®î¯¾ì›æ©ë—³á¨»ç²ºã·µä¶ê—’᪌듳䙻綛嵎슀䉠褣鹉 [ 113.798501][ T39] usb 1-1: rejected 1 configuration due to insufficient available bus power [ 113.808058][ T39] usb 1-1: no configuration chosen from 1 choice [ 114.420464][ T2168] syz.4.507[2168] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.420526][ T2168] syz.4.507[2168] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.508642][ T2170] loop2: detected capacity change from 0 to 256 [ 114.598962][ T2170] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 114.680660][ T2174] loop2: detected capacity change from 0 to 8192 [ 114.810072][ T2177] loop3: detected capacity change from 0 to 4096 [ 114.845795][ T60] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 114.872565][ T2177] EXT4-fs (loop3): mounted filesystem without journal. Opts: quota,auto_da_alloc=0x0000000000000008,debug_want_extra_isize=0x000000000000007e,min_batch_time=0x0000000000000002,max_dir_size_kb=0x0000000000000443,,errors=continue. Quota mode: writeback. [ 114.901684][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 114.901697][ T30] audit: type=1400 audit(1720984964.640:757): avc: denied { mounton } for pid=2176 comm="syz.3.511" path="/76/bus/file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 114.901735][ T2177] fuse: blksize only supported for fuseblk [ 114.938920][ T30] audit: type=1400 audit(1720984964.680:758): avc: denied { mounton } for pid=2176 comm="syz.3.511" path="/76/bus/file0" dev="loop3" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 115.135913][ T313] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 115.215878][ T60] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 115.375886][ T60] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 115.384808][ T60] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.392597][ T60] usb 5-1: Product: syz [ 115.396762][ T60] usb 5-1: Manufacturer: syz [ 115.401176][ T60] usb 5-1: SerialNumber: syz [ 115.406206][ T60] usb 5-1: config 0 descriptor?? [ 115.425846][ T2172] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 115.496405][ T313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.507168][ T313] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 115.520195][ T313] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 115.545806][ T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.557855][ T313] usb 2-1: config 0 descriptor?? [ 115.613641][ T26] usb 1-1: USB disconnect, device number 16 [ 115.630546][ T2190] loop0: detected capacity change from 0 to 512 [ 115.649941][ T411] Bluetooth: hci0: Frame reassembly failed (-84) [ 115.697767][ T2190] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 115.697767][ T2190] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 115.697767][ T2190] [ 115.708069][ T2188] loop2: detected capacity change from 0 to 40427 [ 115.719379][ T2190] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 115.731135][ T60] usb 5-1: USB disconnect, device number 16 [ 115.731830][ T2190] EXT4-fs (loop0): 1 truncate cleaned up [ 115.742572][ T2190] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 115.791920][ T2197] netlink: 104 bytes leftover after parsing attributes in process `syz.4.516'. [ 115.826279][ T2188] F2FS-fs (loop2): Unrecognized mount option "nV‚Í¢d²" or missing value [ 115.834789][ T322] udevd[322]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 116.026807][ T313] plantronics 0003:047F:FFFF.0014: No inputs registered, leaving [ 116.047708][ T313] plantronics 0003:047F:FFFF.0014: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 116.335773][ T313] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 116.575836][ T313] usb 4-1: Using ep0 maxpacket: 16 [ 116.645555][ T2212] loop4: detected capacity change from 0 to 256 [ 116.695947][ T313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.706705][ T313] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.716343][ T313] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 116.725188][ T313] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.725844][ T26] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 116.738958][ T313] usb 4-1: config 0 descriptor?? [ 116.746861][ T2212] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 116.785776][ T820] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 116.995882][ T26] usb 3-1: Using ep0 maxpacket: 16 [ 117.125841][ T26] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 117.145828][ T820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 32, changing to 9 [ 117.156671][ T820] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8712, setting to 1024 [ 117.167504][ T820] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 117.176308][ T820] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.184572][ T820] usb 1-1: config 0 descriptor?? [ 117.216609][ T313] savu 0003:1E7D:2D5A.0015: item fetching failed at offset 2/5 [ 117.225311][ T313] savu 0003:1E7D:2D5A.0015: parse failed [ 117.231425][ T313] savu: probe of 0003:1E7D:2D5A.0015 failed with error -22 [ 117.335850][ T26] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 117.344754][ T26] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 117.352700][ T26] usb 3-1: Product: syz [ 117.356787][ T26] usb 3-1: Manufacturer: syz [ 117.361091][ T26] usb 3-1: SerialNumber: syz [ 117.366127][ T26] usb 3-1: config 0 descriptor?? [ 117.406296][ T26] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 117.413855][ T26] usb 3-1: Detected FT232RL [ 117.428079][ T39] usb 4-1: USB disconnect, device number 19 [ 117.625827][ T26] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 117.666488][ T820] keytouch 0003:0926:3333.0016: fixing up Keytouch IEC report descriptor [ 117.677759][ T820] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0016/input/input5 [ 117.758754][ T30] audit: type=1400 audit(1720984967.500:759): avc: denied { read } for pid=85 comm="acpid" name="event3" dev="devtmpfs" ino=762 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 117.765244][ T820] keytouch 0003:0926:3333.0016: input,hidraw1: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 117.781423][ T30] audit: type=1400 audit(1720984967.500:760): avc: denied { open } for pid=85 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=762 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 117.838332][ T30] audit: type=1400 audit(1720984967.500:761): avc: denied { ioctl } for pid=85 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=762 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 118.035797][ C0] usb 1-1: input irq status -75 received [ 118.066516][ T26] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 118.083287][ T26] usb 2-1: USB disconnect, device number 16 [ 118.121311][ T2226] loop1: detected capacity change from 0 to 8192 [ 118.173882][ T2228] loop3: detected capacity change from 0 to 512 [ 118.262011][ T820] usb 3-1: USB disconnect, device number 16 [ 118.276966][ T2228] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 118.276966][ T2228] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 118.276966][ T2228] [ 118.295198][ T820] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 118.315936][ T820] ftdi_sio 3-1:0.0: device disconnected [ 118.362307][ T2228] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 118.454791][ T2228] EXT4-fs (loop3): 1 truncate cleaned up [ 118.463859][ T26] usb 1-1: USB disconnect, device number 17 [ 118.474652][ T2228] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 118.885790][ T820] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 118.999132][ T2243] loop0: detected capacity change from 0 to 512 [ 119.024939][ T2243] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 119.024939][ T2243] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 119.024939][ T2243] [ 119.077672][ T2243] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 119.086395][ T2243] EXT4-fs (loop0): 1 truncate cleaned up [ 119.091918][ T2243] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 119.198892][ T2241] loop1: detected capacity change from 0 to 40427 [ 119.209378][ T2245] 9pnet: Insufficient options for proto=fd [ 119.245861][ T820] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 18 [ 119.269661][ T2241] F2FS-fs (loop1): Unrecognized mount option "nV‚Í¢d²" or missing value [ 119.405870][ T820] usb 5-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 119.414808][ T820] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.424181][ T820] usb 5-1: Product: syz [ 119.428462][ T820] usb 5-1: Manufacturer: syz [ 119.432948][ T820] usb 5-1: SerialNumber: syz [ 119.441351][ T820] usb 5-1: config 0 descriptor?? [ 119.465865][ T2235] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 119.690628][ T412] Bluetooth: hci0: Frame reassembly failed (-84) [ 119.726090][ T2255] netlink: 104 bytes leftover after parsing attributes in process `syz.3.531'. [ 119.750807][ T820] usb 5-1: USB disconnect, device number 17 [ 119.840520][ T2257] loop1: detected capacity change from 0 to 256 [ 119.938293][ T2257] exFAT-fs (loop1): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 120.010901][ T2264] FAULT_INJECTION: forcing a failure. [ 120.010901][ T2264] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 120.024410][ T2264] CPU: 1 PID: 2264 Comm: syz.1.535 Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 120.034031][ T2264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 120.043929][ T2264] Call Trace: [ 120.047049][ T2264] [ 120.049824][ T2264] dump_stack_lvl+0x151/0x1b7 [ 120.054341][ T2264] ? io_uring_drop_tctx_refs+0x190/0x190 [ 120.059809][ T2264] ? __wake_up_klogd+0xd5/0x110 [ 120.064496][ T2264] dump_stack+0x15/0x17 [ 120.068485][ T2264] should_fail+0x3c6/0x510 [ 120.072739][ T2264] should_fail_usercopy+0x1a/0x20 [ 120.077608][ T2264] _copy_to_user+0x20/0x90 [ 120.081853][ T2264] put_itimerspec64+0x1c1/0x220 [ 120.086542][ T2264] ? get_itimerspec64+0x450/0x450 [ 120.091400][ T2264] __x64_sys_timerfd_gettime+0xed/0x150 [ 120.096780][ T2264] ? __ia32_sys_timerfd_settime+0x220/0x220 [ 120.102512][ T2264] do_syscall_64+0x3d/0xb0 [ 120.106762][ T2264] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 120.112488][ T2264] RIP: 0033:0x7f6c10053bd9 [ 120.116761][ T2264] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 120.136180][ T2264] RSP: 002b:00007f6c0f2d5048 EFLAGS: 00000246 ORIG_RAX: 000000000000011f [ 120.144426][ T2264] RAX: ffffffffffffffda RBX: 00007f6c101e1f60 RCX: 00007f6c10053bd9 [ 120.152244][ T2264] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000003 [ 120.160048][ T2264] RBP: 00007f6c0f2d50a0 R08: 0000000000000000 R09: 0000000000000000 [ 120.167860][ T2264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 120.175669][ T2264] R13: 000000000000000b R14: 00007f6c101e1f60 R15: 00007ffeab33cae8 [ 120.183485][ T2264] [ 120.313753][ T2272] loop4: detected capacity change from 0 to 8192 [ 120.616078][ T2268] loop1: detected capacity change from 0 to 40427 [ 120.667366][ T2268] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 120.685294][ T2268] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 120.706265][ T2268] F2FS-fs (loop1): invalid crc value [ 120.738318][ T2268] F2FS-fs (loop1): Found nat_bits in checkpoint [ 120.774698][ T2285] loop0: detected capacity change from 0 to 256 [ 120.807415][ T2285] FAT-fs (loop0): IO charset koi8-r1251 not found [ 120.845141][ T2268] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 120.866692][ T2268] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 120.875075][ T2268] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 120.899183][ T30] audit: type=1400 audit(1720984970.640:762): avc: denied { mounton } for pid=2267 comm="syz.1.536" path="/107/bus/bus" dev="loop1" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 121.294231][ T2284] loop0: detected capacity change from 0 to 40427 [ 121.307541][ T291] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 121.307562][ T291] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 121.314930][ T291] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 121.335830][ T291] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 121.344791][ T291] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 121.352273][ T291] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 121.362889][ T291] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix. [ 121.372037][ T30] audit: type=1400 audit(1720984971.110:763): avc: denied { unmount } for pid=291 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1 [ 121.400684][ T2292] loop2: detected capacity change from 0 to 512 [ 121.417209][ T2284] F2FS-fs (loop0): Found nat_bits in checkpoint [ 121.442806][ T412] Trying to write to read-only block-device loop1 [ 121.453222][ T2292] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.542: casefold flag without casefold feature [ 121.465823][ T2284] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 121.561845][ T2292] EXT4-fs error (device loop2): ext4_xattr_inode_iget:404: inode #2: comm syz.2.542: missing EA_INODE flag [ 121.562748][ T2302] loop3: detected capacity change from 0 to 512 [ 121.579644][ T2292] EXT4-fs error (device loop2): ext4_xattr_inode_iget:409: comm syz.2.542: error while reading EA inode 2 err=-117 [ 121.697814][ T2302] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 121.697814][ T2302] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 121.697814][ T2302] [ 121.716553][ T2292] EXT4-fs (loop2): 1 orphan inode deleted [ 121.726328][ T2292] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 121.746930][ T2302] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 121.757693][ T2302] EXT4-fs (loop3): 1 truncate cleaned up [ 121.763268][ T2302] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 121.951404][ T2314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.546'. [ 122.165775][ T6] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 122.405844][ T494] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 122.675776][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 122.795832][ T6] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 122.936133][ T494] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 122.946361][ T494] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 122.955821][ T313] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 122.963681][ T6] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 122.972700][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.980748][ T6] usb 5-1: Product: syz [ 122.984800][ T6] usb 5-1: Manufacturer: syz [ 122.989435][ T6] usb 5-1: SerialNumber: syz [ 122.997086][ T6] usb 5-1: config 0 descriptor?? [ 123.036030][ T494] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 123.036648][ T6] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 123.053232][ T494] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 123.053482][ T6] usb 5-1: Detected FT232RL [ 123.067990][ T494] usb 1-1: SerialNumber: syz [ 123.245915][ T6] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 123.247162][ T2331] loop2: detected capacity change from 0 to 1024 [ 123.333736][ T2331] EXT4-fs (loop2): mounted filesystem without journal. Opts: resgid=0x0000000000000000,debug_want_extra_isize=0x0000000000000082,bsddf,max_batch_time=0x0000000000000003,data=ordered,init_itable=0x0000000000000c9b,usrquota,init_itable,,errors=continue. Quota mode: writeback. [ 123.359909][ T313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 123.366566][ T494] usb 1-1: 0:2 : does not exist [ 123.375686][ T313] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 123.384254][ T30] audit: type=1400 audit(1720984973.120:764): avc: denied { nlmsg_read } for pid=2330 comm="syz.2.551" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 123.407236][ T313] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 123.416485][ T313] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.435955][ T313] usb 2-1: config 0 descriptor?? [ 123.439555][ T494] usb 1-1: USB disconnect, device number 18 [ 123.483541][ T322] udevd[322]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 123.528033][ T313] usb 2-1: MIDIStreaming interface descriptor not found [ 123.533732][ T2334] loop2: detected capacity change from 0 to 128 [ 123.558521][ T6] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 123.588268][ T2334] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 123.598878][ T2334] ext4 filesystem being mounted at /88/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 123.675973][ T2334] device veth0_vlan left promiscuous mode [ 123.679614][ T2337] loop3: detected capacity change from 0 to 8192 [ 123.684655][ T2334] device veth0_vlan entered promiscuous mode [ 123.719185][ T313] usb 5-1: USB disconnect, device number 18 [ 123.728180][ T313] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 123.740569][ T313] ftdi_sio 5-1:0.0: device disconnected [ 123.754734][ T820] usb 2-1: USB disconnect, device number 17 [ 123.804443][ T2342] loop2: detected capacity change from 0 to 256 [ 123.866793][ T2342] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 123.964246][ T2346] loop0: detected capacity change from 0 to 8192 [ 124.209215][ T2348] loop2: detected capacity change from 0 to 40427 [ 124.270300][ T2348] F2FS-fs (loop2): Found nat_bits in checkpoint [ 124.345924][ T2348] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 124.509069][ T858] attempt to access beyond end of device [ 124.509069][ T858] loop2: rw=2049, want=45112, limit=40427 [ 124.585791][ T820] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 124.608750][ T2360] loop3: detected capacity change from 0 to 1024 [ 124.633829][ T2363] loop2: detected capacity change from 0 to 512 [ 124.676583][ T2363] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5 [ 124.676583][ T2363] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 124.676583][ T2363] [ 124.695021][ T2360] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 124.695428][ T2363] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 124.703596][ T2360] EXT4-fs (loop3): orphan cleanup on readonly fs [ 124.711666][ T2363] EXT4-fs (loop2): 1 truncate cleaned up [ 124.725959][ T2363] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 124.749381][ T2360] EXT4-fs error (device loop3): ext4_free_blocks:6216: comm syz.3.561: Freeing blocks not in datazone - block = 0, count = 4096 [ 124.771769][ T2360] EXT4-fs (loop3): 1 orphan inode deleted [ 124.777453][ T2360] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 124.825797][ T820] usb 2-1: Using ep0 maxpacket: 16 [ 124.883920][ T2371] loop0: detected capacity change from 0 to 1024 [ 124.965961][ T820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 124.979259][ T2371] EXT4-fs (loop0): mounted filesystem without journal. Opts: resgid=0x0000000000000000,debug_want_extra_isize=0x0000000000000082,bsddf,max_batch_time=0x0000000000000003,data=ordered,init_itable=0x0000000000000c9b,usrquota,init_itable,,errors=continue. Quota mode: writeback. [ 125.007398][ T820] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.017080][ T820] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 125.026007][ T820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.042516][ T820] usb 2-1: config 0 descriptor?? [ 125.598570][ T820] savu 0003:1E7D:2D5A.0017: item fetching failed at offset 2/5 [ 126.000157][ T820] savu 0003:1E7D:2D5A.0017: parse failed [ 126.005642][ T820] savu: probe of 0003:1E7D:2D5A.0017 failed with error -22 [ 126.013890][ T820] usb 2-1: USB disconnect, device number 18 [ 126.049074][ T2387] loop3: detected capacity change from 0 to 256 [ 126.111822][ T2389] loop0: detected capacity change from 0 to 1024 [ 126.121393][ T2387] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 126.152780][ T2389] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 126.161064][ T2389] EXT4-fs (loop0): orphan cleanup on readonly fs [ 126.184750][ T2389] EXT4-fs error (device loop0): ext4_free_blocks:6216: comm syz.0.568: Freeing blocks not in datazone - block = 0, count = 4096 [ 126.200906][ T2389] EXT4-fs (loop0): 1 orphan inode deleted [ 126.206509][ T2389] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 126.315778][ T6] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 126.503922][ T2394] loop3: detected capacity change from 0 to 40427 [ 126.590065][ T2394] F2FS-fs (loop3): Found nat_bits in checkpoint [ 126.695805][ T6] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 126.717643][ T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 126.731748][ T2394] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 126.825851][ T6] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 126.854935][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 126.873085][ T6] usb 5-1: SerialNumber: syz [ 126.973781][ T935] attempt to access beyond end of device [ 126.973781][ T935] loop3: rw=2049, want=45112, limit=40427 [ 127.216428][ T6] usb 5-1: 0:2 : does not exist [ 127.267350][ T6] usb 5-1: USB disconnect, device number 19 [ 127.330136][ T631] udevd[631]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 127.362193][ T2419] FAULT_INJECTION: forcing a failure. [ 127.362193][ T2419] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 127.375389][ T2419] CPU: 1 PID: 2419 Comm: syz.3.573 Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 127.385016][ T2419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 127.394905][ T2419] Call Trace: [ 127.398029][ T2419] [ 127.400814][ T2419] dump_stack_lvl+0x151/0x1b7 [ 127.405318][ T2419] ? io_uring_drop_tctx_refs+0x190/0x190 [ 127.410789][ T2419] dump_stack+0x15/0x17 [ 127.414777][ T2419] should_fail+0x3c6/0x510 [ 127.419032][ T2419] should_fail_alloc_page+0x5a/0x80 [ 127.424064][ T2419] prepare_alloc_pages+0x15c/0x700 [ 127.429012][ T2419] ? __alloc_pages_bulk+0xe40/0xe40 [ 127.434045][ T2419] ? finish_task_switch+0x167/0x7b0 [ 127.439095][ T2419] __alloc_pages+0x18c/0x8f0 [ 127.443504][ T2419] ? prep_new_page+0x110/0x110 [ 127.448106][ T2419] ? __kasan_check_read+0x11/0x20 [ 127.452965][ T2419] ? __vm_enough_memory+0x119/0x2f0 [ 127.458001][ T2419] shmem_alloc_and_acct_page+0x4bd/0xa80 [ 127.463469][ T2419] ? shmem_swapin_page+0x1520/0x1520 [ 127.468587][ T2419] ? irqentry_exit+0x30/0x40 [ 127.473015][ T2419] ? xas_start+0x32c/0x3f0 [ 127.477266][ T2419] ? xas_load+0x2b7/0x2d0 [ 127.481433][ T2419] ? pagecache_get_page+0xdc2/0xeb0 [ 127.486467][ T2419] ? page_cache_prev_miss+0x410/0x410 [ 127.491674][ T2419] ? _raw_spin_lock_irqsave+0x210/0x210 [ 127.497054][ T2419] ? lru_cache_add+0x279/0x540 [ 127.501655][ T2419] shmem_getpage_gfp+0x1388/0x23c0 [ 127.506608][ T2419] ? shmem_getpage+0xa0/0xa0 [ 127.511028][ T2419] ? fault_in_safe_writeable+0x240/0x240 [ 127.516497][ T2419] shmem_write_begin+0xca/0x1b0 [ 127.521183][ T2419] generic_perform_write+0x2bc/0x5a0 [ 127.526304][ T2419] ? grab_cache_page_write_begin+0xa0/0xa0 [ 127.531945][ T2419] ? file_remove_privs+0x610/0x610 [ 127.536889][ T2419] ? rwsem_write_trylock+0x15b/0x290 [ 127.542010][ T2419] ? rwsem_mark_wake+0x6b0/0x6b0 [ 127.546785][ T2419] __generic_file_write_iter+0x25b/0x4b0 [ 127.552257][ T2419] generic_file_write_iter+0xaf/0x1c0 [ 127.557462][ T2419] vfs_write+0xd5d/0x1110 [ 127.561627][ T2419] ? bpf_trace_run2+0x210/0x210 [ 127.566317][ T2419] ? file_end_write+0x1c0/0x1c0 [ 127.571006][ T2419] ? __fdget_pos+0x209/0x3a0 [ 127.575426][ T2419] ? ksys_write+0x77/0x2c0 [ 127.579679][ T2419] ksys_write+0x199/0x2c0 [ 127.583845][ T2419] ? __ia32_sys_read+0x90/0x90 [ 127.588457][ T2419] __x64_sys_write+0x7b/0x90 [ 127.592877][ T2419] do_syscall_64+0x3d/0xb0 [ 127.597126][ T2419] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 127.602878][ T2419] RIP: 0033:0x7fdba7f8d75f [ 127.607106][ T2419] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 127.626549][ T2419] RSP: 002b:00007fdba71cde00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 127.634790][ T2419] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007fdba7f8d75f [ 127.642603][ T2419] RDX: 0000000000010000 RSI: 00007fdb9edae000 RDI: 0000000000000009 [ 127.650421][ T2419] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000001e3 [ 127.658226][ T2419] R10: 00000000000001d0 R11: 0000000000000293 R12: 0000000000000009 [ 127.666033][ T2419] R13: 00007fdba71cdf00 R14: 00007fdba71cdec0 R15: 00007fdb9edae000 [ 127.673853][ T2419] [ 128.084469][ T30] audit: type=1400 audit(1720984977.820:765): avc: denied { listen } for pid=2423 comm="syz.3.578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 128.174730][ T2432] loop0: detected capacity change from 0 to 256 [ 128.183687][ T2430] loop4: detected capacity change from 0 to 512 [ 128.189650][ T30] audit: type=1400 audit(1720984977.820:766): avc: denied { accept } for pid=2423 comm="syz.3.578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 128.226941][ T2432] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 128.454336][ T2401] loop1: detected capacity change from 0 to 131072 [ 128.468758][ T2430] EXT4-fs (loop4): Mount option "noacl" will be removed by 3.5 [ 128.468758][ T2430] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 128.468758][ T2430] [ 128.488636][ T2430] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 128.497575][ T2430] EXT4-fs (loop4): 1 truncate cleaned up [ 128.503039][ T2430] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 129.230405][ T2451] netlink: 104 bytes leftover after parsing attributes in process `syz.1.572'. [ 129.315788][ T494] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 129.323206][ T39] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 129.575880][ T494] usb 3-1: Using ep0 maxpacket: 16 [ 129.646526][ T2456] loop1: detected capacity change from 0 to 40427 [ 129.696098][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 129.707332][ T494] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.718620][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 129.729243][ T494] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.756115][ T39] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 129.765596][ T494] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 129.774545][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.785772][ T494] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.812473][ T39] usb 4-1: config 0 descriptor?? [ 129.817657][ T494] usb 3-1: config 0 descriptor?? [ 129.868624][ T39] usb 4-1: MIDIStreaming interface descriptor not found [ 129.997560][ T2463] loop1: detected capacity change from 0 to 256 [ 130.075436][ T6] usb 4-1: USB disconnect, device number 20 [ 130.081365][ T2463] /dev/loop1: Can't open blockdev [ 130.297001][ T494] savu 0003:1E7D:2D5A.0018: item fetching failed at offset 2/5 [ 130.314671][ T494] savu 0003:1E7D:2D5A.0018: parse failed [ 130.320755][ T494] savu: probe of 0003:1E7D:2D5A.0018 failed with error -22 [ 130.349869][ T2473] loop0: detected capacity change from 0 to 256 [ 130.408020][ T2473] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 130.483996][ T2476] loop0: detected capacity change from 0 to 512 [ 130.499463][ T494] usb 3-1: USB disconnect, device number 17 [ 130.551630][ T2476] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:164: inode #12: comm syz.0.592: inline data xattr refers to an external xattr inode [ 130.566407][ T2476] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.592: couldn't read orphan inode 12 (err -117) [ 130.578159][ T2476] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpid,abort,norecovery,sysvgroups,init_itable,debug_want_extra_isize=0x000000000000000a,usrjquota=,nombcache,dioread_lock,,errors=continue. Quota mode: none. [ 130.601243][ T30] audit: type=1326 audit(1720984980.340:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2475 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 130.629628][ T30] audit: type=1326 audit(1720984980.340:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2475 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 130.660546][ T2476] EXT4-fs error (device loop0): __ext4_expand_extra_isize:5840: inode #18: comm syz.0.592: bad extra_isize 10 (inode size 256) [ 130.667213][ T2480] loop3: detected capacity change from 0 to 2048 [ 130.677938][ T30] audit: type=1326 audit(1720984980.340:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2475 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 130.703094][ T30] audit: type=1326 audit(1720984980.340:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2475 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 130.726525][ T30] audit: type=1326 audit(1720984980.370:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2475 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 130.750446][ T30] audit: type=1326 audit(1720984980.370:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2475 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 130.750969][ T2480] Alternate GPT is invalid, using primary GPT. [ 130.773604][ T30] audit: type=1326 audit(1720984980.370:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2475 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 130.780622][ T2480] loop3: p1 p2 p3 [ 130.803072][ T30] audit: type=1326 audit(1720984980.400:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2475 comm="syz.0.592" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 130.886451][ T2482] loop0: detected capacity change from 0 to 512 [ 130.906931][ T2482] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 130.906931][ T2482] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 130.906931][ T2482] [ 130.927285][ T2482] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 130.940365][ T2482] EXT4-fs (loop0): 1 truncate cleaned up [ 130.946004][ T2482] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 131.063403][ T2490] loop2: detected capacity change from 0 to 128 [ 131.110801][ T2490] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 131.151215][ T2490] ext4 filesystem being mounted at /98/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 131.865496][ T2512] loop0: detected capacity change from 0 to 256 [ 131.986679][ T2512] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 132.004542][ T2519] loop3: detected capacity change from 0 to 512 [ 132.125287][ T2519] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz.3.604: inline data xattr refers to an external xattr inode [ 132.177518][ T2519] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.604: couldn't read orphan inode 12 (err -117) [ 132.258755][ T2519] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpid,abort,norecovery,sysvgroups,init_itable,debug_want_extra_isize=0x000000000000000a,usrjquota=,nombcache,dioread_lock,,errors=continue. Quota mode: none. [ 132.337070][ T2519] EXT4-fs error (device loop3): __ext4_expand_extra_isize:5840: inode #18: comm syz.3.604: bad extra_isize 10 (inode size 256) [ 132.355890][ T26] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 132.365754][ T6] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 132.727223][ T26] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 132.745849][ T6] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 132.752387][ T26] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 132.769725][ T6] usb 2-1: config 1 has 0 interfaces, different from the descriptor's value: 2 [ 132.885842][ T26] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 132.894758][ T26] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 132.902597][ T26] usb 1-1: SerialNumber: syz [ 132.955865][ T6] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 132.964802][ T6] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.972723][ T6] usb 2-1: Product: syz [ 132.976806][ T6] usb 2-1: Manufacturer: syz [ 132.981168][ T6] usb 2-1: SerialNumber: syz [ 133.186394][ T26] usb 1-1: 0:2 : does not exist [ 133.227693][ T26] usb 1-1: USB disconnect, device number 19 [ 133.238787][ T6] usb 2-1: USB disconnect, device number 19 [ 133.241738][ T631] udevd[631]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 133.254826][ T2543] loop1: detected capacity change from 0 to 512 [ 133.410392][ T2545] loop3: detected capacity change from 0 to 40427 [ 133.423282][ T2545] F2FS-fs (loop3): Found nat_bits in checkpoint [ 133.459502][ T2545] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 133.692679][ T2559] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=2559 comm=syz.2.613 [ 133.711415][ T2562] loop4: detected capacity change from 0 to 256 [ 133.736969][ T2562] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 133.777403][ T2564] loop0: detected capacity change from 0 to 256 [ 133.815275][ T2564] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 133.888350][ T2568] loop4: detected capacity change from 0 to 512 [ 133.911446][ T2568] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 133.923253][ T2568] EXT4-fs (loop4): 1 truncate cleaned up [ 133.928881][ T2568] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_dev=0x0000000000000009,noblock_validity,usrquota,journal_dev=0x0000000000000002,debug_want_extra_isize=0x0000000000000008,jqfmt=vfsold,usrjquota=min_batch_time=0x0000000000000a9f,nodiscard,,errors=continue. Quota mode: writeback. [ 134.080424][ T2578] netlink: 104 bytes leftover after parsing attributes in process `syz.0.618'. [ 134.296075][ T30] kauditd_printk_skb: 74 callbacks suppressed [ 134.296143][ T30] audit: type=1400 audit(1720984983.970:849): avc: denied { name_bind } for pid=2575 comm="syz.4.620" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 134.355351][ T30] audit: type=1400 audit(1720984983.980:850): avc: denied { ioctl } for pid=2575 comm="syz.4.620" path="socket:[23161]" dev="sockfs" ino=23161 ioctlcmd=0x7437 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 134.384596][ T935] attempt to access beyond end of device [ 134.384596][ T935] loop3: rw=2049, want=45112, limit=40427 [ 134.842288][ T2588] loop0: detected capacity change from 0 to 128 [ 134.930411][ T2592] loop4: detected capacity change from 0 to 512 [ 134.969958][ T2592] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz.4.626: inline data xattr refers to an external xattr inode [ 134.974737][ T2604] loop0: detected capacity change from 0 to 512 [ 134.990831][ T2592] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.626: couldn't read orphan inode 12 (err -117) [ 134.992347][ T2606] loop1: detected capacity change from 0 to 256 [ 135.007575][ T2592] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,abort,norecovery,sysvgroups,init_itable,debug_want_extra_isize=0x000000000000000a,usrjquota=,nombcache,dioread_lock,,errors=continue. Quota mode: none. [ 135.033625][ T30] audit: type=1326 audit(1720984984.780:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2591 comm="syz.4.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bbdbbd9 code=0x7ffc0000 [ 135.056833][ T30] audit: type=1326 audit(1720984984.780:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2591 comm="syz.4.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bbdbbd9 code=0x7ffc0000 [ 135.068032][ T2592] EXT4-fs error (device loop4): __ext4_expand_extra_isize:5840: inode #18: comm syz.4.626: bad extra_isize 10 (inode size 256) [ 135.080374][ T30] audit: type=1326 audit(1720984984.780:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2591 comm="syz.4.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f668bbdbbd9 code=0x7ffc0000 [ 135.115928][ T30] audit: type=1326 audit(1720984984.780:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2591 comm="syz.4.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bbdbbd9 code=0x7ffc0000 [ 135.117057][ T2604] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 135.117057][ T2604] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 135.117057][ T2604] [ 135.139284][ T2606] /dev/loop1: Can't open blockdev [ 135.157226][ T30] audit: type=1326 audit(1720984984.780:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2591 comm="syz.4.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f668bbdbbd9 code=0x7ffc0000 [ 135.163304][ T2604] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 135.184395][ T30] audit: type=1326 audit(1720984984.800:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2591 comm="syz.4.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bbdbbd9 code=0x7ffc0000 [ 135.192955][ T2604] EXT4-fs (loop0): 1 truncate cleaned up [ 135.220959][ T30] audit: type=1326 audit(1720984984.800:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2591 comm="syz.4.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f668bbdbbd9 code=0x7ffc0000 [ 135.243963][ T2604] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 135.266876][ T30] audit: type=1326 audit(1720984984.800:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2591 comm="syz.4.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f668bbdbbd9 code=0x7ffc0000 [ 135.321703][ T2609] loop4: detected capacity change from 0 to 256 [ 135.346541][ T2609] exfat: Unknown parameter '~}' [ 135.450756][ T2609] loop4: detected capacity change from 0 to 256 [ 135.629322][ T2619] syz.3.631[2619] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.629621][ T2619] syz.3.631[2619] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.805802][ T26] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 136.235775][ T26] usb 2-1: Using ep0 maxpacket: 16 [ 136.385328][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.396215][ T26] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 136.406405][ T26] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 136.415777][ T26] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.425855][ T26] usb 2-1: config 0 descriptor?? [ 136.906587][ T26] savu 0003:1E7D:2D5A.0019: item fetching failed at offset 2/5 [ 136.914172][ T26] savu 0003:1E7D:2D5A.0019: parse failed [ 136.920085][ T26] savu: probe of 0003:1E7D:2D5A.0019 failed with error -22 [ 137.117174][ T26] usb 2-1: USB disconnect, device number 20 [ 137.148515][ T2648] loop0: detected capacity change from 0 to 256 [ 137.218067][ T2648] exFAT-fs (loop0): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 137.296335][ T2652] tmpfs: Unknown parameter 'nolazytimep' [ 137.312434][ T2654] loop0: detected capacity change from 0 to 512 [ 137.386248][ T2654] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 137.386248][ T2654] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 137.386248][ T2654] [ 137.404840][ T2654] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 137.413715][ T2654] EXT4-fs (loop0): 1 truncate cleaned up [ 137.419350][ T2654] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 137.505778][ T39] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 137.810439][ T2665] futex_wake_op: syz.1.647 tries to shift op by 144; fix this program [ 138.101221][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 138.126076][ T39] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 138.136043][ T39] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 138.145138][ T39] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.198609][ T39] usb 4-1: config 0 descriptor?? [ 138.222584][ T2673] loop4: detected capacity change from 0 to 256 [ 138.339945][ T2673] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 138.553386][ T2681] loop4: detected capacity change from 0 to 256 [ 138.658600][ T2681] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 138.917912][ T2699] netlink: 104 bytes leftover after parsing attributes in process `syz.4.659'. [ 139.435817][ T39] uclogic 0003:256C:006D.001A: failed retrieving string descriptor #200: -71 [ 139.444526][ T39] uclogic 0003:256C:006D.001A: failed retrieving pen parameters: -71 [ 139.455035][ T39] uclogic 0003:256C:006D.001A: failed probing pen v2 parameters: -71 [ 139.463578][ T39] uclogic 0003:256C:006D.001A: failed probing parameters: -71 [ 139.471167][ T39] uclogic: probe of 0003:256C:006D.001A failed with error -71 [ 139.480104][ T39] usb 4-1: USB disconnect, device number 21 [ 139.550092][ T2710] loop0: detected capacity change from 0 to 512 [ 139.590107][ T2705] loop1: detected capacity change from 0 to 128 [ 139.618122][ T2710] EXT4-fs (loop0): Mount option "noacl" will be removed by 3.5 [ 139.618122][ T2710] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 139.618122][ T2710] [ 139.637290][ T2710] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 139.646017][ T2710] EXT4-fs (loop0): 1 truncate cleaned up [ 139.651488][ T2710] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 139.763785][ T2714] FAULT_INJECTION: forcing a failure. [ 139.763785][ T2714] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 139.777004][ T2714] CPU: 0 PID: 2714 Comm: syz.4.664 Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 139.786639][ T2714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 139.796527][ T2714] Call Trace: [ 139.799651][ T2714] [ 139.802430][ T2714] dump_stack_lvl+0x151/0x1b7 [ 139.806943][ T2714] ? io_uring_drop_tctx_refs+0x190/0x190 [ 139.812408][ T2714] ? enqueue_hrtimer+0xca/0x240 [ 139.817095][ T2714] ? __restore_fpregs_from_fpstate+0xba/0x170 [ 139.822997][ T2714] ? _raw_spin_unlock_irqrestore+0x5c/0x80 [ 139.828639][ T2714] dump_stack+0x15/0x17 [ 139.832628][ T2714] should_fail+0x3c6/0x510 [ 139.836882][ T2714] should_fail_usercopy+0x1a/0x20 [ 139.841740][ T2714] copy_fpstate_to_sigframe+0x708/0x9a0 [ 139.847124][ T2714] ? fpregs_set+0x6f0/0x6f0 [ 139.851462][ T2714] ? __kasan_check_write+0x14/0x20 [ 139.856410][ T2714] ? recalc_sigpending+0x1a5/0x230 [ 139.861358][ T2714] ? dequeue_signal+0x205/0x520 [ 139.866044][ T2714] ? _raw_spin_lock_irq+0xa5/0x1b0 [ 139.870991][ T2714] ? unhandled_signal+0x150/0x150 [ 139.875850][ T2714] ? fpu__alloc_mathframe+0x89/0x150 [ 139.880970][ T2714] get_sigframe+0x378/0x4b0 [ 139.885311][ T2714] ? memcpy+0x56/0x70 [ 139.889135][ T2714] ? restore_sigcontext+0x710/0x710 [ 139.894166][ T2714] arch_do_signal_or_restart+0x2ad/0x1680 [ 139.899721][ T2714] ? fput+0x1a/0x20 [ 139.903361][ T2714] ? do_preadv+0x2a5/0x350 [ 139.907617][ T2714] ? vfs_writev+0x560/0x560 [ 139.911957][ T2714] ? get_sigframe_size+0x10/0x10 [ 139.916731][ T2714] exit_to_user_mode_loop+0xa0/0xe0 [ 139.921765][ T2714] exit_to_user_mode_prepare+0x5a/0xa0 [ 139.927060][ T2714] syscall_exit_to_user_mode+0x26/0x160 [ 139.932440][ T2714] do_syscall_64+0x49/0xb0 [ 139.936690][ T2714] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 139.942416][ T2714] RIP: 0033:0x7f668bbdbbd7 [ 139.946673][ T2714] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 139.966113][ T2714] RSP: 002b:00007f668ae5d048 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 139.974357][ T2714] RAX: 0000000000000127 RBX: 00007f668bd69f60 RCX: 00007f668bbdbbd9 [ 139.982171][ T2714] RDX: 0000000000000001 RSI: 0000000020000600 RDI: 0000000000000004 [ 139.989980][ T2714] RBP: 00007f668ae5d0a0 R08: 0000000000000000 R09: 0000000000000000 [ 139.997790][ T2714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 140.005600][ T2714] R13: 000000000000000b R14: 00007f668bd69f60 R15: 00007ffed277d528 [ 140.013420][ T2714] [ 140.198111][ T2726] loop2: detected capacity change from 0 to 256 [ 140.235001][ T2726] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 140.335888][ T60] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 140.384087][ T2731] netlink: 52 bytes leftover after parsing attributes in process `syz.2.669'. [ 140.403626][ T2731] tmpfs: Unknown parameter '00000000000000000011' [ 140.420777][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 140.420790][ T30] audit: type=1326 audit(1720984990.160:911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2728 comm="syz.2.669" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb9532c8bd9 code=0x0 [ 140.527282][ T30] audit: type=1400 audit(1720984990.270:912): avc: denied { map } for pid=2728 comm="syz.2.669" path="pipe:[16436]" dev="pipefs" ino=16436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 140.550298][ T30] audit: type=1400 audit(1720984990.290:913): avc: denied { execute } for pid=2728 comm="syz.2.669" path="pipe:[16436]" dev="pipefs" ino=16436 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1 [ 140.605797][ T60] usb 4-1: Using ep0 maxpacket: 32 [ 140.626932][ T30] audit: type=1326 audit(1720984990.370:914): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2741 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 140.661525][ T30] audit: type=1326 audit(1720984990.390:915): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2741 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 140.692740][ T30] audit: type=1326 audit(1720984990.390:916): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2741 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 140.716256][ T30] audit: type=1326 audit(1720984990.390:917): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2741 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 140.739730][ T30] audit: type=1326 audit(1720984990.390:918): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2741 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 140.766642][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 140.781725][ T30] audit: type=1326 audit(1720984990.390:919): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2741 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 140.810232][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 140.830328][ T60] usb 4-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 140.850139][ T30] audit: type=1326 audit(1720984990.390:920): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2741 comm="syz.0.672" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f741d464bd9 code=0x7ffc0000 [ 140.873442][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.896885][ T60] usb 4-1: config 0 descriptor?? [ 141.377831][ T60] hkems 0003:2006:0118.001B: hidraw0: USB HID v0.00 Device [HID 2006:0118] on usb-dummy_hcd.3-1/input0 [ 141.418563][ T2759] loop1: detected capacity change from 0 to 256 [ 141.427070][ T60] hkems 0003:2006:0118.001B: no inputs found [ 141.432876][ T60] hkems 0003:2006:0118.001B: force feedback init failed [ 141.495953][ T2759] /dev/loop1: Can't open blockdev [ 141.581262][ T60] usb 4-1: USB disconnect, device number 22 [ 141.711475][ T2767] loop1: detected capacity change from 0 to 512 [ 142.003541][ T2770] loop0: detected capacity change from 0 to 40427 [ 142.105151][ T2773] loop3: detected capacity change from 0 to 512 [ 142.113172][ T2770] F2FS-fs (loop0): Found nat_bits in checkpoint [ 142.149755][ T2770] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 142.258464][ T2773] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5 [ 142.258464][ T2773] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 142.258464][ T2773] [ 142.278356][ T2773] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 142.288341][ T2773] EXT4-fs (loop3): 1 truncate cleaned up [ 142.293953][ T2773] EXT4-fs (loop3): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 143.496556][ T1983] attempt to access beyond end of device [ 143.496556][ T1983] loop0: rw=2049, want=45104, limit=40427 [ 143.540636][ T2793] loop2: detected capacity change from 0 to 16 [ 143.596088][ T2793] erofs: (device loop2): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 143.948171][ T2804] FAULT_INJECTION: forcing a failure. [ 143.948171][ T2804] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.961096][ T2804] CPU: 0 PID: 2804 Comm: syz.2.688 Not tainted 5.15.151-syzkaller-00415-gdb06c48ab67e #0 [ 143.970656][ T2804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 143.980546][ T2804] Call Trace: [ 143.983670][ T2804] [ 143.986449][ T2804] dump_stack_lvl+0x151/0x1b7 [ 143.990959][ T2804] ? io_uring_drop_tctx_refs+0x190/0x190 [ 143.996430][ T2804] ? __kasan_check_read+0x11/0x20 [ 144.001288][ T2804] dump_stack+0x15/0x17 [ 144.005281][ T2804] should_fail+0x3c6/0x510 [ 144.009535][ T2804] should_fail_usercopy+0x1a/0x20 [ 144.014393][ T2804] copy_page_from_iter_atomic+0x423/0x10e0 [ 144.020038][ T2804] ? pipe_zero+0x4e0/0x4e0 [ 144.024288][ T2804] ? ktime_get_coarse_real_ts64+0x117/0x130 [ 144.030016][ T2804] generic_perform_write+0x337/0x5a0 [ 144.035140][ T2804] ? grab_cache_page_write_begin+0xa0/0xa0 [ 144.040779][ T2804] ? file_remove_privs+0x610/0x610 [ 144.045726][ T2804] ? rwsem_write_trylock+0x15b/0x290 [ 144.050846][ T2804] ? rwsem_mark_wake+0x6b0/0x6b0 [ 144.055621][ T2804] __generic_file_write_iter+0x25b/0x4b0 [ 144.061088][ T2804] generic_file_write_iter+0xaf/0x1c0 [ 144.066294][ T2804] vfs_write+0xd5d/0x1110 [ 144.070469][ T2804] ? file_end_write+0x1c0/0x1c0 [ 144.075149][ T2804] ? __fdget_pos+0x209/0x3a0 [ 144.079572][ T2804] ? ksys_write+0x77/0x2c0 [ 144.083825][ T2804] ksys_write+0x199/0x2c0 [ 144.087993][ T2804] ? __ia32_sys_read+0x90/0x90 [ 144.092594][ T2804] __x64_sys_write+0x7b/0x90 [ 144.097020][ T2804] do_syscall_64+0x3d/0xb0 [ 144.101272][ T2804] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 144.106997][ T2804] RIP: 0033:0x7fb9532c775f [ 144.111252][ T2804] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 144.130694][ T2804] RSP: 002b:00007fb952528e00 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 144.138937][ T2804] RAX: ffffffffffffffda RBX: 0000000000020000 RCX: 00007fb9532c775f [ 144.146749][ T2804] RDX: 0000000000020000 RSI: 00007fb94a109000 RDI: 000000000000000b [ 144.154563][ T2804] RBP: 0000000000000000 R08: 0000000000000000 R09: 00000000000014ff [ 144.162372][ T2804] R10: 0000000000001ffa R11: 0000000000000293 R12: 000000000000000b [ 144.170182][ T2804] R13: 00007fb952528f00 R14: 00007fb952528ec0 R15: 00007fb94a109000 [ 144.177996][ T2804] [ 144.186573][ T2804] loop2: detected capacity change from 0 to 256 [ 144.261203][ T2804] exFAT-fs (loop2): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 144.322346][ T2809] loop3: detected capacity change from 0 to 256 [ 144.360237][ T2809] exFAT-fs (loop3): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 144.451381][ T2819] loop4: detected capacity change from 0 to 512 [ 144.513315][ T2819] EXT4-fs error (device loop4): ext4_find_inline_data_nolock:164: inode #12: comm syz.4.694: inline data xattr refers to an external xattr inode [ 144.769119][ T2819] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.694: couldn't read orphan inode 12 (err -117) [ 144.803442][ T2819] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpid,abort,norecovery,sysvgroups,init_itable,debug_want_extra_isize=0x000000000000000a,usrjquota=,nombcache,dioread_lock,,errors=continue. Quota mode: none. [ 144.925870][ T2819] EXT4-fs error (device loop4): __ext4_expand_extra_isize:5840: inode #18: comm syz.4.694: bad extra_isize 10 (inode size 256) [ 145.722442][ T30] kauditd_printk_skb: 134 callbacks suppressed [ 145.722459][ T30] audit: type=1400 audit(1720984995.030:1055): avc: denied { accept } for pid=2828 comm="syz.0.696" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 145.819309][ T30] audit: type=1400 audit(1720984995.460:1056): avc: denied { bind } for pid=2831 comm="syz.2.697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 145.863859][ T2843] loop2: detected capacity change from 0 to 512 [ 145.889192][ T30] audit: type=1400 audit(1720984995.460:1057): avc: denied { node_bind } for pid=2831 comm="syz.2.697" saddr=255.255.255.255 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 145.922269][ T2843] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5 [ 145.922269][ T2843] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 145.922269][ T2843] [ 145.942205][ T2823] loop3: detected capacity change from 0 to 40427 [ 145.956954][ T30] audit: type=1400 audit(1720984995.490:1058): avc: denied { connect } for pid=2831 comm="syz.2.697" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 145.983502][ T2856] loop1: detected capacity change from 0 to 256 [ 145.985086][ T2855] loop4: detected capacity change from 0 to 256 [ 145.997415][ T2843] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 146.005834][ T2843] EXT4-fs (loop2): 1 truncate cleaned up [ 146.011355][ T2843] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,min_batch_time=0x0000000000000001,noload,nombcache,usrjquota="init_itable=0x0000000000000601,noacl,data_err=abort,,errors=continue. Quota mode: writeback. [ 146.039065][ T2855] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d) [ 146.075842][ T2856] /dev/loop1: Can't open blockdev [ 146.088331][ T2823] F2FS-fs (loop3): Found nat_bits in checkpoint [ 146.132084][ T2823] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 146.611325][ T935] attempt to access beyond end of device [ 146.611325][ T935] loop3: rw=2049, want=45104, limit=40427 [ 146.661285][ T30] audit: type=1326 audit(1720984996.400:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2882 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 146.704513][ T30] audit: type=1326 audit(1720984996.430:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2882 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 146.739602][ T2886] loop1: detected capacity change from 0 to 512 [ 146.754159][ T30] audit: type=1326 audit(1720984996.430:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2882 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 146.777368][ T30] audit: type=1326 audit(1720984996.430:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2882 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 146.808850][ T30] audit: type=1326 audit(1720984996.430:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2882 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 146.880358][ T30] audit: type=1326 audit(1720984996.430:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2882 comm="syz.1.709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6c10053bd9 code=0x7ffc0000 [ 147.381119][ T2891] loop3: detected capacity change from 0 to 40427 [ 147.424355][ T2896] EXT4-fs warning (device sda1): verify_group_input:147: Cannot add at group 925 (only 8 groups) [ 147.429377][ T2891] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 147.442347][ T2891] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 147.452313][ T2891] F2FS-fs (loop3): invalid crc value [ 147.705136][ T2891] F2FS-fs (loop3): Found nat_bits in checkpoint [ 147.756576][ T2891] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 147.763463][ T2891] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 147.777339][ T2890] attempt to access beyond end of device [ 147.777339][ T2890] loop3: rw=2049, want=45104, limit=40427 SYZFAIL: bad allocate request allocated=0 size=1701996132/1701996136 (errno 11: Resource temporarily unavailable) [ 147.920549][ T2906] loop2: detected capacity change from 0 to 1024 [ 147.975139][ T935] attempt to access beyond end of device [ 147.975139][ T935] loop3: rw=2051, want=45104, limit=40427 [ 147.987575][ T935] F2FS-fs (loop3): Issue discard(5637, 5637, 1) failed, ret: -5 [ 148.329953][ T2906] EXT4-fs (loop2): barriers disabled [ 148.352746][ T2906] JBD2: no valid journal superblock found [ 148.371476][ T2906] EXT4-fs (loop2): error loading journal [ 149.356350][ T409] device bridge_slave_1 left promiscuous mode [ 149.362296][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 149.369622][ T409] device bridge_slave_0 left promiscuous mode [ 149.375530][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 149.383204][ T409] device veth1_macvtap left promiscuous mode [ 149.389059][ T409] device veth0_vlan left promiscuous mode [ 150.756821][ T409] device bridge_slave_1 left promiscuous mode [ 150.762755][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.770143][ T409] device bridge_slave_0 left promiscuous mode [ 150.776128][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.783668][ T409] device bridge_slave_1 left promiscuous mode [ 150.789672][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.796955][ T409] device bridge_slave_0 left promiscuous mode [ 150.802861][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.810647][ T409] device bridge_slave_1 left promiscuous mode [ 150.816621][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.823818][ T409] device bridge_slave_0 left promiscuous mode [ 150.829838][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.837735][ T409] device bridge_slave_1 left promiscuous mode [ 150.843650][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.850869][ T409] device bridge_slave_0 left promiscuous mode [ 150.856855][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.864646][ T409] device veth1_macvtap left promiscuous mode [ 150.870517][ T409] device veth0_vlan left promiscuous mode [ 150.876126][ T409] device veth1_macvtap left promiscuous mode [ 150.881817][ T409] device veth0_vlan left promiscuous mode [ 150.887589][ T409] device veth1_macvtap left promiscuous mode [ 150.893400][ T409] device veth0_vlan left promiscuous mode [ 150.899184][ T409] device veth1_macvtap left promiscuous mode [ 150.904984][ T409] device veth0_vlan left promiscuous mode