last executing test programs:

20.346743132s ago: executing program 1 (id=670):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="020000000400000005000000020000000010"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYRES16=r0], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0) (async)
write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0)
r2 = syz_usb_connect$hid(0x6, 0x36, &(0x7f00000011c0)=ANY=[@ANYBLOB="12010001090003206d0414c340000000000109022400010000a00009040000010301010009210008", @ANYRES64], 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid() (async)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) (async)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x1fffffffffffffa4, &(0x7f00000002c0)=ANY=[@ANYRES8=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
close(0x3) (async)
close(0x3)
r7 = userfaultfd(0x801)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0)) (async)
ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f0000000300)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r8, @ANYBLOB="05", @ANYRES16=r8, @ANYRES16, @ANYRES16], 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r1}, 0x10)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0)
socket(0x10, 0x803, 0x0) (async)
r9 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r9, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1e00000003000000a43000000800000022040000", @ANYRES32=0x1, @ANYBLOB="0e00"/20, @ANYRES32=0x0, @ANYRES32=r8, @ANYBLOB="02000000020000000400000003100000000000000000000000000000a30f7fb1948631e3636122082a3215451d5ab56cfdafa3c196df420c6478fbbeb46ff8c9699c459418f0107687e0bcb7cb1ae9d1dd1e2c43b07784"], 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0c0000000400000004000000010000000d000000", @ANYRES32=r10, @ANYBLOB="0400"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000ffffffff00"/28], 0x48)

19.79334763s ago: executing program 1 (id=676):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$ASHMEM_SET_SIZE(r1, 0x40087703, 0x10000003)
mmap(&(0x7f0000fee000/0xf000)=nil, 0xf000, 0x0, 0x11, r1, 0x0)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000001100)='fdinfo/3\x00')
preadv(r2, &(0x7f0000000840)=[{&(0x7f0000003440)=""/4086, 0xb2b}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0xffffffed, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r7}, 0x10)
lremovexattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_default\x00')
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0)
r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r8, 0x0, 0x0)
shutdown(r8, 0x1)

19.301950712s ago: executing program 1 (id=678):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x8000)

19.237306198s ago: executing program 1 (id=680):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0))
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x18)
r1 = dup(0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{}, &(0x7f0000000200), &(0x7f0000000180)=r0}, 0x20)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x7007e0b969f941c5, 0x0, &(0x7f0000000600))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[], 0x0, 0x2d, 0x0, 0x0, 0x4, 0x10000, @value=r1}, 0x28)
r2 = socket(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
gettid()
pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000001540)=ANY=[@ANYBLOB="6261636b67726f756e645f67633d73796e632c6163746976655f6c6f67733d322c6e6f71756f74612c6e6f71756f74612c6e6f696e6c696e655f78617474722c64697361626c655f6578745f6964656e746966792c6a71666d743d76667376312c6673796e635f6d6f64653d7374726963742c6772706a71756f74613d272c6a71666d743d76667376302c696e6c696e655f78617474722c00a3d783e0bf6d79bc2fa16e7f"], 0x1, 0x551a, &(0x7f0000005a40)="$eJzs3M9rI+UbAPAn7XZ/f/dbxIO3HViEFjZh0x+L3qru4g/sUlY9eNI0SUN2k0xp0rT25MGjePA/EQVPHv0bPHj2Jh4Ub0IlM1PdqgtC08RtPx+YPPO+efPM84Zl4ZkpCeDcmk9+/bkUN+JKRMxGxPWI7LxUHJm1PLwQETcjYuaJo1TM/zFxMSKuRsSNUfI8Z6l46/Pbw1urP731yzffXbpw7Yuvv5/eroFpezEiutv5+V43j2krj4+K+dqwncXuyrCI+Rvdx8U4zeNeczPLsFc7WlfL4nIrX59u7/ZHcatTq49iq72VzW/38gv2h62jPNkHHtV2snGjuZnFdj/NYusgr2v/IP+/7aA/yPM0inwfZeljMDiK+Xxzv5nvZ/txFuu9QTGf500bzf1RHBaxuFzU004jq2PzJN/0f9vb7d7ufjJs7vTbaS9ZrVRfqlTvlqs7aaM5aK6Ua93G3ZVkodUZLSsPmrXuWitNW51mpZ52F5OFVr1erlaThXvNzXatl1SrleXKnfLqYnF2O3n9wXtJp5EsjOKr7d7uoN3pJ1vpTpJ/YjFZqiy/vJjcqibvrG8kGw/v31/feDfuvf/glfU3XysW/a2sZGHpztJSuXqnvFRdPIP7/+Ap+/+kKHqM+4cTKU27AIBnj/4fmIbT6/93HsbhYTZ/mv1/6P/HYlz97+Ek+t/z3v+fwv7hRPT/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn1g9zX76Rnczn42vF/P+KqeeKcSkiZiLi8B/MxsVjOWeLPHNPWT/3lxq+LUWWYXSNS8VxNSLWiuO3/5/2twAAAABn11cf3/ws79bzl/lpF8Qk5TdtZq5/OKZ8pYiYm/9xTNlmRi/PjylZ9u/7QuyPKVt2A+vymJLlt9wujCvbvzJ7LFx+IpTyMDPRcgAAgIk43glMtgsBAABgkj6ddgFMRymOHmUePQvO/vL+zweCV46NAAAAgGdQadoFAAAAAKcu6//9/h8AAACcbfnv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/M7O/dyoDURxAH62cSD/FBTlnla4QRkpIcccIwpIE5RAWkgD1EBuKSGCFR4vWlbsaiWP7d3V90kwjAU/ZhA+zBtpAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjT33q7+v3z66+uOYdjN3lmAwAAAFyzr7er5sU89d+31z+2lz63/SIiyoi4tnav4s1FZtXm1A+8v743hj8RTcLpO6bt411ELKqIRUT8/9T3rwAAAACv1269WabVenqajz0ghpSKNuWHb5nyioio5/8ypZWnvC+Zwpr/9yR+ZEprClizTGGp5DbJlfYkze1+rtrN7jRFasrHP59t7gAAwICqi2bYVQgAAABD+j72ABhHEbdbmeetwGlq2u29txc9AAAA4AUqxh4AAAAA0Ltm/f+sz/8L5/8BAABAV+n8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPq0r7er3Xqz7JpzOHaTZzYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3LA/7ygQAmEQBnvXdyZz/8NKg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb373l/8TU+NMMvfaWHoeSdZOja1TY+/cOPrD+Po1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAX/e6X/xNT40wyd9pYOh5J1q4aW1eNvQeNowfj7d8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc4dvMZRhQEAfzOzs7FVMUbZQ0QUPOjFptva2pt4UIIH/wQhpNsauyrWHGwpQi7eJOdeRI8ighJv/R96bqGXeuthDxU8eFp5szPJNC04VpzZZn8/ePu+HV7mfW82hHzzJgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMrk3YM4iy/Lszgtj926f20z9rcP9dGN3TurscU4aTPpJ8PL9TfJoLtEAAAAWBxZVd+HEO7me+uxT5eL+j+vxsSa//tnZ3FVzx+u+6u+qv1j++3Xey/uT7Q8myee9MLWeHTy4VR6/98q59tz/ziiV1z54t5LVnwg6Qc7L0zy4nom3968+V6/CJfayBYAeBwnqr4Mqt+HYj/sMjEAFkavVnhX9X+23G1OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG2Y7ISnqzgJIaz2DuLo9v1rm4/qb+zeWa3a2evXd+vnjKfIQwgXtsajky2uZd59eeXqpY3xeHS5/eCVEEJXs79TLv/SRw0Gh9DJ9REcCpJeCI/z5Wn5Yc/HKjoN+vF7vtngDn8oAQBwJOVli3X93XxvPR5LVkKY/vBg/f96LQ4N6/97H5+9VZ+rXv8PW1thh5aaDVvb/ms6nV65+ubWpxsXRxdHn711avj28PS5M2fOrRX3StbcMQEAAOC/6ZetXv+nKw/v/x+vxaFh/f/Fd8Ov63Nli1b/N3Sw6dd1JgAAAIvt+Vf//CN5xPGk3w9fbWxvXx7OXvffn5q9dpDqv7ZUtnr9n610nRUAAADQhslO8sD+//laHBru/z/z40s/18+ZhRCOlfv/JzY/H59vbzlzrY2/Pe56jQAAAHTrWNnq+/958fx/uv/IQxpCeOO1WVz+G8BG9X/2/jc/1eeqP/9/ur0lzqV0MLseRT8IoTfoOiMAAACOsqfKFov93/O99U9+Of5h3/P/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG37OwAA//9HAD8Z")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x10888, &(0x7f0000000680)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x7082f4cf2f3736c6, 0x1d0)
setsockopt$MRT_ADD_VIF(0xffffffffffffffff, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x8, 0x80, 0xffff2944, @vifc_lcl_addr=@loopback, @loopback}, 0x10)
openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000580)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x2)

18.033430532s ago: executing program 1 (id=684):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000400)='./bus\x00', 0x800, &(0x7f0000000840)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRES64], 0x1, 0x36e, &(0x7f0000000c00)="$eJzs3c9rI2UYwPEnaZpMumyTgygK0ge96GVoq2c1yC6IAZfuRtwVhNntREPGpMyESERsPXkVb/4DgsseFzwsqP9AL97WixdP9iIIuog4Mr/SJJ00aTZL0/b7gTZP8r7PzPvmF88byJuD9776uFn3zLrVkayhkhEReSRSlqwkMtFFXlLsycuX/nz4/PWbt96uVKtXtlSvVm68sqmqq2s/fPJZMe72oCD75Q8OxPht/+n9Zw/+u/FRw9OGp612Ry293f61Y912bN1ueE1T9ZpjW56tjZZnu1F7O2qvO+2dnZ5are3LKzuu7XlqtXratHvaaWvH7an1odVoqWmaenklbbjnmDFDTu3u1pZVmfGEd2bMw7z94/v+Mc2uW7GWRMzikZba3Sc6LgAAsJBG6v9vkhqhLNl+QZmJ1wL5MB5eBgT1fxKH9X+wWDis/++98FPn0rv3V+P6/0E+rf5/9Zcof6j+D84+9/r/u5HrRyuiM2/3JJ0fq/7HYlgbfkX+frhijwX1f/Bq6K/ov3j/3noYUP8DAAAAAAAAAAAAAAAAAAAAAHAWPPL9ku/7peQy+Tv8CkF8Pbl23BeNceaMe/wL8Y4C/ecDzqXrN2+JEX5xL7cq4nzZrXVr0WXcnnRcl5L8Gz4fYtGGE3thowbK8qOz260txwlL4f+KiIojtmxIScpD+WF89a3qlQ2NRPnh+Xe7tUxuJcivSyPM35SSPJWev5man5eXXhzIN6UkP9+RtjiyHb+PJfmfb6i++U51JL8Y9kvz+pN9SAAAAAAAmDtT1YiXz+Xh9W+0fjdN1bT2YC0vg+vzo58P9NfX66nr81zpudzpzh0AAAAAgIvCy3/atBzHdr3e2KAok/oU4qONNOVkwpGDIDdFn6HgYRgsH9dnaWCG0x45H/+CxrTDcL2eTD3mJPirIKl3ZrKF61CTkX6vThkk85+is3HSh8D1siefu+16a8F4dKbpDATJx0bj+si1WY88Lkh2zp3U+Zmvv/17tlNk4l17B5teu29MmGkYZEZu2ZvwpP3D9yeOZzn93eL7WX5kBgAAAMCCSIr+opfc8sbpDggAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAtortukjQlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAovg/AAD//5h69bA=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009"], 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, 0x0, 0x0}, 0x20)
ptrace(0x10, 0x1)
r0 = inotify_init1(0x0)
fcntl$setown(r0, 0x8, 0xffffffffffffffff)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x5}]}, 0x10)
r1 = gettid()
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x4, @tid=r1}, &(0x7f00000002c0))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
syz_usb_connect$cdc_ecm(0x1, 0x56, &(0x7f0000000f40)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x44, 0x1, 0x1, 0x22, 0x18, 0x1, [{{0x9, 0x4, 0x0, 0xd, 0x3, 0x2, 0x6, 0x0, 0x1, {{0x5}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4, 0x25, 0x2, 0x7}}, {[{{0x9, 0x5, 0x81, 0x3, 0x8, 0xf, 0x5, 0x2}}], {{0x9, 0x5, 0x82, 0x2, 0x5bf, 0x2, 0x97, 0x1d}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x0, 0xf, 0xe}}}}}]}}]}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x83, 0x0, 0x0)
mknod(&(0x7f0000000000)='./file0\x00', 0x1000, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='fdinfo\x00')
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100))
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r5}, 0x10)
rt_tgsigqueueinfo(0x0, 0x0, 0xe, 0x0)
open(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

17.447715043s ago: executing program 1 (id=690):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)

16.725712635s ago: executing program 3 (id=692):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x80000)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000740)=ANY=[], 0x15)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000f5ebd3d1000000000018340000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

15.500054931s ago: executing program 3 (id=696):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10)
r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000020"], 0xfe44, 0x0)

14.787304903s ago: executing program 3 (id=699):
socketpair(0x1e, 0x80005, 0x0, &(0x7f0000000000)={<r0=>0x0, <r1=>0x0})
close(r0)
setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x127)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={<r2=>0x0, <r3=>0x0})
close(r2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='workqueue_queue_work\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='workqueue_queue_work\x00', r6}, 0xa)
setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) (fail_nth: 18)

13.948839545s ago: executing program 3 (id=702):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)

13.948345035s ago: executing program 3 (id=704):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r1=>r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r2}, 0x10)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000000)={'ip6tnl0\x00', &(0x7f00000005c0)={'syztnl1\x00', 0x0, 0x0, 0x9a, 0x0, 0x0, 0x0, @remote, @private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x8}})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0100000004000000ff0f00000500000000000000", @ANYRES32, @ANYRES32=<r6=>0xffffffffffffffff], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1f, 0xc, &(0x7f0000000640)=ANY=[@ANYRES16=r1, @ANYBLOB="de99255cbde10ef26bb051d900b07d1b8a787ca52f8b59ca1555e8ea773a1aa980300ab13dbf5ed7ae8d523f82e3a2a838abdb1b2c5b984bf83def1024dd9abe3810326975d0b638b5ee51e7d69f1eef1d051efc6b1c65f6a3a6222354c0", @ANYRESDEC=r6, @ANYBLOB="658248b9ba141dca7893477e85f9126726553914d3b634172f774abe46980b0cfb80d16c16cf9bec412a8db9d764fb15c437266cf0bf69fa3711bd278021c2d440541f38577ce3603a5b4dcd9ed5e7b62af02a501e738d2a8bf4b09478303b7921f220a4e6c7d3981998267515a90b0c57836f6e79b1bc27b1903c7fca18f4827b"], &(0x7f0000000240)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0xa8)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10)
r8 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r8, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x9, 0x0, &(0x7f0000000740)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$ASHMEM_SET_NAME(0xffffffffffffffff, 0x41007701, &(0x7f00000002c0)='GPL\x00')
r11 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='fdinfo/3\x00')
read$FUSE(r11, 0x0, 0x0)
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000280)='./file0\x00', 0x80d406, &(0x7f0000001200)=ANY=[], 0xff, 0x2c1, &(0x7f0000000f00)="$eJzs3M9rE1sUwPGTSZtJ++iP1YP3Nu/w3OhmqHGpQqO0IAaUtCPqQpjSqYbEpMwEnYjQrF317ygu3QniP9C9f4C7IkhXXTmSZBInMTW1hKQm3w+EufeeuZN75yZwbmBy9HD/eXHHt3acqhhpFUOkLiciy1KQtkR0TDXLqU673MxIXa6svDh+s/Ho8d1sLreWV13Pbl7LqOrifx9evn77/8fqXw/eLZqmHC4/Ofqa+Xz49+E/R982nxV8LfharlTV0a1KpepslVzdLvhFS/V+yXV8Vwtl3/W64julyu5uTZ3y9sL8ruf6vjrlmhpS02pF09GoympZli7MN8ppmSKp3+5hH+TzTrZvaKru3GTzvKyTFJG5n9bUPhjPiAAAwDidnv8bnXPa+b/Rm/+LDMj/96KzFt8PyP/bmcnZ8/+kdPL/otvM/6teTZ2nTiGe/085Y0DcXu3O/1eHclWMQaIeq9zqCnledq5/J/J/AAAAAAAAAAAAAAAAAAAAAAD+BCdhuBSG4VLjaIhIGNVNEUnG6n268oT4BIivfxh7mdEC/2L9MQFiD+6lRb7UAzuwE81jK75+J7e2ok2xB/+Og8AOw3CvFb/aimt3fFbmo/6ZvvGUXL7Uijdit+/l4vH9wJ6T7Z6xJrtq9eHeCAAAAAAAJlhjUx9tz5c7jWkJAru127YsNaU33ty/NwszItL+faBnfz8j/86McCIAAAAAAOBUfu1V0SmVXG80heQI3+vcBZHzdb8emkMZRlJEYi1mtFTxc/IbIsObckoGTlnPdEFT3PZoR7twn7Ln7p6+IJ+6MxZuDO2CYUKk1TIbrVnPtwAAAADAZPmxHxj3SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmF6j+Ouycc8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuCi+BwAA//8MPbLp")
sched_setaffinity(0x0, 0x0, 0x0)
getpeername(r9, &(0x7f00000003c0)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @multicast1}}, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})

13.032673154s ago: executing program 3 (id=707):
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x42, &(0x7f0000000100), 0x4)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000680)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000940)={0x0, r0}, 0x18)
socketpair$nbd(0x1, 0x1, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
mmap$binder(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x199)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r2 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
recvmmsg(r2, &(0x7f0000001440)=[{{&(0x7f0000000200)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/161, 0xa1}, {&(0x7f0000000640)=""/241, 0xf1}], 0x2, &(0x7f0000000740)=""/134, 0x86}, 0x6}, {{&(0x7f00000003c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x80, &(0x7f00000008c0)=[{&(0x7f0000000800)=""/134, 0x86}], 0x1, &(0x7f0000000900)=""/31, 0x1f}, 0x7}, {{0x0, 0x0, &(0x7f0000000a80)=[{&(0x7f0000000940)=""/27, 0x1b}, {&(0x7f0000000980)=""/247, 0xf7}], 0x2, &(0x7f0000000ac0)=""/100, 0x64, 0xa000000}, 0xd}, {{&(0x7f0000000b40)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f0000000e40)=[{&(0x7f0000000bc0)=""/192, 0xc0}, {&(0x7f0000000c80)}, {&(0x7f0000000cc0)=""/112, 0x70}, {&(0x7f0000000d40)=""/52, 0x34}, {&(0x7f0000000d80)=""/176, 0xb0}], 0x5}, 0x8}, {{0x0, 0x0, 0x0}, 0x10001}], 0x5, 0x10100, &(0x7f0000001600))
ptrace(0x10, 0x1)

8.378425106s ago: executing program 0 (id=717):
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r6}, &(0x7f0000000040), &(0x7f0000000140)=r5}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$tipc(r8, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0)
sendmsg$tipc(r8, &(0x7f0000000e40)={0x0, 0x0, 0x0}, 0x0)
sendmsg$inet(r8, &(0x7f0000000f80)={0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f00000042c0)="86", 0x1}], 0x1}, 0x0)
sendmsg$tipc(r8, &(0x7f0000002700)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r7, 0x1, 0x21, &(0x7f0000000040), 0x4)
sendmsg$tipc(r8, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
close(r8) (fail_nth: 1)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@struct={0x2, 0x1, 0x0, 0xf, 0x0, 0x7fffff, [{0x6}]}]}, {0x0, [0x0, 0x2e]}}, 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x40, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc, 0x4, 0x80c20001000003}]}}}]}, 0x40}}, 0x0)

8.378030086s ago: executing program 2 (id=718):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x80000)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000740)=ANY=[], 0x15)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000f5ebd3d1000000000018340000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0xfffffffffffffffe, 0x29)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

8.377648216s ago: executing program 4 (id=719):
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./bus\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
fchdir(r0)
close(r0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020148100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000300)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
syz_mount_image$vfat(&(0x7f0000000440), &(0x7f0000000080)='./file0\x00', 0x800090, &(0x7f0000000700)=ANY=[@ANYBLOB="73686f72746e616d653d77696e6e742c756e695f786c6174653d312c756e695f786c66873df723229fdbf4dc0861cffc6174653d302c756e695f786c6174653d302c756e695f786c6174653d312c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c757466383d302c726f6469722c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f636861727365743d63703835372c636f6465706167653d3836302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c757466383d312c73686f72746e616d653d6c6f7765722c757466383d312c73686f72746e616d653d6c6f7765722c756e695f786c6174653d312c756e695f786c6174653d312c73686f72746e616d653d77696e39352c726f6469722c73686f72746e616d653d6d697865642c73686f72746e616d653d6d697865642c757466383d302c757466383d302c6e6e6f6e756d7461696c3d312c7375626a5f7573"], 0x6, 0x2dd, &(0x7f0000000d40)="$eJzs3b1rJGUYAPBnNrMfarEprETwBS2sjsu1NglyB2IqjxSnggbvDiQbhAtE/MD1KrGzsfQvEAT/EBs7S8FWsPPEg5H5yn7csNmT24iX36+4ezPzPPM+7zuTZJo8+/6Lx0e3U9y9//mvMRpl0dsdRjzIYjt60foyFux+EwDA/9mDoog/ilrH6V++XpE72mBdAMDmnPP7v5FX/94qI368uNoAgM24eevtN/f296+/ldIobhx/dXqQRUT5f31+7258GJO4E1djHA8jqheFflRvC+XwRlEU0zyVtuOV4+npQZl5/N5PzfX3fo+o8ndiHNvVobO3jSr/jf3rO6k2lz8t63i2mX+3zL8W43j+LHkh/1pHfhwM4tWX5+q/EuP4+YP4KCZxuypilv/FTkqvF9/++dk7ZXllfjY9PRhWcTPFVjv59ILvEQAAAAAAAAAAAAAAAAAAAAAAT58rKaW/i5SGUfXvKQ81/Xe2HpZf9CO16v4+72Z1YtMfKGsvNOsPFL2iKKZFfNf217maUiqawFl/nzxeyJvGggAAAAAAAAAAAAAAAAAAAHDJnXzy6dHhZHLn3hMZtN0A8oj462bEv73O7tyRl2J18LCZ83Ay6TXDxZh8/khstTFZxMoyykU8oW05b/DMIzU3g+9/6MwqV3SSR9ep0fmT9rvneszBx/16Hztj2qfr6DDr3sPhWfGj8sbF8o0bRPfs/Vg6Mmjv53Jw+yiut5xB56nxY2/L4LlqMF0RE9mq74vXfltYThZLwYOq40Zner8ZdO1G/Wys9TzHqE5/9GdFplsHAAAAAAAAAAAAAAAAAABs1Oyvf+c+y791f2VqrxhusjIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuDizz/9fZ5AvJq+RNYh7J//V2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALg8/gkAAP//u3xRQA==")
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x20242, 0x0)
ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8001})
readlink(&(0x7f0000000200)='./bus\x00', &(0x7f0000000280)=""/59, 0x3b)
r3 = syz_open_dev$usbfs(&(0x7f0000000040), 0x9, 0x50fe03)
openat$random(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r4)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r5, 0x0)
r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000ffff00850000000700000095"], &(0x7f00000000c0)='GPL\x00', 0x1, 0xa6, &(0x7f00000003c0)=""/166, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=@base={0x12, 0x4, 0x8, 0xb, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000001c0)={@map=r7, r6, 0x7, 0x0, 0x0, @void, @value}, 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r7, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r5}, 0x20)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r4, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000580)={0x14}, 0x14}}, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r3, 0x5522)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000000)={0x1}, 0x4)
mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0x0)

6.971997228s ago: executing program 0 (id=720):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/13, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r3}, 0x18)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newrule={0x30, 0x20, 0x1, 0x0, 0x0, {0xa, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x8, 0x12}, [@FRA_SRC={0x14, 0x2, @dev}]}, 0x30}}, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=@newlink={0x5c, 0x10, 0x439, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x3c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x2c, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x14, 0x3, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @IFLA_IPTUN_LOCAL={0x14, 0x2, @private2}]}}}]}, 0x5c}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000840)={0x18, 0x0, &(0x7f0000000700)=[@clear_death={0x400c630f, 0x1}, @release={0x40046306, 0x1}], 0x0, 0x0, 0x0})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r6}, 0x10)
r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r7)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{}, &(0x7f0000000800), &(0x7f0000000280)=r8}, 0x20)
r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_IP_XFRM_POLICY(r9, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@loopback, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2}}, {{@in=@private=0xa010100, 0x0, 0x6c}, 0x0, @in6=@dev, 0x0, 0x4, 0x0, 0x0, 0xb7b0}}, 0xe8)
syz_emit_ethernet(0x3e, &(0x7f0000000200)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaa000800450000300000000000019078ac1e0001ac1414aa0400907803000000450000c5c586634460133900ac141400ac141400"], 0x0)

6.970927688s ago: executing program 2 (id=721):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10)
r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000020"], 0xfe44, 0x0)

6.970308628s ago: executing program 4 (id=722):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r0, 0xc004743e, 0x20001400)
socket$inet(0x2, 0x3, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0xa, 0x300)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000007000000020000000400000005"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='kmem_cache_free\x00', r4}, 0x10)
syz_emit_ethernet(0x1f, &(0x7f0000000180)=ANY=[], 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r6}, &(0x7f0000000a00), &(0x7f0000000a40)=r5}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r6}, &(0x7f0000000880), &(0x7f00000008c0)=r5}, 0x20)

5.456526779s ago: executing program 0 (id=723):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x80000)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000740)=ANY=[], 0x15)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000f5ebd3d1000000000018340000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0xfffffffffffffffe, 0x29)

5.455807359s ago: executing program 2 (id=724):
pipe(&(0x7f0000000140)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{r1, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%pK    \x00'}, 0x20)
ioctl$int_in(r2, 0x5452, &(0x7f0000000180)=0x7)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000001000090400"/20, @ANYRES32=0x0, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000000a000100aaaaaa"], 0x5c}}, 0x0)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
close(r3)
socket$netlink(0x10, 0x3, 0x0)
write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc)
splice(r0, 0x0, r3, 0x0, 0x4ffe2, 0x0)

5.455524229s ago: executing program 4 (id=725):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route_sched(r1, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000)

3.848856487s ago: executing program 0 (id=726):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vlan1\x00', <r1=>0x0})
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'virt_wifi0\x00', <r3=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}, 0x1, 0xba01}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x3c, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, r6}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}]}}}]}, 0x3c}}, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000b40)=ANY=[@ANYBLOB="2800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="80000200e180000008001b"], 0x28}}, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)

3.848367378s ago: executing program 2 (id=727):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x80000)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000740)=ANY=[], 0x15)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000f5ebd3d1000000000018340000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0xfffffffffffffffe, 0x29)

3.847550648s ago: executing program 4 (id=728):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@nodioread_nolock}, {@jqfmt_vfsold}, {@stripe}, {@dax_never}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x80000001, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000000000000000000007020000f80000000003000008000000b704000000000000850000004300000095000000000000009a81c521c3a7f1c175bfabc4d38a8b01881ef4db98eb34f80c9ad39792f000f767d331918b1170a1fed0460bf2c7c40856fa67e7e74b682f2a41bf521c56f49a4f6cc5bd1a805a69c946cd3d51bc7cff6f8b5bab62af33270dcc250a1edb59d33db1ae9eff87ad32a398e8a874d35f857a63379d8b2f0f3e5c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002e40)={&(0x7f0000000000)='ext4_es_lookup_extent_exit\x00'}, 0x10)
r2 = syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5511, &(0x7f0000006b80)="$eJzs3E1rY9UfB/CTPs7Tf/5FXLibC4PQwiQ0fRh0V3UGH7BD8WHhStMkDZlJckuTprUrFy7Fhe9EFFy59DW4cO1OXCjuhJHccypTH0Bp2tjp5wO333tPTn73nEtpOfeGBODSWsh++akUboarIYTpEMKNEIr9UtoKGzGeCyHcCiFMPbGVUvvvDXMhhGshhJuj4rFmKb302Z3h7fUf3/j562/nZ65//tV3k5s1MGnPhxC6u3H/oBszb8V8mNprw3aR3bVhyvhC91E6zmMeNLeLCge14361IldbsX++u98f5U6nVh9lq71TtO/24gn7w9ZxneIND2t7xXGjuV1ku58X2TqK4zo8in/bjvqDWKeR6n1YlA+DwXHG9uZhM85n91GR9d4gtce6eaN5OMphynS6UM87jWIc26e50v9tb7Z7+4fZsLnXb+e9bL1SfaFSvVuu7uWN5qC5Vq51G3fXssVWZ9StPGjWuhutPG91mpV63l3KFlv1erlazRbvNbfbtV5WrVZWK8vl9aW0dyd79cG7WaeRLY7y5XZvf9Du9LOdfC+L71jKViqrLy5lt6vZ25tb2dZb9+9vbr3z/r33Hry0+forqdOfhpUtriyvrJSry+WV6tLFnf/of/2/mv/HadBjnD+cSmnSAwC4eKz/gUm46Ov/YP0/Ftb/l3b+j5PTXUAuN+t/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBL6/vZL14rdhbi8fXU/r/U9Ew6LoUQpkIIj//CdJg7UXM61Zn9m/6zfxjDN6VQVBidYz5t10IIG2n79f9nfRUAAADg6fXlR7c+jav1+GNh0gPiPMWbNlM3PhhTvVIIYXbhhzFUCelmU3j29KOKRr/fM+FwTNWKG1hXxlQs3nKbGVe1f2T6RFx5Ikoxpo57zp3ruAAAgLN0ciVwvqsQAAAAztMnkx4Ak1E8aU2fxU+P+eZjpAeCV08cAQAAABdQadIDAAAAAM5csf73/X8AAADwdIvf/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAbO3eTkzoUBQD4tND3eD9GYpy7FWewDJfg0KFhKywBt+AGWAPOXIIBQ3tRMRhM+hfJ9yXt5TbN4ZTQwTm3KQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG16KhbTh/urUd046009zVwNAAAAcMiqWEzLD+Nq/i8dP0uHLtI8i4g8Ig7V7oP4tRdzkOIUX5xffMrhMaKMsP2O32n7GxHXaXs5b/tXAAAAgNO1nM0nVbVe7cZ9J0SXqqZN/v+moXhZRBTj54ai5dvd5bdO3RzvD23/38O4q59WqWxg1X5kZqdsuQ2binbcIN3ub8Pow5BVQ95dOgAAQFf2K4EOqxAAAAA6dtt3AvQji91S5m4tuHzy/n1B8M/eDAAAAPiBsr4TAAAAAFpX1v/e/wcAAACnrXr/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG1aFYvpcjaf1I2z3tTTzNUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvLI/7ygMw2AQBjeJ8uqELuD739Is2K1bNzMg+Pi3EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAlcfx8jzj1ZjJNnqdSd49rySfTo1vp8avc+OfZKy7fwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwsz8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfNHvfvk/MTXOJHOnjaXjkWTtqrF11dh70Dh6MN7+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsXP/vnFTcQDAv2efr7SACAFlCEJUYoCFptfS0pUBFDHwJyBF6bUErvxoM9CqQsrChjJ3QTAihAQKW/+Hzq3UpWwdMhSJiQFkn528HpU4WtW+Np+P9Py+thy/73OiKF8/5wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABo7L67H+flZmESZ/Wxm/eurpf9ram+dH379nLZyrjXZtJPhlfTnd5Sd4kAAABwcORNfR8xiGJntQyyhar+L5pzypr/++cncVPPT9f9Td/U/mX77de7L+8NtDAZp7zouY3x6Pi/U+k/xmnOtRf+84x+deerZy959Q3JPth6abeo7mfv2xs33htU4aE2sgUAHsaxpq+D5u+hsh92mRgAB0Y/Kbzv1PV/vtBtTgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtGGzFs03ci4jl/n5cunXv6nrVT+1f37693LTT165tp9csL1FExLmN8eh4WxN5Aly6fOXTtfF4dLH94LWI6G70OvhohnMiusxQ8KhBVv+sz/ZVRyOi+5y7Dzr+xQQAwFOnqFtZ198pdlbLY73FiL9/uL/+fyOJI63/p/q0/r/78emb6Vhp/T9sbYbzb2Xzwhcrly5feWvjwtr50fnRZ2+fGL4zPHnm1KkzK9WzkhVPTAAAAHg0g7ql9X+2GLE7tf5/JIljxvr/y++GX6dj5er/B9pf9Os6EwAAgIPtxaN//tF7wPHeYBBfrW1uXhxOtnv7JybbDlL93w7VLa3/88WuswIAAADasLvVu2/9/2wSx4zr/8/9+MrP6TXziDhcr/8fW/98fLa96XTkr5nOauPfiR/7VAEAAJhrh+uWrv8X1fv/2d4rD1lEvPn6JK4/BnCm+j9//5uf0rHS9/9PtjfFuZQtTe5H1S9F9Je6zggAAICn2TN1K4v934ud1U9+OfLhwPv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG37JwAA//9VakSc")
r3 = openat(0xffffffffffffff9c, 0x0, 0x143002, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16d80000000000000000d9c09e9aa115b3ef6b63d3959fbcf148706f5f5feb4680511a507ca9839abfb0d0f1e8cad7e8bf66227a3954d6549b5d7beb613c260935f92a0fd0a697467e8686b41e2a897ad0abf52236d8348e5076b04dae8f301f0051ba3fb0c8c04090c24b5d7d6c0ae0f92df2a6dbbda06256a359823ae9fcf4a06c816e168d61a73f1db1d12c84", @ANYRESDEC=r2, @ANYBLOB="0040000000000005000000000000ceebbe550964a2c3936492e7ef000000000000", @ANYRES32=0x0, @ANYRES64=0x0, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r4=>0xffffffffffffffff, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x1d, 0xfffffffe, 0x3, 0x46, 0x31802, r0, 0xd6f5, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x3, 0x0, @void, @value, @value=r3}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b708000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000300)=ANY=[@ANYRES8=r4, @ANYRESOCT=r4, @ANYRESHEX], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd, @void, @value}, 0x94)
r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x5, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x2}, [@map_fd={0x18, 0x6, 0x1, 0x0, r3}]}, &(0x7f0000000740)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, 0x0, r3, 0x8, &(0x7f0000000780)={0x3, 0x3}, 0x8, 0x10, &(0x7f00000007c0)={0x2, 0xc, 0x6, 0x6}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000800)=[r5, r0, r0, 0x1, r5, r5, r5], 0x0, 0x10, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kmem_cache_free\x00', r9, 0x0, 0x8000000000000000}, 0x18)
inotify_add_watch(0xffffffffffffffff, 0x0, 0x700067e)
connect$unix(r7, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r7, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x1188070, 0x0, 0x0, 0x0, 0x0)

2.127565186s ago: executing program 0 (id=729):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x80000)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000740)=ANY=[], 0x15)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000f5ebd3d1000000000018340000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r4 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0xfffffffffffffffe, 0x29)

2.126571316s ago: executing program 2 (id=730):
r0 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x800714, &(0x7f00000004c0)={[{@orlov}, {@nodelalloc}, {@errors_remount}, {@grpquota}, {@auto_da_alloc}, {@dioread_nolock}, {@quota}, {@grpjquota}, {@inode_readahead_blks}]}, 0xff, 0x493, &(0x7f0000000640)="$eJzs3M1vFGUYAPBnth9804qIgqCraCR+tLSgcvCgRhMPmpjoAY+1LYgs1NCaCGm0GINHQ+LdeDTxL/DmxagHY+JVE4+GhGhjQvFUM1+w3W5LW9oudH+/ZDvvO5/vMzPv7jvzdiaAtlVN/yQR2yPi94joybNzZ6jmg5npyeHr05PDSczOvvV3ks13bXpyuJy1XG5bkTlUiah8lsSLyfztjp+/cHqoVhs9V+T7J8580D9+/sIzp84MnRw9OXp28Nixo0cGnn9u8NlViTON69q+j8f2733tnctvDB+//O5P36bF2nMgn14fxy1dbxJQE9V0r/0zm2mc9vgyyn432FGXTjpbWBCWpSMi0sPVldX/nuiImwevJ179tKWFA9ZU+tu0aeHJU7PABpZEq0sAtEb5Q59e/5afdWp63BGuvhTRXaRnpieHZ27E3xmVYnzXGm6/GhHHp/77Kv3Ecu9DAACsQNa2ebpZ+68Se7Jh3texs+hD6Y2IeyJiV0TcGxG7I+K+iGze+yPigXzh2Z4lbr/akJ/f/qlcaVrmVZK2/16oa/vN1MVfDHo7ityOLP6u5MSp2ujhYp8ciq5NaX5gkW18/8pvXyw0rb79l37S7ZdtwaIAVzobbtCNDE0MrdZOuHoxYl9ns/iTGz0B6RmwNyL2LW/VO8vEqSe/2b/QTLeOfxGr0M80+3XEE/nxn4qG+EvJ4v2T/ZujNnq4vzwr5vv510tvFsnuxmm3Ff8qSI//1rnnfzHlYjHs+TfJ+2u7olYbPTe+/G1c+uPzBa9pVnr+dydvZ33Wv7yXj/toaGLi3EBEd/J6li93dDZ+8OayZb6cP43/0MHm9X9XsUwa/4MRkZ7EByLioYh4uCj7IxHxaEQcXCT+H19+7P1F4k8iiZYe/5Gm3383zv/epL6/fgWJjtM/fLdQj/nSjv/RmMq+a3PZ998tLLWAt7n7AAAA4K5QiYjtkVT68nR1e1QqfX35//Dvjq2V2tj4xFMnxj48O5I/I9AbXZXyTldP3f3QgWSqWGOeHyzuFZfTjxT3jb/s2JLl+4bHaiMtjh3a3ba59T/K+p/6q6PVpQPWnOe1oH011v9Ki8oBrL+l/P67FoCNqUn939KKcgDrz/U/tK9m9f+Thrz2P2xM8+v/n01eWQdsRNr/0L7Uf2hf6j+0paU+xV++T2HFLwGYkygfFlj5ejYv+Qn/Oy9RXZM1l0doLQu/JW6OicodsTPbJJHWmPXdaJOX1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANyF/g8AAP//Z0bjpw==")
r1 = socket(0x10, 0x3, 0x9)
connect$netlink(r1, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$TIPC_CMD_GET_MAX_PORTS(r1, &(0x7f0000000000)={&(0x7f0000000a00), 0xc, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x1c}, 0xe80}}, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x6}, 0x4)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYRESDEC=r0, @ANYRES32=0x0, @ANYRESHEX=0x0, @ANYRES16=r1, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\t\x00'/28], 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000400b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='mm_page_alloc\x00', r6}, 0x10)
r7 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r8 = socket$nl_route(0x10, 0x3, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9a4850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r9}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0)
write$binfmt_script(r10, &(0x7f0000000780), 0xfea7)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r10, 0x0)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r11, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x4, 0x4, 0x3c8, 0x0, 0x0, 0x1d0, 0x2e0, 0x2e0, 0x2e8, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}, {{@uncond, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}, {{@arp={@multicast2, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@link_local}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'xfrm0\x00', 'pim6reg\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000800)={'ip6gre0\x00', <r12=>0x0})
r13 = socket$packet(0x11, 0x2, 0x300)
bind$packet(r13, &(0x7f00000000c0)={0x11, 0x0, r12, 0x1, 0x0, 0x6, @local}, 0x14)
write$binfmt_script(r13, 0x0, 0x0)
ioctl$int_in(r13, 0x5421, &(0x7f0000000240)=0x7ff)
ioctl$KDFONTOP_GET(r7, 0x4b72, &(0x7f0000000280)={0x1, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)})
setsockopt$packet_fanout_data(r4, 0x107, 0x16, &(0x7f0000000100)={0x2, &(0x7f0000000000)=[{0x30, 0x0, 0x0, 0xfffff00c}, {0x6}]}, 0x10)

2.054003172s ago: executing program 4 (id=732):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x80000)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000740)=ANY=[], 0x15)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000f5ebd3d1000000000018340000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0xfffffffffffffffe, 0x29)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

7.12585ms ago: executing program 0 (id=733):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x5, 0x9, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10)
r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000020"], 0xfe44, 0x0)

6.33218ms ago: executing program 2 (id=734):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
pipe2$9p(0x0, 0x80000)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000740)=ANY=[], 0x15)
memfd_create(&(0x7f0000000880)='C\x13\xfc2\x95WD\xaa\xba^\x90\xfd\x8d\xc2\xb1[\x81\xda\xda\xd6\x8c\xc99\xec\x0e*||\xe4\xb3\xc4\xb6\v\xaa\x15\x86,\xac\x8d\x89cu\x10\xdc\x93\x9b\xb4\x93\xafE*:\xe4\xdd\xa5\xa75\xb8\x1e;7\xb7.V\xdcrw[\r\x98\x93j\x9c\xf6\xf8\x99\xefF_\xcd\xdf!b\xc5\xec\ntb\xff\b\xaaF?!\x9f\a\x1a\x03\f\xe94\x1deU\x06zS\xc9\xb4\xa7@\xa1\\B\xc2@\r_b\x9a\xeb\b\xa4(V\xd6/N\xc5\xc6f\xb1\x95Z\xe5w^\xd8\xe7J\x80\xf7\xae\xafuv\x84\x9eG\xd1\xe7\x9b\xf0_9\xc2\x9b\xfd\xc3\xf3\xe4\x95P\xf1m\xcf\xc2\xe1\xe6\xa6\x8c\x11\xfb\xb8S\x8b\x92\\\asW-Ee\x02\x00\x00\x00\xd0;Q\xc1~\x89\xec\xc8\x9b\x88\a\xf2\x93\x82(\x8b\x00\xd8\xb4T\x80\x95\x93i|\xc0\x00\x04\x00\x00\x00\x00\x00\x00v\xef\xee+\xab\x9c\x00^R\xb2n?i=\xbe\x16\x8a\xbf\xe3\xcdB\xed\xe14\xe8\xd0\xb7\xff\xfeQ\x1c\x85n8\x1b\xc1\b\x00\x00\x00\x00\x00\x00\x00\x17\x94\xdfW<GE\xf1\xe9\xf1q\x8c\xf0\xae\x98\x8c\xe0\xc1g}\xaeW\xaa\xa1\x90\x8c\n$\xa6\xbb\x10\xaf\xc7~\x11\x03<v\xe9\xc7K\xf6]\x11)u\xd3\x15\x01}\xe25$\xb0\x86v\x80\r\x9c\xb8\xe6\xd3(\xa0G2s\xa9&\xb3QU~u\x13\x05kKp\xa6&\x8eu\x1d\xb2\xa9!\xc9\xfa\xd0dG5\xcbf<}r\xab\x9c\xd9f6iN\xaa>\x92z\xbe\xb2R)\xf1K\xd7\xaf\x99\xf6d\xe8\xec\xb7\xbd+T3\xa6\xa9\xfaY-1qs\x82\xefn*\x96\xc9\x1e\xf4\xd1\x02Dt\xc0\x19\xf7\x89\x96.D [F\xeeYW\x95\x13\xc7;\xb5\x13^\x13\xaf\xf0C\x9c\xabf\x1daCS2\x02\xb0\xef\xc7\x8c\x9e\xed\a\n<V\xaa\xbfZ1\xa82\x85\x99\x0e$U\xb4X\xc7\xfa\f\b\x8f\xc4\xbeIt\xe4\xc51\xba\xb9H\xe8\x96\x94\xd7\xdc\x81\x111\t\xafl\x97\xd8T\xd40\x90ON\xaaFY\xb4\xb3\xf4\xf8JT\xc5:\xc5\aGc\xb5\x12\x90\x7f\x00\x91\xce@\xe5\xd3A\xcc\xd5|\x9f\x8e5\x042\x9a\xc1\xa1\a\xb7\xf5\xbc,\xd1\xd3k8\xc5\xefo\xb8\x8f]\x14\x1d', 0x0)
ioctl$LOOP_SET_STATUS(0xffffffffffffffff, 0x4c02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000f5ebd3d1000000000018340000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='devtmpfs\x00', 0x0, 0x0)
mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r5 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0xfffffffffffffffe, 0x29)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

0s ago: executing program 4 (id=735):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000202300800000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x93, &(0x7f00000003c0)=""/147, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000001880)={'wg1\x00', <r6=>0x0})
r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r7, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r6}, @WGDEVICE_A_PRIVATE_KEY={0x24}]}, 0x40}}, 0x0)
r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r8, &(0x7f0000000000)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r8, &(0x7f0000000100), 0x6)
recvmmsg(r8, &(0x7f0000000580)=[{{&(0x7f0000000080)=@nl=@unspec, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000100)=""/230, 0xe6}, {&(0x7f0000000240)=""/200, 0xc8}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f0000000400)=""/53, 0x35}, {&(0x7f0000000440)=""/119, 0x77}], 0x5, &(0x7f0000000540)=""/55, 0x37}}], 0x400000000000222, 0x12142, 0x0)
recvmsg(r8, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x0)
sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={0x40, r7, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a}, @WGDEVICE_A_IFINDEX={0x8, 0x1, r6}]}, 0x40}}, 0x0)

kernel console output (not intermixed with test programs):

  ? xfrm_netlink_rcv+0x90/0x90
[  125.031797][ T2048]  ? netlink_ack+0xb10/0xb10
[  125.036217][ T2048]  ? mutex_lock+0xb6/0x1e0
[  125.040475][ T2048]  ? wait_for_completion_killable_timeout+0x10/0x10
[  125.046896][ T2048]  ? __netlink_lookup+0x37b/0x3a0
[  125.051759][ T2048]  xfrm_netlink_rcv+0x72/0x90
[  125.056267][ T2048]  netlink_unicast+0x8df/0xac0
[  125.060874][ T2048]  ? netlink_detachskb+0x90/0x90
[  125.065646][ T2048]  ? security_netlink_send+0x7b/0xa0
[  125.070763][ T2048]  netlink_sendmsg+0xa0a/0xd20
[  125.075367][ T2048]  ? netlink_getsockopt+0x560/0x560
[  125.080400][ T2048]  ? security_socket_sendmsg+0x82/0xb0
[  125.085689][ T2048]  ? netlink_getsockopt+0x560/0x560
[  125.090900][ T2048]  ____sys_sendmsg+0x59e/0x8f0
[  125.095500][ T2048]  ? __sys_sendmsg_sock+0x40/0x40
[  125.100362][ T2048]  ? import_iovec+0xe5/0x120
[  125.104791][ T2048]  ___sys_sendmsg+0x252/0x2e0
[  125.109307][ T2048]  ? __sys_sendmsg+0x260/0x260
[  125.113911][ T2048]  ? __fdget+0x1bc/0x240
[  125.117978][ T2048]  __se_sys_sendmsg+0x19a/0x260
[  125.122665][ T2048]  ? __x64_sys_sendmsg+0x90/0x90
[  125.127442][ T2048]  ? ksys_write+0x260/0x2c0
[  125.131785][ T2048]  ? debug_smp_processor_id+0x17/0x20
[  125.136989][ T2048]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  125.142889][ T2048]  __x64_sys_sendmsg+0x7b/0x90
[  125.147492][ T2048]  x64_sys_call+0x16a/0x9a0
[  125.151827][ T2048]  do_syscall_64+0x3b/0xb0
[  125.156079][ T2048]  ? clear_bhb_loop+0x35/0x90
[  125.160595][ T2048]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  125.166323][ T2048] RIP: 0033:0x7fa9157e7ff9
[  125.170575][ T2048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  125.190022][ T2048] RSP: 002b:00007fa91441f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  125.198262][ T2048] RAX: ffffffffffffffda RBX: 00007fa9159a0130 RCX: 00007fa9157e7ff9
[  125.206075][ T2048] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003
[  125.213883][ T2048] RBP: 00007fa91441f090 R08: 0000000000000000 R09: 0000000000000000
[  125.221697][ T2048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  125.229513][ T2048] R13: 0000000000000000 R14: 00007fa9159a0130 R15: 00007ffd0a485b98
[  125.237325][ T2048]  </TASK>
[  125.267233][ T2047] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  125.667575][ T2069] loop2: detected capacity change from 0 to 256
[  126.127341][  T346] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  126.147356][  T454] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  126.365799][ T2088] loop1: detected capacity change from 0 to 40427
[  126.367356][  T346] usb 1-1: Using ep0 maxpacket: 8
[  126.379357][ T2088] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  126.386947][ T2088] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  126.397655][ T2088] F2FS-fs (loop1): Found nat_bits in checkpoint
[  126.430113][ T2088] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  126.437082][ T2088] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  126.461680][  T833] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  126.461701][  T833] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  126.469253][  T833] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  126.476607][  T833] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  126.484319][  T833] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  126.491844][  T833] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  126.499276][  T833] F2FS-fs (loop1): invalid namelen(0), ino:0, run fsck to fix.
[  126.527375][  T454] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[  126.552982][  T454] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  126.564142][  T454] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  126.567474][  T346] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  126.575913][  T454] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  126.592196][  T346] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  126.602468][  T454] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  126.615819][  T454] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  126.624413][  T454] usb 3-1: config 0 descriptor??
[  126.647402][ T2086] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  126.697483][ T2100] loop4: detected capacity change from 0 to 512
[  126.748451][ T2100] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  126.759876][ T2100] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  126.767777][ T2100] System zones: 1-12
[  126.773170][ T2100] EXT4-fs (loop4): 1 truncate cleaned up
[  126.778857][ T2100] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  126.797068][  T346] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  126.857011][  T346] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.865030][  T346] usb 1-1: Product: syz
[  126.869468][ T2107] loop1: detected capacity change from 0 to 1024
[  126.875661][  T346] usb 1-1: Manufacturer: Ῐ�⟌䓹�ᅽｯ㫈ᒒ⇔Ⳉ䶵��蒦䑬뾸璆쟸腇➇漤쪇輪ⴞ�꜠韬蘞럋⎞ᕞ��⟤谄ﶧﭾ딬㤄ḛ羋ᨂ�釾䕼뚪⠙�兩嚒袇꣣
[  126.895695][  T346] usb 1-1: SerialNumber: syz
[  127.158829][ T2084] UDC core: couldn't find an available UDC or it's busy: -16
[  127.159427][ T2107] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  127.169509][ T2084] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  127.178521][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.194728][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.202085][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.209262][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.216444][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.223761][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.230964][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.238165][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.245372][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.252801][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.260104][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.267439][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.274594][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.281906][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.320983][  T454] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0
[  127.331358][  T454] plantronics 0003:047F:FFFF.0007: No inputs registered, leaving
[  127.347940][  T454] plantronics 0003:047F:FFFF.0007: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  127.437417][  T346] usb 1-1: 0:2 : does not exist
[  127.447795][  T346] usb 1-1: USB disconnect, device number 15
[  127.459386][  T808] usb 3-1: USB disconnect, device number 13
[  127.780263][ T2132] loop4: detected capacity change from 0 to 128
[  128.082723][ T2132] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  128.093221][ T2132] ext4 filesystem being mounted at /94/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  129.560055][ T2154] incfs: ino conflict with backing FS 1
[  129.901695][ T2162] loop0: detected capacity change from 0 to 512
[  129.982502][ T2162] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  129.997870][ T2162] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  130.006080][ T2162] System zones: 1-12
[  130.021151][ T2173] loop4: detected capacity change from 0 to 512
[  130.032181][ T2162] EXT4-fs (loop0): 1 truncate cleaned up
[  130.037961][ T2162] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  130.086238][ T2176] loop1: detected capacity change from 0 to 1024
[  130.119165][ T2173] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  130.130641][ T2173] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038 (0x7fffffff)
[  130.159082][ T2173] FAULT_INJECTION: forcing a failure.
[  130.159082][ T2173] name failslab, interval 1, probability 0, space 0, times 0
[  130.171668][ T2173] CPU: 1 PID: 2173 Comm: syz.4.488 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  130.181225][ T2173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  130.191110][ T2173] Call Trace:
[  130.194323][ T2173]  <TASK>
[  130.197109][ T2173]  dump_stack_lvl+0x151/0x1c0
[  130.201612][ T2173]  ? io_uring_drop_tctx_refs+0x190/0x190
[  130.207084][ T2173]  ? stack_trace_save+0x113/0x1c0
[  130.211941][ T2173]  ? memset+0x35/0x40
[  130.215768][ T2173]  dump_stack+0x15/0x20
[  130.219754][ T2173]  should_fail+0x3c6/0x510
[  130.224006][ T2173]  __should_failslab+0xa4/0xe0
[  130.228608][ T2173]  ? __es_insert_extent+0x72a/0x17c0
[  130.233739][ T2173]  should_failslab+0x9/0x20
[  130.238079][ T2173]  slab_pre_alloc_hook+0x37/0xd0
[  130.242844][ T2173]  ? __es_insert_extent+0x72a/0x17c0
[  130.247963][ T2173]  kmem_cache_alloc+0x44/0x200
[  130.252568][ T2173]  __es_insert_extent+0x72a/0x17c0
[  130.257514][ T2173]  ? _raw_write_lock+0xa4/0x170
[  130.262202][ T2173]  ? _raw_write_trylock+0x1a0/0x1a0
[  130.267229][ T2173]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[  130.272872][ T2173]  ext4_es_insert_extent+0x5a2/0x2fe0
[  130.278089][ T2173]  ? bpf_trace_run1+0x1c0/0x1c0
[  130.282773][ T2173]  ? ext4_es_scan_clu+0x340/0x340
[  130.287631][ T2173]  ? __es_find_extent_range+0x286/0x5d0
[  130.293005][ T2173]  ? __bpf_trace_ext4_es_find_extent_range_exit+0x25/0x30
[  130.300071][ T2173]  ? ext4_es_find_extent_range+0x33a/0x360
[  130.305709][ T2173]  ? trace_ext4_ext_convert_to_initialized_fastpath+0x160/0x160
[  130.313180][ T2173]  ext4_ext_map_blocks+0x2674/0x7450
[  130.318301][ T2173]  ? down_read+0xd50/0x1900
[  130.322634][ T2173]  ? ext4_ext_release+0x10/0x10
[  130.327324][ T2173]  ? __down_common+0x550/0x550
[  130.331923][ T2173]  ? arch_stack_walk+0xf3/0x140
[  130.336609][ T2173]  ? _raw_read_unlock+0x25/0x40
[  130.341295][ T2173]  ? ext4_es_lookup_extent+0x33b/0x940
[  130.346590][ T2173]  ext4_map_blocks+0x408/0x1c70
[  130.351282][ T2173]  ? ext4_file_write_iter+0x443/0x1c80
[  130.356571][ T2173]  ? ksys_write+0x199/0x2c0
[  130.360920][ T2173]  ? __x64_sys_write+0x7b/0x90
[  130.365510][ T2173]  ? x64_sys_call+0x2f/0x9a0
[  130.369941][ T2173]  ? ext4_issue_zeroout+0x250/0x250
[  130.374973][ T2173]  _ext4_get_block+0x23b/0x660
[  130.379571][ T2173]  ? ext4_get_block+0x50/0x50
[  130.384088][ T2173]  ? slab_post_alloc_hook+0x72/0x2c0
[  130.389294][ T2173]  ext4_get_block+0x39/0x50
[  130.393635][ T2173]  ext4_block_write_begin+0x5ea/0x12a0
[  130.398933][ T2173]  ? ext4_es_is_delayed+0x40/0x40
[  130.403795][ T2173]  ? ext4_print_free_blocks+0x360/0x360
[  130.409171][ T2173]  ? ext4_write_begin+0x480/0x13d0
[  130.414147][ T2173]  ext4_write_begin+0x6bc/0x13d0
[  130.418898][ T2173]  ? bpf_trace_run3+0x123/0x250
[  130.423576][ T2173]  ? ext4_readahead+0x110/0x110
[  130.428265][ T2173]  ? down_read_trylock+0x3d6/0x7d0
[  130.433215][ T2173]  ? memset+0x35/0x40
[  130.437033][ T2173]  ? up_read+0x5d/0x220
[  130.441025][ T2173]  ? irqentry_exit+0x30/0x40
[  130.445467][ T2173]  ? exc_page_fault+0x47a/0x7f0
[  130.450140][ T2173]  ext4_da_write_begin+0x4a2/0xc30
[  130.455085][ T2173]  ? ext4_set_page_dirty+0x1a0/0x1a0
[  130.460205][ T2173]  ? fault_in_readable+0x106/0x2e0
[  130.465155][ T2173]  ? __get_user_nocheck_1+0x6/0x10
[  130.470100][ T2173]  ? fault_in_readable+0x1d5/0x2e0
[  130.475045][ T2173]  ? fault_in_safe_writeable+0x240/0x240
[  130.480516][ T2173]  ? current_time+0x1dc/0x300
[  130.485030][ T2173]  generic_perform_write+0x2bc/0x5a0
[  130.490151][ T2173]  ? grab_cache_page_write_begin+0xa0/0xa0
[  130.495793][ T2173]  ? __kasan_check_write+0x14/0x20
[  130.500735][ T2173]  ? _raw_spin_lock_irqsave+0xf9/0x210
[  130.506031][ T2173]  ? generic_write_checks+0x3b9/0x470
[  130.511240][ T2173]  ext4_buffered_write_iter+0x48a/0x610
[  130.516620][ T2173]  ext4_file_write_iter+0x443/0x1c80
[  130.521742][ T2173]  ? kstrtol_from_user+0x310/0x310
[  130.526688][ T2173]  ? bpf_probe_read_compat+0x10b/0x180
[  130.531985][ T2173]  ? avc_policy_seqno+0x1b/0x70
[  130.536675][ T2173]  ? ext4_file_read_iter+0x4b0/0x4b0
[  130.541789][ T2173]  ? fsnotify_perm+0x6a/0x5b0
[  130.546305][ T2173]  ? iov_iter_init+0x53/0x190
[  130.550817][ T2173]  vfs_write+0xd5d/0x1110
[  130.554983][ T2173]  ? __traceiter_kmem_cache_free+0x32/0x50
[  130.560626][ T2173]  ? file_end_write+0x1c0/0x1c0
[  130.565312][ T2173]  ? mutex_lock+0xb6/0x1e0
[  130.569565][ T2173]  ? wait_for_completion_killable_timeout+0x10/0x10
[  130.575988][ T2173]  ? __fdget_pos+0x2e7/0x3a0
[  130.580419][ T2173]  ? ksys_write+0x77/0x2c0
[  130.584669][ T2173]  ksys_write+0x199/0x2c0
[  130.588835][ T2173]  ? __ia32_sys_read+0x90/0x90
[  130.593433][ T2173]  ? debug_smp_processor_id+0x17/0x20
[  130.598643][ T2173]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  130.604545][ T2173]  __x64_sys_write+0x7b/0x90
[  130.609073][ T2173]  x64_sys_call+0x2f/0x9a0
[  130.613330][ T2173]  do_syscall_64+0x3b/0xb0
[  130.617578][ T2173]  ? clear_bhb_loop+0x35/0x90
[  130.622091][ T2173]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  130.627842][ T2173] RIP: 0033:0x7f5697305ff9
[  130.632084][ T2173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  130.651515][ T2173] RSP: 002b:00007f5695f7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  130.659758][ T2173] RAX: ffffffffffffffda RBX: 00007f56974bdf80 RCX: 00007f5697305ff9
[  130.667570][ T2173] RDX: 0000000000001001 RSI: 0000000020000100 RDI: 0000000000000006
[  130.675489][ T2173] RBP: 00007f5695f7f090 R08: 0000000000000000 R09: 0000000000000000
[  130.683303][ T2173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  130.691113][ T2173] R13: 0000000000000000 R14: 00007f56974bdf80 R15: 00007fffe4a26a38
[  130.698928][ T2173]  </TASK>
[  130.966419][ T2187] loop3: detected capacity change from 0 to 512
[  131.021709][ T2176] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  131.097711][ T2187] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  131.108723][ T2187] ext4 filesystem being mounted at /17/bus supports timestamps until 2038 (0x7fffffff)
[  131.379927][ T2198] loop0: detected capacity change from 0 to 1024
[  131.439378][ T2198] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  131.457477][   T30] kauditd_printk_skb: 34 callbacks suppressed
[  131.457492][   T30] audit: type=1400 audit(1728859684.216:486): avc:  denied  { map } for  pid=2196 comm="syz.0.494" path="/113/file1/memory.events" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  131.612437][ T2210] loop3: detected capacity change from 0 to 16
[  131.626112][ T2195] loop4: detected capacity change from 0 to 40427
[  131.696923][ T2211] FAULT_INJECTION: forcing a failure.
[  131.696923][ T2211] name failslab, interval 1, probability 0, space 0, times 0
[  131.709363][ T2211] CPU: 1 PID: 2211 Comm: syz.1.495 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  131.718973][ T2211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  131.728873][ T2211] Call Trace:
[  131.732000][ T2211]  <TASK>
[  131.734769][ T2211]  dump_stack_lvl+0x151/0x1c0
[  131.739283][ T2211]  ? io_uring_drop_tctx_refs+0x190/0x190
[  131.744845][ T2211]  ? fib_table_lookup+0x1046/0x1c90
[  131.749878][ T2211]  dump_stack+0x15/0x20
[  131.753863][ T2211]  should_fail+0x3c6/0x510
[  131.758121][ T2211]  __should_failslab+0xa4/0xe0
[  131.762744][ T2211]  ? __alloc_skb+0xbe/0x550
[  131.767056][ T2211]  should_failslab+0x9/0x20
[  131.771398][ T2211]  slab_pre_alloc_hook+0x37/0xd0
[  131.776174][ T2211]  ? __alloc_skb+0xbe/0x550
[  131.780509][ T2211]  kmem_cache_alloc+0x44/0x200
[  131.785110][ T2211]  __alloc_skb+0xbe/0x550
[  131.789798][ T2211]  arp_create+0xe3/0x8b0
[  131.793882][ T2211]  arp_send_dst+0x8e/0x260
[  131.798132][ T2211]  arp_solicit+0x716/0x900
[  131.802388][ T2211]  ? arp_ifdown+0x20/0x20
[  131.806553][ T2211]  ? skb_clone+0x205/0x360
[  131.810829][ T2211]  ? arp_ifdown+0x20/0x20
[  131.811976][ T2210] erofs: (device loop3): mounted with root inode @ nid 36.
[  131.814969][ T2211]  __neigh_event_send+0xc4b/0x1160
[  131.814997][ T2211]  neigh_resolve_output+0x1cf/0x760
[  131.832065][ T2211]  ? ip_neigh_gw4+0x265/0x340
[  131.836579][ T2211]  ? ip_finish_output2+0xf60/0xf60
[  131.837404][ T2195] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  131.841525][ T2211]  ? preempt_schedule_irq+0xe7/0x140
[  131.841552][ T2211]  ? __cond_resched+0x20/0x20
[  131.851023][ T2195] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  131.854195][ T2211]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[  131.860549][ T2195] F2FS-fs (loop4): invalid crc value
[  131.866697][ T2211]  ip_finish_output2+0xbe3/0xf60
[  131.866723][ T2211]  ? irqentry_exit+0x30/0x40
[  131.887009][ T2211]  ? sysvec_reschedule_ipi+0x7d/0x150
[  131.892213][ T2211]  ? ip_fragment+0x210/0x210
[  131.896640][ T2211]  ? ip_output+0x3d7/0x420
[  131.900892][ T2211]  ? ip_skb_dst_mtu+0x420/0x630
[  131.905578][ T2211]  __ip_finish_output+0x162/0x360
[  131.910442][ T2211]  ip_finish_output+0x31/0x210
[  131.915154][ T2211]  ? ip_output+0x3e1/0x420
[  131.919466][ T2211]  ip_output+0x1d6/0x420
[  131.923548][ T2211]  ? ip_finish_output+0x210/0x210
[  131.928404][ T2211]  ? ip_mc_finish_output+0x3c0/0x3c0
[  131.933535][ T2211]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  131.938996][ T2211]  ? udp4_hwcsum+0x25b/0x400
[  131.943423][ T2211]  ip_send_skb+0xb0/0x140
[  131.947587][ T2211]  udp_send_skb+0x9ae/0x12e0
[  131.952017][ T2211]  udp_sendmsg+0x1d00/0x2aa0
[  131.956531][ T2211]  ? ip_skb_dst_mtu+0x630/0x630
[  131.961214][ T2211]  ? udp_cmsg_send+0x3a0/0x3a0
[  131.965814][ T2211]  ? udp_lib_get_port+0x1584/0x19f0
[  131.970860][ T2211]  ? release_sock+0x163/0x1b0
[  131.975362][ T2211]  ? inet_send_prepare+0x1b8/0x4a0
[  131.980309][ T2211]  inet_sendmsg+0xa1/0xc0
[  131.984473][ T2211]  ? inet_send_prepare+0x4a0/0x4a0
[  131.989529][ T2211]  ____sys_sendmsg+0x59e/0x8f0
[  131.994126][ T2211]  ? __sys_sendmsg_sock+0x40/0x40
[  131.998985][ T2211]  ? finish_task_switch+0x167/0x7b0
[  132.004021][ T2211]  ? import_iovec+0xe5/0x120
[  132.008445][ T2211]  ___sys_sendmsg+0x252/0x2e0
[  132.012958][ T2211]  ? release_firmware_map_entry+0x190/0x190
[  132.018689][ T2211]  ? __sys_sendmsg+0x260/0x260
[  132.023288][ T2211]  ? preempt_schedule_irq+0xe7/0x140
[  132.028411][ T2211]  ? __cond_resched+0x20/0x20
[  132.032922][ T2211]  ? sysvec_reschedule_ipi+0x7d/0x150
[  132.038131][ T2211]  ? __fdget+0x1bc/0x240
[  132.042210][ T2211]  __sys_sendmmsg+0x2bf/0x530
[  132.046745][ T2211]  ? __ia32_sys_sendmsg+0x90/0x90
[  132.051582][ T2211]  ? __kasan_check_read+0x11/0x20
[  132.056440][ T2211]  ? preempt_schedule_irq+0xe7/0x140
[  132.061564][ T2211]  ? irqentry_exit_cond_resched+0x2a/0x30
[  132.067203][ T2211]  ? irqentry_exit+0x30/0x40
[  132.071645][ T2211]  ? __secure_computing+0xf0/0x300
[  132.076579][ T2211]  __x64_sys_sendmmsg+0xa0/0xb0
[  132.081265][ T2211]  x64_sys_call+0x81d/0x9a0
[  132.085605][ T2211]  do_syscall_64+0x3b/0xb0
[  132.089865][ T2211]  ? clear_bhb_loop+0x35/0x90
[  132.094384][ T2211]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  132.100101][ T2211] RIP: 0033:0x7f2d46e18ff9
[  132.104355][ T2211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  132.124179][ T2211] RSP: 002b:00007f2d45a50038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  132.132421][ T2211] RAX: ffffffffffffffda RBX: 00007f2d46fd1130 RCX: 00007f2d46e18ff9
[  132.140320][ T2211] RDX: 0000000000000001 RSI: 00000000200016c0 RDI: 0000000000000008
[  132.148247][ T2211] RBP: 00007f2d45a50090 R08: 0000000000000000 R09: 0000000000000000
[  132.156063][ T2211] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000001
[  132.163868][ T2211] R13: 0000000000000000 R14: 00007f2d46fd1130 R15: 00007ffd69ed3e68
[  132.171711][ T2211]  </TASK>
[  132.242246][ T2195] F2FS-fs (loop4): Found nat_bits in checkpoint
[  132.334209][ T2195] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  132.361139][ T2195] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  132.635446][ T2226] loop1: detected capacity change from 0 to 512
[  132.656212][ T2226] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  132.678856][ T2226] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  132.688828][ T2226] System zones: 1-12
[  132.693966][ T2226] EXT4-fs (loop1): 1 truncate cleaned up
[  132.699887][ T2226] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  132.799693][ T2230] loop3: detected capacity change from 0 to 512
[  132.848199][ T2230] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  132.899515][ T2230] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  132.909038][ T2230] System zones: 1-12
[  132.917688][ T2230] EXT4-fs (loop3): 1 truncate cleaned up
[  132.929246][ T2230] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  134.776666][ T2270] netlink: 'syz.2.510': attribute type 1 has an invalid length.
[  135.067409][  T808] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  135.076835][ T2281] FAULT_INJECTION: forcing a failure.
[  135.076835][ T2281] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  135.093162][   T30] audit: type=1400 audit(1728859687.836:487): avc:  denied  { shutdown } for  pid=2271 comm="syz.0.511" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  135.114228][ T2281] CPU: 1 PID: 2281 Comm: syz.0.511 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  135.123857][ T2281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  135.133752][ T2281] Call Trace:
[  135.136876][ T2281]  <TASK>
[  135.139657][ T2281]  dump_stack_lvl+0x151/0x1c0
[  135.144178][ T2281]  ? io_uring_drop_tctx_refs+0x190/0x190
[  135.149638][ T2281]  ? __sys_recvmsg_sock+0x50/0x50
[  135.154519][ T2281]  dump_stack+0x15/0x20
[  135.158493][ T2281]  should_fail+0x3c6/0x510
[  135.162744][ T2281]  should_fail_usercopy+0x1a/0x20
[  135.167604][ T2281]  _copy_from_user+0x20/0xd0
[  135.172031][ T2281]  ___sys_recvmsg+0x150/0x690
[  135.176545][ T2281]  ? __sys_recvmsg+0x260/0x260
[  135.181154][ T2281]  ? __fdget+0x1bc/0x240
[  135.185220][ T2281]  ? do_recvmmsg+0x160/0x8b0
[  135.189744][ T2281]  do_recvmmsg+0x36b/0x8b0
[  135.193999][ T2281]  ? __sys_recvmmsg+0x270/0x270
[  135.198687][ T2281]  ? mutex_unlock+0xb2/0x260
[  135.203112][ T2281]  ? wait_for_completion_killable_timeout+0x10/0x10
[  135.209535][ T2281]  ? fput_many+0x160/0x1b0
[  135.213786][ T2281]  ? ksys_write+0x260/0x2c0
[  135.218127][ T2281]  __x64_sys_recvmmsg+0x195/0x240
[  135.222989][ T2281]  ? do_recvmmsg+0x8b0/0x8b0
[  135.227524][ T2281]  ? debug_smp_processor_id+0x17/0x20
[  135.232748][ T2281]  ? exit_to_user_mode_prepare+0x39/0xa0
[  135.238299][ T2281]  x64_sys_call+0x7e5/0x9a0
[  135.242995][ T2281]  do_syscall_64+0x3b/0xb0
[  135.247238][ T2281]  ? clear_bhb_loop+0x35/0x90
[  135.251749][ T2281]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  135.257570][ T2281] RIP: 0033:0x7f57a2e81ff9
[  135.261823][ T2281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  135.281260][ T2281] RSP: 002b:00007f57a1ada038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  135.289516][ T2281] RAX: ffffffffffffffda RBX: 00007f57a303a058 RCX: 00007f57a2e81ff9
[  135.297326][ T2281] RDX: 0000000000000f00 RSI: 00000000200004c0 RDI: 0000000000000005
[  135.305128][ T2281] RBP: 00007f57a1ada090 R08: 0000000000000000 R09: 0000000000000000
[  135.312940][ T2281] R10: 0000000000000500 R11: 0000000000000246 R12: 0000000000000001
[  135.320751][ T2281] R13: 0000000000000000 R14: 00007f57a303a058 R15: 00007ffe5ef65c28
[  135.328571][ T2281]  </TASK>
[  135.465577][ T2295] loop4: detected capacity change from 0 to 256
[  135.550173][ T2295] exFAT-fs (loop4): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  135.677875][   T30] audit: type=1400 audit(1728859688.446:488): avc:  denied  { ioctl } for  pid=2296 comm="syz.0.519" path="socket:[23652]" dev="sockfs" ino=23652 ioctlcmd=0x8943 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  135.697440][  T808] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  135.713266][  T808] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  135.723183][  T808] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  135.741419][  T808] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  135.750418][  T808] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  135.762514][  T808] usb 4-1: config 0 descriptor??
[  135.854719][ T2301] binder: BINDER_SET_CONTEXT_MGR already set
[  135.859457][ T2303] syz.2.521[2303] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  135.860595][ T2303] syz.2.521[2303] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  135.868273][ T2301] binder: 2299:2301 ioctl 4018620d 200001c0 returned -16
[  135.951020][ T2304] FAULT_INJECTION: forcing a failure.
[  135.951020][ T2304] name failslab, interval 1, probability 0, space 0, times 0
[  135.963510][ T2304] CPU: 1 PID: 2304 Comm: syz.4.518 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  135.973082][ T2304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  135.983077][ T2304] Call Trace:
[  135.986195][ T2304]  <TASK>
[  135.988977][ T2304]  dump_stack_lvl+0x151/0x1c0
[  135.993577][ T2304]  ? io_uring_drop_tctx_refs+0x190/0x190
[  135.999043][ T2304]  ? __schedule+0xcd4/0x1590
[  136.003468][ T2304]  dump_stack+0x15/0x20
[  136.007459][ T2304]  should_fail+0x3c6/0x510
[  136.011713][ T2304]  __should_failslab+0xa4/0xe0
[  136.016315][ T2304]  should_failslab+0x9/0x20
[  136.020653][ T2304]  slab_pre_alloc_hook+0x37/0xd0
[  136.025427][ T2304]  __kmalloc+0x6d/0x270
[  136.029418][ T2304]  ? fib_nl2rule+0x367/0x1b10
[  136.033936][ T2304]  fib_nl2rule+0x367/0x1b10
[  136.038275][ T2304]  ? irqentry_exit+0x30/0x40
[  136.042699][ T2304]  ? sysvec_reschedule_ipi+0x7d/0x150
[  136.047906][ T2304]  ? fib_nl_newrule+0x1f60/0x1f60
[  136.052768][ T2304]  fib_nl_delrule+0x551/0x1e90
[  136.057372][ T2304]  ? __schedule+0xcd4/0x1590
[  136.061795][ T2304]  ? release_firmware_map_entry+0x190/0x190
[  136.067522][ T2304]  ? irqentry_exit_cond_resched+0x2a/0x30
[  136.073079][ T2304]  ? notify_rule_change+0x220/0x220
[  136.078109][ T2304]  ? __kasan_check_read+0x11/0x20
[  136.082971][ T2304]  ? preempt_schedule_irq+0xe7/0x140
[  136.088126][ T2304]  ? __cond_resched+0x20/0x20
[  136.092607][ T2304]  ? notify_rule_change+0x220/0x220
[  136.097638][ T2304]  ? rtnetlink_rcv_msg+0x4e0/0xc40
[  136.102587][ T2304]  ? rtnetlink_rcv_msg+0x940/0xc40
[  136.107532][ T2304]  ? notify_rule_change+0x220/0x220
[  136.112567][ T2304]  rtnetlink_rcv_msg+0x951/0xc40
[  136.117341][ T2304]  ? rtnetlink_bind+0x80/0x80
[  136.121862][ T2304]  ? compat_start_thread+0x20/0x20
[  136.126890][ T2304]  ? bpf_trace_run2+0x210/0x210
[  136.131587][ T2304]  ? __this_cpu_preempt_check+0x13/0x20
[  136.136962][ T2304]  ? tracing_record_taskinfo_sched_switch+0x84/0x390
[  136.143468][ T2304]  ? _raw_spin_unlock+0x4d/0x70
[  136.148152][ T2304]  ? finish_task_switch+0x167/0x7b0
[  136.153294][ T2304]  ? __kasan_check_write+0x14/0x20
[  136.158238][ T2304]  ? _raw_spin_lock+0xa4/0x1b0
[  136.162838][ T2304]  ? _raw_spin_trylock_bh+0x190/0x190
[  136.168044][ T2304]  ? _raw_spin_unlock_irqrestore+0x5c/0x80
[  136.173773][ T2304]  ? rcu_preempt_deferred_qs_irqrestore+0x709/0x9f0
[  136.180196][ T2304]  netlink_rcv_skb+0x1cf/0x410
[  136.184796][ T2304]  ? rtnetlink_bind+0x80/0x80
[  136.189308][ T2304]  ? netlink_ack+0xb10/0xb10
[  136.193738][ T2304]  ? irqentry_exit+0x30/0x40
[  136.198266][ T2304]  ? asm_sysvec_reschedule_ipi+0x1b/0x20
[  136.203719][ T2304]  rtnetlink_rcv+0x1c/0x20
[  136.208055][ T2304]  netlink_unicast+0x8df/0xac0
[  136.212656][ T2304]  ? netlink_detachskb+0x90/0x90
[  136.217432][ T2304]  ? security_netlink_send+0x7b/0xa0
[  136.222552][ T2304]  netlink_sendmsg+0xa0a/0xd20
[  136.227156][ T2304]  ? netlink_getsockopt+0x560/0x560
[  136.232185][ T2304]  ? ____sys_sendmsg+0x525/0x8f0
[  136.236959][ T2304]  ? netlink_getsockopt+0x560/0x560
[  136.241993][ T2304]  ____sys_sendmsg+0x59e/0x8f0
[  136.246599][ T2304]  ? __sys_sendmsg_sock+0x40/0x40
[  136.251547][ T2304]  ? import_iovec+0xe5/0x120
[  136.255969][ T2304]  ___sys_sendmsg+0x252/0x2e0
[  136.260486][ T2304]  ? __sys_sendmsg+0x260/0x260
[  136.265088][ T2304]  ? __switch_to+0x62a/0x1190
[  136.269597][ T2304]  ? array_map_lookup_elem+0xc5/0x140
[  136.274810][ T2304]  ? __fdget+0x1bc/0x240
[  136.278882][ T2304]  __se_sys_sendmsg+0x19a/0x260
[  136.283577][ T2304]  ? __x64_sys_sendmsg+0x90/0x90
[  136.288339][ T2304]  ? ksys_write+0x260/0x2c0
[  136.292685][ T2304]  ? __kasan_check_write+0x14/0x20
[  136.297626][ T2304]  ? switch_fpu_return+0x15f/0x2e0
[  136.302580][ T2304]  __x64_sys_sendmsg+0x7b/0x90
[  136.307178][ T2304]  x64_sys_call+0x16a/0x9a0
[  136.311603][ T2304]  do_syscall_64+0x3b/0xb0
[  136.315776][ T2304]  ? clear_bhb_loop+0x35/0x90
[  136.320287][ T2304]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  136.326017][ T2304] RIP: 0033:0x7f5697305ff9
[  136.330265][ T2304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  136.349792][ T2304] RSP: 002b:00007f5695f3d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  136.358147][ T2304] RAX: ffffffffffffffda RBX: 00007f56974be130 RCX: 00007f5697305ff9
[  136.366050][ T2304] RDX: 0000000000000000 RSI: 0000000020000300 RDI: 0000000000000008
[  136.373855][ T2304] RBP: 00007f5695f3d090 R08: 0000000000000000 R09: 0000000000000000
[  136.381669][ T2304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  136.389478][ T2304] R13: 0000000000000000 R14: 00007f56974be130 R15: 00007fffe4a26a38
[  136.397298][ T2304]  </TASK>
[  136.882902][  T808] prodikeys 0003:041E:2801.0008: unexpected long global item
[  136.980442][  T808] prodikeys 0003:041E:2801.0008: hid parse failed
[  137.009926][  T808] prodikeys: probe of 0003:041E:2801.0008 failed with error -22
[  137.163544][ T2275] loop3: detected capacity change from 0 to 512
[  137.220911][ T2315] loop0: detected capacity change from 0 to 40427
[  137.238358][ T2275] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  137.248393][ T2275] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e12c, mo2=0002]
[  137.265140][ T2275] EXT4-fs (loop3): orphan cleanup on readonly fs
[  137.277572][ T2275] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.512: bg 0: block 361: padding at end of block bitmap is not set
[  137.296256][ T2275] EXT4-fs (loop3): Remounting filesystem read-only
[  137.303212][ T2275] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6185: Corrupt filesystem
[  137.314526][ T2275] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.512: attempt to clear invalid blocks 33619980 len 1
[  137.330721][ T2275] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.512: invalid indirect mapped block 1811939328 (level 0)
[  137.345016][ T2275] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.512: invalid indirect mapped block 2185560079 (level 1)
[  137.360537][ T2315] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  137.368637][ T2315] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  137.374214][ T2275] EXT4-fs (loop3): 1 truncate cleaned up
[  137.383057][ T2275] EXT4-fs (loop3): mounted filesystem without journal. Opts: noload,noblock_validity,discard,errors=remount-ro,inode_readahead_blks=0x0000000000000000. Quota mode: none.
[  137.404494][  T454] usb 4-1: USB disconnect, device number 9
[  137.415025][ T2315] F2FS-fs (loop0): Found nat_bits in checkpoint
[  137.563964][ T2315] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  137.570867][ T2315] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  138.019656][ T2350] loop3: detected capacity change from 0 to 1024
[  138.104523][ T2350] loop3: detected capacity change from 0 to 512
[  138.120912][ T2345] loop4: detected capacity change from 0 to 40427
[  138.139960][ T2350] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  138.150857][ T2350] ext4 filesystem being mounted at /23/bus supports timestamps until 2038 (0x7fffffff)
[  138.168381][ T2345] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  138.176234][ T2345] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  138.200461][ T2345] F2FS-fs (loop4): Found nat_bits in checkpoint
[  138.237346][  T454] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  138.264910][ T2345] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  138.283822][ T2345] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  138.578726][  T808] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  138.590307][ T2345] FAULT_INJECTION: forcing a failure.
[  138.590307][ T2345] name failslab, interval 1, probability 0, space 0, times 0
[  138.602897][ T2345] CPU: 1 PID: 2345 Comm: syz.4.531 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  138.612523][ T2345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  138.622418][ T2345] Call Trace:
[  138.625553][ T2345]  <TASK>
[  138.628317][ T2345]  dump_stack_lvl+0x151/0x1c0
[  138.632830][ T2345]  ? io_uring_drop_tctx_refs+0x190/0x190
[  138.638300][ T2345]  dump_stack+0x15/0x20
[  138.642293][ T2345]  should_fail+0x3c6/0x510
[  138.646630][ T2345]  __should_failslab+0xa4/0xe0
[  138.651246][ T2345]  ? __alloc_file+0x29/0x2a0
[  138.655667][ T2345]  should_failslab+0x9/0x20
[  138.660006][ T2345]  slab_pre_alloc_hook+0x37/0xd0
[  138.664776][ T2345]  ? __alloc_file+0x29/0x2a0
[  138.669198][ T2345]  kmem_cache_alloc+0x44/0x200
[  138.673797][ T2345]  __alloc_file+0x29/0x2a0
[  138.678050][ T2345]  alloc_empty_file+0x95/0x180
[  138.682650][ T2345]  path_openat+0xfe/0x2f40
[  138.686901][ T2345]  ? stack_trace_snprint+0xf0/0xf0
[  138.691849][ T2345]  ? kmem_cache_free+0x116/0x2e0
[  138.696625][ T2345]  ? __kasan_slab_alloc+0xc3/0xe0
[  138.701493][ T2345]  ? __kasan_slab_alloc+0xb1/0xe0
[  138.706346][ T2345]  ? slab_post_alloc_hook+0x53/0x2c0
[  138.711467][ T2345]  ? kmem_cache_alloc+0xf5/0x200
[  138.716248][ T2345]  ? getname_flags+0xba/0x520
[  138.720751][ T2345]  ? getname+0x19/0x20
[  138.724656][ T2345]  ? do_sys_openat2+0xd7/0x820
[  138.729259][ T2345]  ? __x64_sys_openat+0x243/0x290
[  138.734120][ T2345]  ? x64_sys_call+0x6bf/0x9a0
[  138.738632][ T2345]  ? do_syscall_64+0x3b/0xb0
[  138.743057][ T2345]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  138.748963][ T2345]  ? do_filp_open+0x460/0x460
[  138.753563][ T2345]  do_filp_open+0x21c/0x460
[  138.757900][ T2345]  ? vfs_tmpfile+0x2c0/0x2c0
[  138.762344][ T2345]  do_sys_openat2+0x13f/0x820
[  138.766945][ T2345]  ? wait_for_completion_killable_timeout+0x10/0x10
[  138.773364][ T2345]  ? __mutex_lock_slowpath+0x10/0x10
[  138.778485][ T2345]  ? do_sys_open+0x220/0x220
[  138.782906][ T2345]  ? __kasan_check_write+0x14/0x20
[  138.787957][ T2345]  ? ksys_write+0x260/0x2c0
[  138.792294][ T2345]  __x64_sys_openat+0x243/0x290
[  138.796968][ T2345]  ? __ia32_sys_open+0x270/0x270
[  138.801744][ T2345]  ? debug_smp_processor_id+0x17/0x20
[  138.806950][ T2345]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  138.812851][ T2345]  ? exit_to_user_mode_prepare+0x39/0xa0
[  138.818319][ T2345]  x64_sys_call+0x6bf/0x9a0
[  138.822660][ T2345]  do_syscall_64+0x3b/0xb0
[  138.826910][ T2345]  ? clear_bhb_loop+0x35/0x90
[  138.831427][ T2345]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  138.837157][ T2345] RIP: 0033:0x7f5697304990
[  138.841408][ T2345] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 19 8f 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 6c 8f 02 00 8b 44
[  138.860849][ T2345] RSP: 002b:00007f5695f7eb70 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  138.869095][ T2345] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f5697304990
[  138.876904][ T2345] RDX: 0000000000000000 RSI: 00007f5695f7ec10 RDI: 00000000ffffff9c
[  138.884718][ T2345] RBP: 00007f5695f7ec10 R08: 0000000000000000 R09: 00236e6f6d627375
[  138.892528][ T2345] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  138.900341][ T2345] R13: 0000000000000000 R14: 00007f56974bdf80 R15: 00007fffe4a26a38
[  138.908156][ T2345]  </TASK>
[  138.919410][ T2369] Illegal XDP return value 4294967283, expect packet loss!
[  139.067420][  T454] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00
[  139.076435][  T454] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.089448][  T454] usb 1-1: config 0 descriptor??
[  139.239257][ T2376] incfs: ino conflict with backing FS 1
[  139.565683][  T808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  139.576861][  T808] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  139.586681][  T808] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  139.600056][  T808] usb 2-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10
[  139.610122][  T808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.618857][  T808] usb 2-1: config 0 descriptor??
[  140.051511][ T2347] loop0: detected capacity change from 0 to 256
[  140.078487][ T2347] FAT-fs (loop0): Unrecognized mount option "time_offset=0x0000000000000e	e0®{1fa" or missing value
[  140.177147][ T2388] loop2: detected capacity change from 0 to 40427
[  140.228028][ T2388] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  140.235687][ T2388] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  140.244167][ T2388] F2FS-fs (loop2): Unrecognized mount option "18446744073709551615" or missing value
[  140.268666][  T808] prodikeys 0003:041E:2801.0009: unknown main item tag 0x0
[  140.275802][  T808] prodikeys 0003:041E:2801.0009: unknown main item tag 0x0
[  140.282822][  T808] prodikeys 0003:041E:2801.0009: unknown main item tag 0x0
[  140.289820][  T808] prodikeys 0003:041E:2801.0009: unknown main item tag 0x0
[  140.296809][  T808] prodikeys 0003:041E:2801.0009: unknown main item tag 0x0
[  140.337049][  T808] prodikeys 0003:041E:2801.0009: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.1-1/input0
[  140.641539][ T2352] loop1: detected capacity change from 0 to 40427
[  140.660632][ T2352] F2FS-fs (loop1): Invalid SB checksum offset: 0
[  140.666790][ T2352] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  140.679840][ T2352] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  140.690891][    T6] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  140.719545][ T2352] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  140.726600][ T2352] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  140.742393][ T2399] attempt to access beyond end of device
[  140.742393][ T2399] loop1: rw=2049, want=45104, limit=40427
[  140.758425][   T30] audit: type=1400 audit(1728859693.526:489): avc:  denied  { append } for  pid=2351 comm="syz.1.533" name="kvm" dev="devtmpfs" ino=82 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  140.803671][ T1161] usb 2-1: USB disconnect, device number 6
[  141.077425][    T6] usb 5-1: config 1 has an invalid descriptor of length 209, skipping remainder of the config
[  141.087715][    T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  141.096628][    T6] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  141.267438][    T6] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  141.283587][    T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.295409][    T6] usb 5-1: Product: syz
[  141.299648][    T6] usb 5-1: Manufacturer: ä Š
[  141.322663][    T6] usb 5-1: SerialNumber: syz
[  141.357402][ T2395] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  141.364356][  T454] usbhid 1-1:0.0: can't add hid device: -71
[  141.370388][  T454] usbhid: probe of 1-1:0.0 failed with error -71
[  141.383418][  T454] usb 1-1: USB disconnect, device number 16
[  141.481341][ T2419] loop2: detected capacity change from 0 to 128
[  141.492928][ T2415] pit: kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  141.567888][ T2419] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  141.580020][ T2419] ext4 filesystem being mounted at /95/mnt supports timestamps until 2038 (0x7fffffff)
[  141.596226][ T2419] fscrypt: loop2: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  141.898700][ T2437] loop0: detected capacity change from 0 to 128
[  142.238743][ T2447] syz.0.555[2447] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  142.238827][ T2447] syz.0.555[2447] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  142.267908][ T2449] loop0: detected capacity change from 0 to 256
[  142.300615][ T2449] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  142.321104][   T30] audit: type=1400 audit(1728859695.086:490): avc:  denied  { rename } for  pid=2448 comm="syz.0.556" name="file2" dev="loop0" ino=1048618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  142.513578][ T2454] loop1: detected capacity change from 0 to 512
[  142.575244][ T2454] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  142.611621][ T2454] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  142.894144][ T2454] System zones: 1-12
[  142.953034][ T2454] EXT4-fs (loop1): 1 truncate cleaned up
[  142.954145][ T2463] loop2: detected capacity change from 0 to 128
[  142.958816][ T2454] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  142.986552][ T2463] EXT4-fs (loop2): VFS: Found ext4 filesystem with invalid superblock checksum.  Run e2fsck?
[  143.525812][ T2475] loop1: detected capacity change from 0 to 128
[  143.628406][ T2475] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  143.642263][ T2475] ext4 filesystem being mounted at /95/mnt supports timestamps until 2038 (0x7fffffff)
[  143.659198][ T2475] fscrypt: loop1: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  144.060922][ T2480] loop3: detected capacity change from 0 to 2048
[  144.227467][ T2480] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  144.375149][ T2486] loop2: detected capacity change from 0 to 128
[  144.390264][ T2486] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  144.401140][ T2486] ext4 filesystem being mounted at /98/mnt supports timestamps until 2038 (0x7fffffff)
[  144.478030][ T2486] fscrypt: loop2: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  144.687923][ T2497] FAULT_INJECTION: forcing a failure.
[  144.687923][ T2497] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  144.916957][ T2497] CPU: 1 PID: 2497 Comm: syz.2.565 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  144.926704][ T2497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  144.936596][ T2497] Call Trace:
[  144.939720][ T2497]  <TASK>
[  144.942496][ T2497]  dump_stack_lvl+0x151/0x1c0
[  144.947010][ T2497]  ? io_uring_drop_tctx_refs+0x190/0x190
[  144.952483][ T2497]  dump_stack+0x15/0x20
[  144.956470][ T2497]  should_fail+0x3c6/0x510
[  144.960723][ T2497]  should_fail_usercopy+0x1a/0x20
[  144.965580][ T2497]  strncpy_from_user+0x24/0x2d0
[  144.970266][ T2497]  ? kmem_cache_alloc+0xf5/0x200
[  144.975045][ T2497]  getname_flags+0xf2/0x520
[  144.979386][ T2497]  getname+0x19/0x20
[  144.983112][ T2497]  do_sys_openat2+0xd7/0x820
[  144.987542][ T2497]  ? wait_for_completion_killable_timeout+0x10/0x10
[  144.993965][ T2497]  ? __mutex_lock_slowpath+0x10/0x10
[  144.999083][ T2497]  ? do_sys_open+0x220/0x220
[  145.003512][ T2497]  ? __kasan_check_write+0x14/0x20
[  145.007460][    T6] usb 5-1: 0:2 : does not exist
[  145.008456][ T2497]  ? ksys_write+0x260/0x2c0
[  145.017486][ T2497]  __x64_sys_openat+0x243/0x290
[  145.020493][    T6] usb 5-1: USB disconnect, device number 11
[  145.022174][ T2497]  ? __ia32_sys_open+0x270/0x270
[  145.032761][ T2497]  ? debug_smp_processor_id+0x17/0x20
[  145.037970][ T2497]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  145.043872][ T2497]  ? exit_to_user_mode_prepare+0x39/0xa0
[  145.049340][ T2497]  x64_sys_call+0x6bf/0x9a0
[  145.053683][ T2497]  do_syscall_64+0x3b/0xb0
[  145.057931][ T2497]  ? clear_bhb_loop+0x35/0x90
[  145.062448][ T2497]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  145.065979][  T368] udevd[368]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  145.068169][ T2497] RIP: 0033:0x7f0644623ff9
[  145.068190][ T2497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.107318][ T2497] RSP: 002b:00007f064325b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  145.115561][ T2497] RAX: ffffffffffffffda RBX: 00007f06447dc130 RCX: 00007f0644623ff9
[  145.123372][ T2497] RDX: 0000000000000000 RSI: 0000000020000040 RDI: ffffffffffffff9c
[  145.131269][ T2497] RBP: 00007f064325b090 R08: 0000000000000000 R09: 0000000000000000
[  145.139083][ T2497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  145.146959][ T2497] R13: 0000000000000000 R14: 00007f06447dc130 R15: 00007ffcf183eca8
[  145.154711][ T2497]  </TASK>
[  145.318304][ T2505] loop2: detected capacity change from 0 to 256
[  145.348270][ T2509] loop0: detected capacity change from 0 to 512
[  145.355310][ T2505] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d16cac, utbl_chksum : 0xe619d30d)
[  145.369677][ T2505] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008)
[  145.378706][ T2505] exFAT-fs (loop2): Filesystem has been set read-only
[  145.379571][ T2509] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  145.392946][ T2505] exFAT-fs (loop2): error, failed to bmap (inode : ffff88811aeccdc0 iblock : 8, err : -5)
[  145.404891][ T2505] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008)
[  145.405159][ T2509] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  145.414664][ T2505] exFAT-fs (loop2): error, invalid access to FAT free cluster (entry 0x00000008)
[  145.425891][ T2509] System zones: 1-12
[  145.438741][ T2509] EXT4-fs (loop0): 1 truncate cleaned up
[  145.445090][   T30] audit: type=1400 audit(1728859698.206:491): avc:  denied  { remount } for  pid=2504 comm="syz.2.571" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  145.465866][ T2509] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  145.660546][ T2518] loop1: detected capacity change from 0 to 256
[  145.747503][ T2518] FAT-fs (loop1): Unrecognized mount option "uni_xlatd=0" or missing value
[  145.929645][   T30] audit: type=1400 audit(1728859698.696:492): avc:  denied  { write } for  pid=2529 comm="syz.2.578" path="socket:[23545]" dev="sockfs" ino=23545 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  145.973660][   T30] audit: type=1400 audit(1728859698.726:493): avc:  denied  { accept } for  pid=2529 comm="syz.2.578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  146.013820][   T30] audit: type=1400 audit(1728859698.726:494): avc:  denied  { read } for  pid=2529 comm="syz.2.578" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  146.407339][ T1660] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  146.426546][   T30] audit: type=1400 audit(1728859699.186:495): avc:  denied  { read } for  pid=2545 comm="syz.3.585" path="socket:[24233]" dev="sockfs" ino=24233 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  146.621511][ T2544] incfs: ino conflict with backing FS 1
[  146.767335][    T6] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  146.997416][ T1660] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  147.008164][ T1660] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  147.021017][ T1660] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  147.029808][ T1660] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  147.038253][ T1660] usb 3-1: config 0 descriptor??
[  147.518587][ T1660] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  147.527953][ T1660] plantronics 0003:047F:FFFF.000A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  148.091684][ T2559] loop0: detected capacity change from 0 to 512
[  148.187865][ T2559] EXT4-fs (loop0): Unrecognized mount option "nojournal_checksum"dax=always" or missing value
[  148.337468][  T454] usb 3-1: USB disconnect, device number 14
[  148.497154][ T2570] loop2: detected capacity change from 0 to 40427
[  148.538025][ T2570] F2FS-fs (loop2): Invalid SB checksum offset: 0
[  148.544258][ T2570] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  148.555078][ T2570] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  148.580345][ T2570] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  148.587256][ T2570] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  148.712493][ T2584] loop2: detected capacity change from 0 to 512
[  148.787776][ T2584] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  148.798042][ T2584] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  148.805821][ T2584] System zones: 1-12
[  148.810902][ T2584] EXT4-fs (loop2): 1 truncate cleaned up
[  148.816375][ T2584] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  149.812955][ T2594] loop2: detected capacity change from 0 to 40427
[  150.140613][ T2601] loop2: detected capacity change from 0 to 128
[  150.244134][ T2602] incfs: ino conflict with backing FS 1
[  150.402221][ T2601] EXT4-fs (loop2): Ignoring removed bh option
[  150.415208][ T2601] EXT4-fs (loop2): mounted filesystem without journal. Opts: bh,,errors=continue. Quota mode: none.
[  150.428990][ T2601] ext4 filesystem being mounted at /115/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  150.654295][ T2605] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.661263][ T2605] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.668999][ T2605] device bridge_slave_0 entered promiscuous mode
[  150.675831][ T2605] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.682894][ T2605] bridge0: port 2(bridge_slave_1) entered disabled state
[  150.690375][ T2605] device bridge_slave_1 entered promiscuous mode
[  150.757180][ T2605] bridge0: port 2(bridge_slave_1) entered blocking state
[  150.764055][ T2605] bridge0: port 2(bridge_slave_1) entered forwarding state
[  150.771178][ T2605] bridge0: port 1(bridge_slave_0) entered blocking state
[  150.778047][ T2605] bridge0: port 1(bridge_slave_0) entered forwarding state
[  150.814762][   T30] audit: type=1326 audit(1728859703.576:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0644623ff9 code=0x7ffc0000
[  150.816344][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  150.845982][ T2613] FAULT_INJECTION: forcing a failure.
[  150.845982][ T2613] name failslab, interval 1, probability 0, space 0, times 0
[  150.846030][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  150.858563][ T2613] CPU: 0 PID: 2613 Comm: syz.2.600 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  150.866752][   T30] audit: type=1326 audit(1728859703.606:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0644623ff9 code=0x7ffc0000
[  150.875053][ T2613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  150.875066][ T2613] Call Trace:
[  150.875072][ T2613]  <TASK>
[  150.875080][ T2613]  dump_stack_lvl+0x151/0x1c0
[  150.898471][   T30] audit: type=1326 audit(1728859703.606:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0644623ff9 code=0x7ffc0000
[  150.907945][ T2613]  ? io_uring_drop_tctx_refs+0x190/0x190
[  150.907974][ T2613]  ? __kasan_slab_alloc+0xc3/0xe0
[  150.911352][   T30] audit: type=1326 audit(1728859703.606:499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0644623ff9 code=0x7ffc0000
[  150.913847][ T2613]  ? __kasan_slab_alloc+0xb1/0xe0
[  150.918565][   T30] audit: type=1326 audit(1728859703.606:500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0644623ff9 code=0x7ffc0000
[  150.942146][ T2613]  ? slab_post_alloc_hook+0x53/0x2c0
[  150.942175][ T2613]  ? dup_task_struct+0x53/0xc60
[  150.948484][   T30] audit: type=1326 audit(1728859703.606:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f0644622990 code=0x7ffc0000
[  150.952562][ T2613]  ? copy_process+0x5c4/0x3290
[  150.975794][   T30] audit: type=1326 audit(1728859703.606:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0644622adf code=0x7ffc0000
[  150.980429][ T2613]  ? kernel_clone+0x21e/0x9e0
[  150.980456][ T2613]  dump_stack+0x15/0x20
[  151.003699][   T30] audit: type=1326 audit(1728859703.606:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2612 comm="syz.2.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f0644623ff9 code=0x7ffc0000
[  151.008714][ T2613]  should_fail+0x3c6/0x510
[  151.008740][ T2613]  __should_failslab+0xa4/0xe0
[  151.104807][ T2613]  should_failslab+0x9/0x20
[  151.109143][ T2613]  slab_pre_alloc_hook+0x37/0xd0
[  151.113917][ T2613]  kmem_cache_alloc_trace+0x48/0x210
[  151.119037][ T2613]  ? __get_vm_area_node+0x117/0x360
[  151.124083][ T2613]  __get_vm_area_node+0x117/0x360
[  151.128934][ T2613]  __vmalloc_node_range+0xe2/0x8d0
[  151.133970][ T2613]  ? copy_process+0x5c4/0x3290
[  151.138649][ T2613]  ? slab_post_alloc_hook+0x72/0x2c0
[  151.144516][ T2613]  ? dup_task_struct+0x53/0xc60
[  151.149235][ T2613]  dup_task_struct+0x416/0xc60
[  151.153806][ T2613]  ? copy_process+0x5c4/0x3290
[  151.158417][ T2613]  ? __kasan_check_write+0x14/0x20
[  151.163352][ T2613]  copy_process+0x5c4/0x3290
[  151.167778][ T2613]  ? ____kasan_slab_free+0x131/0x160
[  151.172897][ T2613]  ? audit_log_end+0x1c8/0x230
[  151.177496][ T2613]  ? audit_log_end+0x1c8/0x230
[  151.182098][ T2613]  ? check_stack_object+0xf4/0x130
[  151.187045][ T2613]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  151.191993][ T2613]  ? copy_clone_args_from_user+0x744/0x830
[  151.197633][ T2613]  kernel_clone+0x21e/0x9e0
[  151.201975][ T2613]  ? __delayed_free_task+0x20/0x20
[  151.207399][ T2613]  ? create_io_thread+0x1e0/0x1e0
[  151.212250][ T2613]  ? file_end_write+0x1c0/0x1c0
[  151.217054][ T2613]  __x64_sys_clone3+0x376/0x3a0
[  151.221738][ T2613]  ? __ia32_sys_clone+0x290/0x290
[  151.226617][ T2613]  ? __secure_computing+0xf0/0x300
[  151.231564][ T2613]  x64_sys_call+0x935/0x9a0
[  151.235991][ T2613]  do_syscall_64+0x3b/0xb0
[  151.240251][ T2613]  ? clear_bhb_loop+0x35/0x90
[  151.244831][ T2613]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  151.250563][ T2613] RIP: 0033:0x7f0644623ff9
[  151.254817][ T2613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.274605][ T2613] RSP: 002b:00007f064329cf08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  151.282933][ T2613] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f0644623ff9
[  151.290751][ T2613] RDX: 00007f064329cf20 RSI: 0000000000000058 RDI: 00007f064329cf20
[  151.298568][ T2613] RBP: 00007f064329d090 R08: 0000000000000000 R09: 0000000000000058
[  151.306373][ T2613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.314178][ T2613] R13: 0000000000000000 R14: 00007f06447dbf80 R15: 00007ffcf183eca8
[  151.321995][ T2613]  </TASK>
[  151.325685][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.342053][ T2613] syz.2.600: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0
[  151.356906][ T2613] CPU: 0 PID: 2613 Comm: syz.2.600 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  151.366534][ T2613] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  151.376434][ T2613] Call Trace:
[  151.379555][ T2613]  <TASK>
[  151.382332][ T2613]  dump_stack_lvl+0x151/0x1c0
[  151.386846][ T2613]  ? io_uring_drop_tctx_refs+0x190/0x190
[  151.392315][ T2613]  ? pr_cont_kernfs_name+0xf0/0x100
[  151.397347][ T2613]  dump_stack+0x15/0x20
[  151.401338][ T2613]  warn_alloc+0x21a/0x390
[  151.405503][ T2613]  ? should_failslab+0x9/0x20
[  151.410161][ T2613]  ? zone_watermark_ok_safe+0x270/0x270
[  151.415540][ T2613]  ? __get_vm_area_node+0x347/0x360
[  151.420575][ T2613]  __vmalloc_node_range+0x2c1/0x8d0
[  151.425617][ T2613]  ? slab_post_alloc_hook+0x72/0x2c0
[  151.430729][ T2613]  ? dup_task_struct+0x53/0xc60
[  151.435416][ T2613]  dup_task_struct+0x416/0xc60
[  151.440015][ T2613]  ? copy_process+0x5c4/0x3290
[  151.444613][ T2613]  ? __kasan_check_write+0x14/0x20
[  151.449561][ T2613]  copy_process+0x5c4/0x3290
[  151.453989][ T2613]  ? ____kasan_slab_free+0x131/0x160
[  151.459113][ T2613]  ? audit_log_end+0x1c8/0x230
[  151.463715][ T2613]  ? audit_log_end+0x1c8/0x230
[  151.468311][ T2613]  ? check_stack_object+0xf4/0x130
[  151.473369][ T2613]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  151.478315][ T2613]  ? copy_clone_args_from_user+0x744/0x830
[  151.483957][ T2613]  kernel_clone+0x21e/0x9e0
[  151.488297][ T2613]  ? __delayed_free_task+0x20/0x20
[  151.493242][ T2613]  ? create_io_thread+0x1e0/0x1e0
[  151.498126][ T2613]  ? file_end_write+0x1c0/0x1c0
[  151.502791][ T2613]  __x64_sys_clone3+0x376/0x3a0
[  151.507478][ T2613]  ? __ia32_sys_clone+0x290/0x290
[  151.512350][ T2613]  ? __secure_computing+0xf0/0x300
[  151.517287][ T2613]  x64_sys_call+0x935/0x9a0
[  151.521624][ T2613]  do_syscall_64+0x3b/0xb0
[  151.525876][ T2613]  ? clear_bhb_loop+0x35/0x90
[  151.530500][ T2613]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  151.536230][ T2613] RIP: 0033:0x7f0644623ff9
[  151.540485][ T2613] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  151.560010][ T2613] RSP: 002b:00007f064329cf08 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  151.568255][ T2613] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f0644623ff9
[  151.576068][ T2613] RDX: 00007f064329cf20 RSI: 0000000000000058 RDI: 00007f064329cf20
[  151.583971][ T2613] RBP: 00007f064329d090 R08: 0000000000000000 R09: 0000000000000058
[  151.591781][ T2613] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  151.599597][ T2613] R13: 0000000000000000 R14: 00007f06447dbf80 R15: 00007ffcf183eca8
[  151.607410][ T2613]  </TASK>
[  151.613028][ T2613] Mem-Info:
[  151.615982][ T2613] active_anon:150 inactive_anon:21037 isolated_anon:0
[  151.615982][ T2613]  active_file:11950 inactive_file:7180 isolated_file:0
[  151.615982][ T2613]  unevictable:0 dirty:203 writeback:0
[  151.615982][ T2613]  slab_reclaimable:8558 slab_unreclaimable:71730
[  151.615982][ T2613]  mapped:21517 shmem:17730 pagetables:477 bounce:0
[  151.615982][ T2613]  kernel_misc_reclaimable:0
[  151.615982][ T2613]  free:1536935 free_pcp:23600 free_cma:0
[  151.658348][ T2613] Node 0 active_anon:600kB inactive_anon:84148kB active_file:47800kB inactive_file:28720kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:86068kB dirty:812kB writeback:0kB shmem:70920kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:4360kB pagetables:1908kB all_unreclaimable? no
[  151.691569][ T2613] DMA32 free:2974676kB min:62568kB low:78208kB high:93848kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145324kB managed:2978968kB mlocked:0kB bounce:0kB free_pcp:4292kB local_pcp:0kB free_cma:0kB
[  151.719288][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  151.719301][ T2613] lowmem_reserve[]: 0 3941 3941
[  151.728563][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.738760][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.745839][ T2613] Normal free:3173064kB min:84884kB low:106104kB high:127324kB reserved_highatomic:0KB active_anon:600kB inactive_anon:84148kB active_file:47800kB inactive_file:28720kB unevictable:0kB writepending:368kB present:5242880kB managed:4035584kB mlocked:0kB bounce:0kB free_pcp:90176kB local_pcp:41816kB free_cma:0kB
[  151.746017][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  151.776991][ T2613] lowmem_reserve[]:
[  151.783015][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.793512][ T2613]  0 0 0
[  151.793541][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.796186][ T2613] DMA32: 3*4kB (M) 1*8kB (M) 2*16kB (M) 3*32kB (M) 3*64kB (M) 3*128kB (M) 3*256kB (M) 3*512kB (M) 4*1024kB (UM) 3*2048kB (UM) 723*4096kB (M) = 2974676kB
[  151.821980][ T2613] Normal: 318*4kB (U) 122*8kB (UM) 356*16kB (UME) 292*32kB (UME) 75*64kB (UME) 39*128kB (UME) 5*256kB (ME) 2*512kB (UM) 2*1024kB (UM) 2*2048kB (U) 766*4096kB (UM) = 3173064kB
[  151.828361][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  151.844055][ T2613] 36852 total pagecache pages
[  151.851838][ T2613] 0 pages in swap cache
[  151.854452][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  151.863498][ T2613] Swap cache stats: add 2048, delete 2048, find 1/1
[  151.864085][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  151.870094][ T2613] Free swap  = 124424kB
[  151.878984][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  151.889111][ T2613] Total swap = 124996kB
[  151.889123][ T2613] 2097051 pages RAM
[  151.889131][ T2613] 0 pages HighMem/MovableOnly
[  151.889137][ T2613] 343413 pages reserved
[  151.889145][ T2613] 0 pages cma reserved
[  151.893930][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  151.918157][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  151.981075][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  151.988908][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  151.997655][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  152.005022][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  152.013326][ T2605] device veth0_vlan entered promiscuous mode
[  152.025195][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  152.033447][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  152.043111][ T2605] device veth1_macvtap entered promiscuous mode
[  152.053750][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  152.062236][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  152.070558][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  152.089016][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  152.097713][  T388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  152.197388][    T6] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  152.205751][  T311] device bridge_slave_1 left promiscuous mode
[  152.213945][  T311] bridge0: port 2(bridge_slave_1) entered disabled state
[  152.227805][  T311] device bridge_slave_0 left promiscuous mode
[  152.240355][  T311] bridge0: port 1(bridge_slave_0) entered disabled state
[  152.256426][  T311] device veth1_macvtap left promiscuous mode
[  152.267516][  T311] device veth0_vlan left promiscuous mode
[  152.687473][    T6] usb 3-1: Using ep0 maxpacket: 16
[  152.798567][ T2633] loop0: detected capacity change from 0 to 512
[  152.807481][    T6] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[  152.816359][    T6] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  152.826254][    T6] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  152.835884][    T6] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  152.846011][    T6] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  152.855556][    T6] usb 3-1: config 1 interface 0 has no altsetting 0
[  152.862090][    T6] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  152.871503][ T2633] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  152.875181][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.887426][ T2633] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  152.896763][ T2633] System zones: 1-12
[  152.901739][ T2633] EXT4-fs (loop0): 1 truncate cleaned up
[  152.907223][ T2633] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  152.927963][    T6] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[  153.504015][    T6] scsi host1: usb-storage 3-1:1.0
[  153.550689][ T2620] loop2: detected capacity change from 0 to 4096
[  153.575156][ T2620] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  153.706177][ T2647] incfs: ino conflict with backing FS 1
[  154.126693][    T6] usb 3-1: USB disconnect, device number 15
[  154.544941][ T2659] FAULT_INJECTION: forcing a failure.
[  154.544941][ T2659] name failslab, interval 1, probability 0, space 0, times 0
[  154.557533][ T2659] CPU: 1 PID: 2659 Comm: syz.4.612 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  154.567243][ T2659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  154.577141][ T2659] Call Trace:
[  154.580271][ T2659]  <TASK>
[  154.583046][ T2659]  dump_stack_lvl+0x151/0x1c0
[  154.587557][ T2659]  ? io_uring_drop_tctx_refs+0x190/0x190
[  154.593021][ T2659]  ? slab_post_alloc_hook+0x53/0x2c0
[  154.598140][ T2659]  ? new_inode_pseudo+0x93/0x220
[  154.602924][ T2659]  ? proc_pid_make_inode+0x27/0x1d0
[  154.607949][ T2659]  ? proc_pident_instantiate+0x7a/0x2e0
[  154.613337][ T2659]  ? proc_pident_lookup+0x1c4/0x260
[  154.618364][ T2659]  ? path_openat+0x1194/0x2f40
[  154.622965][ T2659]  dump_stack+0x15/0x20
[  154.626956][ T2659]  should_fail+0x3c6/0x510
[  154.631211][ T2659]  __should_failslab+0xa4/0xe0
[  154.635813][ T2659]  ? __alloc_skb+0xbe/0x550
[  154.640150][ T2659]  should_failslab+0x9/0x20
[  154.644493][ T2659]  slab_pre_alloc_hook+0x37/0xd0
[  154.649270][ T2659]  ? __alloc_skb+0xbe/0x550
[  154.653603][ T2659]  kmem_cache_alloc+0x44/0x200
[  154.658208][ T2659]  __alloc_skb+0xbe/0x550
[  154.662370][ T2659]  tipc_msg_build+0x149/0x1230
[  154.666989][ T2659]  ? memcpy+0x56/0x70
[  154.670795][ T2659]  ? tipc_msg_fragment+0x760/0x760
[  154.675739][ T2659]  __tipc_sendstream+0x9c2/0x1310
[  154.680602][ T2659]  ? tsk_advance_rx_queue+0x260/0x260
[  154.685804][ T2659]  ? sock_init_data+0xc0/0xc0
[  154.690316][ T2659]  ? wait_woken+0x170/0x170
[  154.694657][ T2659]  ? kmem_cache_free+0x116/0x2e0
[  154.699433][ T2659]  ? kasan_set_track+0x5d/0x70
[  154.704038][ T2659]  ? kasan_set_track+0x4b/0x70
[  154.708646][ T2659]  tipc_send_packet+0x7c/0xa0
[  154.713145][ T2659]  ? tipc_sk_send_ack+0x630/0x630
[  154.718007][ T2659]  ____sys_sendmsg+0x59e/0x8f0
[  154.722610][ T2659]  ? __sys_sendmsg_sock+0x40/0x40
[  154.727472][ T2659]  ? import_iovec+0xe5/0x120
[  154.731890][ T2659]  ___sys_sendmsg+0x252/0x2e0
[  154.736411][ T2659]  ? __sys_sendmsg+0x260/0x260
[  154.741079][ T2659]  ? __fdget+0x1bc/0x240
[  154.745219][ T2659]  __se_sys_sendmsg+0x19a/0x260
[  154.749905][ T2659]  ? __x64_sys_sendmsg+0x90/0x90
[  154.754677][ T2659]  ? ksys_write+0x260/0x2c0
[  154.759029][ T2659]  ? debug_smp_processor_id+0x17/0x20
[  154.764224][ T2659]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  154.770128][ T2659]  __x64_sys_sendmsg+0x7b/0x90
[  154.774727][ T2659]  x64_sys_call+0x16a/0x9a0
[  154.779067][ T2659]  do_syscall_64+0x3b/0xb0
[  154.783317][ T2659]  ? clear_bhb_loop+0x35/0x90
[  154.787841][ T2659]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  154.793560][ T2659] RIP: 0033:0x7f7051fb7ff9
[  154.797814][ T2659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  154.817355][ T2659] RSP: 002b:00007f7050c31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  154.825712][ T2659] RAX: ffffffffffffffda RBX: 00007f705216ff80 RCX: 00007f7051fb7ff9
[  154.833521][ T2659] RDX: 0000000000000000 RSI: 0000000020001000 RDI: 0000000000000004
[  154.841421][ T2659] RBP: 00007f7050c31090 R08: 0000000000000000 R09: 0000000000000000
[  154.849234][ T2659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  154.857042][ T2659] R13: 0000000000000000 R14: 00007f705216ff80 R15: 00007ffee7b2d9a8
[  154.864867][ T2659]  </TASK>
[  154.885620][ T2663] FAULT_INJECTION: forcing a failure.
[  154.885620][ T2663] name failslab, interval 1, probability 0, space 0, times 0
[  154.898194][ T2663] CPU: 0 PID: 2663 Comm: syz.4.614 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  154.907741][ T2663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  154.917636][ T2663] Call Trace:
[  154.920762][ T2663]  <TASK>
[  154.923544][ T2663]  dump_stack_lvl+0x151/0x1c0
[  154.928055][ T2663]  ? io_uring_drop_tctx_refs+0x190/0x190
[  154.933519][ T2663]  ? kmem_cache_free+0x116/0x2e0
[  154.938295][ T2663]  ? ____kasan_slab_free+0x131/0x160
[  154.943415][ T2663]  dump_stack+0x15/0x20
[  154.947406][ T2663]  should_fail+0x3c6/0x510
[  154.951662][ T2663]  __should_failslab+0xa4/0xe0
[  154.956266][ T2663]  ? __alloc_skb+0xbe/0x550
[  154.960600][ T2663]  should_failslab+0x9/0x20
[  154.964999][ T2663]  slab_pre_alloc_hook+0x37/0xd0
[  154.969712][ T2663]  ? __alloc_skb+0xbe/0x550
[  154.974053][ T2663]  kmem_cache_alloc+0x44/0x200
[  154.978654][ T2663]  ? __mutex_lock_slowpath+0x10/0x10
[  154.983798][ T2663]  __alloc_skb+0xbe/0x550
[  154.987941][ T2663]  pfkey_sendmsg+0xc52/0xfb0
[  154.992376][ T2663]  ? avc_has_perm_noaudit+0x430/0x430
[  154.997582][ T2663]  ? pfkey_release+0x340/0x340
[  155.002174][ T2663]  ? selinux_socket_sendmsg+0x243/0x340
[  155.007560][ T2663]  ? check_stack_object+0x114/0x130
[  155.012590][ T2663]  ? security_socket_sendmsg+0x82/0xb0
[  155.017905][ T2663]  ? pfkey_release+0x340/0x340
[  155.022489][ T2663]  ____sys_sendmsg+0x59e/0x8f0
[  155.027085][ T2663]  ? __sys_sendmsg_sock+0x40/0x40
[  155.031950][ T2663]  ? import_iovec+0xe5/0x120
[  155.036378][ T2663]  ___sys_sendmsg+0x252/0x2e0
[  155.040885][ T2663]  ? __sys_sendmsg+0x260/0x260
[  155.045490][ T2663]  ? __fdget+0x1bc/0x240
[  155.049565][ T2663]  __se_sys_sendmsg+0x19a/0x260
[  155.054255][ T2663]  ? __x64_sys_sendmsg+0x90/0x90
[  155.059022][ T2663]  ? ksys_write+0x260/0x2c0
[  155.063369][ T2663]  ? debug_smp_processor_id+0x17/0x20
[  155.068571][ T2663]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  155.074475][ T2663]  __x64_sys_sendmsg+0x7b/0x90
[  155.079074][ T2663]  x64_sys_call+0x16a/0x9a0
[  155.083413][ T2663]  do_syscall_64+0x3b/0xb0
[  155.087666][ T2663]  ? clear_bhb_loop+0x35/0x90
[  155.092180][ T2663]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  155.097936][ T2663] RIP: 0033:0x7f7051fb7ff9
[  155.102162][ T2663] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  155.121604][ T2663] RSP: 002b:00007f7050c31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  155.129849][ T2663] RAX: ffffffffffffffda RBX: 00007f705216ff80 RCX: 00007f7051fb7ff9
[  155.137660][ T2663] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000007
[  155.145471][ T2663] RBP: 00007f7050c31090 R08: 0000000000000000 R09: 0000000000000000
[  155.153304][ T2663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  155.161094][ T2663] R13: 0000000000000000 R14: 00007f705216ff80 R15: 00007ffee7b2d9a8
[  155.168911][ T2663]  </TASK>
[  155.467315][    T6] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  155.707330][    T6] usb 3-1: Using ep0 maxpacket: 32
[  155.827363][    T6] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  155.835566][    T6] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  155.844084][    T6] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81
[  155.852905][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  155.862324][    T6] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  155.871790][    T6] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  155.881385][    T6] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  155.890875][    T6] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  155.903662][    T6] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  155.912480][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  155.921431][    T6] usb 3-1: config 0 descriptor??
[  156.172504][ T2678] loop4: detected capacity change from 0 to 512
[  156.179248][    T6] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  156.201910][    T6] usb 3-1: USB disconnect, device number 16
[  156.219729][    T6] usblp0: removed
[  156.272097][ T2679] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.283514][ T2678] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  156.288164][ T2679] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.301078][ T2679] device bridge_slave_0 entered promiscuous mode
[  156.310579][ T2678] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  156.318905][ T2678] System zones: 1-12
[  156.322828][ T2679] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.330139][ T2678] EXT4-fs (loop4): 1 truncate cleaned up
[  156.330518][ T2679] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.335630][ T2678] EXT4-fs (loop4): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  156.343429][ T2679] device bridge_slave_1 entered promiscuous mode
[  156.445942][ T2679] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.452917][ T2679] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.460037][ T2679] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.466987][ T2679] bridge0: port 1(bridge_slave_0) entered forwarding state
[  156.687155][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  156.710452][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  156.796746][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  156.810399][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  156.818355][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  156.827240][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  156.834588][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  156.846615][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  156.857048][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  156.864368][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  156.872912][ T2679] device veth0_vlan entered promiscuous mode
[  156.903300][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  156.918643][ T2679] device veth1_macvtap entered promiscuous mode
[  156.938158][ T2692] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.945045][ T2692] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.952480][ T2692] device bridge_slave_0 entered promiscuous mode
[  156.961735][ T2692] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.968673][ T2692] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.975803][ T2692] device bridge_slave_1 entered promiscuous mode
[  157.039717][  T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  157.053089][  T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  157.131797][  T387] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  157.144275][  T387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  157.153209][  T387] bridge0: port 1(bridge_slave_0) entered blocking state
[  157.160079][  T387] bridge0: port 1(bridge_slave_0) entered forwarding state
[  157.178408][  T387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  157.202984][  T387] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  157.217643][  T387] bridge0: port 2(bridge_slave_1) entered blocking state
[  157.224511][  T387] bridge0: port 2(bridge_slave_1) entered forwarding state
[  157.231743][  T387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  157.239630][  T387] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  157.258311][  T388] device bridge_slave_1 left promiscuous mode
[  157.328706][ T2713] overlayfs: overlapping lowerdir path
[  157.398380][  T388] bridge0: port 2(bridge_slave_1) entered disabled state
[  157.444559][  T388] device bridge_slave_0 left promiscuous mode
[  157.474421][  T388] bridge0: port 1(bridge_slave_0) entered disabled state
[  157.520457][  T388] device veth1_macvtap left promiscuous mode
[  157.549285][  T388] device veth0_vlan left promiscuous mode
[  157.617347][    T6] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  157.794224][ T2720] incfs: ino conflict with backing FS 1
[  158.058640][ T2722] loop1: detected capacity change from 0 to 512
[  158.070745][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  158.084244][  T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  158.101187][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  158.111492][   T30] audit: type=1326 audit(1728859710.876:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.135851][ T2722] EXT4-fs (loop1): filesystem is read-only
[  158.145383][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  158.150904][   T30] audit: type=1326 audit(1728859710.876:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.176873][   T30] audit: type=1326 audit(1728859710.876:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.200528][   T30] audit: type=1326 audit(1728859710.876:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.223885][    T6] usb 1-1: too many configurations: 65, using maximum allowed: 8
[  158.231771][   T30] audit: type=1326 audit(1728859710.876:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.246818][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  158.262718][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  158.270099][   T30] audit: type=1326 audit(1728859710.876:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.271661][ T2692] device veth0_vlan entered promiscuous mode
[  158.298963][   T30] audit: type=1326 audit(1728859710.876:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.389264][ T2729] hub 6-0:1.0: USB hub found
[  158.395125][ T2729] hub 6-0:1.0: 1 port detected
[  158.719109][   T30] audit: type=1326 audit(1728859710.896:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.735730][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  158.745484][   T30] audit: type=1326 audit(1728859710.896:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.773326][   T30] audit: type=1326 audit(1728859710.916:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2726 comm="syz.4.631" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  158.797517][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  158.810322][ T2731] loop2: detected capacity change from 0 to 512
[  158.819206][ T2692] device veth1_macvtap entered promiscuous mode
[  158.836979][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  158.845842][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  158.854678][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  158.873970][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  158.882271][  T596] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  158.900273][ T2735] loop3: detected capacity change from 0 to 256
[  158.906962][ T2731] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  158.921699][ T2731] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  158.929635][ T2731] System zones: 1-12
[  158.936469][ T2738] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1954 sclass=netlink_route_socket pid=2738 comm=syz.1.634
[  158.949240][ T2731] EXT4-fs (loop2): 1 truncate cleaned up
[  158.954710][ T2731] EXT4-fs (loop2): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  158.989145][ T2738] xt_CT: You must specify a L4 protocol and not use inversions on it
[  159.537364][  T346] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  159.617369][    T6] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d
[  159.626230][    T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.657843][  T388] device bridge_slave_1 left promiscuous mode
[  159.663801][  T388] bridge0: port 2(bridge_slave_1) entered disabled state
[  159.677985][  T388] device bridge_slave_0 left promiscuous mode
[  159.688321][  T388] bridge0: port 1(bridge_slave_0) entered disabled state
[  159.708092][  T388] device veth1_macvtap left promiscuous mode
[  159.714008][  T388] device veth0_vlan left promiscuous mode
[  159.827305][  T346] usb 4-1: Using ep0 maxpacket: 16
[  159.980261][  T346] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.990337][  T346] usb 4-1: config 0 has no interfaces?
[  160.047399][ T1161] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  160.105958][ T2769] IPv6: sit1: Disabled Multicast RS
[  160.137499][  T346] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  160.147419][    T6] usb 1-1: Found UVC 0.00 device <unnamed> (046d:08c1)
[  160.154139][    T6] usb 1-1: No valid video chain found.
[  160.156626][  T346] usb 4-1: New USB device strings: Mfr=236, Product=255, SerialNumber=0
[  160.184854][  T346] usb 4-1: Product: syz
[  160.202771][  T346] usb 4-1: Manufacturer: syz
[  160.216958][  T346] usb 4-1: config 0 descriptor??
[  160.318355][ T2771] FAULT_INJECTION: forcing a failure.
[  160.318355][ T2771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  160.331527][ T2771] CPU: 0 PID: 2771 Comm: syz.4.643 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  160.341158][ T2771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  160.351054][ T2771] Call Trace:
[  160.354181][ T2771]  <TASK>
[  160.356953][ T2771]  dump_stack_lvl+0x151/0x1c0
[  160.361462][ T2771]  ? io_uring_drop_tctx_refs+0x190/0x190
[  160.366965][ T2771]  dump_stack+0x15/0x20
[  160.370922][ T2771]  should_fail+0x3c6/0x510
[  160.375178][ T2771]  should_fail_usercopy+0x1a/0x20
[  160.380036][ T2771]  _copy_from_iter+0x22f/0xdc0
[  160.384644][ T2771]  ? copy_mc_pipe_to_iter+0x760/0x760
[  160.389844][ T2771]  ? __kasan_kmalloc+0x9/0x10
[  160.394354][ T2771]  ? __kmalloc_track_caller+0x139/0x260
[  160.399738][ T2771]  ? __check_object_size+0x2ec/0x3d0
[  160.404860][ T2771]  netlink_sendmsg+0x8b9/0xd20
[  160.409460][ T2771]  ? netlink_getsockopt+0x560/0x560
[  160.414493][ T2771]  ? kmem_cache_free+0x116/0x2e0
[  160.419266][ T2771]  ? security_socket_sendmsg+0x82/0xb0
[  160.424610][ T2771]  ? netlink_getsockopt+0x560/0x560
[  160.429685][ T2771]  ____sys_sendmsg+0x59e/0x8f0
[  160.434286][ T2771]  ? __sys_sendmsg_sock+0x40/0x40
[  160.439144][ T2771]  ? import_iovec+0xe5/0x120
[  160.443578][ T2771]  ___sys_sendmsg+0x252/0x2e0
[  160.448085][ T2771]  ? __sys_sendmsg+0x260/0x260
[  160.452689][ T2771]  ? __fdget+0x1bc/0x240
[  160.456797][ T2771]  __se_sys_sendmsg+0x19a/0x260
[  160.461452][ T2771]  ? __x64_sys_sendmsg+0x90/0x90
[  160.466222][ T2771]  ? ksys_write+0x260/0x2c0
[  160.470564][ T2771]  ? debug_smp_processor_id+0x17/0x20
[  160.475781][ T2771]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  160.481682][ T2771]  __x64_sys_sendmsg+0x7b/0x90
[  160.486270][ T2771]  x64_sys_call+0x16a/0x9a0
[  160.490619][ T2771]  do_syscall_64+0x3b/0xb0
[  160.494870][ T2771]  ? clear_bhb_loop+0x35/0x90
[  160.499377][ T2771]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  160.505105][ T2771] RIP: 0033:0x7f7051fb7ff9
[  160.509449][ T2771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.528887][ T2771] RSP: 002b:00007f7050c31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  160.537133][ T2771] RAX: ffffffffffffffda RBX: 00007f705216ff80 RCX: 00007f7051fb7ff9
[  160.544947][ T2771] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000007
[  160.552760][ T2771] RBP: 00007f7050c31090 R08: 0000000000000000 R09: 0000000000000000
[  160.560567][ T2771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  160.568378][ T2771] R13: 0000000000000000 R14: 00007f705216ff80 R15: 00007ffee7b2d9a8
[  160.576368][ T2771]  </TASK>
[  160.588677][  T454] usb 1-1: USB disconnect, device number 17
[  160.622159][ T2776] netlink: 'syz.4.645': attribute type 27 has an invalid length.
[  160.631890][  T346] usb 4-1: USB disconnect, device number 11
[  160.637775][ T1161] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  160.653361][ T1161] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  160.670184][ T1161] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  160.684252][ T2776] bridge0: port 2(bridge_slave_1) entered disabled state
[  160.691308][ T2776] bridge0: port 1(bridge_slave_0) entered disabled state
[  160.699635][ T1161] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  160.713054][ T1161] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.728918][ T1161] usb 3-1: config 0 descriptor??
[  160.752869][ T2777] netlink: 40 bytes leftover after parsing attributes in process `syz.4.645'.
[  160.762463][ T2776] FAULT_INJECTION: forcing a failure.
[  160.762463][ T2776] name failslab, interval 1, probability 0, space 0, times 0
[  160.783386][ T2776] CPU: 0 PID: 2776 Comm: syz.4.645 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  160.793114][ T2776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  160.802997][ T2776] Call Trace:
[  160.806122][ T2776]  <TASK>
[  160.808898][ T2776]  dump_stack_lvl+0x151/0x1c0
[  160.813414][ T2776]  ? io_uring_drop_tctx_refs+0x190/0x190
[  160.818882][ T2776]  dump_stack+0x15/0x20
[  160.822876][ T2776]  should_fail+0x3c6/0x510
[  160.827132][ T2776]  __should_failslab+0xa4/0xe0
[  160.831733][ T2776]  should_failslab+0x9/0x20
[  160.836077][ T2776]  slab_pre_alloc_hook+0x37/0xd0
[  160.840844][ T2776]  ? netlink_sendmsg+0x797/0xd20
[  160.845728][ T2776]  __kmalloc_track_caller+0x6c/0x260
[  160.851000][ T2776]  ? netlink_sendmsg+0x797/0xd20
[  160.855781][ T2776]  ? netlink_sendmsg+0x797/0xd20
[  160.860544][ T2776]  __alloc_skb+0x10c/0x550
[  160.864800][ T2776]  netlink_sendmsg+0x797/0xd20
[  160.869401][ T2776]  ? netlink_getsockopt+0x560/0x560
[  160.874428][ T2776]  ? kmem_cache_free+0x116/0x2e0
[  160.879205][ T2776]  ? security_socket_sendmsg+0x82/0xb0
[  160.884499][ T2776]  ? netlink_getsockopt+0x560/0x560
[  160.889535][ T2776]  ____sys_sendmsg+0x59e/0x8f0
[  160.894137][ T2776]  ? __sys_sendmsg_sock+0x40/0x40
[  160.899001][ T2776]  ? import_iovec+0xe5/0x120
[  160.903420][ T2776]  ___sys_sendmsg+0x252/0x2e0
[  160.907937][ T2776]  ? __sys_sendmsg+0x260/0x260
[  160.912545][ T2776]  ? __fdget+0x1bc/0x240
[  160.916612][ T2776]  __se_sys_sendmsg+0x19a/0x260
[  160.921302][ T2776]  ? __x64_sys_sendmsg+0x90/0x90
[  160.926071][ T2776]  ? ksys_write+0x260/0x2c0
[  160.930418][ T2776]  ? debug_smp_processor_id+0x17/0x20
[  160.935626][ T2776]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  160.941524][ T2776]  __x64_sys_sendmsg+0x7b/0x90
[  160.946122][ T2776]  x64_sys_call+0x16a/0x9a0
[  160.950460][ T2776]  do_syscall_64+0x3b/0xb0
[  160.954725][ T2776]  ? clear_bhb_loop+0x35/0x90
[  160.959228][ T2776]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  160.964956][ T2776] RIP: 0033:0x7f7051fb7ff9
[  160.969335][ T2776] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  160.988769][ T2776] RSP: 002b:00007f7050c31038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  160.997015][ T2776] RAX: ffffffffffffffda RBX: 00007f705216ff80 RCX: 00007f7051fb7ff9
[  161.004832][ T2776] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000006
[  161.012641][ T2776] RBP: 00007f7050c31090 R08: 0000000000000000 R09: 0000000000000000
[  161.020450][ T2776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  161.028261][ T2776] R13: 0000000000000000 R14: 00007f705216ff80 R15: 00007ffee7b2d9a8
[  161.036081][ T2776]  </TASK>
[  161.115451][ T2783] loop1: detected capacity change from 0 to 128
[  161.168212][ T2783] EXT4-fs (loop1): mounted filesystem without journal. Opts: minixdf,nodelalloc,,errors=continue. Quota mode: none.
[  161.188514][ T2783] ext4 filesystem being mounted at /5/mnt supports timestamps until 2038 (0x7fffffff)
[  161.232202][ T2781] loop4: detected capacity change from 0 to 40427
[  161.260765][ T2792] loop3: detected capacity change from 0 to 128
[  161.260793][ T2791] loop2: detected capacity change from 0 to 256
[  161.295284][ T2792] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  161.305990][ T2792] ext4 filesystem being mounted at /2/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  161.367397][ T1161] usbhid 3-1:0.0: can't add hid device: -71
[  161.377494][ T1161] usbhid: probe of 3-1:0.0 failed with error -71
[  161.390024][ T1161] usb 3-1: USB disconnect, device number 17
[  161.407017][ T2781] F2FS-fs (loop4): Invalid SB checksum offset: 0
[  161.422680][ T2781] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  161.461240][ T2800] netlink: 28 bytes leftover after parsing attributes in process `syz.1.653'.
[  161.645789][ T2781] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  161.755440][ T2806] loop1: detected capacity change from 0 to 1024
[  161.781646][ T2781] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  161.788658][ T2781] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  161.808106][ T2806] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  161.815682][ T2781] syz.4.646[2781] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  161.817944][ T2781] syz.4.646[2781] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  161.837777][ T2806] EXT4-fs (loop1): Mount option "nouser_xattr" will be removed by 3.5
[  161.837777][ T2806] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  161.837777][ T2806] 
[  161.896701][ T2806] EXT4-fs (loop1): unsupported descriptor size 6720
[  161.971264][ T2801] loop2: detected capacity change from 0 to 40427
[  162.185555][ T2816] netlink: 28 bytes leftover after parsing attributes in process `syz.2.652'.
[  162.553265][ T2823] netlink: 4 bytes leftover after parsing attributes in process `syz.2.656'.
[  162.783294][ T2605] attempt to access beyond end of device
[  162.783294][ T2605] loop4: rw=2049, want=45104, limit=40427
[  162.806917][ T2830] overlayfs: overlapping lowerdir path
[  163.112773][ T2835] netlink: 56 bytes leftover after parsing attributes in process `syz.1.661'.
[  163.137136][ T2835] device bridge_slave_1 left promiscuous mode
[  163.150366][ T2835] bridge0: port 2(bridge_slave_1) entered disabled state
[  163.168545][ T2835] device bridge_slave_0 left promiscuous mode
[  163.185054][ T2835] bridge0: port 1(bridge_slave_0) entered disabled state
[  163.352104][ T2842] UDC core: couldn't find an available UDC or it's busy: -16
[  163.363691][ T2842] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  163.400088][ T2833] loop0: detected capacity change from 0 to 40427
[  163.555249][ T2848] loop1: detected capacity change from 0 to 128
[  163.561754][   T30] kauditd_printk_skb: 30 callbacks suppressed
[  163.561788][   T30] audit: type=1400 audit(1728859716.296:544): avc:  denied  { mount } for  pid=2840 comm="syz.1.662" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  163.603519][ T2833] F2FS-fs (loop0): Invalid SB checksum offset: 0
[  163.685698][ T2833] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[  163.759427][ T2848] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  163.770027][ T2848] ext4 filesystem being mounted at /file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  163.848309][ T2833] F2FS-fs (loop0): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  163.897317][ T1161] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  163.930597][ T2833] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0
[  163.941723][ T2833] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  163.983388][   T30] audit: type=1400 audit(1728859716.746:545): avc:  denied  { lock } for  pid=2832 comm="syz.0.659" path="/155/file1/file0" dev="loop0" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  164.052072][ T2865] loop3: detected capacity change from 0 to 128
[  164.078315][ T2862] incfs: ino conflict with backing FS 1
[  164.163036][ T2867] incfs: ino conflict with backing FS 1
[  164.415896][ T2865] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  164.429612][ T2865] ext4 filesystem being mounted at /4/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  164.485449][ T2871] netlink: 4 bytes leftover after parsing attributes in process `syz.1.667'.
[  164.513576][   T30] audit: type=1400 audit(1728859717.276:546): avc:  denied  { write } for  pid=2872 comm="syz.1.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  164.539284][  T288] attempt to access beyond end of device
[  164.539284][  T288] loop0: rw=2049, want=45104, limit=40427
[  164.560246][   T30] audit: type=1400 audit(1728859717.316:547): avc:  denied  { listen } for  pid=2872 comm="syz.1.668" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  164.881365][ T2884] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=2884 comm=syz.4.672
[  164.951784][   T30] audit: type=1400 audit(1728859717.706:548): avc:  denied  { nlmsg_write } for  pid=2883 comm="syz.4.672" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[  165.103223][   T30] audit: type=1400 audit(1728859717.866:549): avc:  denied  { map } for  pid=2897 comm="syz.1.676" path="/dev/ashmem" dev="devtmpfs" ino=173 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  165.449753][ T2896] loop3: detected capacity change from 0 to 40427
[  165.590554][ T2896] F2FS-fs (loop3): Insane cp_payload (553648128 >= 504)
[  165.614139][ T2896] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  165.632685][ T2905] netlink: 4 bytes leftover after parsing attributes in process `syz.1.678'.
[  165.840189][ T2911] overlayfs: overlapping lowerdir path
[  166.304993][ T2919] incfs: ino conflict with backing FS 1
[  166.552576][ T1161] usb 5-1: device descriptor read/64, error -71
[  166.565074][ T2907] loop1: detected capacity change from 0 to 40427
[  166.639616][ T2907] F2FS-fs (loop1): invalid crc value
[  166.649106][ T2907] F2FS-fs (loop1): Found nat_bits in checkpoint
[  166.755324][ T2927] loop0: detected capacity change from 0 to 128
[  166.781007][ T2907] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1
[  166.789937][ T2927] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  166.795607][ T2907] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  166.804277][ T2927] ext4 filesystem being mounted at /158/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  166.848610][ T2679] attempt to access beyond end of device
[  166.848610][ T2679] loop1: rw=524288, want=45072, limit=40427
[  166.877495][ T2679] attempt to access beyond end of device
[  166.877495][ T2679] loop1: rw=0, want=45072, limit=40427
[  166.977938][ T2936] loop3: detected capacity change from 0 to 512
[  166.998766][ T2938] syz.2.688[2938] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  166.998843][ T2938] syz.2.688[2938] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  167.007203][  T388] attempt to access beyond end of device
[  167.007203][  T388] loop1: rw=2049, want=45120, limit=40427
[  167.040644][ T2936] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  167.089320][   T30] audit: type=1400 audit(1728859719.816:550): avc:  denied  { setopt } for  pid=2937 comm="syz.2.688" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  167.162495][ T2936] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  167.197730][ T2936] System zones: 1-12
[  167.269724][ T1161] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  167.280555][ T1161] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  167.293382][ T1161] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  167.300678][ T2936] EXT4-fs (loop3): 1 truncate cleaned up
[  167.308888][ T2936] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,,errors=continue. Quota mode: writeback.
[  167.318227][ T1161] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.349542][ T1161] usb 5-1: config 0 descriptor??
[  168.210685][ T2955] tmpfs: Bad value for 'huge'
[  168.256679][ T2959] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=2959 comm=syz.0.694
[  168.269201][ T2959] FAULT_INJECTION: forcing a failure.
[  168.269201][ T2959] name failslab, interval 1, probability 0, space 0, times 0
[  168.281760][ T2959] CPU: 0 PID: 2959 Comm: syz.0.694 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  168.291566][ T2959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  168.301462][ T2959] Call Trace:
[  168.304763][ T2959]  <TASK>
[  168.307536][ T2959]  dump_stack_lvl+0x151/0x1c0
[  168.312258][ T2959]  ? io_uring_drop_tctx_refs+0x190/0x190
[  168.317727][ T2959]  dump_stack+0x15/0x20
[  168.321732][ T2959]  should_fail+0x3c6/0x510
[  168.326248][ T2959]  __should_failslab+0xa4/0xe0
[  168.331230][ T2959]  should_failslab+0x9/0x20
[  168.335570][ T2959]  slab_pre_alloc_hook+0x37/0xd0
[  168.340353][ T2959]  ? netlink_ack+0x33c/0xb10
[  168.344765][ T2959]  __kmalloc_track_caller+0x6c/0x260
[  168.349887][ T2959]  ? netlink_ack+0x33c/0xb10
[  168.354313][ T2959]  ? netlink_ack+0x33c/0xb10
[  168.358748][ T2959]  __alloc_skb+0x10c/0x550
[  168.363089][ T2959]  netlink_ack+0x33c/0xb10
[  168.367331][ T2959]  ? release_firmware_map_entry+0x190/0x190
[  168.373057][ T2959]  ? netlink_dump+0xd30/0xd30
[  168.377571][ T2959]  audit_receive+0x6ef/0x3e40
[  168.382084][ T2959]  ? memcpy+0x56/0x70
[  168.385908][ T2959]  ? audit_net_exit+0x90/0x90
[  168.390528][ T2959]  ? avc_has_perm+0x16f/0x260
[  168.395039][ T2959]  ? avc_has_perm_noaudit+0x430/0x430
[  168.400248][ T2959]  ? selinux_netlink_send+0x793/0x870
[  168.405456][ T2959]  ? __netlink_lookup+0x37b/0x3a0
[  168.410331][ T2959]  netlink_unicast+0x8df/0xac0
[  168.415265][ T2959]  ? netlink_detachskb+0x90/0x90
[  168.420039][ T2959]  ? security_netlink_send+0x7b/0xa0
[  168.425156][ T2959]  netlink_sendmsg+0xa0a/0xd20
[  168.429758][ T2959]  ? netlink_getsockopt+0x560/0x560
[  168.434791][ T2959]  ? kmem_cache_free+0x116/0x2e0
[  168.439568][ T2959]  ? security_socket_sendmsg+0x82/0xb0
[  168.444858][ T2959]  ? netlink_getsockopt+0x560/0x560
[  168.449896][ T2959]  ____sys_sendmsg+0x59e/0x8f0
[  168.454497][ T2959]  ? __sys_sendmsg_sock+0x40/0x40
[  168.459359][ T2959]  ? import_iovec+0xe5/0x120
[  168.463783][ T2959]  ___sys_sendmsg+0x252/0x2e0
[  168.468297][ T2959]  ? __sys_sendmsg+0x260/0x260
[  168.472913][ T2959]  ? __fdget+0x1bc/0x240
[  168.477063][ T2959]  __se_sys_sendmsg+0x19a/0x260
[  168.481750][ T2959]  ? __x64_sys_sendmsg+0x90/0x90
[  168.486521][ T2959]  ? ksys_write+0x260/0x2c0
[  168.490876][ T2959]  ? debug_smp_processor_id+0x17/0x20
[  168.496068][ T2959]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  168.501972][ T2959]  __x64_sys_sendmsg+0x7b/0x90
[  168.506571][ T2959]  x64_sys_call+0x16a/0x9a0
[  168.507388][  T401] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  168.510913][ T2959]  do_syscall_64+0x3b/0xb0
[  168.522543][ T2959]  ? clear_bhb_loop+0x35/0x90
[  168.527052][ T2959]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  168.532785][ T2959] RIP: 0033:0x7f57a2e81ff9
[  168.537035][ T2959] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  168.556479][ T2959] RSP: 002b:00007f57a1afb038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  168.564722][ T2959] RAX: ffffffffffffffda RBX: 00007f57a3039f80 RCX: 00007f57a2e81ff9
[  168.572534][ T2959] RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003
[  168.580345][ T2959] RBP: 00007f57a1afb090 R08: 0000000000000000 R09: 0000000000000000
[  168.588155][ T2959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  168.595967][ T2959] R13: 0000000000000000 R14: 00007f57a3039f80 R15: 00007ffe5ef65c28
[  168.603873][ T2959]  </TASK>
[  168.712449][  T388] device veth1_macvtap left promiscuous mode
[  168.730418][ T2961] overlayfs: overlapping lowerdir path
[  168.740085][  T388] device veth0_vlan left promiscuous mode
[  169.047411][  T401] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  169.058167][  T401] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  169.067683][  T401] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  169.076603][  T401] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  169.085621][  T401] usb 3-1: config 0 descriptor??
[  169.257517][ T1161] usbhid 5-1:0.0: can't add hid device: -71
[  169.263453][ T1161] usbhid: probe of 5-1:0.0 failed with error -71
[  169.270900][ T1161] usb 5-1: USB disconnect, device number 12
[  169.578947][  T401] hid-steam 0003:28DE:1142.000B: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  169.591989][  T401] hid-steam 0003:28DE:1142.000C: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.2-1/input0
[  169.667402][  T401] hid-steam 0003:28DE:1142.000B: Steam wireless receiver connected
[  170.154231][ T2978] FAULT_INJECTION: forcing a failure.
[  170.154231][ T2978] name failslab, interval 1, probability 0, space 0, times 0
[  170.168495][ T2978] CPU: 0 PID: 2978 Comm: syz.3.699 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  170.178228][ T2978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  170.188210][ T2978] Call Trace:
[  170.191451][ T2978]  <TASK>
[  170.194626][ T2978]  dump_stack_lvl+0x151/0x1c0
[  170.199133][ T2978]  ? io_uring_drop_tctx_refs+0x190/0x190
[  170.204634][ T2978]  dump_stack+0x15/0x20
[  170.208588][ T2978]  should_fail+0x3c6/0x510
[  170.213973][ T2978]  __should_failslab+0xa4/0xe0
[  170.218574][ T2978]  should_failslab+0x9/0x20
[  170.223026][ T2978]  slab_pre_alloc_hook+0x37/0xd0
[  170.227801][ T2978]  ? tipc_msg_create+0x4c/0x530
[  170.232482][ T2978]  __kmalloc_track_caller+0x6c/0x260
[  170.237612][ T2978]  ? tipc_msg_create+0x4c/0x530
[  170.242289][ T2978]  ? tipc_msg_create+0x4c/0x530
[  170.246974][ T2978]  __alloc_skb+0x10c/0x550
[  170.251243][ T2978]  tipc_msg_create+0x4c/0x530
[  170.255742][ T2978]  tipc_group_proto_xmit+0x14a/0x890
[  170.261741][ T2978]  tipc_group_proto_rcv+0x16cb/0x1d40
[  170.267194][ T2978]  tipc_sk_proto_rcv+0x7db/0x1750
[  170.272172][ T2978]  ? tipc_group_filter_msg+0x23a/0x1600
[  170.277903][ T2978]  ? x64_sys_call+0x1a2/0x9a0
[  170.282526][ T2978]  ? entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  170.288460][ T2978]  ? tipc_sk_filter_rcv+0x3380/0x3380
[  170.294268][ T2978]  tipc_sk_filter_rcv+0x3152/0x3380
[  170.299305][ T2978]  ? tipc_node_get_linkname+0x190/0x190
[  170.304679][ T2978]  ? __kasan_kmalloc+0x9/0x10
[  170.309193][ T2978]  ? __kmalloc_track_caller+0x139/0x260
[  170.314571][ T2978]  ? tipc_node_distr_xmit+0x472/0x4d0
[  170.319778][ T2978]  ? tipc_node_distr_xmit+0x46b/0x4d0
[  170.324994][ T2978]  ? tipc_sk_publish+0x4b0/0x4b0
[  170.329758][ T2978]  ? tipc_node_xmit_skb+0x1b0/0x1b0
[  170.334789][ T2978]  ? tipc_group_join+0x5a4/0x6d0
[  170.339569][ T2978]  tipc_sk_backlog_rcv+0x122/0x210
[  170.344513][ T2978]  ? tipc_sk_timeout+0xab0/0xab0
[  170.349289][ T2978]  __release_sock+0x145/0x410
[  170.353801][ T2978]  release_sock+0x65/0x1b0
[  170.358055][ T2978]  tipc_setsockopt+0x7a1/0xb80
[  170.362657][ T2978]  ? tipc_shutdown+0x400/0x400
[  170.367255][ T2978]  ? security_socket_setsockopt+0x82/0xb0
[  170.372808][ T2978]  ? tipc_shutdown+0x400/0x400
[  170.377407][ T2978]  __sys_setsockopt+0x4dc/0x840
[  170.382096][ T2978]  ? __ia32_sys_recv+0xb0/0xb0
[  170.386713][ T2978]  ? debug_smp_processor_id+0x17/0x20
[  170.391903][ T2978]  __x64_sys_setsockopt+0xbf/0xd0
[  170.396792][ T2978]  x64_sys_call+0x1a2/0x9a0
[  170.401101][ T2978]  do_syscall_64+0x3b/0xb0
[  170.405357][ T2978]  ? clear_bhb_loop+0x35/0x90
[  170.409867][ T2978]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  170.415596][ T2978] RIP: 0033:0x7f14bc803ff9
[  170.419849][ T2978] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.439289][ T2978] RSP: 002b:00007f14bb47d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  170.447534][ T2978] RAX: ffffffffffffffda RBX: 00007f14bc9bbf80 RCX: 00007f14bc803ff9
[  170.455348][ T2978] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000005
[  170.463157][ T2978] RBP: 00007f14bb47d090 R08: 00000000000004bd R09: 0000000000000000
[  170.470988][ T2978] R10: 0000000020000180 R11: 0000000000000246 R12: 0000000000000002
[  170.478782][ T2978] R13: 0000000000000000 R14: 00007f14bc9bbf80 R15: 00007ffda275f928
[  170.488805][ T2978]  </TASK>
[  170.817342][  T401] usb 3-1: reset high-speed USB device number 18 using dummy_hcd
[  170.964854][ T2992] netlink: 4 bytes leftover after parsing attributes in process `syz.3.702'.
[  170.993361][ T2990] binder: BINDER_SET_CONTEXT_MGR already set
[  170.999343][ T2990] binder: 2987:2990 ioctl 4018620d 200001c0 returned -16
[  171.104237][ T2994] loop3: detected capacity change from 0 to 128
[  171.906573][   T30] audit: type=1400 audit(1728859724.666:551): avc:  denied  { read } for  pid=3004 comm="syz.3.707" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  171.910167][ T3009] loop0: detected capacity change from 0 to 16
[  171.936317][ T3008] UDC core: couldn't find an available UDC or it's busy: -16
[  171.944803][ T3008] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  171.953539][ T3009] erofs: (device loop0): mounted with root inode @ nid 36.
[  172.114205][ T3014] overlayfs: overlapping lowerdir path
[  172.387348][ T1161] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  172.507772][  T346] usb 3-1: USB disconnect, device number 18
[  172.515416][  T346] hid-steam 0003:28DE:1142.000B: Steam wireless receiver disconnected
[  172.637354][ T1161] usb 5-1: Using ep0 maxpacket: 32
[  172.937394][ T1161] usb 5-1: New USB device found, idVendor=057b, idProduct=0000, bcdDevice= 0.5f
[  172.946381][ T1161] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.954456][ T1161] usb 5-1: Product: syz
[  172.958573][ T1161] usb 5-1: Manufacturer: syz
[  172.963055][ T1161] usb 5-1: SerialNumber: syz
[  172.983706][ T1161] usb 5-1: config 0 descriptor??
[  173.027780][ T1161] usb-storage 5-1:0.0: USB Mass Storage device detected
[  173.291629][ T1161] usb-storage 5-1:0.0: Quirks match for vid 057b pid 0000: 1
[  173.306828][   T30] audit: type=1326 audit(1728859726.066:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3006 comm="syz.4.708" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x0
[  173.359607][  T346] usb 5-1: USB disconnect, device number 13
[  174.019058][ T3032] netlink: 4 bytes leftover after parsing attributes in process `syz.4.713'.
[  174.212855][ T3036] incfs: ino conflict with backing FS 1
[  174.469744][ T3034] loop2: detected capacity change from 0 to 40427
[  174.597697][ T3034] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  174.606033][ T3034] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  174.616646][ T3034] F2FS-fs (loop2): Found nat_bits in checkpoint
[  174.649125][ T3034] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  174.656047][ T3034] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  174.685864][  T292] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  174.685880][  T292] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  174.693461][  T292] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  174.700889][  T292] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  174.708225][  T292] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  174.715631][  T292] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  174.723192][  T292] F2FS-fs (loop2): invalid namelen(0), ino:0, run fsck to fix.
[  175.550762][ T3047] loop0: detected capacity change from 0 to 40427
[  175.642719][ T3047] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  175.651731][ T3047] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  175.665561][ T3047] F2FS-fs (loop0): Found nat_bits in checkpoint
[  175.697424][ T3047] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  175.704442][ T3047] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  176.559346][ T3062] loop4: detected capacity change from 0 to 256
[  176.716777][ T3065] FAULT_INJECTION: forcing a failure.
[  176.716777][ T3065] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  176.730041][ T3065] CPU: 1 PID: 3065 Comm: syz.0.717 Not tainted 5.15.167-syzkaller-02003-g5e4635681cf1 #0
[  176.739596][ T3065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  176.749497][ T3065] Call Trace:
[  176.752618][ T3065]  <TASK>
[  176.755395][ T3065]  dump_stack_lvl+0x151/0x1c0
[  176.759928][ T3065]  ? io_uring_drop_tctx_refs+0x190/0x190
[  176.765468][ T3065]  ? irqentry_exit_cond_resched+0x2a/0x30
[  176.771020][ T3065]  ? irqentry_exit+0x30/0x40
[  176.775618][ T3065]  ? sysvec_reschedule_ipi+0x7d/0x150
[  176.780834][ T3065]  dump_stack+0x15/0x20
[  176.784827][ T3065]  should_fail+0x3c6/0x510
[  176.789069][ T3065]  should_fail_usercopy+0x1a/0x20
[  176.793930][ T3065]  _copy_to_user+0x20/0x90
[  176.798185][ T3065]  simple_read_from_buffer+0xc7/0x150
[  176.803394][ T3065]  proc_fail_nth_read+0x1a3/0x210
[  176.808362][ T3065]  ? proc_fault_inject_write+0x390/0x390
[  176.813804][ T3065]  ? fsnotify_perm+0x269/0x5b0
[  176.818406][ T3065]  ? security_file_permission+0x86/0xb0
[  176.823786][ T3065]  ? proc_fault_inject_write+0x390/0x390
[  176.829256][ T3065]  vfs_read+0x27d/0xd40
[  176.833248][ T3065]  ? push_rt_task+0x46e/0x5c0
[  176.837765][ T3065]  ? kernel_read+0x1f0/0x1f0
[  176.838769][ T3062] FAT-fs (loop4): Unrecognized mount option "uni_xlf‡=÷#"ŸÛôÜaÏüate=0" or missing value
[  176.842198][ T3065]  ? __kasan_check_write+0x14/0x20
[  176.856769][ T3065]  ? mutex_lock+0xb6/0x1e0
[  176.861024][ T3065]  ? wait_for_completion_killable_timeout+0x10/0x10
[  176.867445][ T3065]  ? __fdget_pos+0x2e7/0x3a0
[  176.871872][ T3065]  ? ksys_read+0x77/0x2c0
[  176.876035][ T3065]  ksys_read+0x199/0x2c0
[  176.880114][ T3065]  ? __blkcg_punt_bio_submit+0x180/0x180
[  176.885755][ T3065]  ? vfs_write+0x1110/0x1110
[  176.890269][ T3065]  ? __kasan_check_write+0x14/0x20
[  176.895220][ T3065]  ? switch_fpu_return+0x15f/0x2e0
[  176.900165][ T3065]  __x64_sys_read+0x7b/0x90
[  176.904504][ T3065]  x64_sys_call+0x28/0x9a0
[  176.908755][ T3065]  do_syscall_64+0x3b/0xb0
[  176.913019][ T3065]  ? clear_bhb_loop+0x35/0x90
[  176.917536][ T3065]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  176.923250][ T3065] RIP: 0033:0x7f57a2e80a3c
[  176.927941][ T3065] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48
[  176.947380][ T3065] RSP: 002b:00007f57a1ab9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  176.955623][ T3065] RAX: ffffffffffffffda RBX: 00007f57a303a130 RCX: 00007f57a2e80a3c
[  176.963439][ T3065] RDX: 000000000000000f RSI: 00007f57a1ab90a0 RDI: 000000000000000b
[  176.971254][ T3065] RBP: 00007f57a1ab9090 R08: 0000000000000000 R09: 0000000000000000
[  176.979059][ T3065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  176.986958][ T3065] R13: 0000000000000000 R14: 00007f57a303a130 R15: 00007ffe5ef65c28
[  176.994774][ T3065]  </TASK>
[  177.615413][ T3067] incfs: ino conflict with backing FS 1
[  179.479621][ T3086] netlink: 4 bytes leftover after parsing attributes in process `syz.4.725'.
[  179.529646][ T3089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.724'.
[  181.085482][ T3096] loop4: detected capacity change from 0 to 512
[  181.097972][ T3096] EXT4-fs (loop4): dax option not supported
[  181.116964][ T3098] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.134466][ T3098] bridge1: port 1(bridge_slave_1) entered disabled state
[  181.182987][ T3098] device bridge_slave_0 left promiscuous mode
[  181.189105][ T3098] bridge0: port 1(bridge_slave_0) entered disabled state
[  181.196540][ T3098] device bridge_slave_1 left promiscuous mode
[  181.202813][ T3098] bridge1: port 1(bridge_slave_1) entered disabled state
[  181.672960][ T3096] loop4: detected capacity change from 0 to 40427
[  181.774045][ T3096] F2FS-fs (loop4): Invalid SB checksum offset: 0
[  181.780265][ T3096] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  181.790838][ T3096] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  181.815520][ T3096] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  181.822429][ T3096] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  181.883655][   T30] audit: type=1326 audit(1728859734.646:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  181.906844][   T30] audit: type=1326 audit(1728859734.646:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  181.972265][   T30] audit: type=1326 audit(1728859734.646:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  181.987078][ T2605] attempt to access beyond end of device
[  181.987078][ T2605] loop4: rw=2049, want=45112, limit=40427
[  181.995366][   T30] audit: type=1326 audit(1728859734.646:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  182.030197][   T30] audit: type=1326 audit(1728859734.646:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  182.054329][   T30] audit: type=1326 audit(1728859734.666:558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  182.077428][   T30] audit: type=1326 audit(1728859734.666:559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  182.100492][   T30] audit: type=1326 audit(1728859734.666:560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  182.128684][   T30] audit: type=1326 audit(1728859734.696:561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  182.152244][   T30] audit: type=1326 audit(1728859734.696:562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3095 comm="syz.4.728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7051fb7ff9 code=0x7ffc0000
[  182.807890][ T3114] loop2: detected capacity change from 0 to 512
[  182.891735][ T3114] EXT4-fs (loop2): Ignoring removed orlov option
[  182.898541][ T3114] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  182.919036][ T3114] EXT4-fs error (device loop2): ext4_orphan_get:1397: inode #15: comm syz.2.730: casefold flag without casefold feature
[  182.931707][ T3114] EXT4-fs (loop2): Remounting filesystem read-only
[  182.938317][ T3114] EXT4-fs error (device loop2): ext4_orphan_get:1402: comm syz.2.730: couldn't read orphan inode 15 (err -117)
[  183.792300][ T3126] incfs: ino conflict with backing FS 1
[  183.824336][ T3114] EXT4-fs (loop2): mounted filesystem without journal. Opts: orlov,nodelalloc,errors=remount-ro,grpquota,auto_da_alloc,dioread_nolock,quota,grpjquota=,inode_readahead_blks=0x0000000000000000,. Quota mode: writeback.
[  184.128294][ T3114] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3114 comm=syz.2.730
[  184.140467][ T3114] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=3114 comm=syz.2.730
[  184.837963][  T388] device bridge_slave_1 left promiscuous mode
[  184.843909][  T388] bridge0: port 2(bridge_slave_1) entered disabled state
[  184.851375][  T388] device bridge_slave_0 left promiscuous mode
[  184.857371][  T388] bridge0: port 1(bridge_slave_0) entered disabled state
[  184.865129][  T388] device veth1_macvtap left promiscuous mode
[  184.871078][  T388] device veth0_vlan left promiscuous mode
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: failed to mkdtemp
 (errno 28: No space left on device)
SYZFAIL: repeatedly failed to execute the program
proc=1 req=691 state=1 status=67 (errno 9: Bad file descriptor)
[  186.319050][  T388] device bridge_slave_1 left promiscuous mode
[  186.324982][  T388] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.332382][  T388] device bridge_slave_0 left promiscuous mode
[  186.338389][  T388] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.346216][  T388] device bridge_slave_1 left promiscuous mode
[  186.352209][  T388] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.359533][  T388] device bridge_slave_0 left promiscuous mode
[  186.365454][  T388] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.373327][  T388] device veth1_macvtap left promiscuous mode
[  186.379171][  T388] device veth0_vlan left promiscuous mode