last executing test programs:

3.162745024s ago: executing program 3 (id=4):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r2, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000500)=""/187, 0xbb}], 0x2, 0x0, 0x0)

3.115550864s ago: executing program 3 (id=10):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x200078c, &(0x7f0000000500), 0x3, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
syz_open_dev$MSR(&(0x7f0000000040), 0x3, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000100)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x1}, 0xe)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) (async)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
bind$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x2}, 0xe) (async)
bind$bt_l2cap(r1, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x0, 0x2}, 0xe)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f00000000c0), 0xfecc) (async)
write$binfmt_script(r2, &(0x7f00000000c0), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000100), 0x8)

2.947780635s ago: executing program 3 (id=15):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
open(&(0x7f0000000080)='./file1\x00', 0x64842, 0x22)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x1f, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYBLOB="e488dc0904835ee2cfaa133d", @ANYBLOB], &(0x7f0000000340)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x21, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, @void, @value}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000000c0)={0x0, 0x0, 0x0, r0, 0x3})
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5})
sendmsg$nl_route(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000000500)=@mpls_newroute={0x1d8, 0x18, 0x400, 0x70bd27, 0x25dfdbfc, {0x1c, 0x14, 0x10, 0x9, 0xfc, 0x4, 0x0, 0x0, 0x2000}, [@RTA_TTL_PROPAGATE={0x5, 0x1a, 0x1}, @RTA_NEWDST={0x84, 0x13, [{0x131}, {0x7, 0x0, 0x1}, {0x9}, {0x684e}, {0x588, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x2}, {0x8000, 0x0, 0x1}, {0x9, 0x0, 0x1}, {0x5}, {0x5}, {0x9}, {0x6}, {0x1, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x7fff, 0x0, 0x1}, {0x2, 0x0, 0x1}, {0x3}, {0x5}, {0x2}, {0x5, 0x0, 0x1}, {0x620, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0xc1}, {0x40}, {0xa, 0x0, 0x1}, {0x4}, {0xb, 0x0, 0x1}, {0xd, 0x0, 0x1}, {0x2}, {0x80, 0x0, 0x1}]}, @RTA_VIA={0x14, 0x12, {0x1e, "94e5fd0eb7e722bf1e3b3a55cfe8"}}, @RTA_VIA={0x14, 0x12, {0xb, "5b7156e18cd0481c54dbb0fa4634"}}, @RTA_NEWDST={0x84, 0x13, [{0xb57d, 0x0, 0x1}, {0x1000, 0x0, 0x1}, {0x101}, {0x5, 0x0, 0x1}, {0x3ff, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x7}, {0x9, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x4}, {0x7}, {0x6, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x332e}, {0x714, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x1ff}, {0x3ff}, {0x70bd, 0x0, 0x1}, {0x7}, {0x1ff, 0x0, 0x1}, {0x81}, {0x101, 0x0, 0x1}, {0x71ff, 0x0, 0x1}, {0xf1, 0x0, 0x1}, {0x6}, {0x8ea, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0xeec}, {0x7}, {0x5, 0x0, 0x1}]}, @RTA_NEWDST={0x84, 0x13, [{0xfb1}, {}, {0x7}, {0x7}, {0x8, 0x0, 0x1}, {0x6, 0x0, 0x1}, {}, {0x385, 0x0, 0x1}, {0xab}, {0x8}, {0x42, 0x0, 0x1}, {0x8, 0x0, 0x1}, {0x1800, 0x0, 0x1}, {0x80000, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0xffff}, {0x1, 0x0, 0x1}, {0xa, 0x0, 0x1}, {0x6}, {0xfffff}, {0x0, 0x0, 0x1}, {0xffffe, 0x0, 0x1}, {0x5}, {0x4}, {0x10, 0x0, 0x1}, {0x7f}, {0x6}, {0x4}, {0xffc00}, {0xe4}, {0xc0000}]}]}, 0x1d8}, 0x1, 0x0, 0x0, 0x800}, 0x8010)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
ioctl$FS_IOC_RESVSP(r0, 0x40305829, &(0x7f0000000240)={0x0, 0x2, 0x20000, 0x20008})

2.396564968s ago: executing program 0 (id=21):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001580)={&(0x7f00000000c0)='rcu_utilization\x00', r0, 0x0, 0x8000000000000}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000280)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
setgroups(0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000"], 0x48)
setreuid(0xee01, 0x0)

2.339166818s ago: executing program 3 (id=22):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x65855578b6a88b79, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$rtc(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f00000000c0)={0x3, 0x3, {0x39, 0x8, 0xa, 0x80000008, 0x7, 0x1000, 0x6, 0x1e}})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xf, 0x2, &(0x7f00000002c0)=@raw=[@btf_id={0x18, 0x6, 0x3, 0x0, 0x5}], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x3, '\x00', 0x0, @fallback=0x66, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x8, @void, @value}, 0x94)
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
recvmsg(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/249, 0xf9}], 0x1}, 0x0)
close(r2)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x7, 0x8000, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r4}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r5}, 0x10)
sendmsg$tipc(r3, &(0x7f0000000240)={0x0, 0x810100, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1, 0x0, 0x0, 0x3}, 0x0)

1.942964s ago: executing program 4 (id=24):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000000000000000000ff010000850000000e000000850000005000000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x9)
setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x2d, 0x30, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x1c, 0x0, @wg=@data={0x4, 0x0, 0x912, "78370584"}}}}}}, 0x0) (fail_nth: 4)

1.710654931s ago: executing program 0 (id=26):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000003f40)={'veth0_virt_wifi\x00', &(0x7f0000000080)=@ethtool_regs={0x4, 0xffffffff}})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1b000000000000000000000000000400", @ANYRES32=0x0, @ANYRES32], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r1 = epoll_create1(0x0)
r2 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000040)={0x20000006})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r2, &(0x7f0000000140)={0x2005})

1.591471722s ago: executing program 4 (id=27):
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000300)={[{@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x84}}, {@resuid}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@lazytime}, {@jqfmt_vfsold}, {@usrquota}, {@nouid32}]}, 0x1, 0x5e4, &(0x7f0000000600)="$eJzs3c9vVNUeAPDvmWlLS3mvhby893iLRxNjaKK0tIAhxgVsDWnwR9y4sdKCSIGG1mjRhJLgxsS4McbElQvxv1AiW1a6cuHGlSEhaliaOOZO55ZOO1Po0PZW7ueTDD33nLmcczv99px7es5MAKU1lP1TidgfEbMpYiAtLpd1RaNwaOl593//4Ez2SFGrvfJritTIy5+fGl/7Gyf3RsT336XYV11b79zC1QuTMzPTVxrHo/MXZ0fnFq4eOn9x8tz0uelL48+NHz929NjxscMdXde1Fnmnbrz97sBHE69/9cUfaezrnyZSnIgXG09ceR2bZSiG6t+T7DHcfBn9xze7soJUGz8nK1/i1FVgg9iQ/PXrjoj/xEBU48GLNxAfvlRo44AtVUsRNaCkkviHksrHAfm9/er74EohoxJgO9w7uTQBsDb+u5bmBqO3Pjew+36KldM6KSI6m5lrtici7tyeuHH29sSN2KJ5OKC1xesR8d9W8Z/q8T8YvTFYj/9KU/xn44LTja9Z/ssd1r96qlj8w/ZZiv/edeM/2sT/Gyvi/80O6x96kHyrryn++zq9JAAAAAAAACitWycj4tlWf/+vLK//iRbrf/oj4sQm1D+06njt3/8rdzehGqCFeycjXmi5/reSr/4drDZS/6ivB+hOZ8/PTB+OiH9GxHB078qOx9ap49DH+z5vVzbUWP+XP7L67zTWAjbacbdrV/M5U5Pzk4973UDEvesR/2u5/jct9/+pRf+f/T6YfcQ69j1983S7sofHP7BVal9GHGzZ/6fl56T1359jtD4eGM1HBWv9//1PvmlXfyfxn6pr1w0DG5f1/7vXj//BtPL9euY2XseRha5au7JOx/896dX6W870NPLem5yfvzIW0ZNOVbPcpvzxjbcZnkR5POTxksX/8FPrz/+1Gv/3RcTiqv87/da8pzj37z/7f27XHuN/KE4W/1Mb6v83nhi/Ofhtu/ofrf8/Wu/rhxs55v9gyWd5mPY057cIx65WRdvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4ElQiYk+kyshyulIZGYnoj4h/xe7KzOW5+WfOXn7n0lRWVv/8/0r+Sb8DS8cp//z/wRXH46uOj0TE3oj4tNpXPx45c3lmquiLBwAAAAAAAAAAAAAAAAAAgB2iv83+/8wv1aJbB2y5rqIbABSmRfz/UEQ7gO2n/4fyEv9QXuIfykv8Q3mJfygv8Q/lJf6hvMQ/AAAAAAA8UfYeuPVjiojF5/vqj0xPo6y70JYBW61SdAOAwniLHygvS3+gvNzjA2nd0jZ3CenhZ65v9sxjnAwAAAAAAAAAAAAApXNwv/3/UFb2/0N52f8P5ZXv/z9QcDuA7eceH4iH7OTv7egsAAAAAAAAAAAAAGAzzS1cvTA5MzN9ZQclKsXU/tpOuPbtTdRqtWvZT8FOac/fPJEvhd8p7VmVyPf6PdpZxf1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0VAAD//zk/JL0=")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00')
read$FUSE(r0, &(0x7f00000042c0)={0x2020, 0x0, 0x0, <r1=>0x0, <r2=>0x0}, 0x2020)
chown(0x0, r1, r2)

1.578310482s ago: executing program 1 (id=28):
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b70200"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

1.515167802s ago: executing program 0 (id=30):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10)
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f0000000340), 0x1, 0x775, &(0x7f0000001180)="$eJzs3c9rXNUeAPDvnSRNm/a95MGD9+oqIGigdGJqbBVcVFyIYKGga9thMg01k0zJTEoTAlpEcCOouBB007U/6s6tP7b6X7gQS9W0WHEhkTu5t502M2mSJpnqfD5wM+fceyfnfOf+OGfmHu4NoGeNpn8KEYcj4t0kYjibn0TEQDPVH3Fybb1bK8vldEpidfXlX5LmOjdXlsvR8p7UwSzz/4j45q2II4X15dYXl2ZK1WplPsuPN2YvjNcXl46eny1NV6Yrc8cnJiePnXjqxPGdi/W375cOXXvvhcc/P/nHm/+7+s63SZyMQ9my1jh2ymiMZp/JQPoR3uX5nS6sy5JuV4BtSQ/NvrWjPA7HcPQ1UwDAP9nrEbEKAPSYRPsPAD0m/x3g5spyOZ+6+4vE3rr+XETsX4s/v765tqQ/u2a3v3kddOhmcteVkSQiRnag/NGI+PjLVz9Np9il65AA7bxxOSLOjoyuP/8n68YsbNUTGyzbl72O3jPf+Q/2zldp/+fpdv2/wu3+T7Tp/wy2OXa3477H/4EdKGQDaf/v2Zaxbbda4s+M9GW5fzX7fAPJufPVSnpu+3dEjMXAYJqf2KCMsRt/3ui0rLX/9+v7r32Slp++3lmj8FP/4N3vmSo1Sg8Sc6vrlyMe6W8Xf3J7+ycd+r+nN1nGi8+8/VGnZWn8abz5tD7+yEYn7Y7VKxGPtd3+d0a0JRuOTxxv7g7j+U7Rxhc/fDjUqfzW7Z9Oafn5d4G9kG7/oY3jH0lax2vWt17Gd1eGv+607P7xt9//9yWvNNN5P+JSqdGYn4jYl7y0fv6xO+/N8/n6afxjj7Y//jfa/9PvhGc3GX//tZ8/2378uyuNf2pL23/riau3Zvo6lb+57T/ZTI1lczZz/ttsBR/kswMAAAAAAAAAAAAAAAAAAAAAAACAzSpExKFICsXb6UKhWFx7hvd/Y6hQrdUbR87VFuamovms7JEYKOS3uhxuuR/qRHY//Dx/7J78kxHxn4j4YPBAkt9HcarLsQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA7mCH5/+nfhzsdu0AgF2zv9sVAAD2nPYfAHqP9h8Aeo/2HwB6j/YfAHqP9h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBddvrUqXRa/X1luZzmpy4uLszULh6dqtRnirML5WK5Nn+hOF2rTVcrxXJt9n7/r1qrXZiMuYVL441KvTFeX1w6M1tbmGucOT9bmq6cqQzsSVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAsDX1xaWZUrVamZfYRmL14ahG9xN92e70sNRnTxPJw1GNHU50+cQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8DfxVwAAAP//02Ii/w==")
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000b00)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x20075, r3}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0xfffffffffffffe8b, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r4}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x33000, 0x0, 0x3)

1.409917552s ago: executing program 3 (id=31):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6cb, 0x81a7, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000040)={0x20, 0x0, 0x12, {0x12, 0x1, "325434f5ad7c3c584b6bf77527b8570b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r2, &(0x7f0000000080), 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140)=0x7, 0x4)
sendmmsg(r2, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000540)="c3aa46114e9c741357d3b56d9c91b5d3ee76c3b58642a52092d93aafb943fcaa60ed7ad0c191697f8ac2e7980640cf4db9f98b05c0809a890ae36e77a54f0ebbf6bcb41d17e032319e598b67fb9d0a0fee14392fa523a3a68c71a3f54702682096a2032c8a7ba137722304b6c732ceb26a18d2a8019b641c00232dda2c12c5d0dd503b57355f4810c14e6f7c345c03f74e7e43f5d46c96af0032d24d04de4786b67c0fbd153a444a122f04bbf828aa3ca0d3203df166103e930f82ed942dbb08b8f8967b5ba752800dfea13a0831585711f1dbd904097e4a2c031d0ab93a80fbf825eca29aadb8c84aad617020c58fe000043e60d34c097d64a6241a", 0xfc}, {&(0x7f00000001c0)="7dc56831bc9a3cfbdd90576d74f54a7f37e2eaf3b3c441d367286039281aefcbf3f1cfe908e4abcdb59959c969811d7ba1", 0x31}, {&(0x7f0000000300)="acee4dd4e1204dfdd6ea6458e04cd460e2e15c8932b3873c69dfa7cedf434d986af9349add", 0x25}], 0x3}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000001980)="68d74336cc293842abb9cb4ea587fc3ced207a5ba4b920fe64eb1892ca62235b67694e0e6e9e472426355da2b6141cf538397bb4ef5a4e40193089af44fd5b3eca4385777fc80e07ae9101e479b229aebf945db7c75360c1", 0x58}, {&(0x7f0000001a00)="3d0d443837277085b4fa0c6e0a219a993e7730b2ceab5d2eb98fca35dba08d298060c7d910bdb858296ea0d89d", 0x2d}, {&(0x7f0000001a40)="1d72e38df87099a5a9c9301612dd4ddee5acacd07f9500e550f2b51e002f", 0x1e}, {&(0x7f0000001ac0)="2db29afb8144110411e034e2115ad3f2e9be6167634b71296a0b2daeec35ab3e3c4403d0f39dff2cd5c7c34c9e2c3137d07d4c723bccbc6dd186cc1a6cf6244061110adc96e70a2a8840ad21f2481d4aff75f1eab2fe88c6e91a1baf372b277d6ef26d63d49442f66b351e915d716236fcc0dc91f0a20520a5f44deee2e1a362b685fced45f74f5e6cdb34e3f8802d6672969317ffff99b8fbaa8327d45987974a7aed98e1d35691cb59a49c67c80d19e6336d62f3dfe236dd68c58f079d5e88d0d3c7b7797fff4c17a0dfd1854eb66c567e91d1d8719a4ce9a35b2958cb330ba7f402c8e3c6148fcfc0d6673b380004dac122f51d1c1f6a35a988446d508c8505f370544016c728cec58d8b2bd6b2231cfe175406227a182ab9c8c493cd9dfbdd533879b054a81fd0fb6241d76940070fadc5825eea304dd97d8478c820a774a7c0288a02dcaa709b987106bad4be7b2261fb1f35555e5da6819f288f5422df2ed56bfaad6e60c904789810c793be465542003727f4ca99ea3b43be866dc35a37918fd0226d2c92db10cd1840ce92d38ac7e6c2dd383d7dc639df5376b66dac4f7bb24ba38e4473432d9983e9ec18e0ff22bd24650b0c993c8424f342efc4490606aec807ad00e19ac980575a69c0b9ef3a22d52618c723734dfe8187996baca490fa46c032c0db661a2d0a6d552671d6eb797a48acd51b3d60c1bbe1ed62afc36e1fdabc707de1e9c3d7c652b289c4ac7579254e4d84d24a695ecc025b8881cf792dd0e3d05855b9b8e249255ba6adb995ac62e7512d4570b01a7fb4bbf63877a8536f4b8e01422a275c6a2575f0260aa7a6797db7faab9f65af1b297eaaec2dbd5c7d6446596f3ddb64b18263470b9d8f3ccf451f98cad43227854573d1fa8a5812f3d42621a060ae88e1eab8a493d88304cb9ddedbfd19a82b3a0e640ef3e595a47da9e863c5bd735ad29c93006c22406564492b542d8d5fdcd0af106a86d26d8592b8a80177cf5a168264a425c10ae3989e6b0ccda5d5e7b86238fdcc773eec2767cd757733ffa730f601b4ffdd4238a8fa455aebbb85e9410164f5ed70ebc3835b4d9f3da075e1fc2983ee0648e231d112ba9fa75b49ae53de63b03a5a97732df3a44d999c72293ae31bb9c7de00604a06427e1d42f814e13a1458664ea2bc5e8f28fbe0fc05471855b8b4bfd0fa9a9d708c6bf836ecb36cc9bbb1faf61a7afce78f44e0c9702df1daf1dca1c6eb451162a0de5f842806a0f77f205e245fd609ed23ed3e68c63774ffef867ae1a850db71dd0473fb1de5265002912c4b53010e07a7484f76968aaee60ecde03054e1b4d9d2074509475d9cea27be732f428d3a13d3a9f559a6266fa4646d57c0c8d2a4ad868241ebb312189cef27ff5d529ab4bb0c989fa9b6a2fff831cad0563e25af05a00af33d6cdefba7ac6f614e59f4834b8889cd2ee91f6d2aed7cd5ed93a9e7e9665a387a259ad43f1848380d4f91fad8bfba804125ca05ad48246a2a94ba49540b6c700ce971abc17c87656c6ffaa60b39025a835c251f4f903aca3c391c36a63cfe171e5cc702f9421a63833f19745ae1094ce2fac37abe7b4575a66b939f4a3414162b32cef9f436795d713f1816f533f933193d0b4fc55325ce18ba0b39f13e5032af19e1b728bae5bff289fcbf26ffdf479e2279504cc5f2b836f3fa7a8bbea2f3eedc45a6d764b8b90eeeb15e18202c7783e5ab0f1e", 0x4cc}], 0x4}}, {{0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f0000002c40)="b8cb112b829fc3", 0x7}], 0x1}}], 0x3, 0x40)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
r4 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6cb, 0x81a7, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) (async)
setsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, 0x0, 0x0) (async)
syz_usb_control_io(r0, 0x0, 0x0) (async)
syz_usb_control_io(r0, &(0x7f0000000000)={0x2c, &(0x7f0000000040)={0x20, 0x0, 0x12, {0x12, 0x1, "325434f5ad7c3c584b6bf77527b8570b"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[], 0x50) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r1}, 0x4) (async)
socket$inet6_tcp(0xa, 0x1, 0x0) (async)
setsockopt$inet6_tcp_int(r2, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) (async)
connect$inet6(r2, &(0x7f0000000080), 0x1c) (async)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r2, 0x6, 0x14, &(0x7f00000000c0)=0x1, 0x4) (async)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000140)=0x7, 0x4) (async)
sendmmsg(r2, &(0x7f0000005400)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000540)="c3aa46114e9c741357d3b56d9c91b5d3ee76c3b58642a52092d93aafb943fcaa60ed7ad0c191697f8ac2e7980640cf4db9f98b05c0809a890ae36e77a54f0ebbf6bcb41d17e032319e598b67fb9d0a0fee14392fa523a3a68c71a3f54702682096a2032c8a7ba137722304b6c732ceb26a18d2a8019b641c00232dda2c12c5d0dd503b57355f4810c14e6f7c345c03f74e7e43f5d46c96af0032d24d04de4786b67c0fbd153a444a122f04bbf828aa3ca0d3203df166103e930f82ed942dbb08b8f8967b5ba752800dfea13a0831585711f1dbd904097e4a2c031d0ab93a80fbf825eca29aadb8c84aad617020c58fe000043e60d34c097d64a6241a", 0xfc}, {&(0x7f00000001c0)="7dc56831bc9a3cfbdd90576d74f54a7f37e2eaf3b3c441d367286039281aefcbf3f1cfe908e4abcdb59959c969811d7ba1", 0x31}, {&(0x7f0000000300)="acee4dd4e1204dfdd6ea6458e04cd460e2e15c8932b3873c69dfa7cedf434d986af9349add", 0x25}], 0x3}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000001980)="68d74336cc293842abb9cb4ea587fc3ced207a5ba4b920fe64eb1892ca62235b67694e0e6e9e472426355da2b6141cf538397bb4ef5a4e40193089af44fd5b3eca4385777fc80e07ae9101e479b229aebf945db7c75360c1", 0x58}, {&(0x7f0000001a00)="3d0d443837277085b4fa0c6e0a219a993e7730b2ceab5d2eb98fca35dba08d298060c7d910bdb858296ea0d89d", 0x2d}, {&(0x7f0000001a40)="1d72e38df87099a5a9c9301612dd4ddee5acacd07f9500e550f2b51e002f", 0x1e}, {&(0x7f0000001ac0)="2db29afb8144110411e034e2115ad3f2e9be6167634b71296a0b2daeec35ab3e3c4403d0f39dff2cd5c7c34c9e2c3137d07d4c723bccbc6dd186cc1a6cf6244061110adc96e70a2a8840ad21f2481d4aff75f1eab2fe88c6e91a1baf372b277d6ef26d63d49442f66b351e915d716236fcc0dc91f0a20520a5f44deee2e1a362b685fced45f74f5e6cdb34e3f8802d6672969317ffff99b8fbaa8327d45987974a7aed98e1d35691cb59a49c67c80d19e6336d62f3dfe236dd68c58f079d5e88d0d3c7b7797fff4c17a0dfd1854eb66c567e91d1d8719a4ce9a35b2958cb330ba7f402c8e3c6148fcfc0d6673b380004dac122f51d1c1f6a35a988446d508c8505f370544016c728cec58d8b2bd6b2231cfe175406227a182ab9c8c493cd9dfbdd533879b054a81fd0fb6241d76940070fadc5825eea304dd97d8478c820a774a7c0288a02dcaa709b987106bad4be7b2261fb1f35555e5da6819f288f5422df2ed56bfaad6e60c904789810c793be465542003727f4ca99ea3b43be866dc35a37918fd0226d2c92db10cd1840ce92d38ac7e6c2dd383d7dc639df5376b66dac4f7bb24ba38e4473432d9983e9ec18e0ff22bd24650b0c993c8424f342efc4490606aec807ad00e19ac980575a69c0b9ef3a22d52618c723734dfe8187996baca490fa46c032c0db661a2d0a6d552671d6eb797a48acd51b3d60c1bbe1ed62afc36e1fdabc707de1e9c3d7c652b289c4ac7579254e4d84d24a695ecc025b8881cf792dd0e3d05855b9b8e249255ba6adb995ac62e7512d4570b01a7fb4bbf63877a8536f4b8e01422a275c6a2575f0260aa7a6797db7faab9f65af1b297eaaec2dbd5c7d6446596f3ddb64b18263470b9d8f3ccf451f98cad43227854573d1fa8a5812f3d42621a060ae88e1eab8a493d88304cb9ddedbfd19a82b3a0e640ef3e595a47da9e863c5bd735ad29c93006c22406564492b542d8d5fdcd0af106a86d26d8592b8a80177cf5a168264a425c10ae3989e6b0ccda5d5e7b86238fdcc773eec2767cd757733ffa730f601b4ffdd4238a8fa455aebbb85e9410164f5ed70ebc3835b4d9f3da075e1fc2983ee0648e231d112ba9fa75b49ae53de63b03a5a97732df3a44d999c72293ae31bb9c7de00604a06427e1d42f814e13a1458664ea2bc5e8f28fbe0fc05471855b8b4bfd0fa9a9d708c6bf836ecb36cc9bbb1faf61a7afce78f44e0c9702df1daf1dca1c6eb451162a0de5f842806a0f77f205e245fd609ed23ed3e68c63774ffef867ae1a850db71dd0473fb1de5265002912c4b53010e07a7484f76968aaee60ecde03054e1b4d9d2074509475d9cea27be732f428d3a13d3a9f559a6266fa4646d57c0c8d2a4ad868241ebb312189cef27ff5d529ab4bb0c989fa9b6a2fff831cad0563e25af05a00af33d6cdefba7ac6f614e59f4834b8889cd2ee91f6d2aed7cd5ed93a9e7e9665a387a259ad43f1848380d4f91fad8bfba804125ca05ad48246a2a94ba49540b6c700ce971abc17c87656c6ffaa60b39025a835c251f4f903aca3c391c36a63cfe171e5cc702f9421a63833f19745ae1094ce2fac37abe7b4575a66b939f4a3414162b32cef9f436795d713f1816f533f933193d0b4fc55325ce18ba0b39f13e5032af19e1b728bae5bff289fcbf26ffdf479e2279504cc5f2b836f3fa7a8bbea2f3eedc45a6d764b8b90eeeb15e18202c7783e5ab0f1e", 0x4cc}], 0x4}}, {{0x0, 0x0, &(0x7f0000002cc0)=[{&(0x7f0000002c40)="b8cb112b829fc3", 0x7}], 0x1}}], 0x3, 0x40) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f00000007c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000000)='kfree\x00', r3}, 0x10) (async)
socket$igmp6(0xa, 0x3, 0x2) (async)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) (async)

1.398504733s ago: executing program 1 (id=33):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000000000fcffffffffffffff00", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001300)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip_vti0\x00', <r3=>0x0})
r4 = socket$can_raw(0x1d, 0x3, 0x1)
sendmsg$can_raw(r4, &(0x7f0000000300)={&(0x7f0000000800)={0x1d, r3}, 0x10, &(0x7f0000000880)={&(0x7f0000000840)=@can={{}, 0x0, 0x0, 0x0, 0x0, "ded27feeba7ca62a"}, 0x10}}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000300)={'syztnl2\x00', &(0x7f0000000280)={'ip6tnl0\x00', r3, 0x4, 0x4, 0x9, 0x10, 0x3, @private0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x8000, 0x20, 0x4, 0x6}})
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000004000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r5}, 0x10)
getgid()
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b00000000000000000000000080", @ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000200)={0x8, &(0x7f00000001c0)=[{0x3, 0x2, 0x49, 0x8000}, {0x7, 0x5, 0x7, 0x2}, {0x1, 0x1, 0x23, 0x6}, {0x9, 0x4, 0x0, 0x2}, {0x3, 0x4, 0x70, 0x8}, {0xa, 0x6, 0x4, 0x8}, {0x3, 0x5, 0x0, 0x4}, {0x80, 0x8, 0x8a, 0xfffffffa}]})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r7}, 0x10)
r8 = getuid()
fsetxattr$security_capability(r6, &(0x7f0000000040), &(0x7f0000000180)=@v3={0x3000000, [{0x32, 0x8}], r8}, 0x18, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
fchmodat(0xffffffffffffffff, 0x0, 0x166)

1.122421114s ago: executing program 4 (id=34):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10)
open$dir(0x0, 0x0, 0x0)

1.109366114s ago: executing program 1 (id=35):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001b518110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r0}, &(0x7f0000000000), &(0x7f00000005c0)=r1}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
sendmsg(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0)
syz_emit_ethernet(0x7e, &(0x7f0000000240)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @broadcast, @rand_addr, {[@timestamp_addr={0x44, 0x3c, 0x0, 0x1, 0x0, [{@multicast2}, {@remote}, {@loopback}, {@private=0xa010101, 0x8}, {@remote, 0x1}, {@multicast2, 0x5}, {@empty, 0xb}]}, @rr={0x7, 0x3, 0xf7}]}}}}}}}, 0x0)

1.067741874s ago: executing program 1 (id=36):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000b2fce504ab3f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x16, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="6112b700000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560602000fff07006706000020000000170200000ee60000bf050000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad35010000000000840400000000000014000000000000009500000000000000db13d5d8b741f2cdaabc83df03395287fd51a700ea6553f304000000815dcf00c3eebc52267b042d196bde7c382d21ff79a8583a7482c5994747e19325b1ee980cbd800d845dacbcf5ad8cdbc7abf9"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000002ac0), 0x0, 0x0)
read$rfkill(r2, 0x0, 0x0)
r3 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
writev(r3, &(0x7f0000004340)=[{&(0x7f0000002080)="4f7f61bfe7ec271202403a540b524a03bda1e44111dd69d3924090d27ac2f6b2c654d94690a10a33d0", 0x29}], 0x1)
syz_open_dev$tty20(0xc, 0x4, 0x1)

1.024359685s ago: executing program 2 (id=37):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x50, &(0x7f0000000840), 0x3, 0x51e, &(0x7f0000000100)="$eJzs3dFrJHcdAPDvTLLX5C41qfqgBWuxlUvV2ySN1wYfqoLoU0Gt+HrGZBNCNtkj2bSXUGyKf4AgogVf9MkXwT9AkL74LkJB30VFkXrVB4X2RmZ29u6y2U1yuJuB5POBX3Z+M7Pz/f427G9/v51hJ4BL6+mImI2IsYh4LiKmy/VpWeKwU/L93rv7+kpeksiyV95NIinXdY/1WPl4rXzaRER882sR302Ox93dP9hcbjYbO2V9rr2VvJ9lBzc2tpbXG+uN7cXFhReWXly6uTQ/lHbORMRLX/nrj3/wi6++9JvPvfanW3+f/V6e1n+z7I3oaccwdZpeK16LrvGI2BlFsIqMFy3suFlxLgAAnCwf7384Ij5VjP+nY6wYzQEAAAAXSfbFqXg/icgAAACACyuNiKlI0np5ve9UpGm93rmG96NxNW22dtufXWvtba/m2yJmopaubTQb8+W1AzNRS/L6QnmNbbf+fE99MSKeiIgfTU8W9fpKq7la9ZcfAAAAcElc65n//3u6M/8vHFacHAAAADA8M1UnAAAAAIyc+T8AAABcfOb/AAAAcKF9/eWX85J173+9+ur+3mbr1Rurjd3N+tbeSn2ltXO7vt5qrRe/2bd12vGardbtz8f23p25dmO3Pbe7f3Brq7W33b61ceQW2AAAAMA5euKTb/8xiYjDL0wWJXel3FaLyMYe3nm8igyBUUkfZee/jC4P4Pw9/Pk+WWEewPkzpIfLq1Z1AkDlklO2D7x453fDzwUAABiN6x8ffP7/3bVKUwNGrDz/n5w2/wcunrGqEwAq0zn/dy/rqDob4DzVThoBmBTAhZcO5/z/KZcSJjoUAACo2FRRkrRezgOmIk3r9YjHi9sC1JK1jWZjPiI+FBF/mK49ltcXimcmRvMAAAAAAAAAAAAAAAAAAAAAAAAAcEZZlkQGAAAAXGgR6d+6d+a6Pv3sVO/3A1eS/0wXjxHx2k9f+cmd5XZ7ZyFf/8/769tvleufr+IbDAAAAKBXd57enccDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwDC9d/f1lW45z7j/+HJEzPSLPx4TxeNE1CLi6r+SGH/oeUlEjA0h/uGbEfGxfvGTPK2YKbM4Ev9KRBoRk8OK3/f1PyF+dOJfG0J8uMzezvufL/V7/6XxdPHY//03Xpb/1+D+L73f/40N6P8eH3TQ2tHqk+/8am5g/Dcjnhzv3/904yf58frEf+aMbfzOtw4OBm3Lfh5xvV//lxyNNdfeuj23u39wY2Nreb2x3theXFx4YenFpZtL83NrG81G+bdvjB9+4tf3HtQ+ONb+qyf0v0X7B7z+z56x/R+8c+fuRzqLPf+ZqMXPsmz2mf7//8JnjsfvfvZ9utwrr+evYfrWt/vGf+qXv39qUG55+1cHtH/ilPbPnrH9z33j+38+464AwDnY3T/YXG42GzsWLDzCQj7urDyNJJI4vmm5+sQ6C2+U77HlZvfdNqQj/7acHI0y+Yr6IwAAYHQeDPp7tyTVJAQAAAAAAAAAAAAAAAAAAACX0Kk/AzZoUxoRZ/w5sd6Yh9U0FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgRP8LAAD//0mN1e4=")
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
r0 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r0, 0x0, 0x0)
sendmsg(r0, 0x0, 0x4)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f00000014c0)=@raw={'raw\x00', 0x8, 0x3, 0x528, 0x0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x458, 0xffffffff, 0xffffffff, 0x458, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@empty, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00', {}, {}, 0x62}, 0x0, 0x358, 0x388, 0x0, {}, [@common=@inet=@hashlimit3={{0x158}, {'veth0_to_hsr\x00', {0x4, 0x8, 0x20, 0x5e1b2d47, 0xf91, 0x5, 0x4, 0x9f7, 0x18}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x588)
syz_emit_ethernet(0x4a, &(0x7f0000000180)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "8a37f2", 0x14, 0x2c, 0x0, @remote, @local, {[], {{0x600, 0x5, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x2}}}}}}}, 0x0) (fail_nth: 4)

1.024239725s ago: executing program 4 (id=38):
mkdirat(0xffffffffffffffff, 0x0, 0x0)
socketpair$tipc(0x1e, 0x5, 0x0, 0x0)
close(0xffffffffffffffff)
unshare(0x62040200)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000005c0)=ANY=[@ANYBLOB="780000001000370400"/20, @ANYRES32=r2, @ANYBLOB="8304050001000000580012802c00010069703665727370616e"], 0x78}}, 0x0) (fail_nth: 4)

1.001276105s ago: executing program 0 (id=39):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000003f40)={'veth0_virt_wifi\x00', &(0x7f0000000080)=@ethtool_regs={0x4, 0xffffffff}})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000ff7f000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200001400f400b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
r2 = epoll_create1(0x0)
r3 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000040)={0x20000006})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000140)={0x2005})

766.422636ms ago: executing program 0 (id=40):
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0)
stat(0x0, 0x0) (async)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_eeprom={0x7, 0x7, 0x7f}})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0) (async, rerun: 64)
r5 = socket$inet_tcp(0x2, 0x1, 0x0) (rerun: 64)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r6=>0x0})
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r6], 0x20}}, 0x0) (async)
fchdir(r0)

692.556856ms ago: executing program 4 (id=41):
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r0}, 0x10)
mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[], [{@permit_directio}]})

692.290426ms ago: executing program 0 (id=42):
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
mount(0x0, 0x0, 0x0, 0x1002080, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448de, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r3}, 0x10)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x41, &(0x7f0000000600)=0x6db7, 0x4)
bind$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r2, &(0x7f0000000400)={0x2, 0x4e23, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r0}, 0x0, &(0x7f00000003c0)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
syz_emit_ethernet(0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="bbbbbbbbbbbbaac0aaaaaaaa88a830008100000022f0"], 0x0)

568.494817ms ago: executing program 4 (id=43):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000540))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000200)='ext2\x00', &(0x7f0000000900)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000008c0)={[{@noload}, {@errors_remount}, {@init_itable_val={'init_itable', 0x3d, 0xfff}}]}, 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M")
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x22701, 0x0)
ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "00000000000000000000ffff00"})
r3 = syz_open_pts(r2, 0x0)
r4 = dup3(r3, r2, 0x0)
read$FUSE(r4, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f0000000640), &(0x7f0000000480)='./file0\x00', 0x18000, &(0x7f0000000d00)=ANY=[@ANYRES32=0x0, @ANYRESDEC, @ANYRESHEX=r4, @ANYRES64=r2, @ANYBLOB="fe2ecf20a9a1c2c1f932d2b7163be4b2b9a5bd521d185cfbee555b27608594beba6325923aaf5db74cff01000053db92c6c5fcbba0abd975fc76bea49b00513afc856ed89d3fadeda307ca587354322803b0983cc65725ae7f45fb95e7cdb28c6b886959b7dde2c87c73f6008cf6eed7861f24b7423704b95f3d05b92d3d7ff9d392833ecd02443320b60131a350360fcc1d659e2a03cb469caf0498bacae0735a161345b3d71a55f14ef636b6f832c7a6071fce83904dfd871b6d8e03648dbaa3a039eb5673792cae80335732030f9aeabaf3bb3cc4ca5fe75271d69b2e78beb2b81fc3cf3a18a7ae93a3cdbe6599b99408275e2b4b4477c6fcf4806134e839e13533ec000000000000006a1c000000000000000000000000000000000000000000000000000069c32883293ed9d73b5671a9d86634ffdf7611b7414705e975eb3f1b77a120", @ANYRES64], 0x8, 0x2f1, &(0x7f0000001f00)="$eJzs3L9PE2EYwPGnP2lLoAxGo4nhjS66XKA6K42BxNhEgtT4IzE54KpNz5b0GkyNEZ1cjX+EA2FkI1H+ARY3XVzcWEwcZDDW9HpHS7mClpYi/X4Scg/3vs/d+3IHed4L1617b5/mMpaW0UvijyjxiYhsi4yIX1w+Z+u347A0eiWXB398Pn/n/oNbyVRqckapqeTslYRSanj0w7MXUafb+oBsjjza+p74tnl68+zW79knWUtlLZUvlJSu5gpfS/qcaaiFrJXTlJo2Dd0yVDZvGcVae6HWnjELi4tlpecXhmKLRcOylJ4vq5xRVqWCKhXLKvBYz+aVpmlqKCbewi3296P0ysyMnmwzeb7Dg0GXFItJPSAi0T0t6ZWeDAgAAPRUc/3vF9XJ+n/1wkZp8O7asFP/r4e96v+rX2rH2lX/R0TEs/53z+9Z/+sH1/+N9lZE/eVQ9T+Oh9G9K1pfPaw2FpN6zPn9tb1+uDpmB9T/AAAAAAAAAAAAAAAAAAAAAAD8D7YrlXilUom7W/drQEQiIuJ+75EaEJHrPRgyOugQ1x8nQP3FveCwiPlmKb2Urm2dDhsiYoohYxKXX/b94KjG7ptHqmpEPprLTv7yUjpgtyQzkrXzxyUekub8SmXqZmpyXNXszg9JrDE/IXE55Z2f8MwPy6WLDfmaxOXTvBTElAV7HPX8l+NK3bidasqP2v0AAAAAADgJNLXDc/2uaa3aa/k76+vm5wOB+vp6zHN9HpRzwd7OHQAAAACAfmGVn+d00zSK+wRRObhP+0GwS0d2Z/i3We7/MnRvpvsE7sl3NUWcnR05Rajhovv+4cfSIvBLO1mj1dmow07HfWzUqo9MTxz9FbSDM+/e/+zcAa+tRQ6YaftBYP8bINT9vzwAAAAAjlq96Hf3TPR2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9KGj+HS0Xs8RAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC7+BAAA//84/gHx")
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000300)={'#! ', '', [{0x20, '&)H]]&-p\\\'\xa1^^,-+(,H*-$&&'}, {0x20, ',\\-*/#@,\x8b$'}, {0x20, 'cpu.stat\x00'}]}, 0x32)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ioctl$FS_IOC_GETFSMAP(r5, 0xc0c0583b, &(0x7f0000000d40)=ANY=[@ANYBLOB="000000004c9002000c00000003000100"/128])
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/timer_list\x00', 0x0, 0x0)
r7 = dup3(r1, r6, 0x0)
ioctl$BINDER_WRITE_READ(r7, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000000580)=[@acquire={0x400c6313}], 0x0, 0x0, 0x0})
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000b2fce504ab3f"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r8}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={r8, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0], <r9=>0x0, 0x3b, &(0x7f0000000400)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x8a, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x11, 0x16, &(0x7f0000000240)=ANY=[@ANYRES64=r7], &(0x7f0000000100)='GPL\x00', 0xc, 0x0, 0x0, 0x0, 0x25, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x2, @void, @value}, 0x94)
syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x15, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r10}, 0x10)
r11 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000002ac0), 0x0, 0x0)
read$rfkill(r11, 0x0, 0x0)
openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
r12 = socket$inet(0x2, 0x2, 0x0)
sendto$inet(r12, 0x0, 0x0, 0x200007fd, 0x0, 0x0)

546.223447ms ago: executing program 2 (id=44):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00')
fchdir(r0)
r1 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
process_vm_readv(r1, 0x0, 0x0, &(0x7f0000000740)=[{&(0x7f00000006c0)=""/121, 0x79}, {&(0x7f0000000500)=""/13, 0xd}], 0x2, 0x0)

444.385678ms ago: executing program 2 (id=45):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x12, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001080)=ANY=[@ANYBLOB="1b00000000000000000000000080", @ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
fchmodat(0xffffffffffffffff, 0x0, 0x166)

433.159168ms ago: executing program 2 (id=46):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0xa, 0x2, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='pagemap\x00')
pread64(r4, &(0x7f000001a240)=""/102400, 0x19000, 0x100008)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000))
close(r1)

139.803969ms ago: executing program 1 (id=47):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f0000000640)='./file1\x00', 0x3014850, &(0x7f00000001c0), 0x3, 0x4c1, &(0x7f0000000680)="$eJzs3d9rW9cdAPDvle3ESZzZ2faQBZaFLcMJWyQ7XhKzh8yDsT0FlmXvnmfLxli2jCUnsQnDYX9AofQX7VOf+lLocymU/AmlEGjfSyktoU3Shz60VZF81SSubMvEshLr84Hje8+9V/5+j4SOdO656AbQsU5FxFhEdEXE2YjoT7dn0hJr66V63IP7tyarJYlK5dqXSSTptvr/StLlkfRhvRHxr39E/Df5adzSyurcRKGQX0rrufL8Yq60snpudn5iJj+TXxgbGb44emn0wujQrrX18t8+e+WFt/5++f0/3vhk/Isz/6um1Zfue7wdzVhr8rj1pvfUnou67ohY2kmwZ1hX2p6edicCAEBTqt/xfx4Rv42Ih6+3OxsAAACgFSp/6Ytvk4gKAAAAsG9latfAJplsei1AX2Qy2ez6Nby/jMOZQrFU/sN0cXlhav1a2YHoyUzPFvJD6bXCA9GTVOvDtfVH9fMb6iMRcSwiXuo/VKtnJ4uFqXaf/AAAAIAOcWTD+P/r/vXxPwAAALDPDLQ7AQAAAKDljP8BAABg/9t0/J90720iAAAAQCv888qVaqnU7389dX1lea54/dxUvjSXnV+ezE4WlxazM8XiTO03++a3+3+FYnHxT7GwfDNXzpfKudLK6vh8cXmhPF67r/d43n2iAQAAYO8d+82dj5OIWPvzoVqpOpDua2KsPtba7IBWyuzs8KRVeQB7r6vdCQBt4wJf6Fzm44FtBvYvb6jv8LQBAADwLBj81VPN/5sPhOeYgTx0LvP/0LnM/0PnMv8PHe7g9of0brbjg13OBQAAaJm+Wkky2XQusC8ymWw24mjttgA9yfRsIT8UET+LiI/6ew5W68PtThoAAAAAAAAAAAAAAAAAAAAAAAAAnjOVShIVAAAAYF+LyHyepDfyH+w/3bfx/MCB5Jv+2jIibrxx7dWbE+Xy0nB1+1c/bi+/lm4/344zGAAAAMBG9XF6fRwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALvpwf1bk/Wyl3Hv/TUiBhrF747e2rL33f6IOPwwie7HHpdERNcuxF+7HRHHG8VPqmnFQJrFxviZiDjU5vhHdiE+dLI71f5nrNH7LxOnasvG77/utDyte6c26/8y9f6v1s816v+ONhnjxN13cpvGvx1xortx/1OPnzxl//uff6+ubrav8mbEYMPPn+SJWLny/GKutLJ6bnZ+YiY/k18YGRm+OHpp9MLoUG56tpBP/zaM8eKv3/t+q/Yf3iT+wDbtP91k+7+7e/P+L7aIf+Z3jV//41vErz73v08/B6r7B+vra+vrjzv59ocnt2r/1Cbt3+71P9Nk+89e/f+nTR4KAOyB0srq3EShkF+yYsXK/lu5mr7Rd/zwNndMAADArnv0pb/dmQAAAAAAAAAAAAAAAAAAAEDnavmPkB188pcFetvXVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALf0QAAD//9sy0wA=")
truncate(&(0x7f0000000000)='./file2\x00', 0x80000002328)
bpf$PROG_LOAD(0x5, 0x0, 0x0)

48.21074ms ago: executing program 2 (id=48):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x30, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="4800000010003b1500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010065727370616e0000180002800400120006000e"], 0x48}}, 0x0)

39.31446ms ago: executing program 2 (id=49):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000880)=@newsa={0x148, 0x1a, 0x713, 0x0, 0x0, {{@in6=@loopback, @in=@multicast2}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in=@multicast2, {0x0, 0xfffffffffffffffc}, {}, {}, 0x0, 0x4, 0xa, 0x1}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @XFRMA_SET_MARK={0x8}, @XFRMA_SET_MARK_MASK={0x8}]}, 0x148}}, 0x0) (fail_nth: 4)

0s ago: executing program 1 (id=50):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000003f40)={'veth0_virt_wifi\x00', &(0x7f0000000080)=@ethtool_regs={0x4, 0xffffffff}})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x200000000000011, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000ff7f000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200001400f400b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x2d)
r2 = epoll_create1(0x0)
r3 = eventfd2(0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000180))
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000040)={0x20000006})
epoll_ctl$EPOLL_CTL_MOD(r2, 0x3, r3, &(0x7f0000000140)={0x2005})

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.126' (ED25519) to the list of known hosts.
[   21.122052][   T24] audit: type=1400 audit(1733278750.400:66): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=1925 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   21.123217][  T273] cgroup: Unknown subsys name 'net'
[   21.144533][   T24] audit: type=1400 audit(1733278750.400:67): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.171401][   T24] audit: type=1400 audit(1733278750.440:68): avc:  denied  { unmount } for  pid=273 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   21.171608][  T273] cgroup: Unknown subsys name 'devices'
[   21.288648][  T273] cgroup: Unknown subsys name 'hugetlb'
[   21.294053][  T273] cgroup: Unknown subsys name 'rlimit'
[   21.413200][   T24] audit: type=1400 audit(1733278750.690:69): avc:  denied  { setattr } for  pid=273 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[   21.436298][   T24] audit: type=1400 audit(1733278750.690:70): avc:  denied  { mounton } for  pid=273 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1
Setting up swapspace version 1, size = 127995904 bytes
[   21.442033][  T276] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
[   21.461046][   T24] audit: type=1400 audit(1733278750.690:71): avc:  denied  { mount } for  pid=273 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1
[   21.492384][   T24] audit: type=1400 audit(1733278750.760:72): avc:  denied  { relabelto } for  pid=276 comm="mkswap" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.517872][   T24] audit: type=1400 audit(1733278750.760:73): avc:  denied  { write } for  pid=276 comm="mkswap" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.543631][   T24] audit: type=1400 audit(1733278750.800:74): avc:  denied  { read } for  pid=273 comm="syz-executor" name="swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   21.543705][  T273] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   21.568928][   T24] audit: type=1400 audit(1733278750.800:75): avc:  denied  { open } for  pid=273 comm="syz-executor" path="/root/swap-file" dev="sda1" ino=1928 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[   22.750332][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.757374][  T283] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.764529][  T283] device bridge_slave_0 entered promiscuous mode
[   22.771701][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.778553][  T283] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.785768][  T283] device bridge_slave_1 entered promiscuous mode
[   22.848172][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.855029][  T284] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.862579][  T284] device bridge_slave_0 entered promiscuous mode
[   22.869681][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.876513][  T284] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.883863][  T284] device bridge_slave_1 entered promiscuous mode
[   22.907974][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.914806][  T286] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.922121][  T286] device bridge_slave_0 entered promiscuous mode
[   22.929918][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.936755][  T286] bridge0: port 2(bridge_slave_1) entered disabled state
[   22.943926][  T286] device bridge_slave_1 entered promiscuous mode
[   22.969024][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   22.975866][  T285] bridge0: port 1(bridge_slave_0) entered disabled state
[   22.983328][  T285] device bridge_slave_0 entered promiscuous mode
[   22.990138][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   22.997014][  T285] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.004199][  T285] device bridge_slave_1 entered promiscuous mode
[   23.043349][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.050278][  T289] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.057474][  T289] device bridge_slave_0 entered promiscuous mode
[   23.066585][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.073470][  T289] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.080654][  T289] device bridge_slave_1 entered promiscuous mode
[   23.190283][  T286] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.197155][  T286] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.204235][  T286] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.211045][  T286] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.228808][  T283] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.235647][  T283] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.242836][  T283] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.249712][  T283] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.272654][  T284] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.279525][  T284] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.286627][  T284] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.293441][  T284] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.310104][  T285] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.316969][  T285] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.324059][  T285] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.330881][  T285] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.340101][  T289] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.346963][  T289] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.354141][  T289] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.360994][  T289] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.406707][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.414738][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.422526][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.430300][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.437430][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.445458][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.452623][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.460792][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.468009][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.475028][   T49] bridge0: port 1(bridge_slave_0) entered disabled state
[   23.482191][   T49] bridge0: port 2(bridge_slave_1) entered disabled state
[   23.508241][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.516253][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.524491][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[   23.531804][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.539781][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.548268][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.555086][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.562761][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.570726][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.577568][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.584814][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.592678][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.600430][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.608509][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.615331][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.622567][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.630664][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.637505][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.644866][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.652830][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.659670][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.666855][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.674809][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.681648][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.704715][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[   23.712124][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[   23.720722][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   23.727579][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   23.735183][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.743079][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[   23.751060][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   23.757917][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   23.765012][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.772788][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.780524][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.795119][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   23.803047][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.810937][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   23.819776][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   23.833427][  T283] device veth0_vlan entered promiscuous mode
[   23.840199][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.848498][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.856590][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.864892][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.881586][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.888993][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.896208][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.904831][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.913722][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   23.921633][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   23.929642][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   23.937207][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   23.948358][  T289] device veth0_vlan entered promiscuous mode
[   23.956505][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[   23.964491][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[   23.977769][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   23.985893][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   23.994274][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.002120][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.015836][  T283] device veth1_macvtap entered promiscuous mode
[   24.024247][  T285] device veth0_vlan entered promiscuous mode
[   24.030574][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.038037][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.045240][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.054095][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.062718][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.070914][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.079145][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.086535][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[   24.094614][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[   24.104555][  T286] device veth0_vlan entered promiscuous mode
[   24.121086][  T289] device veth1_macvtap entered promiscuous mode
[   24.127556][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.135289][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.143511][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.151745][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.160667][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.168704][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.176817][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.184681][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.192906][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.200534][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.207870][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.228923][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.237065][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.245071][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.253593][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.262340][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.270454][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.278788][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   24.287253][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   24.296310][  T285] device veth1_macvtap entered promiscuous mode
[   24.315556][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.324495][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.332605][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.341537][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   24.349417][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   24.359477][  T286] device veth1_macvtap entered promiscuous mode
[   24.367984][  T283] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation
[   24.368506][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   24.385645][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   24.393242][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   24.407516][  T284] device veth0_vlan entered promiscuous mode
[   24.425047][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.433499][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.440188][  T310] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[   24.455125][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.463775][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.472479][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   24.472496][  T310] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,usrquota,nouid32,,errors=continue
[   24.509337][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   24.518099][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   24.526313][   T49] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   24.546610][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   24.554757][  T312] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   24.564887][  T284] device veth1_macvtap entered promiscuous mode
[   24.615088][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   25.051693][  T330] ======================================================
[   25.051693][  T330] WARNING: the mand mount option is being deprecated and
[   25.051693][  T330]          will be removed in v5.15!
[   25.051693][  T330] ======================================================
[   25.077268][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   25.086148][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   25.095168][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   25.103814][    T7] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   25.128898][  T329] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3'.
[   25.239440][  T341] capability: warning: `syz.1.11' uses deprecated v2 capabilities in a way that may be insecure
[   25.269320][  T344] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue
[   25.279734][  T342] EXT4-fs error (device loop3): ext4_orphan_get:1395: inode #15: comm syz.3.10: casefold flag without casefold feature
[   25.292082][  T344] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   25.306969][  T342] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz.3.10: missing EA_INODE flag
[   25.330375][  T342] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.10: error while reading EA inode 12 err=-117
[   25.344862][  T342] EXT4-fs (loop3): 1 orphan inode deleted
[   25.351089][  T342] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue
[   25.530897][  T354] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[   25.583288][  T354] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,usrquota,nouid32,,errors=continue
[   25.634333][  T357] mmap: syz.0.13 (357) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst.
[   25.794786][  T370] 9pnet: Insufficient options for proto=fd
[   25.816170][  T370] process 'syz.4.18' launched './file0' with NULL argv: empty string added
[   25.856583][  T368] EXT4-fs (loop1): 1 orphan inode deleted
[   25.863793][  T368] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,
[   25.883202][  T368] ext4 filesystem being mounted at /3/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   25.908998][  T362] F2FS-fs (loop3): invalid crc value
[   25.916268][  T362] F2FS-fs (loop3): Found nat_bits in checkpoint
[   25.961436][  T362] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   25.983474][  T284] attempt to access beyond end of device
[   25.983474][  T284] loop3: rw=2049, want=45104, limit=40427
[   26.012146][  T389] FAULT_INJECTION: forcing a failure.
[   26.012146][  T389] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   26.025783][  T390] FAULT_INJECTION: forcing a failure.
[   26.025783][  T390] name failslab, interval 1, probability 0, space 0, times 1
[   26.038233][  T390] CPU: 0 PID: 390 Comm: syz.4.24 Not tainted 5.10.226-syzkaller-00326-gab7c0abef9cf #0
[   26.047636][  T390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   26.057548][  T390] Call Trace:
[   26.060666][  T390]  dump_stack_lvl+0x1e2/0x24b
[   26.065180][  T390]  ? panic+0x812/0x812
[   26.069089][  T390]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   26.074377][  T390]  dump_stack+0x15/0x17
[   26.078369][  T390]  should_fail+0x3c6/0x510
[   26.082622][  T390]  ? dst_alloc+0x17d/0x590
[   26.086871][  T390]  __should_failslab+0xa4/0xe0
[   26.091480][  T390]  should_failslab+0x9/0x20
[   26.095811][  T390]  kmem_cache_alloc+0x3d/0x2e0
[   26.100412][  T390]  dst_alloc+0x17d/0x590
[   26.104489][  T390]  ip_route_input_rcu+0x1a8a/0x2890
[   26.109524][  T390]  ? unwind_get_return_address+0x4d/0x90
[   26.114988][  T390]  ? ip_route_input_noref+0x110/0x110
[   26.120196][  T390]  ? ipt_do_table+0x14ff/0x1760
[   26.124885][  T390]  ip_route_input_noref+0xba/0x110
[   26.129842][  T390]  ? ip_route_use_hint+0x4f0/0x4f0
[   26.134776][  T390]  ? udp_lib_checksum_complete+0x230/0x230
[   26.140423][  T390]  ? __kasan_check_write+0x14/0x20
[   26.145367][  T390]  ? nf_nat_ipv4_pre_routing+0x255/0x3b0
[   26.150844][  T390]  ip_rcv_finish_core+0x40e/0x12f0
[   26.155781][  T390]  ip_rcv+0xef/0x320
[   26.159507][  T390]  ? ip_local_deliver_finish+0x240/0x240
[   26.164976][  T390]  ? ip_rcv_core+0xaa0/0xaa0
[   26.169405][  T390]  ? __kasan_slab_alloc+0xc3/0xe0
[   26.174260][  T390]  ? __kasan_slab_alloc+0xb1/0xe0
[   26.179124][  T390]  ? ip_local_deliver_finish+0x240/0x240
[   26.184591][  T390]  __netif_receive_skb+0x1c6/0x530
[   26.189541][  T390]  ? ksys_write+0x199/0x2c0
[   26.193878][  T390]  ? __x64_sys_write+0x7b/0x90
[   26.198482][  T390]  ? do_syscall_64+0x34/0x70
[   26.202907][  T390]  ? deliver_ptype_list_skb+0x3c0/0x3c0
[   26.208290][  T390]  netif_receive_skb+0xb0/0x480
[   26.212983][  T390]  ? netif_receive_skb_core+0x210/0x210
[   26.218360][  T390]  tun_rx_batched+0x6d9/0x870
[   26.222870][  T390]  ? eth_type_trans+0x2e4/0x620
[   26.227558][  T390]  ? local_bh_enable+0x30/0x30
[   26.232156][  T390]  tun_get_user+0x2bf3/0x38f0
[   26.236671][  T390]  ? _kstrtoull+0x3a0/0x4a0
[   26.241008][  T390]  ? tun_do_read+0x1f60/0x1f60
[   26.245604][  T390]  ? kstrtouint_from_user+0x20a/0x2a0
[   26.250816][  T390]  ? kstrtol_from_user+0x310/0x310
[   26.255764][  T390]  ? avc_policy_seqno+0x1b/0x70
[   26.260448][  T390]  ? selinux_file_permission+0x2bb/0x560
[   26.265915][  T390]  ? fsnotify_perm+0x67/0x4e0
[   26.270431][  T390]  tun_chr_write_iter+0x1a8/0x250
[   26.275302][  T390]  vfs_write+0xb4c/0xe70
[   26.279378][  T390]  ? kernel_write+0x3d0/0x3d0
[   26.283889][  T390]  ? __fdget_pos+0x209/0x3a0
[   26.288309][  T390]  ? ksys_write+0x77/0x2c0
[   26.292563][  T390]  ksys_write+0x199/0x2c0
[   26.296729][  T390]  ? __ia32_sys_read+0x90/0x90
[   26.301336][  T390]  ? debug_smp_processor_id+0x17/0x20
[   26.306537][  T390]  __x64_sys_write+0x7b/0x90
[   26.310964][  T390]  do_syscall_64+0x34/0x70
[   26.315362][  T390]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.321070][  T390] RIP: 0033:0x7fa245cda9cf
[   26.325335][  T390] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   26.344772][  T390] RSP: 002b:00007fa244353020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   26.353006][  T390] RAX: ffffffffffffffda RBX: 00007fa245ea1fa0 RCX: 00007fa245cda9cf
[   26.360817][  T390] RDX: 000000000000003e RSI: 0000000020000500 RDI: 00000000000000c8
[   26.368626][  T390] RBP: 00007fa2443530a0 R08: 0000000000000000 R09: 0000000000000000
[   26.376438][  T390] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000001
[   26.384267][  T390] R13: 0000000000000000 R14: 00007fa245ea1fa0 R15: 00007ffd25fa8ac8
[   26.396879][   T24] kauditd_printk_skb: 129 callbacks suppressed
[   26.396891][   T24] audit: type=1326 audit(1733278755.320:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.406877][  T389] CPU: 0 PID: 389 Comm: syz.1.23 Not tainted 5.10.226-syzkaller-00326-gab7c0abef9cf #0
[   26.435292][  T389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   26.445334][  T389] Call Trace:
[   26.448470][  T389]  dump_stack_lvl+0x1e2/0x24b
[   26.452963][  T389]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   26.458258][  T389]  dump_stack+0x15/0x17
[   26.462249][  T389]  should_fail+0x3c6/0x510
[   26.466502][  T389]  should_fail_usercopy+0x1a/0x20
[   26.471367][  T389]  _copy_from_user+0x20/0xd0
[   26.475793][  T389]  __se_sys_mount+0x179/0x3b0
[   26.480306][  T389]  ? __x64_sys_mount+0xd0/0xd0
[   26.484903][  T389]  __x64_sys_mount+0xbf/0xd0
[   26.489337][  T389]  do_syscall_64+0x34/0x70
[   26.493582][  T389]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   26.499333][  T389] RIP: 0033:0x7f156b879f19
[   26.503567][  T389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   26.523010][  T389] RSP: 002b:00007f1569ef1058 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[   26.531250][  T389] RAX: ffffffffffffffda RBX: 00007f156ba3ffa0 RCX: 00007f156b879f19
[   26.539060][  T389] RDX: 0000000020000400 RSI: 0000000020000180 RDI: 0000000000000000
[   26.546869][  T389] RBP: 00007f1569ef10a0 R08: 0000000020000300 R09: 0000000000000000
[   26.554680][  T389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   26.562493][  T389] R13: 0000000000000000 R14: 00007f156ba3ffa0 R15: 00007ffda6a1f708
[   26.578756][   T24] audit: type=1326 audit(1733278755.320:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.602004][   T24] audit: type=1326 audit(1733278755.690:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.625552][  T389] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[   26.637412][  T389] overlayfs: missing 'lowerdir'
[   26.648904][   T24] audit: type=1326 audit(1733278755.690:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.673258][   T24] audit: type=1326 audit(1733278755.690:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.698251][   T24] audit: type=1326 audit(1733278755.850:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.721404][   T24] audit: type=1326 audit(1733278755.850:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.756607][   T24] audit: type=1326 audit(1733278755.850:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.804027][  T400] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[   26.843646][   T24] audit: type=1326 audit(1733278755.850:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.866905][   T24] audit: type=1326 audit(1733278755.850:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=385 comm="syz.0.21" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa2c469bf19 code=0x7ffc0000
[   26.890409][  T400] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,debug_want_extra_isize=0x0000000000000084,resuid=0x0000000000000000,max_batch_time=0x0000000000000003,lazytime,jqfmt=vfsold,usrquota,nouid32,,errors=continue
[   26.950700][  T418] FAULT_INJECTION: forcing a failure.
[   26.950700][  T418] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   26.968129][  T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[   26.993321][  T418] CPU: 0 PID: 418 Comm: syz.2.32 Not tainted 5.10.226-syzkaller-00326-gab7c0abef9cf #0
[   27.002772][  T418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   27.012660][  T418] Call Trace:
[   27.015795][  T418]  dump_stack_lvl+0x1e2/0x24b
[   27.020306][  T418]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   27.025598][  T418]  dump_stack+0x15/0x17
[   27.029589][  T418]  should_fail+0x3c6/0x510
[   27.033839][  T418]  should_fail_usercopy+0x1a/0x20
[   27.038706][  T418]  _copy_to_user+0x20/0x90
[   27.042957][  T418]  simple_read_from_buffer+0xc7/0x150
[   27.048166][  T418]  proc_fail_nth_read+0x1a3/0x210
[   27.053027][  T418]  ? proc_fault_inject_write+0x390/0x390
[   27.058489][  T418]  ? security_file_permission+0x86/0xb0
[   27.063873][  T418]  ? rw_verify_area+0x1c3/0x360
[   27.068555][  T418]  ? proc_fault_inject_write+0x390/0x390
[   27.074024][  T418]  vfs_read+0x200/0xba0
[   27.078021][  T418]  ? hashlen_string+0x120/0x120
[   27.082706][  T418]  ? kernel_read+0x70/0x70
[   27.086963][  T418]  ? __kasan_check_write+0x14/0x20
[   27.091922][  T418]  ? mutex_lock+0xa5/0x110
[   27.096156][  T418]  ? mutex_trylock+0xa0/0xa0
[   27.100590][  T418]  ? __fdget_pos+0x2e7/0x3a0
[   27.105009][  T418]  ? ksys_read+0x77/0x2c0
[   27.109185][  T418]  ksys_read+0x199/0x2c0
[   27.113260][  T418]  ? vfs_write+0xe70/0xe70
[   27.117508][  T418]  ? __x64_sys_chmod+0x129/0x180
[   27.122290][  T418]  ? debug_smp_processor_id+0x17/0x20
[   27.127490][  T418]  __x64_sys_read+0x7b/0x90
[   27.131836][  T418]  do_syscall_64+0x34/0x70
[   27.136085][  T418]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.141809][  T418] RIP: 0033:0x7f067bc2692c
[   27.146065][  T418] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[   27.165502][  T418] RSP: 002b:00007f067a29f050 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[   27.173747][  T418] RAX: ffffffffffffffda RBX: 00007f067bdedfa0 RCX: 00007f067bc2692c
[   27.181560][  T418] RDX: 000000000000000f RSI: 00007f067a29f0b0 RDI: 0000000000000006
[   27.189372][  T418] RBP: 00007f067a29f0a0 R08: 0000000000000000 R09: 0000000000000000
[   27.197181][  T418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   27.204993][  T418] R13: 0000000000000000 R14: 00007f067bdedfa0 R15: 00007ffdc744ec58
[   27.300629][  T428] EXT4-fs (loop2): revision level too high, forcing read-only mode
[   27.314546][  T428] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[   27.322851][  T428] System zones: 0-1, 15-15, 18-18, 34-34
[   27.328923][  T428] EXT4-fs (loop2): orphan cleanup on readonly fs
[   27.335170][  T428] EXT4-fs warning (device loop2): ext4_enable_quotas:6467: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[   27.351633][  T428] EXT4-fs (loop2): Cannot turn on quotas: error -22
[   27.358450][  T428] EXT4-fs error (device loop2): ext4_orphan_get:1421: comm syz.2.37: bad orphan inode 16
[   27.370310][  T438] FAULT_INJECTION: forcing a failure.
[   27.370310][  T438] name failslab, interval 1, probability 0, space 0, times 0
[   27.376404][  T428] ext4_test_bit(bit=15, block=18) = 1
[   27.383291][  T438] CPU: 0 PID: 438 Comm: syz.4.38 Not tainted 5.10.226-syzkaller-00326-gab7c0abef9cf #0
[   27.388691][  T428] is_bad_inode(inode)=0
[   27.397453][  T438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   27.397458][  T438] Call Trace:
[   27.397480][  T438]  dump_stack_lvl+0x1e2/0x24b
[   27.397494][  T438]  ? panic+0x812/0x812
[   27.401845][  T428] NEXT_ORPHAN(inode)=0
[   27.411351][  T438]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   27.411361][  T438]  dump_stack+0x15/0x17
[   27.411378][  T438]  should_fail+0x3c6/0x510
[   27.414768][  T428] max_ino=32
[   27.418987][  T438]  ? netlink_sendmsg+0x7a4/0xd00
[   27.419000][  T438]  __should_failslab+0xa4/0xe0
[   27.419026][  T438]  should_failslab+0x9/0x20
[   27.423161][  T428] i_nlink=2
[   27.426797][  T438]  __kmalloc_track_caller+0x5f/0x320
[   27.426807][  T438]  ? kmem_cache_alloc+0x168/0x2e0
[   27.426817][  T438]  ? __alloc_skb+0x80/0x510
[   27.426825][  T438]  ? netlink_sendmsg+0x7a4/0xd00
[   27.426839][  T438]  __alloc_skb+0xbc/0x510
[   27.432580][  T428] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[   27.436256][  T438]  netlink_sendmsg+0x7a4/0xd00
[   27.436276][  T438]  ? netlink_getsockopt+0x5c0/0x5c0
[   27.443230][  T428] xt_hashlimit: size too large, truncated to 1048576
[   27.443560][  T438]  ? kmem_cache_free+0xa9/0x1e0
[   27.513124][  T438]  ? security_socket_sendmsg+0x82/0xb0
[   27.513137][  T438]  ? netlink_getsockopt+0x5c0/0x5c0
[   27.513149][  T438]  ____sys_sendmsg+0x59e/0x8f0
[   27.513160][  T438]  ? __sys_sendmsg_sock+0x40/0x40
[   27.513173][  T438]  ? import_iovec+0xe5/0x120
[   27.513184][  T438]  ___sys_sendmsg+0x252/0x2e0
[   27.513195][  T438]  ? __sys_sendmsg+0x280/0x280
[   27.513216][  T438]  ? rw_verify_area+0x1c3/0x360
[   27.513233][  T438]  ? __fdget+0x1bc/0x240
[   27.513243][  T438]  __se_sys_sendmsg+0x1b1/0x280
[   27.513254][  T438]  ? __x64_sys_sendmsg+0x90/0x90
[   27.513263][  T438]  ? ksys_write+0x260/0x2c0
[   27.513279][  T438]  ? debug_smp_processor_id+0x17/0x20
[   27.513289][  T438]  __x64_sys_sendmsg+0x7b/0x90
[   27.513300][  T438]  do_syscall_64+0x34/0x70
[   27.513311][  T438]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.513321][  T438] RIP: 0033:0x7fa245cdbf19
[   27.513332][  T438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   27.513340][  T438] RSP: 002b:00007fa244332058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   27.513355][  T438] RAX: ffffffffffffffda RBX: 00007fa245ea2080 RCX: 00007fa245cdbf19
[   27.513362][  T438] RDX: 0000000000000000 RSI: 0000000020000380 RDI: 0000000000000003
[   27.513368][  T438] RBP: 00007fa2443320a0 R08: 0000000000000000 R09: 0000000000000000
[   27.513375][  T438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   27.513382][  T438] R13: 0000000000000000 R14: 00007fa245ea2080 R15: 00007ffd25fa8ac8
[   27.514989][  T439] FAULT_INJECTION: forcing a failure.
[   27.514989][  T439] name failslab, interval 1, probability 0, space 0, times 0
[   27.515003][  T439] CPU: 0 PID: 439 Comm: syz.2.37 Not tainted 5.10.226-syzkaller-00326-gab7c0abef9cf #0
[   27.515009][  T439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   27.515014][  T439] Call Trace:
[   27.515029][  T439]  dump_stack_lvl+0x1e2/0x24b
[   27.515040][  T439]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   27.515053][  T439]  ? _get_random_bytes+0x259/0x2b0
[   27.515062][  T439]  dump_stack+0x15/0x17
[   27.515073][  T439]  should_fail+0x3c6/0x510
[   27.515083][  T439]  ? __do_once_done+0x9a/0x1e0
[   27.515096][  T439]  __should_failslab+0xa4/0xe0
[   27.515110][  T439]  should_failslab+0x9/0x20
[   27.515121][  T439]  kmem_cache_alloc_trace+0x3a/0x2e0
[   27.515130][  T439]  __do_once_done+0x9a/0x1e0
[   27.515144][  T439]  hash_conntrack_raw+0x64c/0x660
[   27.515154][  T439]  ? nf_ct_get_tuplepr+0x190/0x190
[   27.515166][  T439]  ? __local_bh_enable_ip+0x53/0x80
[   27.515176][  T439]  ? local_bh_enable+0x1f/0x30
[   27.515187][  T439]  ? __nf_conntrack_find_get+0xe50/0xe50
[   27.515198][  T439]  nf_conntrack_in+0x420/0xce0
[   27.515215][  T439]  ? nf_conntrack_free+0x140/0x140
[   27.515225][  T439]  ? sk_setup_caps+0x430/0x430
[   27.515236][  T439]  ? skb_orphan+0x4d/0xd0
[   27.515247][  T439]  ipv6_conntrack_in+0x1d/0x30
[   27.515255][  T439]  ? ipv4_confirm+0x240/0x240
[   27.515264][  T439]  nf_hook_slow+0xbe/0x200
[   27.515274][  T439]  ipv6_rcv+0x231/0x270
[   27.515285][  T439]  ? ip6_rcv_finish+0x350/0x350
[   27.515294][  T439]  ? refcount_add+0x80/0x80
[   27.515305][  T439]  ? __kasan_slab_alloc+0xc3/0xe0
[   27.515313][  T439]  ? __kasan_slab_alloc+0xb1/0xe0
[   27.515323][  T439]  ? ip6_rcv_finish+0x350/0x350
[   27.515336][  T439]  __netif_receive_skb+0x1c6/0x530
[   27.515346][  T439]  ? ksys_write+0x199/0x2c0
[   27.515355][  T439]  ? __x64_sys_write+0x7b/0x90
[   27.515364][  T439]  ? do_syscall_64+0x34/0x70
[   27.515374][  T439]  ? deliver_ptype_list_skb+0x3c0/0x3c0
[   27.515388][  T439]  netif_receive_skb+0xb0/0x480
[   27.515399][  T439]  ? netif_receive_skb_core+0x210/0x210
[   27.515413][  T439]  tun_rx_batched+0x6d9/0x870
[   27.515424][  T439]  ? eth_type_trans+0x2e4/0x620
[   27.515434][  T439]  ? local_bh_enable+0x30/0x30
[   27.515445][  T439]  tun_get_user+0x2bf3/0x38f0
[   27.515456][  T439]  ? _kstrtoull+0x3a0/0x4a0
[   27.515466][  T439]  ? tun_do_read+0x1f60/0x1f60
[   27.515476][  T439]  ? kstrtouint_from_user+0x20a/0x2a0
[   27.515485][  T439]  ? kstrtol_from_user+0x310/0x310
[   27.515499][  T439]  ? avc_policy_seqno+0x1b/0x70
[   27.515509][  T439]  ? selinux_file_permission+0x2bb/0x560
[   27.515518][  T439]  ? fsnotify_perm+0x67/0x4e0
[   27.515528][  T439]  tun_chr_write_iter+0x1a8/0x250
[   27.515538][  T439]  vfs_write+0xb4c/0xe70
[   27.515549][  T439]  ? kernel_write+0x3d0/0x3d0
[   27.515561][  T439]  ? __fdget_pos+0x209/0x3a0
[   27.515570][  T439]  ? ksys_write+0x77/0x2c0
[   27.515579][  T439]  ksys_write+0x199/0x2c0
[   27.515589][  T439]  ? __ia32_sys_read+0x90/0x90
[   27.515601][  T439]  ? debug_smp_processor_id+0x17/0x20
[   27.515610][  T439]  __x64_sys_write+0x7b/0x90
[   27.515620][  T439]  do_syscall_64+0x34/0x70
[   27.515630][  T439]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   27.515638][  T439] RIP: 0033:0x7f067bc269cf
[   27.515647][  T439] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[   27.515654][  T439] RSP: 002b:00007f067a27e020 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[   27.515671][  T439] RAX: ffffffffffffffda RBX: 00007f067bdee080 RCX: 00007f067bc269cf
[   27.515678][  T439] RDX: 000000000000004a RSI: 0000000020000180 RDI: 00000000000000c8
[   27.515685][  T439] RBP: 00007f067a27e0a0 R08: 0000000000000000 R09: 0000000000000000
[   27.515696][  T439] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000001
[   27.515703][  T439] R13: 0000000000000001 R14: 00007f067bdee080 R15: 00007ffdc744ec58
[   27.591693][  T377] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   27.830011][  T457] EXT4-fs (loop4): Mount option "noload" incompatible with ext2
[   27.935918][  T468] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   28.190341][  T377] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   28.201468][  T377] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   28.211404][  T377] usb 4-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00
[   28.220383][  T377] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   28.230261][  T377] usb 4-1: config 0 descriptor??
[   28.279040][  T475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.48'.
[   28.282050][  T471] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[   28.297243][  T471] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   28.305284][  T480] FAULT_INJECTION: forcing a failure.
[   28.305284][  T480] name failslab, interval 1, probability 0, space 0, times 0
[   28.320378][  T480] CPU: 1 PID: 480 Comm: syz.2.49 Not tainted 5.10.226-syzkaller-00326-gab7c0abef9cf #0
[   28.329807][  T480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   28.339699][  T480] Call Trace:
[   28.342832][  T480]  dump_stack_lvl+0x1e2/0x24b
[   28.347340][  T480]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   28.352633][  T480]  dump_stack+0x15/0x17
[   28.356627][  T480]  should_fail+0x3c6/0x510
[   28.360891][  T480]  ? audit_log_start+0x48c/0x9b0
[   28.365657][  T480]  __should_failslab+0xa4/0xe0
[   28.370256][  T480]  should_failslab+0x9/0x20
[   28.374603][  T480]  kmem_cache_alloc+0x3d/0x2e0
[   28.379203][  T480]  audit_log_start+0x48c/0x9b0
[   28.383812][  T480]  ? audit_serial+0x30/0x30
[   28.388147][  T480]  ? debug_smp_processor_id+0x17/0x20
[   28.393351][  T480]  ? slow_avc_audit+0x3c0/0x3c0
[   28.398037][  T480]  ? avc_audit_pre_callback+0x2b0/0x2b0
[   28.403413][  T480]  common_lsm_audit+0xe4/0x1ba0
[   28.408096][  T480]  ? ipv6_skb_to_auditdata+0xe80/0xe80
[   28.413392][  T480]  ? __kasan_check_write+0x14/0x20
[   28.418351][  T480]  ? _raw_spin_lock_irqsave+0xf9/0x210
[   28.423636][  T480]  ? _raw_spin_lock+0x1b0/0x1b0
[   28.428321][  T480]  slow_avc_audit+0x26c/0x3c0
[   28.432838][  T480]  ? avc_get_hash_stats+0x180/0x180
[   28.437875][  T480]  ? avc_denied+0x13f/0x1b0
[   28.442206][  T480]  avc_has_perm+0x20b/0x400
[   28.446546][  T480]  ? avc_has_perm_noaudit+0x240/0x240
[   28.451758][  T480]  ? unwind_get_return_address+0x4d/0x90
[   28.457220][  T480]  ? arch_stack_walk+0xf3/0x140
[   28.461907][  T480]  selinux_socket_sendmsg+0x243/0x340
[   28.467115][  T480]  ? selinux_socket_accept+0x5b0/0x5b0
[   28.472413][  T480]  ? kmem_cache_free+0xa9/0x1e0
[   28.477100][  T480]  ? check_stack_object+0x114/0x130
[   28.482131][  T480]  security_socket_sendmsg+0x72/0xb0
[   28.487272][  T480]  ____sys_sendmsg+0x51a/0x8f0
[   28.491861][  T480]  ? __sys_sendmsg_sock+0x40/0x40
[   28.496712][  T480]  ? import_iovec+0xe5/0x120
[   28.501142][  T480]  ___sys_sendmsg+0x252/0x2e0
[   28.505654][  T480]  ? __sys_sendmsg+0x280/0x280
[   28.510254][  T480]  ? rw_verify_area+0x1c3/0x360
[   28.514943][  T480]  ? __fdget+0x1bc/0x240
[   28.519018][  T480]  __se_sys_sendmsg+0x1b1/0x280
[   28.523706][  T480]  ? __x64_sys_sendmsg+0x90/0x90
[   28.528478][  T480]  ? ksys_write+0x260/0x2c0
[   28.532819][  T480]  ? debug_smp_processor_id+0x17/0x20
[   28.538027][  T480]  __x64_sys_sendmsg+0x7b/0x90
[   28.542623][  T480]  do_syscall_64+0x34/0x70
[   28.546879][  T480]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.552615][  T480] RIP: 0033:0x7f067bc27f19
[   28.556860][  T480] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   28.576301][  T480] RSP: 002b:00007f067a29f058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   28.584545][  T480] RAX: ffffffffffffffda RBX: 00007f067bdedfa0 RCX: 00007f067bc27f19
[   28.592356][  T480] RDX: 0000000000000000 RSI: 0000000020000180 RDI: 0000000000000003
[   28.600167][  T480] RBP: 00007f067a29f0a0 R08: 0000000000000000 R09: 0000000000000000
[   28.607987][  T480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   28.612089][   T54] ==================================================================
[   28.615796][  T480] R13: 0000000000000000 R14: 00007f067bdedfa0 R15: 00007ffdc744ec58
[   28.623709][   T54] BUG: KASAN: use-after-free in __list_del_entry_valid+0x2f/0x120
[   28.639147][   T54] Read of size 8 at addr ffff888113ca6b88 by task kworker/0:2/54
[   28.646683][   T54] 
[   28.648860][   T54] CPU: 0 PID: 54 Comm: kworker/0:2 Not tainted 5.10.226-syzkaller-00326-gab7c0abef9cf #0
[   28.658493][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   28.668397][   T54] Workqueue: events binder_deferred_func
[   28.673850][   T54] Call Trace:
[   28.676991][   T54]  dump_stack_lvl+0x1e2/0x24b
[   28.681493][   T54]  ? bfq_pos_tree_add_move+0x43b/0x43b
[   28.686797][   T54]  ? panic+0x812/0x812
[   28.690697][   T54]  print_address_description+0x81/0x3b0
[   28.696074][   T54]  ? ____kasan_slab_free+0x12c/0x160
[   28.701195][   T54]  kasan_report+0x179/0x1c0
[   28.705539][   T54]  ? __list_del_entry_valid+0x2f/0x120
[   28.710828][   T54]  ? __list_del_entry_valid+0x2f/0x120
[   28.716126][   T54]  __asan_report_load8_noabort+0x14/0x20
[   28.721592][   T54]  __list_del_entry_valid+0x2f/0x120
[   28.726712][   T54]  binder_release_work+0xcd/0x680
[   28.731572][   T54]  binder_deferred_func+0x1847/0x1bc0
[   28.736789][   T54]  ? read_word_at_a_time+0x12/0x20
[   28.741729][   T54]  process_one_work+0x6dc/0xbd0
[   28.746414][   T54]  worker_thread+0xaea/0x1510
[   28.750930][   T54]  kthread+0x34b/0x3d0
[   28.754850][   T54]  ? worker_clr_flags+0x180/0x180
[   28.759692][   T54]  ? kthread_blkcg+0xd0/0xd0
[   28.764120][   T54]  ret_from_fork+0x1f/0x30
[   28.768371][   T54] 
[   28.770545][   T54] Allocated by task 457:
[   28.774626][   T54]  ____kasan_kmalloc+0xdb/0x110
[   28.779313][   T54]  __kasan_kmalloc+0x9/0x10
[   28.783650][   T54]  kmem_cache_alloc_trace+0x18a/0x2e0
[   28.788861][   T54]  binder_thread_write+0x9ce/0x6c70
[   28.793891][   T54]  binder_ioctl_write_read+0x216/0x6a80
[   28.799269][   T54]  binder_ioctl+0x314/0x1e00
[   28.803698][   T54]  __se_sys_ioctl+0x114/0x190
[   28.808233][   T54]  __x64_sys_ioctl+0x7b/0x90
[   28.812642][   T54]  do_syscall_64+0x34/0x70
[   28.816896][   T54]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   28.822621][   T54] 
[   28.824794][   T54] Freed by task 54:
[   28.828447][   T54]  kasan_set_track+0x4b/0x70
[   28.832866][   T54]  kasan_set_free_info+0x23/0x40
[   28.837639][   T54]  ____kasan_slab_free+0x121/0x160
[   28.842582][   T54]  __kasan_slab_free+0x11/0x20
[   28.847183][   T54]  slab_free_freelist_hook+0xc0/0x190
[   28.852392][   T54]  kfree+0xc3/0x270
[   28.856039][   T54]  binder_free_ref+0x128/0x260
[   28.860637][   T54]  binder_deferred_func+0x171c/0x1bc0
[   28.865847][   T54]  process_one_work+0x6dc/0xbd0
[   28.870531][   T54]  worker_thread+0xaea/0x1510
[   28.875045][   T54]  kthread+0x34b/0x3d0
[   28.878952][   T54]  ret_from_fork+0x1f/0x30
[   28.883196][   T54] 
[   28.885372][   T54] The buggy address belongs to the object at ffff888113ca6b80
[   28.885372][   T54]  which belongs to the cache kmalloc-64 of size 64
[   28.899174][   T54] The buggy address is located 8 bytes inside of
[   28.899174][   T54]  64-byte region [ffff888113ca6b80, ffff888113ca6bc0)
[   28.912029][   T54] The buggy address belongs to the page:
[   28.917511][   T54] page:ffffea00044f2980 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x113ca6
[   28.927563][   T54] flags: 0x4000000000000200(slab)
[   28.932439][   T54] raw: 4000000000000200 ffffea00044ffb00 0000000900000009 ffff888100043800
[   28.940836][   T54] raw: 0000000000000000 0000000000200020 00000001ffffffff 0000000000000000
[   28.949253][   T54] page dumped because: kasan: bad access detected
[   28.955516][   T54] page_owner tracks the page as allocated
[   28.961068][   T54] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x12cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY), pid 107, ts 6228704887, free_ts 0
[   28.975931][   T54]  prep_new_page+0x166/0x180
[   28.980324][   T54]  get_page_from_freelist+0x2d8c/0x2f30
[   28.985704][   T54]  __alloc_pages_nodemask+0x435/0xaf0
[   28.990918][   T54]  new_slab+0x80/0x400
[   28.994819][   T54]  ___slab_alloc+0x302/0x4b0
[   28.999246][   T54]  __slab_alloc+0x63/0xa0
[   29.003411][   T54]  kmem_cache_alloc_trace+0x1bd/0x2e0
[   29.008631][   T54]  kernfs_fop_open+0x7fa/0xab0
[   29.013221][   T54]  do_dentry_open+0x7c1/0x10d0
[   29.017819][   T54]  vfs_open+0x73/0x80
[   29.021637][   T54]  path_openat+0x2660/0x3000
[   29.026069][   T54]  do_filp_open+0x21c/0x460
[   29.030407][   T54]  do_sys_openat2+0x13f/0x710
[   29.034927][   T54]  __x64_sys_openat+0x243/0x290
[   29.039610][   T54]  do_syscall_64+0x34/0x70
[   29.043858][   T54]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[   29.049581][   T54] page_owner free stack trace missing
[   29.054789][   T54] 
[   29.056957][   T54] Memory state around the buggy address:
[   29.062430][   T54]  ffff888113ca6a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   29.070335][   T54]  ffff888113ca6b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   29.078230][   T54] >ffff888113ca6b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   29.086120][   T54]                       ^
[   29.090290][   T54]  ffff888113ca6c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[   29.098196][   T54]  ffff888113ca6c80: 00 00 00 00 00 00 00 02 fc fc fc fc fc fc fc fc
[   29.106084][   T54] ==================================================================
[   29.113983][   T54] Disabling lock debugging due to kernel taint
[   29.120989][   T54] general protection fault, probably for non-canonical address 0xf6c7fc27c0000006: 0000 [#1] PREEMPT SMP KASAN
[   29.132516][   T54] KASAN: maybe wild-memory-access in range [0xb640013e00000030-0xb640013e00000037]
[   29.141627][   T54] CPU: 0 PID: 54 Comm: kworker/0:2 Tainted: G    B             5.10.226-syzkaller-00326-gab7c0abef9cf #0
[   29.152642][   T54] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[   29.162546][   T54] Workqueue: events binder_deferred_func
[   29.168014][   T54] RIP: 0010:__list_del_entry_valid+0x75/0x120
[   29.173909][   T54] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 3c 93 51 ff 49 8b 17 4c 39 f2 75
[   29.193354][   T54] RSP: 0018:ffffc90000ab7c20 EFLAGS: 00010a07
[   29.199250][   T54] RAX: 16c80027c0000006 RBX: ffff88810993ac00 RCX: ffffffff8256c439
[   29.207062][   T54] RDX: dead000000000122 RSI: 0000000000000286 RDI: ffff888113ca6b80
[   29.214877][   T54] RBP: ffffc90000ab7c40 R08: ffffffff813e2a3b R09: 0000000000000003
[   29.222683][   T54] R10: fffffbfff0e11248 R11: dffffc0000000001 R12: dffffc0000000000
[   29.230494][   T54] R13: ffff888113ca6b80 R14: ffff888113ca6b80 R15: b640013e00000036
[   29.238309][   T54] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   29.247077][   T54] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   29.253496][   T54] CR2: 00005555762e64a8 CR3: 000000000660f000 CR4: 00000000003506b0
[   29.261323][   T54] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   29.269125][   T54] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   29.276940][   T54] Call Trace:
[   29.280076][   T54]  ? __die_body+0x62/0xb0
[   29.284226][   T54]  ? die_addr+0x9f/0xd0
[   29.288222][   T54]  ? exc_general_protection+0x3ff/0x490
[   29.293610][   T54]  ? check_panic_on_warn+0x65/0xb0
[   29.298551][   T54]  ? asm_exc_general_protection+0x1e/0x30
[   29.304102][   T54]  ? check_panic_on_warn+0x5b/0xb0
[   29.309052][   T54]  ? __list_del_entry_valid+0x49/0x120
[   29.314352][   T54]  ? __list_del_entry_valid+0x75/0x120
[   29.319639][   T54]  binder_release_work+0xcd/0x680
[   29.324498][   T54]  binder_deferred_func+0x1847/0x1bc0
[   29.329711][   T54]  ? read_word_at_a_time+0x12/0x20
[   29.334653][   T54]  process_one_work+0x6dc/0xbd0
[   29.339344][   T54]  worker_thread+0xaea/0x1510
[   29.343858][   T54]  kthread+0x34b/0x3d0
[   29.347754][   T54]  ? worker_clr_flags+0x180/0x180
[   29.352617][   T54]  ? kthread_blkcg+0xd0/0xd0
[   29.357045][   T54]  ret_from_fork+0x1f/0x30
[   29.361295][   T54] Modules linked in:
[   29.366142][   T54] ---[ end trace 5831cfb900c1c048 ]---
[   29.372960][   T54] RIP: 0010:__list_del_entry_valid+0x75/0x120
[   29.378876][   T54] Code: 1e 48 85 db 74 68 4d 85 ff 74 74 48 ba 00 01 00 00 00 00 ad de 48 39 d3 74 76 48 83 c2 22 49 39 d7 74 7e 4c 89 f8 48 c1 e8 03 <42> 80 3c 20 00 74 08 4c 89 ff e8 3c 93 51 ff 49 8b 17 4c 39 f2 75
[   29.398658][   T54] RSP: 0018:ffffc90000ab7c20 EFLAGS: 00010a07
[   29.404538][   T54] RAX: 16c80027c0000006 RBX: ffff88810993ac00 RCX: ffffffff8256c439
[   29.412611][   T54] RDX: dead000000000122 RSI: 0000000000000286 RDI: ffff888113ca6b80
[   29.420446][   T54] RBP: ffffc90000ab7c40 R08: ffffffff813e2a3b R09: 0000000000000003
[   29.428238][   T54] R10: fffffbfff0e11248 R11: dffffc0000000001 R12: dffffc0000000000
[   29.436026][   T54] R13: ffff888113ca6b80 R14: ffff888113ca6b80 R15: b640013e00000036
[   29.443871][   T54] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[   29.452791][   T54] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   29.459211][   T54] CR2: 00005555762e64a8 CR3: 000000000660f000 CR4: 00000000003506b0
[   29.467004][   T54] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   29.474802][   T54] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   29.482870][   T54] Kernel panic - not syncing: Fatal exception
[   29.488977][   T54] Kernel Offset: disabled
[   29.493101][   T54] Rebooting in 86400 seconds..