last executing test programs:

3m4.536298802s ago: executing program 2 (id=18):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="0600"})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
write$FUSE_BMAP(0xffffffffffffffff, &(0x7f0000000000)={0x18}, 0x18)
r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000380)={0xc, 0x0, <r2=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r2})

3m4.169984681s ago: executing program 2 (id=21):
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
fsmount(0xffffffffffffffff, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r0 = socket$inet6(0xa, 0x3, 0xff)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x6ffffffffffffffe, 0x0)
read$msr(r1, &(0x7f000001b000)=""/102400, 0x19000)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x4e22, 0x0, @remote, 0x4ffc}, 0x1c)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
setsockopt$inet6_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2)
open_tree(0xffffffffffffff9c, &(0x7f0000000040)='\x00', 0x1101) (fail_nth: 3)

3m2.988446365s ago: executing program 2 (id=23):
socket$inet(0x2, 0x3, 0x2)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='xprt_reserve\x00', r0}, 0x18)
r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r1, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

3m2.110653226s ago: executing program 2 (id=25):
syz_open_dev$sg(&(0x7f00000007c0), 0x0, 0x0)
syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000003c0)={0x1, &(0x7f0000000040)=[{0xfbc, 0xfd, 0x0, 0x7fffffff}]})
close_range(r1, 0xffffffffffffffff, 0x0)
r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080), 0x200, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c00598f2f223a0a12f76404ad3bd59a04fbd75d1008c039c51a2a013e63af1c9ed7416faa1e2ea98d0f1c7337a5c81920988a4299a77054cdb12285fd7a0e5b43382d962372b73042593a5bd6b7db4a1b3721c62f11018727c29f3a1bd1e554474ea0d1da2a20b205df342a04a34b65e16a23e8e7811a984963073ebcbead85f9e4332bdef4c1ce54a1c6f7a47b75aa95b9e8cb616be40a0000b1309ee426d1803ef09abb9509846c34b9ac0bf109cedbd12c850effda9ae677566159f9c83da7ff6e247e3ac43c0a663c8c83650692e474bac2c047b238601bd5187d6bed82fe2034512ef11b74a98252198c4402bcf3165561157678e9d50831c27d1094a04d8c7607d7164033cda7a81704824d3107f232de8c31f57de3f78727828e8206403db4", @ANYRES32], 0x1, 0x4468, &(0x7f0000010780)="$eJzs3c9rG1ceAPA3spPY2SRrZxPIwsIKNrDL7mLsnHbrQB3H+WEnborbhNKLIttK4la2gi2XHnJwb4GeCj2UHkIK7cmnkEOv6Z/QSw89pKceQttDoRQKoS6SRrZmZNVKsGycfj4Hj+a9ee99re/M6I1AM5lY+dbcUnZuKZtfyJZmbiydyr5TKi7PF0JmhyTG74nH37dz49OeTuwnu73v/ZFdOXv+tWunQvhi9qsna2tra6GiO2xqqOH1zz/emWlc1mVSbSr9bt7bdnkzhHCsKa6KrhDCG5+HEIUQzsRlo/GyN4RwONTqrt15/3p2m6J58LhwOvd08u7D4ZMTq/cetv7foxA+Lv71vzfnv/9H1/A3/96m4QEAAAAAAAAAAAAAAAAA2OMuTF25+urgUHgUhe7VqOH3ur1xfbxdq9/Hrm2bv7eM8bv0j4oBAAAAAAAAAAAAAAAAAADgBbPx+/9sdDRqfl73WLwcadF+7eXOx0jnjL9yZezc4FD8/Peoqf5/cdEPZ7pC/ybPfU8///1Mqv3mz39vHud51eOrj9sXosxAYj2TGRgI4ZP4we8nooOZYmmp/J8bpeWF2W0LY89K5r92o41EduJ7b7Sb/9FU/51//v9fmvamyvr17dvFXmjJ/He13O7T96K28n821W4n8v+s3E5mQzL/3dWy3sYNRmrvViX/H3Rvnf+xVP9t5b/32eM+EkLIRpWm2cQZoDKHqZS3mq+QlMz/vmpZ4tQZv5Gtjv9fUvk/l+p/t87/K+kPIjaVzP/+allPYouN47//p/hWXb9z/J9P9b8b+a/Ev1ItnPqss2Pvfcn8H6gVdic2qb6T7Z7/LySa7u9Y/q9m4jiPRIk9YDWqlbe6Xx1Jyfz3NNVvXP9l2pr/XUy136nrv/q4fSFUr//qp/9/RbXrPzaXzH/TROzr4/GFVLvH/3iqg06f/0eq8z+eVzL/B6tlyblzX/Vvu/mfSPWfzv+3f9qeuKuzkp56/jfOJ78eqJXfN/9rSzL/cXIyjd8DrFT/Vud/0dbz/0up/ndj/lfZOVZSF/n7OxvEnpXM/6F09fHh+EUl/1+28fl/OdVB5/MfwqDv+p5bMv+HW25XPf57ts7/ZKpdp/P/zy3q059HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+a0XjZF6LMQGI9kxkYCOFsvH4iHIym87O56WJp5u2lEMbi8mw4Gt0slqbzxdzcQmm2kMsXi6WZEM7F9cdCT7RULJVz8/nb59f76o1uFfKL5elCvhxCuBCX/y0crvc1PVeez98OIVxcr/tzprR4+1Z+ITc7t/jS4ODgYBhfj6E/KrxbLiyUa6PXakOYWG/bFzUEV62+tB7Loeit0vLiQr5YLb/c0KZYmskXG9pMxnUfhv6ovLi8MJMvF3LF0s36eLtpJF6OjU+9PnV5qKn+elRbju5sWAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8o0fD//8ohNBdW8uEEEbqL6LNtn/wuHA693Ty7sPhkxOr9+4/abUdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/MYOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVdukYJWIgCgPwm7GJncewCklnG1FECyOCJ9BjeBg9ipfwDhYWtlaCzCxhdwLb7Fbf10zIT/IezA8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs5+ZxfnoYxogUXY6Ij5fPr2V+V863y/b3J0fYkcO5vZ+vroex3HvayS/Kq+8p/6e/P6/P0Tir962ebPqUlv+uz6ere7X61jXKVverc88i5T4ippKfp5z7fnUMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhB44FAAAAAIT5W2fRtQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAzAoAAP//v5Ynrg==")
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x100)
read(r4, 0x0, 0x0)
bind$alg(r3, &(0x7f0000000a00)={0x26, 'aead\x00', 0x0, 0x0, 'generic-gcm-aesni\x00'}, 0x58)
getpeername$packet(r2, &(0x7f0000000180)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000240)=0x14)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000a80)={{0x14}, [@NFT_MSG_NEWOBJ={0x130, 0x12, 0xa, 0x5, 0x0, 0x0, {0xa, 0x0, 0x8}, @NFT_OBJECT_SECMARK=@NFTA_OBJ_DATA={0x11c, 0x4, 0x0, 0x1, [@NFTA_SECMARK_CTX={0x2b, 0x1, 'system_u:object_r:crond_unit_file_t:s0\x00'}, @NFTA_SECMARK_CTX={0x26, 0x1, 'system_u:object_r:v4l_device_t:s0\x00'}, @NFTA_SECMARK_CTX={0x1f, 0x1, 'system_u:object_r:tmp_t:s0\x00'}, @NFTA_SECMARK_CTX={0x26, 0x1, 'system_u:object_r:agp_device_t:s0\x00'}, @NFTA_SECMARK_CTX={0x25, 0x1, 'system_u:object_r:mount_tmp_t:s0\x00'}, @NFTA_SECMARK_CTX={0x2c, 0x1, 'system_u:object_r:removable_device_t:s0\x00'}, @NFTA_SECMARK_CTX={0x28, 0x1, 'system_u:object_r:sshd_var_run_t:s0\x00'}]}}, @NFT_MSG_NEWSET={0x7c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffe}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x40, 0x11, 0x0, 0x1, @synproxy={{0xd}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0x5}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x7}, @NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x5}, @NFTA_SYNPROXY_WSCALE={0x5, 0x2, 0x33}, @NFTA_SYNPROXY_MSS={0x6, 0x1, 0x1, 0x0, 0x1}]}}}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x210}}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)=@delqdisc={0xac, 0x25, 0x200, 0x70bd28, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0xfff1, 0x9}, {0x5, 0x7}, {0xb, 0xb}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x2}}, @TCA_STAB={0x80, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0xd, 0x3, 0xfffffffc, 0x0, 0x9, 0x3, 0xa}}, {0x18, 0x2, [0x9, 0x3, 0xdf, 0x7864, 0xfffe, 0x5, 0x1, 0xffff, 0xaa2, 0xf800]}}, {{0x1c, 0x1, {0x4, 0x4, 0x9, 0x7f, 0x2, 0x9, 0x7, 0x2}}, {0x8, 0x2, [0x4, 0xfffc]}}, {{0x1c, 0x1, {0x7, 0x1, 0x6, 0x2, 0x0, 0x3, 0xae, 0x1}}, {0x6, 0x2, [0x1]}}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x40010}, 0x20008011)
accept4(r3, 0x0, 0x0, 0x0)
r7 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r7, 0x6, 0x1, 0x0, &(0x7f0000000180)=0xffffffffffffff2e)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x801, 0x84)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_emit_vhci(&(0x7f0000000400)=@HCI_VENDOR_PKT, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r8, @ANYRES16=r0], 0x0)

2m58.610766973s ago: executing program 2 (id=33):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x2008042, &(0x7f00000000c0), 0x1, 0x571, &(0x7f0000000780)="$eJzs3c+PG1cdAPDvzP5yk7SbQA9QAQlQCCiKnXXaqOql5QJCVSVExQFxSJddZ7XEjkPsLd0lUrd/A0ggcYI/gQMSB6SeOHDjiMQBEOWAVCACJUgcBs3Yu+ts7MSNvXaz/nykybyZN+Pve/bOvOdnxy+AmXUuInYjYjEi3oyI5e7+pLvEq50lP+7undtr9+7cXksiy974Z1Lk5/ui55zcye5jliLim1+L+G7yYNzW9s711Xq9dqu7XWk3blZa2zsXNxurG7WN2o1q9crKlUsvXX6xOra6nm388oOvbr72rd/8+tPv/373yz/Mi3Wqm9dbj3HqVH1hP05uPiJeO4pgUzDXXS9OuRw8njQiPhYRnyuu/+WYK/46AYDjLMuWI1vu3QYAjru0GANL0nJEpGm3E1DujOE9GyfSerPVvnCtuXVjvTNWdjoW0mub9dqlM0t//H5x8EKSb68UeUV+sV09tH05Is5ExI+Xniq2y2vN+vp0ujwAMPNO9rb/EfGfpTQtl4c6tc+negDAE6M07QIAABOn/QeA2aP9B4DZM0T73/2wf/fIywIATIb3/wAwe7T/ADB7tP8AMFO+8frr+ZLd6/7+9fpb21vXm29dXK+1rpcbW2vlteatm+WNZnOj+M2exqMer95s3lx5IbberrRrrXaltb1ztdHcutG+Wvyu99XawkRqBQA8zJmz7/0hiYjdl58qluiZy0FbDcdbOsajgCfL3Cgn6yDAE81sXzC7hmrCi07C7468LMB09P0x71Lf5P1++iGC+J4RfKSc/+Tw4//meIbjxcg+zK7HG/9/ZezlACbvscf//zzecgCTl2XJ4Tn/F/ezAIBjaYSv8GXvjKsTAkzVoybzHsvn/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHDMnIqI70WSlou5wNP837Rcjng6Ik7HQnJts167FBHPxNmIWFjKt1emXWgAYETp35Pu/F/nl58/dTh3MfnvUrGOiB/87I2fvL3abt9ayff/a3//0t70YdWD80aYVxAAGN5fhzmoaL+r3XXPG/m7d26v7S1HWMYHfPCV/clH1+7duV0snZz5yLIsiygVfYkT/05ivntOKSKei4i5McTffTciPtGv/kkxNnK6O/Npb/zoxn56ovHT++KnRV5nnT99Hx9DWWDWvJfff149fP3NFVfWueKI/td/qbhDja64/5Ui9u59B/e/veu9VJTmcPz8mj83bIwXfvv1B3Zmy528dyOem+8XP9mPnwyI//yQ8f/0qc/86JUBednPI85H//i9sSrtxs1Ka3vn4mZjdaO2UbtRrV5ZuXLppcsvVivFGHVlb6T6Qf94+cIzg8qW1//EgPidV/7kofov7p/7hSHr/4v/vfmdzx5sLh2O/6XP93/9ny3W/Z//vE384pDxV0/8auD03Xn89QH1f9Trf2HI+O//bWd9yEMBgAlobe9cX63Xa7dGSuTvQj/8WVmWvZOX4SHH5NnDPeBed3G06vwlisTB05JEEqM/P/cn8s7YMAcvjFyd+xJ7wyXjrk6fxPx+X3G8j/zth/+1DEosjhI0HXstHicRp7uJu5MKOpXbETBBBxf9tEsCAAAAAAAAAAAAAAAMMon/wzTtOgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHB8/T8AAP//Z1e+LQ==")
socket(0x3b, 0x3, 0x0) (async)
r0 = socket(0x3b, 0x3, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0)={0x0, <r1=>0x0}, &(0x7f0000000180)=0xc)
quotactl$Q_GETQUOTA(0xffffffff80000700, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, r1, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$GTP_CMD_GETPDP(r2, &(0x7f0000002880)={0x0, 0x0, &(0x7f0000002840)={&(0x7f00000003c0)={0x1c, r3, 0x200, 0x270bd25, 0x25dfdbfe, {}, [@GTPA_PEER_ADDRESS={0x8, 0x4, @dev={0xac, 0x14, 0x14, 0x1a}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c810}, 0x24008040)
socket$nl_route(0x10, 0x3, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_vlan\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f00000002c0)={'sit0\x00', &(0x7f0000000200)={'gretap0\x00', <r6=>0x0, 0x8000, 0x7800, 0x3, 0x7, {{0x25, 0x4, 0x0, 0x4, 0x94, 0x64, 0x0, 0x9, 0x4, 0x0, @private=0xa010102, @private=0xa010100, {[@ssrr={0x89, 0x23, 0x25, [@broadcast, @broadcast, @local, @private=0xa010101, @local, @loopback, @remote, @remote]}, @cipso={0x86, 0x8, 0x2, [{0x0, 0x2}]}, @generic={0x89, 0x8, "142896cdafcd"}, @timestamp={0x44, 0xc, 0x89, 0x0, 0x4, [0x9e3, 0xa8]}, @timestamp_addr={0x44, 0x24, 0xac, 0x1, 0x5, [{@rand_addr=0x64010101, 0x2}, {@multicast1, 0x7fffffff}, {@local, 0x8}, {@rand_addr=0x64010100, 0x4}]}, @timestamp_prespec={0x44, 0x1c, 0x85, 0x3, 0x2, [{@empty}, {@empty, 0x3}, {@multicast1, 0xc}]}]}}}}})
socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000140)={'batadv0\x00', <r8=>0x0})
r9 = syz_genetlink_get_family_id$batadv(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x1c, r9, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}}, 0x4004) (async)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x1c, r9, 0x1, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r8}]}, 0x1c}}, 0x4004)
sendmsg$GTP_CMD_NEWPDP(r0, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x3c, r3, 0x400, 0x70bd28, 0x25dfdbfb, {}, [@GTPA_O_TEI={0x8, 0x9, 0x3}, @GTPA_LINK={0x8, 0x1, r5}, @GTPA_LINK={0x8, 0x1, r6}, @GTPA_FAMILY={0x5, 0xd, 0x2b}, @GTPA_LINK={0x8, 0x1, r8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40c0}, 0x40000)
personality(0x619641b6fb4b8591) (async)
personality(0x619641b6fb4b8591)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async)
mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20308c, 0x0, 0x0, 0x0, 0x0)
mount$cgroup(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000100)={[{@subsystem='cpuset'}]})
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
add_key(&(0x7f0000000040)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) (async)
add_key(&(0x7f0000000040)='dns_resolver\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[], [], 0x5c}) (async)
mount$overlay(0x0, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[], [], 0x5c})

2m56.208313515s ago: executing program 2 (id=38):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x1, 0x2000200002a95c, 0x0, 0x9, 0x29b5705a, 0x48cd, 0xfffffffffffffffc, 0x800000df})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r6 = dup(r5)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) (async)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r6, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r6, &(0x7f00000000c0)={0x18}, 0x18) (async)
write$FUSE_GETXATTR(r6, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8) (async)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c63616368653d667363616368652c004a274bef3c1a5a67d243c956876c14d52469938b30cf0163"])
r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22)
writev(r7, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1) (async)
writev(r7, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)
gettid()

2m40.282226595s ago: executing program 32 (id=38):
mkdir(&(0x7f0000000440)='./file1\x00', 0x0) (async)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x1, 0x2000200002a95c, 0x0, 0x9, 0x29b5705a, 0x48cd, 0xfffffffffffffffc, 0x800000df})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @lirc_mode2=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket(0x1, 0x803, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) (async)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
pipe2$9p(&(0x7f00000001c0), 0x0) (async)
pipe2$9p(&(0x7f00000001c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r6 = dup(r5)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0) (async)
open(&(0x7f0000000100)='./file0\x00', 0x440, 0x0)
write$FUSE_BMAP(r6, &(0x7f0000000000)={0x18, 0x0, 0x0, {0x3b9}}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r6, &(0x7f00000000c0)={0x18}, 0x18) (async)
write$FUSE_GETXATTR(r6, &(0x7f00000000c0)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8) (async)
write$FUSE_DIRENTPLUS(r6, &(0x7f00000005c0)=ANY=[@ANYBLOB="b900"], 0xb8)
mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x1010412, &(0x7f0000000780)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB="2c63616368653d667363616368652c004a274bef3c1a5a67d243c956876c14d52469938b30cf0163"])
r7 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x22)
writev(r7, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1) (async)
writev(r7, &(0x7f0000000000)=[{&(0x7f00000006c0)='\t', 0x2003f}], 0x1)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0)
gettid()

1m30.260521787s ago: executing program 1 (id=239):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=@newlink={0x40, 0x10, 0x503, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, 0x20000}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_MACSEC_CIPHER_SUITE={0xc}]}}}]}, 0x40}}, 0x0) (fail_nth: 3)

1m30.236701566s ago: executing program 1 (id=240):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="4c000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e657400000000050005000a000000050001000600000020a1ed6263dc22104cb32adc4d58ac33b75e8c09df4281e644c14b224bed1c46dfaa269edde9e1e40b9eb009ac5baea8dd8fe5d81461390229109225afd86eb3993541489beec527b722da2b92cfdf29dc615257909fa97d"], 0x4c}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x4, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4)

1m30.09292873s ago: executing program 1 (id=241):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='sessionid\x00')
preadv(r0, &(0x7f0000000080)=[{&(0x7f0000000100)=""/239, 0xef}], 0x1, 0x2, 0x2)
r1 = socket$kcm(0xa, 0x6, 0x0)
sendmsg$kcm(r1, &(0x7f0000000040)={&(0x7f0000001b00)=@caif=@rfm={0x25, 0xa1c6, "d7a22a7e00ddff00"}, 0x80, 0x0}, 0x24000001)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x6, &(0x7f00000025c0)=ANY=[@ANYBLOB="05000000000000007111aa00000000008510000002000000850000000000000095000000000000009500a50500000000d7b06b96630540912cb88e219c005c66e23980dbefd0"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x6}, 0x70)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000b40)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109025c000201fe007d0904000001020d0000052406000105240000000d240f0102000000080000000006241a0020000905810308000000100904010000020d00000904010102020d00000905820220000000000905030208"], 0x0)

1m28.364293526s ago: executing program 1 (id=249):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='=00000000000000000000000,decompose,nls=cp874,uid=', @ANYRESHEX=0xee01, @ANYBLOB=',nobarrier,part=0x0000000000000006,\x00'], 0x20, 0x6de, &(0x7f0000000840)="$eJzs3U9sW3cdAPDvsx0n7qTMG+1WEFKjVVSwQpvEjBYJiYIQymGCSlx2DW26RnWyKslQWiHqAYMjnFAPOwyhcNgJcUAa4oAYZyQk7r1X4sCt4oDRe34vsZ3Esds4abvPR3p+v+f3+/N9X//es/3SygF8ai28FROtSGLh/Jub6faDrUbzwVZjpShHxGRElCIqnVUkqxHJJxFXorPEZ9Mn8+6S/cZ54+HHH5y7/1Gjs1XJl6x+aVC7He0BI7TyJWYiopyvR1TZr79re/R3b6Suk+2404SdLRIHx629S2uU5kOct8DT7l5EeWKP5+sRJyJiKv8cEPnVoXTE4R26ka5yAAAA8HQqH1ThxUfxKDZj+mjCAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdD0vnNwCRfSkV5JpL89/+/n1fLVKvHG+4BvnzA/vdvHFEgAAAAAAAAAHD4JnaKZx7Fo9iM6WK7nWR/838t2ziZPb4Q78Z6LMVaXIjNWIyN2Ii1mIuYmO7qs7q5uLGxNre75W8ibdlut+/lLecjor6r5fyYjxkAAAAAAAAAnm8/jYWYPu4gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgWxJR7qyy5WRRrkepEhFTEVFN67Ui/lKUn2V/Pe4AAAAAYPxq+Xo6+V+n0E6y7/yvZN/7p+LdWI2NWI6NaMZSXM/uBXS+9Zf+2Wo0H2w1VtJld8ff+vdIcWQ9RkQ53ttn5NmsxqntFgvx3fhBnI+ZuBprsRw/isXYiKWYiVp6ELEYSdRrnbsX9SLO3njLeVdXekK52h/bmb7t01kktbgRy1lsF+JateitlNVI4nTXaH+qRvRl6L00O8k3c0Pm6HrX6/Xr/L5Mrv3ikH2MRz078ontjMymuc+z8dLeuS+MOE/6R5qL0vY9qJM7o6Sb/SMVOf/hKDk/ka/TXP+iN+eHbcRbaf2ZmI9SPvsiXunN+e0v3H+5t/GX/vW3qzdLq7du3lg/P8ZDGquJotCfiUZXJl4dPPvyTDTTTLSGz8RE/xNTT3Ach6iaZ6NzYRvuavmdrLQYr3VNwXfieizFpZiNubgcs/H1mI9Gzww71ZPXSmOlNyfZuVbafX2rDQj+7Be7Kv3ygMpHK83LS1157b7S1bN9+TNXfhWzXVl6efDse5x3gcrn8kI6xs+233GeBj2ZyK/NRXTFG9Q+mfhtO31cb67eWru5eHvI8c7l6/S0fb/32vy7Jz6YJ5LOl/SKW8m2spzUivmS7vvMdrS9+armf3HptCvt2ndqe189pmM5vrfvmVrNP8Pt7qmz79U99zWyfae79vV8yol3opl9CukzczRZBWBoJ14/Ua09rP2j9mHt57WbtTenvj15efLz1Zj4e+XP5T+Ufl/6RvJ6fBg/ienjjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4H63fu3lpsNpfWxlioPuZYUTqwztYLw3UY9YjBYyV5oTrubDwFhf9MDcxGLcY0+h8jYkCd6hMPkYx/PqcT+VA6LH44LXumXR6heaVotXedSqxP7fcKTu687lG/tdj8b7unTi26ThngOXdxY+X2xfU7d7+yvLL49tLbS6vzly9dvtT42txXL95Ybi7Ndh6PO0pgHNbv3C0fdwwAAAAAAAAAAADAaPJ//b/x2P+ZoXJAnera+t4jnznqQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeUQtvxUQrkpibvTCbbj/YajTTpSjv1KxERCkikh9HJJ9EXInOEvWu7pL9xnnj4ccfnLv/UWOnr0pRvzSo3XBa+RIzEVHO1web3KOb3f1d6+qv9VjhJdtHmCbsbJE4OG7/DwAA//9tSfWT")
add_key(&(0x7f0000000340)='dns_resolver\x00', 0x0, &(0x7f0000000180)="0098", 0x2, 0xfffffffffffffffb)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={0x0}, 0x18)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_usb_connect(0x0, 0x56, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000014e2fc203c419b81c0a701020301090244000100000000090400000302060000052406000005240000000d240f"], 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000080), 0x12)
write$cgroup_pid(r1, &(0x7f0000000c40), 0x12)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)

1m25.812208997s ago: executing program 1 (id=262):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, 0x0, 0x0)
ioctl$IOMMU_HWPT_ALLOC$NONE(0xffffffffffffffff, 0x3b89, &(0x7f0000000180)={0x28, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
capset(0x0, &(0x7f0000000040)={0x200000, 0x200000})
bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x2, &(0x7f0000002400)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r4, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x200000d5}, 0x4000)
recvmmsg(r6, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0xfffffdfd}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000cc0)=""/261, 0x105}, {&(0x7f0000001b40)=""/4109, 0x100d}, {&(0x7f0000000800)=""/229, 0xe5}], 0x4}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x7243}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f00000000c0)=""/154, 0x9a}, {&(0x7f0000000940)=""/238, 0xee}, {&(0x7f0000002b80)=""/4098, 0x1002}, {&(0x7f0000003e40)=""/4111, 0x100f}, {&(0x7f00000003c0)=""/101, 0x65}], 0x5}, 0x1452}, {{0x0, 0x0, 0x0}, 0x80000000}], 0x8, 0x22, 0x0)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x47, 0xc34, &(0x7f0000002b40)="$eJzs3V1oXOl9P/DfM0davWz+iTabeJN/s+lASmKU2vgttoJLkLOK2oDjDZEVulfR6MXOsLJkJLnxpm1QG9JCLxq6N6U3RTRdWshFr7q9rNJsIaEUSshFCi0Imiy56IUuAi0tyZRz5hlpZMv2rN8k734+i/Z75szvjJ7nPGfOHIGfOQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARHz6MxdOnEwH3QoA4HG6NPWFE6d9/gPAO8plf/8DAAAAAAAAAAAAAMBhl6KII5Fi+PXtNFM9bhu82Fy6cXN6YnL/zYZSpKhFUdWXP4MnT50+84mz58Y6efftH7YPxotTly/UX1i+dn1lYXV1Yb4+vdScW55f6PkVHnT7W41WO6B+7eUb81eurNZPHT+95+mbI28OPH1k5Py5Y2fHOrXTE5OTU101ff33/dtvc6cZHk9FEY1I/91qtVIjImrx4PviHsfOozZUdWK06sT0xGTVkcVmY2mtfDLVclUtot610Xi5v2N33B7lWNy/P/56Z6lWNni07N7U9cZKY3Y81T/fWFlrrjWXl1Kt3dpyzOtRi7EUsRERWwO3v2J/FPHhSPHqie00GxFF51j5eDUx+N5N6uzPf3t4vexF2c56f8RG7bCP2eE2EEVcihQ/e+NozOX3QPU++GjE58p8PeK1Mj8VkcoD40zET/Y5jngy9UUR/xwpltN2mq/OB53zysUv1j+7dGW5q7ZzXnniPx8ep0N+bhqMImarM/52uv+LHQAAAAAAAAAAAAAAAAAetqEo4luR4uvP/1aslyuqeenvOT/2rpd+vXvO+HP3eJ2y9nhErNd6m5Pbn6cOp1r53yPoGD0ZjCK+luf//d5BNwYAAAAAAAAAAAAAAAAAAOAdrYiXIsWXjh1NG9F9T/Hm0tX65cbsYvuusJ17/3bumd5qtVr11M7xnDM513Nu5NzMuZUzann7nOM5Z3Ku59zIuZlzK2cUefuc4zlncq7n3Mi5mXMrZ/Tl7XOO55zJuZ5zI+dmzq2ccUju3QsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HZSiyJ+ESm++ZXtFCkixiNmop2bAwfdOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNJiKOB4pNl8arB5v1CIuR8QvWq1W5ycitsvsXS32W3vQfQUAAAAAAAAAAAAAAAAAAIBDKxXxkUjx7P9sp3pE3Bx5c+DpIyPnzx07O1ZEEaks6a5/ceryhfoLy9euryysri7M16eXmnPL8wu9/rrBi82lGzenJyYfSWfuaegRt39o8IXl66+sNK9+eW3f54cHL8yurq005vZ/OoaiFjHTvWa0avD0xGTV6MVmY6naNNXu0MBaxHivnQEAAAAAAAAAAAAAAAAAAODQGE5FfCZS/Pjfz6TOvPG+9pz//9d+VOzUvvY7u98FsHhLdnR/f0Avy6nXho5WE+/r0xOTk1Ndq/v6by8t25RSEc9Fio+9+oFqPnyK4X3nxpd17y7rrp3JdSO/VNat76kaHJ2emKxfWl46dmFxcXmusdaYXVyoT11vzPX8xQEAAAAAAAAAAAAAAAAAAABwF8OpiB9Giv/8639JnfvO5/n/fe1HXfP/f62aQl8ZTHtzRzW3/93V3P728nvOjw1/+Pk7rX+48/+ff7rTppSK+EakOP3DD1T30+/M/5+55WXLuj+MFD99/kO5rvZUWdfodKfdyyvNxYUTZe2fR4pf/nmnNqraq7n22d3ak2XtUKT40+29tV/Ote/brT1V1h6NFN/9j/1r379be7qs/XGk+Lu/qndqh8va3861R3Zrj88tL87fa7eW4//tSPGXl34jdfp8x/Hv+v6H9Vtyx21jfvflhzX+I13r1vO4/kE1/n3VWN5t/M9Gim8PfijXtff9bH7+mer/u+P/sUjxr/+0t/ZKrn3vbu3JXrt10Mrx/1ak+M6f/Winz3n8857dHaHu8f//fXtz5yg5oPF/pmvdSG7X3FvcF+9Eq6989eXG4uLCigULFh7awkAcimY8wMJBn5l4HMrP/z+KFP97pEid65j8+f+u9qPd67//+tru5//5W3LHAX3+v7dr3fl81dLfFzG4du16/3MRg6uvfPVY81rj6sLVhaVTJ0988pNnT544ebb/qc7F3e5Sz/vu7aAc/+9Hih/8zQ92/o7Ze/23//X/8C2544DG/9nuPu25rul5V7wjleP/F5HimU//aOfvzbtd/3f+/j/6kb258/47oPF/X9e6kdyu5lvcFwAAAAAAAAAAAE+S4VTEn0SK3/z9X02dOUS9/Pu/+VtyxwH9+68jXevm73deQ/9b26rnnQwAcIiU13/vjxR/3/rezlzuvdd/8Sud2u7rvzs5DPf/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ12KIn43Ugy/vp02B8rHbYMXm0s3bk5PTO6/2VCKFLUoqvryZ/DkqdNnPnH23Fgn7779w/bBeHHq8oX6C8vXrq8srK4uzNenl5pzy/MLPb/Cg25/q9FqB9SvvXxj/sqV1fqp46f3PH1z5M2Bp4+MnD937OxYp3Z6YnJyqqumr/++f/tt0h3WPxVFfC9S/Hzkp+k7AxG1ePB9cY9j51EbqjoxWnViemKy6shis7G0Vj6ZarmqFlHv2mi8s48ew1g8kPGI9bL5ZYNHy+5NXW+sNGYXF+qfb6ysNdeay0up1m5t2Z961GIsRWxExNbA7S/XH0V8I1K8emI7/cNARNHZDx+/NPWFE6fv3Z7aI+hjD8p21vsjNmpPwJgdYgNRxN9Gip+9cTS+OxDRF+2f+GjE58p8PeK1Mj8VkcoD40zET/Y5jngy9UURZyLFctpObwyU54POeeXiF+ufXbqy3FWbUn5HPemfD4/TIT83DUYR36/O+NvpH72vAQAAAAAAAAAAAAAAAA6RIjYixZeOHU3V/OCdOcXNpav1y43Zxfa0vs6c4s6c6Var1aqndo7nnMm5nnMj52bOrZxRy9vnHM85k3M950bOzZxbOaPI2+cczzmTcz3nRs7NnFs5oy9vn3M850zO9ZwbOTdzbuWMQzJ3DwAAAAAAAAAAAAAAAAAAeHupRVHdxf2bX9lOrYH2/aVnop2b1f1AWwfdRB6h/wsAAP//AmN1VA==")
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_print_times', 0x149a82, 0x8)
write$cgroup_int(r7, &(0x7f0000000040)=0x1f00, 0x12)

1m24.870428721s ago: executing program 1 (id=266):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2020, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000e0"])

1m24.249259675s ago: executing program 33 (id=266):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x2020, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000e0"])

22.419933869s ago: executing program 0 (id=397):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000002100)='syzkaller\x00', 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f00000001c0)={[{@treelog}, {@nodatacow}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x39, 0x65, 0x36]}}, {@space_cache}, {@nodatasum}, {@nobarrier}, {@flushoncommit}, {@noautodefrag}, {@ref_verify}, {@noenospc_debug}, {@clear_cache}, {@commit={'commit', 0x3d, 0x3}}, {@ssd}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x38, 0x36, 0x38, 0x35, 0x32, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
read$FUSE(r3, 0x0, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000001340)={0x0, 0x8}, 0x8)
readv(r1, &(0x7f0000000080)=[{&(0x7f0000001340)=""/104, 0x68}], 0x1)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, 0x0, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f00000006c0)=@nat={'nat\x00', 0x1b, 0x5, 0x4e0, 0x320, 0x0, 0xffffffff, 0x230, 0x0, 0x460, 0x460, 0xffffffff, 0x460, 0x460, 0x5, 0x0, {[{{@ipv6={@mcast1, @private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0xffffff00, 0xffffff00, 0xffffffff], [0x0, 0xffffff, 0xffffff00], '\x00', 'veth1_vlan\x00', {}, {}, 0x3a, 0x8, 0x1, 0xd41d5b0fa04324d0}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@eui64={{0x28}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x8, @ipv6=@private0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e23, @gre_key=0x674}}}, {{@ipv6={@local, @loopback, [0xff, 0xffffff00, 0x0, 0xff], [0x0, 0xffffff00, 0x0, 0xffffffff], 'syz_tun\x00', 'dvmrp0\x00', {}, {}, 0x2b, 0x5c, 0x1}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@icmp6={{0x28}, {0x0, "1ffd", 0x1}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x10, @ipv6=@local, @ipv6=@dev={0xfe, 0x80, '\x00', 0x17}, @port=0x4e21, @icmp_id=0x64}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x0, @ipv6=@private0={0xfc, 0x0, '\x00', 0x1}, @ipv6=@mcast1, @icmp_id=0x65, @icmp_id=0x66}}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x34}, @mcast2, [0xffffff00, 0xff000000, 0xff000000, 0xffffffff], [0x0, 0xff000000, 0x0, 0xff000000], 'veth1_macvtap\x00', 'dvmrp1\x00', {0xff}, {}, 0x4b64c2274736b19, 0x0, 0x6, 0x4d}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x2, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4=@broadcast, @gre_key=0x81, @gre_key=0x6}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x540)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_emit_ethernet(0x42, &(0x7f0000000240)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x8, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x5, 0x0, @rand_addr=0x64010100, @private=0xa010100, {[@timestamp_addr={0x44, 0x4, 0xa4, 0x3}, @ssrr={0x89, 0x3, 0xce}, @generic={0x83, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)

17.53308032s ago: executing program 0 (id=404):
syz_mount_image$hfsplus(&(0x7f0000000180), &(0x7f0000000500)='./file2\x00', 0x80408a, &(0x7f0000000540)=ANY=[], 0x11, 0x6c1, &(0x7f000000abc0)="$eJzs3c9vHGcZB/DvrNc/NpVct03TgCrVNFJBRCRxrBTCJQEhFKQKVUGCs9U4jRUnDY6L0h6IC0hInDjwB7SHcIETCCEhIUUqZ7hVcLI4VULqpae0Qgza2dn12t21N3FiO/D5WLPzvPPOvvPMs/NjdyVrA/zfunA8zbtp5cLxV2612+t35pfX78xf68SN5SSTSRpJszNLcT0p3k/OpzPlc+2F9XDFsO38aunsxQ8+Xv+w02pmY7z2Q2t4gs1R9mKtnjKbZKye78Km8V57sPEmN8KiV5l2wY51Cwf7bTxJuckPj2z0DFKO9TWGnu/A46Po3Df7dM7/meRQkqnuDW2t09nY+wx3NMK16Be9aO3R5gIAAAAHwpP3bie3Mr3feQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDjpP79/6KeGt14NkX39/8n+n5jf2Kf0x1u+8ymusHdxl4kAwAAAAAAAACP1gv38puLZTndbZdFGt8fqxuHq8cn8mZuZjErOZFbWchqVrOSuSQzfQNN3FpYXV2Zy4udZ35aluWQZ54e+MzTIybc2v0+AwAAAAAAAMD/kHP1/Ce5kOl9zgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYpkrHOrJoOd+OZNJpJppJMtNdbS/7WjR9nd/c7AQAAAHhY/vHvsjKg68l7uZdbme62y6L6zH+k+tw/lTdzPatZymqWs5hL1XcBnU/9jfU788vrd+avtafPjvteayP+/fSOGVYjpvPdw+AtH63WaOVylqolJ/Ja3shyLqVRPbPtaDefwXm981F77HMdZZnJUWp3qZ639/yX9fxgmKkqMt6ryKl2bkWnjk9tX4lvfLSrLc2l0fvm5/B91Pzctlsp/tM9Qg91lyRPfGfnmo/f187sytZKnO47+o5sX4nki3/47Q+uLF+/eqVYO35wDqNBXhi8ePKfG9eQmfqMTfVl4GLm+yrx3MiVuHzzgFdiqOamViPP9uIL+Xa+l+OZzatZyVJ+lIWsZjGz+VYVLdTHc/txZvtKnd/UenWnnCbq12VsS05feLIz3y6nF6vnTmcp380buZTFvFz9nc5cvpozOZOzfa/wsyOc9Y0BZ/0fhyd/7Et10L5z/LyeHwztuj7VV9f+a+5M1de/pJGyvrM8/dCujT3Nz9dB+5X4ad85uP96lZhK7y7Rze6ZbgXGB1biveqycnP5+tWVKws3toxbrA3e3kvZvPsH50LSPl6e7l0jNh8d7b5nBvbNVX2He32NrX2/bvX6djpTJ+r3cJ8d6XTV99zAvvmq72hfX/v91lSSxXxalmXn/VbXM3tcVQBGdujLhyZa/2r9tfVu62etK61Xpr45+bXJ5ycy/pfxrzdPjb3UeL74Xd7Nj7PzJ3QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBHN996++rC8vLiypagLMvbQ7oeSZBmsmnJn//Ut071W2NJRh+wvfb5RlItaaYO7i+x2w+2O+88aBH+Xr8me1LwhxJMDT1+tgaflGV5MHIeJShre771RvZ937vBvl6WgD1wcvXajZM333r7K0vXFl5ffH3x+tkzZ86eOnvm5fmTl5eWp/Y7PeARqu711fuc/c4EAAAAAAAAAAAAGNVo/5xT9JY0k9z3//YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7MKF42neTZG5UydOtdvrd+aX21M33ljzkySNJMVsUryfnE9nykzfcMWw7awlFz/4eP3DTqtZT9X6jd3vxVo9ZTbJWD0fYGrQwvL2sPGKapwbw8cbUdGrTLtgx7qFg/323wAAAP//yAscyg==")
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000200)=ANY=[], 0x841, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000000), 0x0)
r0 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r0, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000a40)={&(0x7f0000000140)=[{0x18, 0x4000, 0x22, &(0x7f00000001c0)="0000006f456583a47c064da3340297b36e93fc6a777b65dd50f7779fa3ac768633c9"}, {0x2, 0x201, 0x0, 0x0}], 0x2})
lgetxattr(&(0x7f0000000240)='./file1\x00', &(0x7f0000000040)=@known='trusted.overlay.upper\x00', 0x0, 0x0)

14.478787469s ago: executing program 0 (id=410):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x54, 0xb, 0x6, 0x801, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast2}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x73}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x20008041}, 0x8190)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
openat(0xffffffffffffff9c, 0x0, 0x48240, 0x2)
bind$unix(0xffffffffffffffff, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)

11.896376919s ago: executing program 6 (id=417):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(0xffffffffffffffff, 0x3ba0, 0x0)
ioctl$IOMMU_HWPT_ALLOC$NONE(0xffffffffffffffff, 0x3b89, &(0x7f0000000180)={0x28, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
capset(0x0, &(0x7f0000000040)={0x200000, 0x200000})
bind$bt_hci(r4, &(0x7f0000000280)={0x1f, 0xffff, 0x3}, 0x6)
io_setup(0x2, &(0x7f0000002400)=<r5=>0x0)
io_submit(r5, 0x1, &(0x7f0000000340)=[&(0x7f0000000100)={0x2000000000, 0x4, 0x0, 0x1, 0x0, r4, &(0x7f0000000040)="0200ffff0000", 0x6, 0x0, 0x0, 0x2}])
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x200000d5}, 0x4000)
recvmmsg(r6, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0xfffffdfd}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000440)=""/194, 0xc2}, {&(0x7f0000000cc0)=""/261, 0x105}, {&(0x7f0000001b40)=""/4109, 0x100d}, {&(0x7f0000000800)=""/229, 0xe5}], 0x4}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x7243}, {{0x0, 0x0, 0x0}, 0x7}, {{0x0, 0x0, &(0x7f0000001a80)=[{&(0x7f00000000c0)=""/154, 0x9a}, {&(0x7f0000000940)=""/238, 0xee}, {&(0x7f0000002b80)=""/4098, 0x1002}, {&(0x7f0000003e40)=""/4111, 0x100f}, {&(0x7f00000003c0)=""/101, 0x65}], 0x5}, 0x1452}, {{0x0, 0x0, 0x0}, 0x80000000}], 0x8, 0x22, 0x0)
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file1\x00', 0x0, &(0x7f0000000000)=ANY=[], 0x47, 0xc34, &(0x7f0000002b40)="$eJzs3V1oXOl9P/DfM0davWz+iTabeJN/s+lASmKU2vgttoJLkLOK2oDjDZEVulfR6MXOsLJkJLnxpm1QG9JCLxq6N6U3RTRdWshFr7q9rNJsIaEUSshFCi0Imiy56IUuAi0tyZRz5hlpZMv2rN8k734+i/Z75szvjJ7nPGfOHIGfOQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARHz6MxdOnEwH3QoA4HG6NPWFE6d9/gPAO8plf/8DAAAAAAAAAAAAAMBhl6KII5Fi+PXtNFM9bhu82Fy6cXN6YnL/zYZSpKhFUdWXP4MnT50+84mz58Y6efftH7YPxotTly/UX1i+dn1lYXV1Yb4+vdScW55f6PkVHnT7W41WO6B+7eUb81eurNZPHT+95+mbI28OPH1k5Py5Y2fHOrXTE5OTU101ff33/dtvc6cZHk9FEY1I/91qtVIjImrx4PviHsfOozZUdWK06sT0xGTVkcVmY2mtfDLVclUtot610Xi5v2N33B7lWNy/P/56Z6lWNni07N7U9cZKY3Y81T/fWFlrrjWXl1Kt3dpyzOtRi7EUsRERWwO3v2J/FPHhSPHqie00GxFF51j5eDUx+N5N6uzPf3t4vexF2c56f8RG7bCP2eE2EEVcihQ/e+NozOX3QPU++GjE58p8PeK1Mj8VkcoD40zET/Y5jngy9UUR/xwpltN2mq/OB53zysUv1j+7dGW5q7ZzXnniPx8ep0N+bhqMImarM/52uv+LHQAAAAAAAAAAAAAAAAAetqEo4luR4uvP/1aslyuqeenvOT/2rpd+vXvO+HP3eJ2y9nhErNd6m5Pbn6cOp1r53yPoGD0ZjCK+luf//d5BNwYAAAAAAAAAAAAAAAAAAOAdrYiXIsWXjh1NG9F9T/Hm0tX65cbsYvuusJ17/3bumd5qtVr11M7xnDM513Nu5NzMuZUzann7nOM5Z3Ku59zIuZlzK2cUefuc4zlncq7n3Mi5mXMrZ/Tl7XOO55zJuZ5zI+dmzq2ccUju3QsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HZSiyJ+ESm++ZXtFCkixiNmop2bAwfdOgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNJiKOB4pNl8arB5v1CIuR8QvWq1W5ycitsvsXS32W3vQfQUAAAAAAAAAAAAAAAAAAIBDKxXxkUjx7P9sp3pE3Bx5c+DpIyPnzx07O1ZEEaks6a5/ceryhfoLy9euryysri7M16eXmnPL8wu9/rrBi82lGzenJyYfSWfuaegRt39o8IXl66+sNK9+eW3f54cHL8yurq005vZ/OoaiFjHTvWa0avD0xGTV6MVmY6naNNXu0MBaxHivnQEAAAAAAAAAAAAAAAAAAODQGE5FfCZS/Pjfz6TOvPG+9pz//9d+VOzUvvY7u98FsHhLdnR/f0Avy6nXho5WE+/r0xOTk1Ndq/v6by8t25RSEc9Fio+9+oFqPnyK4X3nxpd17y7rrp3JdSO/VNat76kaHJ2emKxfWl46dmFxcXmusdaYXVyoT11vzPX8xQEAAAAAAAAAAAAAAAAAAABwF8OpiB9Giv/8639JnfvO5/n/fe1HXfP/f62aQl8ZTHtzRzW3/93V3P728nvOjw1/+Pk7rX+48/+ff7rTppSK+EakOP3DD1T30+/M/5+55WXLuj+MFD99/kO5rvZUWdfodKfdyyvNxYUTZe2fR4pf/nmnNqraq7n22d3ak2XtUKT40+29tV/Ote/brT1V1h6NFN/9j/1r379be7qs/XGk+Lu/qndqh8va3861R3Zrj88tL87fa7eW4//tSPGXl34jdfp8x/Hv+v6H9Vtyx21jfvflhzX+I13r1vO4/kE1/n3VWN5t/M9Gim8PfijXtff9bH7+mer/u+P/sUjxr/+0t/ZKrn3vbu3JXrt10Mrx/1ak+M6f/Winz3n8857dHaHu8f//fXtz5yg5oPF/pmvdSG7X3FvcF+9Eq6989eXG4uLCigULFh7awkAcimY8wMJBn5l4HMrP/z+KFP97pEid65j8+f+u9qPd67//+tru5//5W3LHAX3+v7dr3fl81dLfFzG4du16/3MRg6uvfPVY81rj6sLVhaVTJ0988pNnT544ebb/qc7F3e5Sz/vu7aAc/+9Hih/8zQ92/o7Ze/23//X/8C2544DG/9nuPu25rul5V7wjleP/F5HimU//aOfvzbtd/3f+/j/6kb258/47oPF/X9e6kdyu5lvcFwAAAAAAAAAAAE+S4VTEn0SK3/z9X02dOUS9/Pu/+VtyxwH9+68jXevm73deQ/9b26rnnQwAcIiU13/vjxR/3/rezlzuvdd/8Sud2u7rvzs5DPf/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAJ12KIn43Ugy/vp02B8rHbYMXm0s3bk5PTO6/2VCKFLUoqvryZ/DkqdNnPnH23Fgn7779w/bBeHHq8oX6C8vXrq8srK4uzNenl5pzy/MLPb/Cg25/q9FqB9SvvXxj/sqV1fqp46f3PH1z5M2Bp4+MnD937OxYp3Z6YnJyqqumr/++f/tt0h3WPxVFfC9S/Hzkp+k7AxG1ePB9cY9j51EbqjoxWnViemKy6shis7G0Vj6ZarmqFlHv2mi8s48ew1g8kPGI9bL5ZYNHy+5NXW+sNGYXF+qfb6ysNdeay0up1m5t2Z961GIsRWxExNbA7S/XH0V8I1K8emI7/cNARNHZDx+/NPWFE6fv3Z7aI+hjD8p21vsjNmpPwJgdYgNRxN9Gip+9cTS+OxDRF+2f+GjE58p8PeK1Mj8VkcoD40zET/Y5jngy9UURZyLFctpObwyU54POeeXiF+ufXbqy3FWbUn5HPemfD4/TIT83DUYR36/O+NvpH72vAQAAAAAAAAAAAAAAAA6RIjYixZeOHU3V/OCdOcXNpav1y43Zxfa0vs6c4s6c6Var1aqndo7nnMm5nnMj52bOrZxRy9vnHM85k3M950bOzZxbOaPI2+cczzmTcz3nRs7NnFs5oy9vn3M850zO9ZwbOTdzbuWMQzJ3DwAAAAAAAAAAAAAAAAAAeHupRVHdxf2bX9lOrYH2/aVnop2b1f1AWwfdRB6h/wsAAP//AmN1VA==")
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/power/pm_print_times', 0x149a82, 0x8)
write$cgroup_int(r7, &(0x7f0000000040)=0x1f00, 0x12)

9.918644578s ago: executing program 6 (id=420):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x2})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
dup3(r1, r0, 0x0)
ppoll(&(0x7f00000002c0)=[{r0, 0xa100}], 0x1, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000540)={0x54, 0x0, &(0x7f0000000340)=[@request_death, @reply={0x40406301, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x18, 0x0, &(0x7f0000000000)={0x30, 0x30, 0x30}}}], 0x0, 0x1000000, 0x0}) (fail_nth: 3)

9.17238414s ago: executing program 3 (id=421):
r0 = syz_init_net_socket$ax25(0x3, 0x3, 0x1)
setsockopt$sock_timeval(r0, 0x1, 0x42, &(0x7f00000000c0)={0x0, 0x2710}, 0x10)
recvmsg(r0, &(0x7f0000002540)={0x0, 0x0, 0x0}, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000240)='./file0\x00', 0x2000084c, &(0x7f0000000180)={[{@iocharset={'iocharset', 0x3d, 'ascii'}}, {@discard}, {@dmask={'dmask', 0x3d, 0x7}}, {}, {@dmask={'dmask', 0x3d, 0x6}}, {@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@gid}, {@errors_remount}, {@discard}]}, 0x81, 0x14f4, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+/+879f7fX3f/+3/ua5v1u+69vXsNfez1rPuWXPNc9/Pdc380HNUvRb1azcjIvEvgb8+pAghYoQQw4QQNwghAiFEpfhK8VeOF1CQ8q+9CPtzPZp+rTtg1xLPP2/j+edtPP+8jeeft/H88zaef97G88/beP6M5WXb5xS7kVfeXfz5f17G7///i+SWn/zNxvI39/pvpPD88zaef97G88/beP55G88/b+P5/+9X6z85xvPP23j+jOVl1/rzZ17Xdl3rnz/GGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY3nDOX+VFkJceTzrvb/WfTHGGGOMMcYYY+zP4/Nf6w4YY4wxxhhjjDH2/x8IKZTQIhD5RH4RIwqIWHGdiBPXi4LiBhERN4p4cZMoJG4WhUURUVQUEwmiuCghjEBhBYlQlBSlRFTcIkqLW0WiKCPKinLCifIiSdwmKojbRUVxh6gk7hSVxV2iiqgqqonq4m5RQ9wjaopaora4V9QRdUU9UV/cJxqI+0VD8YBoJB4UjcVDool4WDQVj4hm4lHRXDwmWojHRUvxhGglWos2oq1o9/+U/4roK14V/UR/kSIGiIHiNTFIDBZDxFAxTLwuhos3xAjxpkgVI8Uo8ZYYLd4WY8Q7YqwYJ8aLd8UEMVFMEpPFFDFVpIn3xDTxvpguPhAzxEwxS8wW6WKOmCs+FPPEfLFAfCQWio/FIrFYLBFLRYb4RGSKZSJLfCqWi89EtlghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrv4XOwQO8UusVvsEXvFPvGF2C++FAfEVyJHfP3fzD/77/J7gQABEiRo0JAP8kEMxEAsxEIcxEFBKAgRiEA8xEMhKASFoTAUhaKQAAlQAkoAAgIBQUkoCVGIQmkoDYmQCGWhLDhwkARJUAFuh4pQESpBJagMlaEKVIWqUB2qQw2oATWhJtSG2lAH6kA9qAf3wX1wPzSEhtAIGkFjaAxNoAk0habQDJpBc2gOLaAFtISW0ApaQRtoA+2gHbSH9tABOkAn6ASdoTN0gS6QDMnQFbpCN+gG3aE79IAe0BN6Qi/oDb3hFXgFXoVXoT/UkQNgIAyEQTAIhsBQGAqvw3B4A96ANyEVRsIoeAvegrdhDJyBsTAOxsN4qCEnwiSYDCSnQhqkwTSYBtNhOsyAmTATZkM6zIG5MBfmwXyYDx/BQvgYPobFsBiWQgZkQCYsgyzIguVwFrJhBayEVbAa1sBqWAfrYR1shE2wEbbAFtgG2+Bz+Bx2wk7YDbthL+yFL+AL+BK+hFTIgRw4CAfhEByCw3AYciEXjsAROApH4Rgcg+NwHE7ASTgFJ+E0nIYzcBbOwTm4ABfgIryU8F3zvWU2pAp5hZZa5pP5ZIyMkbEyVsbJOFlQFpQRGZHxMl4WkoVkYVlYFpVFZYJMkCVkCYkSJclQlpQlZVRGZWlZWibKRFlWlpVOOpkkk2QFWUFWlBVlJXmnrCzvklVkVdnRVZfVZQ3ZydWUtWRtWVvWkXVlPVlfxgkhGsiGsqFsJBvJxrKxbCIflk3lABgCj8ork2khR0JLOQpaydayjWwr34YnZXs5BjrIjrKTfFqOg7HQRbZ3yfI52VVOgm7yBTkZXpQ95FToKV+WvWRv2Ue+IvvKDq6f7C9nwAA5UM6GQXKwHCKHynlQV16ZWD35pkyVI+Uo+ZZcCm/LMfIdOVaOk+Plu3KCnCgnyclyipwq0+R7cpp8X06XH8gZcqacJWfLdDlHzpUfynlyvlwgP5IL5cdykVwsl8ilMkN+IjPlMpklP5XL5WcyW66QK+UquVqukWvlOrlebpAb5Sa5WW6RW+U2uV1+LnfInXKX3C33yL1yn/xC7pdfygPyK5kjv5YH5V/kIfmNPCy/lbnyO3lEfi+Pyh/kMfmjPC5/kifkSXlK/ixPy1/kGXlWnpPn5QX5q7woL8nL0kuhQEmllFaByqfyqxhVQMWq61Scul4VVDeoiLpRxaubVCF1syqsiqiiqphKUMVVCWUUKqtIhaqkKqWi6hZVWt2qElUZVVaVU06VV0nqNlVB3a4qqjtUJXWnqqzuUlVUVVVNVVd3qxrqHlVT1VK11b2qjqqr6qn66j7VQN2vGqoHVCP1oGqsHlJN1MOqqXpENVOPqubqMdVCPa5aqidUK9VatVFtVTv1pGqvnlIdVEfVST2tOqtnVBf1rEpWz6mu6nnVTb2guqsXVQ/1kuqpXla9VG/VR11Sl5VX/VR/laIGqIHqNTVIDVZD1FA1TL2uhqs31Aj1pkpVI9Uo9ZYard5WY9Q7aqwap8ard9UENVFNUpPVFDVVpan31DT1vpquPlAz1Ew1S81W6WqOGvK3Sgv+C/nv/5P8Eb+9+ja1XX2udqidapfarfaovWqf2qf2q/3qgDqgclSOOqgOqkPqkDqsDqtclauOqCPqqDqqjqlj6rg6rk6ok+q8+lmdVr+oM+qsOqvOqwvqgrr4t++B0KClVlrrQOfT+XWMLqBj9XU6Tl+vC+obdETfqOP1TbqQvlkX1kV0UV1MJ+jiuoQ2GrXVpENdUpfSUX2LLq1v1Ym6jC6ry2mny+skfdu/nP9H/bXT7XR73V530B10J91Jd9addRfdRSfrZN1Vd9XddDfdXXfXPXQP3VP31L10L91H99F9dV/dT/fTKTpFD9Sv6UF6sB6ih+ph+nU9XA/XI/QInapT9Sg9So/Wo/UYPUaP1WP1eD1eT9AT9CQ9SU/RU3SaTtPT9DQ9XU/XM/QMPUvP0uk6Xc/Vc/U8PU8v0Av0Qr1QL9KL9BK9RGfoDJ2pM3WWztLL9XKdrVfoFXqVXqXX6DV6nV6nN+gNepPepLfoLTpbb9fb9Q69Q+/Su/QevUfv0/v0fr1fH9AHdI7O0Qf1QX1IH9KH9WGdq3P1EX1EH9VH9TF9TB/Xx/UJfUKf0qf0aX1an9Fn9Dl9Tl/QF/RFfVFf1pevXPYFMpCBDnSQL8gXxAQxQWwQG8QFcUHBoGAQCSJBfBAfFApuDgoHRYKiQbEgISgelAhMgIENKAiDkkGpIBrcEpQObg0SgzJB2aBc4ILyQVJwW1AhuD2oGNwRVAruDCoHdwVVgqpBtaB6cHdQI7gnqBnUCmoH9wZ1grpBvaB+cF/QILg/aBg8EDQKHgwaBw8FTYKHg6bBI0Gz4NGgefBY0CJ4PGgZPBG0CloHbYK2Qbs/tb73Z4o85fqZ/ibFxJiB5jUzyAw2Q8xQM8y8boabN8wI86ZJNSPNKPOWGW3eNmPMO2asGWfGm3fNBDPRTDKTzRQz1aSZ98w0876Zbj4wM8xMM8vMNulmjplrPjTzzHyzwHxkFpqPzSKz2CwxS02G+cRkmmUmy3xqlpvPTLZZYVaaVWa1WWPWmnVmvdlgNppNZrPZYraabWa7+dzsMDvNLrPb7DF7zT7zhdlvvjQHzFcmx3xtDpq/mEPmG3PYfGtyzXfmiPneHDU/mGPmR3Pc/GROmJPmlPnZnDa/mDPmrDlnzpsL5ldz0Vwyl42/cnF/5e0dNWrMh/kwBmMwFmMxDuOwIBbECEYwHuOxEBbCwlgYi2JRTMAELIEl8ApCwpJYEqMYxdJYGhMxEctiWXToMAmTsAJWwIpYESthJayMlbEKVsFqWA3vxrvxHrwHa2EtvBfvxbpYF+tjfWyADbAhNsRG2AgbY2Nsgk2wKTbFZtgMm2NzbIEtsCW2xFbYCttgG2yH7bA9tscO2AE7YSfsjJ2xC3bBZEzGrtgVu2E37I7dsQf2wJ7YE3thL+yDfbAv9sV+2A9TMAUH4kAchINwCA7BYTgMh+NwHIEjMBVTcRSOwtE4GsfgGByL43A8vosTcCJOwsk4BadiGqbhNJyG03E6zsAZOAtnYTqm41yci/NwHi7ABbgQF+IiIXAJLsEMzMBMzMQszMLluByzMRtX4kpcjatxLa7F9bgeN+JG3IybcStuxe24HXfgDtyFu3AP7sF9uA/34348gAcwB3PwIB7EQ3gID+NhzMVcPIJH8CgexWN4DI/jcTyBJ/AUnsLTeBrP4Bk8h+fwAv6KF/ESXkaPMVaKWHudjbPX24L2BhtjC9i/j4vaYjbBFrclrLGFbZF/iNFam2jL2LK2nHW2vE2yt/0urmKr2mq2ur3b1rD32Jq/ixvY+21D+4BtZB+09e19/xA3tg/ZJvZx29Q+YZvZ1ra5bWtb2MdtS/uEbWVb2za2re1sn7Fd7LM22T5nu9rnfxdn2mV2vd1gN9pNdr/90p6z5+1R+4O9YH+1/Wx/O8y+bofbN+wI+6ZNtSN/F4+379oJdqKdZCfbKXbq7+JZdrZNt3PsXPuhnWfn/y7OsJ/YhTbLLrKL7RK79Lf4Sk9Z9lO73H5ms+0Ku9KusqvtGrvWrvu3XlfZLXar3Wb32S/sDrvT7rK77R6797f4ynkcsF/ZHPu1PWK/t4fsN/awPWZz7Xe/xVfO75j90R63P9kT9qQ9ZX+2p+0v9ow9+9v5Xzn3n+0le9l6KwhIkiJNAeWj/BRDBSiWrqM4up4K0g0UoRspnm6iQnQzFaYiVJSKUQIVpxJkCMkSUUglqRRF6RYqTbdSIpWhslSOHJWnJLqNKtDtVJHuoEp0J1Wmu6gKVaVqVJ3uphp0D9WkWlSb7qU6VJfqUX26jxrQ/dSQHqBG9CA1poeoCT1MTekRakaPUnN6jFrQ49SSnqBW1JraUFtqR09Se3qKOlBH6kRPU2d6hrrQs5RMz1FXep660QvUnV6kHvQS9aSXqRf1pj70CvWlV6kf9acUGkAD6TUaRINpCA2lYfQ6Dac3aAS9Sak0kkbRWzSa3qYx9A6NpXE0nt6lCTSRJtFkmkJTKY3eo2n0Pk2nD2gGzaRZNJvSaQ7NpQ9pHs2nBfQRLaSPaREtpiW0lDLoE8qkZZRFn9Jy+oyyaQWtpFW0mtbQWlpH62kDbaRNtJm20FbaRtvpc9pBO2kX7aY9tJf20Re0n76kA/QV5dDXdJD+QofoGzpM31IufUdH6Hs6Sj/QMfqRjtNPdIJO0in6mU7TL3SGztI5Ok8X6Fe6SJfoMnkSIYQyVKEOgzBfmD+MCQuEseF1YVx4fVgwvCGMhDeG8eFNYaHw5rBwWCQsGhYLE8LiYYnQhBjakMIwLBmWCqPhLWHp8NYwMSwTlg3LhS4sHyaFt4UVwtvDiuEdYaXwzrByeFdYJawaPv5g9fDusEZ4T1gzrBXWDu8N64R1w3ph/fC+sEF4f9gwfCBsFD4YVgwfCpuED4dNw0fCZuGjYfPwsbBF+HjYMnwibBW2DtuEbcN24ZNh+/CpsEPYMewUPh12Dp8Ju4TPhsnhc2HX8Pk/PJ4SDggHhq+Fr4XeP6CWRJdGM6KfRDOjy6JZ0U+jy6OfRbOjK6Iro6uiq6Nromuj66LroxuiG6ObopujW6Jbo9ui3tfPLxw46ZTTLnD5XH4X4wq4WHedi3PXu4LuBhdxN7p4d5Mr5G52hV0RV9QVcwmuuCvhjENnHbnQlXSlXNTd4kq7W12iK+PKunLOufIuybV17Vw719495Tq4jq6Te9o97Z5xz7hn3bPuOdfVPe+6uRdcd/ei6+Feci+5l10v19v1ca+4vu5V18/1dykuxQ10A90gN8gNcUPcMDfMDXfD3Qg3wqW6VDfKjXKj3Wg3xo1xY91YN96NdxPcBDfJTXJT3BSX5tLcNDfNTXfT3Qw3w81ys1y6S3dz3Vw3z81zC9wCtzBxoVvkFrklbonLcBku02W6LJfllrvlLttlu5VupVvtVru1bq1b79a7jW6j2+w2u61uq9vutrsdbofb5Xa5PW6P2+f2uf1uvzvgDrgcl+MOuoPukDvkDrtvXa77zh1x37uj7gd3zP3ojruf3Al30p1yP7vT7hd3xp1159x5d8H96i66S+6y8y4t8l5kWuT9yPTIB5EZkZmRWZHZkfTInMjcyIeReZH5kQWRjyILIx9HFkUWR5ZElkYyIp9EMiPLIlmRTyPLI59FsiMrIisjqyKrI2si3hffEfqSvpSP+lt8aX+rT/RlfFlfzjtf3if523wFf7uv6O/wlfydvrK/y1fxVX01/4Rv5Vv7Nr6tb+ef9O39U76D7+g7+ad9Z/+M7+Kf9cn+Od/VP++7+Rd8d/+i7+Ff8j39y76X7+37+Fd8X/+q7+f7+xQ/wA/0r/lBfrAf4of6Yf51P9y/4Uf4N32qH+lH+bf8aP+2H+Pf8WP9OD/ev+sn+Il+kp/sp/ipPs2/56f59/10/4Gf4Wf6WX62T/dz/Fz/oZ/n5/sF/iO/0H/sF/nFfolf6jP8Jz7TL/NZ/lO/3H/ms/0Kv9Kv8qv9Gr/Wr/Pr/Qa/0W/ym/0Wv9Vv89v9536H3+l3+d1+j9/r9/kv/H7/pT/gv/I5/mt/0P/FH/Lf+MP+W5/rv/NH/Pf+qP/BH/M/+uP+J3/Cn/Sn/M/+tP/Fn/Fn/Tl/3l/wv/qL/pK/zH+zxhhjjDH2X6L+4PiAf/I1+bd1xUAhxPU7i+X++5qbC/91P1gmdI4IIZ7r3/PR/7vq1ElJSfnbc7OVCEotFkJErubnE1fjFaKTeEYki46iwj/tb7DsfYH+oH70TiFi/y4nRlyNr9a//T+o/+TT4zMrh+fi/5P6i4VILHU1p4C4Gl+tX/E/qF+k/R/0X+CbNCE6/F1OnLgaX62fJJ4Sz4vkf3gmY4wxxhhjjDH2V4Nlte5/dP985f48QV/NyS+uxn90f84YY4wxxhhjjLFr78XefZ59Mjm5Y3fe8IY3vPm3zbX+zcQYY4wxxhj7s1296L/WnTDGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY3nX/8S/E7vW58gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xda/8nAAD//wkPOlo=")

9.130389656s ago: executing program 0 (id=422):
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b1c, 0x1c09, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x408, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x9, 0x8, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x6, 0x9, 0x9}}]}}}]}}]}}, 0x0)
r1 = socket(0x0, 0x80000, 0xed780b5f)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'virt_wifi0\x00'})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x18, 0x1411, 0x1, 0x70bd29, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8}]}, 0x18}}, 0x24000000)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000080)='\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)

9.113666391s ago: executing program 4 (id=423):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
syz_mount_image$erofs(&(0x7f00000003c0), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x17d, &(0x7f0000001ac0)="$eJzsmLFP+kAUx7/vyg/yMy6uLg4SxcHSFjUuxLA5mogaNwlUghYx0EGYdPH/cHZwdvOPMM7qYFwY3Uxqej3oQQR10MT4PsPj+7h313evyXcoGIb5szw+vNyvFe+EAWASaaTU/89GXCO0+tfb83Jraj1/OfeUv041robPIwBB8PnnJwDcFAz4Kg+Cwd1p9VuE6OstCCwovQOCqfQeBLaVdkHYVfpA042w3jT3a55rlhteJRRWGOwwOGHIDffXPSNUtP5IW2+1O4clz3Ob3yg+ml+3IJDX+tPfV282ljY/GwK20jkQNpVeRao3m2gk2v2nE/H5xg/fnwULFr9NxP4UXBDmNX9KaP6R9evH2Va7s1irl6pu1T1ynNyKtWRZy05WGlEUx/jff+lPE9r5/0bUJimJk5LvN+0o9nMniu85rpD+J5CZjfLQ+5Mju4nWSe0jqTLGmHKGYRiGYRiGYRiGYRiGYZgvMAOSX0EldIo4GcDZkNVvAQAA///an3MA")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x100)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000001240)='./file0/file0\x00', 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_SEQ_TESTMIDI(0xffffffffffffffff, 0x40045108, &(0x7f0000000280)=0x4)
ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x40187014, &(0x7f0000000040)={0x0, 0x0, {0x0, 0xfffffffb, 0x0, 0x0, 0x7}})
syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRESOCT, @ANYRESOCT, @ANYRES8, @ANYBLOB="e1cc9e585bf1ccbca5939bcef3ab754c3b730034e20162", @ANYRESOCT, @ANYRES16, @ANYRES8], 0x1, 0x1d2, &(0x7f0000000580)="$eJzslU9rE0EYxn+zO2kSzaFnrxbbi7bZgvgN7AfwAxjStRYT/3QDmlAweunFg/glCn4KD4LePYgIXupBQQ8VTxWJzM474ywNRMVQCvPA8j7vM++fmVlm5mZxr6gDPw93uyxSQtHivVJoYFlZ7WjB2m9iJ4JP2vpt0Z+L/Si2GI7ePLF0dKvT6+U7xXAGUQpmxVTIcUn/cbMp5PXjqqL4tzrzJ4PU7uzxoacVpT4tRnI58VXMg3xvQah8/t8tasx7FeCVH63Zv+ndM/s7p8akkt6kui2njyR/lVUg11dx9VHC19J5e7jbNeS63GJG27SfOxJljHFeBjHnNIxBpUx8HV3elrAMrA76d1eL4ejidr+zlW/lt7Ns/fLaq7NyRCcPYbuXr6lgGokhGg9zTpvBeA348Ht8TAAVTM3gDCiX61Lc5bxyPkhsQhLkhjUMGrzw/euipfS5xgUawP2xGc6wu7WEqaa5YZa2gSIVp62DecIRCY1y4FL3Tm9zD4VyaftoX6N9QM07mTimUb5+xS9/T+yS2A2x+2IPxLq3y71JuqzwRbyVMSzwoDMY7JSPl2Vey7yWLfrOiXR1r6FyM6kTEREREREREXFK8CsAAP//TTFPEQ==")
mount$tmpfs(0x0, &(0x7f00000002c0)='\x00', &(0x7f0000000300), 0x200000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

8.355783326s ago: executing program 3 (id=426):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/devices\x00', 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x5, "ff00"})
r2 = syz_open_pts(r1, 0x0)
ioctl$TCSETA(r2, 0x5406, &(0x7f0000000200)={0xfffe, 0x80, 0xe000, 0xaf, 0x17, "041000"})
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000140)=0x4)
preadv(r0, 0x0, 0x0, 0xfff, 0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f00000001c0), 0xc0280, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x36)
socket$unix(0x1, 0x1, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
sendmmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x0, 0x4)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x48014}, 0x20004000)
r4 = syz_open_dev$vim2m(&(0x7f0000000440), 0x4a84, 0x2)
ioctl$vim2m_VIDIOC_STREAMON(r4, 0x40045612, &(0x7f0000000080)=0x2)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})

8.123787857s ago: executing program 6 (id=427):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@assoc={0x18, 0x117, 0x4, 0x40}], 0x18}, 0x0)
write$binfmt_script(r1, &(0x7f0000000600), 0xfec8)
recvmmsg(r1, &(0x7f00000008c0)=[{{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}], 0x1, 0x0, 0x0, 0x2000000}}], 0x1, 0xcb, 0x0) (fail_nth: 3)

7.634764331s ago: executing program 4 (id=428):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r3=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000002c0)={0x48, 0x5, r3, 0x0, 0xffffffffffffffff, 0x1})
bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00'}, 0x18)
unshare(0x2040400)
r4 = fsopen(&(0x7f0000000440)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
unshare(0x2000400)
fsmount(r4, 0x0, 0x0)

7.27672s ago: executing program 3 (id=430):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(r2, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan1\x00', <r5=>0x0})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010000000000000000003700000008000300", @ANYRES32=r7, @ANYBLOB="08002600901500000800570080"], 0x2c}}, 0x0)
syz_mount_image$iso9660(&(0x7f0000000840), &(0x7f0000000800)='./file0\x00', 0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="757466382c626c6f636b3d307830303030303030303030303030323030006e6f726f636b2c63727566742c6d61703d6f66662c646d6f64653d3078303430303030303030303030303063664173657373696f6e3d3078303030303030303030303030303033382c756e686964652c756e686964652c6769643d29e0cd5c372ab078c28fb05c6421428d066455368833565fd726743513f4466efa8d4fba06d57341875f5775ab343c0f6bc59fbde784ec3597e0e286d8d0dbf360afa3bc5c145b6e4f8b0305932fb55ff13f9fcb5035769f5fca33ac02bdeacb24c58103edc3d8b46df7614aa493952584ee662174309b11a4ad19e64dcdeeca1c148170b8d1aaf26082364b0d90d63d8502ffa63dde945e4612ac134315f389af667a04931ad25ff10b9b5107e517dbbcf5dcb60f564f54b344218d9325b53e829c38c96c69adc9e745202923a1b8124333cce0a8f1c748d42a272eb3e5502051090f1ac34fe5e8f038", @ANYRESHEX, @ANYRESOCT], 0x2, 0x69a, &(0x7f0000000d80)="$eJzs3V9rG9n9x/HPyLIte3+E5dcSQsifk6QLDk0VSd44mBS66mhkTytpxIxcbCgs6cZeQuRsm6TQ+Gbrm/6B7RPoXW960QdR6PU+i96UFpb2rtCbKXNmJEvRv3ijOLvN+2V2NTrznTnfmaPoy9iaIwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADlurVQqO2r4rZ1dM5lbC4PmlPXp3hZ1M124ObNfyUn+U6GgC2nThW+erD6f/O+6LqXPLqmQPBR09M75d+99I5/rbT8loS9Dp93h0+dHj+53u/tPXiJ2Qafe/ZukXG9pJRuTMUFbXsuPAr9Z3fKMHwVmc2OjdHu7Hpm63/CivajjNY0berlOEJo196Ypb26uG6+4F+y0tmrVhtdrvPudSqm0YX6wnA60pGLkbvuNht/asjHJ6iTmrvnsx2mAV20ac/Cwu78+60iSoPLLBFVmBVVKlUq5XKmUN+5s3rlbKuVHGkoJp9SnkYi5v2jxNTOfN25gDnJJ/f+rIzVUUEs72pUZ++OqplCBmhPWZ3r1/73b3tR+B+t/r8pfkL6Xrb4oW/+vpM+uTKr/E3IxMnaDcWucCe2n+1m0GRk91XMd6ZHuq6uu9vVkDvs2Mlfnspcz+NmSp5Z8RQrkq6mqbTFZi9GmNrShkj7UtuqKZFSXr4Y8RdpTpI48+4pyFcpTVR0FCmW0Jlc3ZVTWpja1LiNPRe0p0I5a2lJNVf07juMDPbTnfX1KjuoFlScELA8GVabsaVL9/8mn6es0q/8l6v/bKn0dLKcPn0+LAb4C4lj2+n9QbvZmV19fRgAAAAAAYN4c+9t3x/7t/rKkWHW/4ZXedFoAAAAAAGCOHMXLuiQnuf6XdFkO1/8AAAAAAPyvcew9do6kVfuhfufkTqiX+SXAwhmkCAAAAAAAXpG98//KkhTbSSuuyjnV9T8AAAAAAPga+M3AHPv53hy7ce/P+jlJUXvZ+fM/lxUuOsft3W85h9VkTfUwixn5BECnftE5l03Uax+WJNlnrnfJyXrLJsHszzv4xcGsuf6d8IUElhYGdzAhASfpeSOfPdNnupZuci2bZ/7BUU52TdrLat1veEU3aNwrq1o9l+t4u52fP374CynsH+fBw+5+8aNPug9sLsdJ0/FhstNPh9LJjT8ZJ7k8s/Mt2Hsuxh3xiuq9Ln/baq46tt9S7/gXVD3MDXY0bQBO+vyVrqdjdn01jV096s+4nxx/ITn+ctEO2dDRh4vOSRblF4983EBMyKJgs7iRxtxYu6HK39Ll/ijknMK3F6RKcXQMhrKoDGYx+1w4/xo5FwNZ2IfemoFzsZ5k8ZdkRxOyWD9dFiMjAgBvyoEuy74LXZadxLxfhQpZ3e2Vh96b2peqO7Or+wfD1f3Z7+PYbrAg5bO/TUztpaDkHX3NsXVoKT2k/MUx7+ilrK4UNOEdvfQK1S3p608n34GUpT2SxX/iOL5Xtv3+7oWq+oeh7kb6jRqVheQU3n52+FM7AX7i4/2P9x9XKusbpfdLpTsVLdrDyB4WRO0BAIyY/R07MyOc93Utjbj24B/vpUtDFe//+x8pKOojfaKuHuhW7ysEro7f6+rAxxBupVetGrhqNeffvWe/l244tqxbE6/qbC0diK30YxfV22S4Up/Err/mUQAA4Gxdn1GHx9f/wlD9v6W1NGLt4tjr7uFanl0d9y/pJ8WWZyf/wbzPBgAAbwcv/MJZ7fzaCUO//WF5c7Nc7Wx7JgzcH5rQr215xm91vNDdrra2PNMOg07gBg3TDrXs17zIRDvtdhB2TD0ITTuI/F37ze8m++r3yGtWWx3fjdoNrxp5xg1anarbMTU/ck175/sNP9r2Qrtx1PZcv+671Y4ftEwU7ISuVzQm8ryBQL/mtTp+3U8WW6Yd+s1quGd+FDR2mp6peZEb+u1OkO6w15ffqgdh0+62mI/HfV4AAIC3ztPnR4/ud7v7T15cWEkuzdOWY02IGV1Y0tPnyVV50pLPVjFHEAAAXzEnBfwUGxVeY0IAAAAAAAAAAAAAAAAAAAAAAGDE7Fv6TrmwOO5mQanf8rNzWYt+qZNbDEf242jeiZ1mIXfarXq3RBw9+nxK8Eq/pXf6B2OOz+wA//5/0ju2RWlLfv59rUwZ3Nex8N2D9IxOjElWjl213B+L/Pz/OSQLj/84YVUcx/H0zZeHz+HStAMcXshLerL0CkNw9u9FAM7WfwMAAP//oLo0Eg==")
sendmsg$NL80211_CMD_TRIGGER_SCAN(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c1b0067c8b73d0000ddffffff00000000000000", @ANYRES16=r4, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32=r5, @ANYBLOB], 0x1c}}, 0x0)
sendmsg$NL80211_CMD_ABORT_SCAN(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="379500000000000000007200000008000300", @ANYRES32=r5], 0x1c}}, 0x0)
r9 = creat(&(0x7f0000000040)='./file0\x00', 0xc8)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
connect$unix(r10, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r11, &(0x7f0000000000), 0x400000000000041, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r9, 0xc06864a1, &(0x7f0000000240)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, <r12=>0x0})
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f00000001c0)={0x0, r12, 0xe, 0x1, 0x7fffffffffffffff})
recvmmsg(r10, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$FUSE_LK(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0xc000000000000, 0x40, 0x1, r2}}}, 0x28)
socket$inet_tcp(0x2, 0x1, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x60048, 0x0)

7.052323846s ago: executing program 5 (id=431):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x38, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x24, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}]}]}, 0x38}}, 0x0)

6.079258254s ago: executing program 6 (id=432):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008f}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x1000, 0x1)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TEST(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x54, 0xb, 0x6, 0x801, 0x0, 0x0, {0x6, 0x0, 0x2}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @mcast2}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x73}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x54}, 0x1, 0x0, 0x0, 0x20008041}, 0x8190)
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="14"], &(0x7f0000000180), 0x0)
openat(0xffffffffffffff9c, 0x0, 0x48240, 0x2)
bind$unix(0xffffffffffffffff, &(0x7f0000000240)=@file={0x1, './file0\x00'}, 0x6e)
open_by_handle_at(0xffffffffffffff9c, &(0x7f00000000c0)=ANY=[], 0x0)

5.580564274s ago: executing program 3 (id=433):
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000000)={0x9, <r0=>0xffffffffffffffff})
sendmsg$nl_route(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@ipv4_getroute={0x1c, 0x1a, 0x2, 0x70bd28, 0x25dfdbfd, {0x2, 0x80, 0x0, 0xc, 0xfc, 0x4, 0xff, 0x0, 0x2000}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c810}, 0x4014)
r1 = syz_clone(0x2300, &(0x7f0000000140)="3994596d0c4068192f7aa477dd151f1e982bb2e5396cbb3298c593cfd5985c12998229b793e7c230c2abea7cf4dca286ed2eb937f27e1e2c2d8e569782ff2e3bc94db25023110983cbed2538f646a66387a29e173c6e6298323791c414ea6a828990b7289d28090754993421deb92a4b712b17c5edc3a760c2272fb532744c539d34c9f76385411dffaec47949cce05850b9fb5726de774f90f99ff3cc55407d28dc40ddae4a88b4341aa6320bc25439f3d34b1fcb65b776c04e7495c8f0a12a6353ffe129a5073e15f1eed0f4a26509bcd585e9003c09b3de4102e526fbd83f9d3b3daac01becad53687b1efba026679876d031", 0xf4, &(0x7f0000000240), &(0x7f0000000280), &(0x7f00000002c0)="d6ef2205c95ed7510f702ad511069aa4f3fdaec1c1798b1f76f36cce96cb5da7859c0d4b5a222d901951a495db13dabfb38b40422ccd03a84692786b32da267ba27026407a6db727982fc10fc3e1477e3f314e75fd01039d035943e7696731d95ca5b2e7a8ccebba")
r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000340), 0x400180, 0x0)
ioctl$VIDIOC_QBUF(r2, 0xc058560f, &(0x7f00000003c0)=@userptr={0xc990, 0x4, 0x4, 0x10100, 0xfffffff0, {0x0, 0x2710}, {0x4, 0x0, 0xea, 0x9, 0x9f, 0xcd, "e3ae6cfa"}, 0x7, 0x2, {&(0x7f0000000380)}, 0x0, 0x0, r0})
sendmsg$TIPC_NL_MON_SET(r0, &(0x7f0000000700)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8010000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000480)={0x218, 0x0, 0x10, 0x70bd26, 0x25dfdbfd, {}, [@TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xfffffffe}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xc90}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xc}]}, @TIPC_NLA_MEDIA={0x4}, @TIPC_NLA_LINK={0x18, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1223}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2a2}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xbbf7}]}, @TIPC_NLA_LINK={0xac, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xc2c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffff946e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xf5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xb}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x56cc}]}]}, @TIPC_NLA_BEARER={0x48, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5f769669}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fffffff}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x4}, @TIPC_NLA_BEARER_NAME={0xf, 0x1, @l2={'ib', 0x3a, 'syz_tun\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}]}, @TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8b43}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x218}, 0x1, 0x0, 0x0, 0x4}, 0x24006011)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000780), r2)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000880)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000840)={&(0x7f00000007c0)={0x70, r3, 0x24, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xe}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7ff}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x100}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x4000001)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000900), r0)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f00000009c0)={&(0x7f00000008c0), 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x24, r5, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@L2TP_ATTR_L2SPEC_TYPE={0x5}, @L2TP_ATTR_LNS_MODE={0x5, 0x14, 0xfb}]}, 0x24}, 0x1, 0x0, 0x0, 0x24}, 0x40050)
sendmsg$L2TP_CMD_SESSION_MODIFY(r4, &(0x7f0000000ac0)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000a80)={&(0x7f0000000a40)={0x3c, r5, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8}, @L2TP_ATTR_UDP_DPORT={0x6, 0x1b, 0x4e24}, @L2TP_ATTR_PW_TYPE={0x6, 0x1, 0xe}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x60000}, 0x8080)
madvise(&(0x7f0000ff1000/0xe000)=nil, 0xe000, 0x14)
r6 = dup(r4)
syz_open_dev$vim2m(&(0x7f0000000b00), 0xfffffffffffffff9, 0x2)
rt_tgsigqueueinfo(r1, r1, 0x1d, &(0x7f0000000b40)={0x20, 0x5, 0x66b5})
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000bc0)={0x10201, 0x0, 0xeeef0000, 0x1000, &(0x7f0000ffc000/0x1000)=nil})
write$RDMA_USER_CM_CMD_GET_EVENT(r0, &(0x7f0000000d80)={0xc, 0x8, 0xfa00, {&(0x7f0000000c00)}}, 0x10)
r8 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r8, 0x6612)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000e80)={&(0x7f0000000dc0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000e40)={&(0x7f0000000e00)={0x20, 0x2, 0x6, 0x201, 0x0, 0x0, {0x3, 0x0, 0x8}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000010}, 0x48820)
sendmsg$NL80211_CMD_RADAR_DETECT(r4, &(0x7f0000000fc0)={&(0x7f0000000ec0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000f80)={&(0x7f0000000f00)={0x60, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {{}, {@void, @val={0xc, 0x99, {0x5, 0x1d}}}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x20}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x24}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x65}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x60}, 0x1, 0x0, 0x0, 0x80}, 0x24000000)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r4, 0xf504, 0x0)
ioctl$DRM_IOCTL_MODE_GET_LEASE(r0, 0xc01064c8, &(0x7f0000001040)={0x7, 0x0, &(0x7f0000001000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
sched_setscheduler(r1, 0x5, &(0x7f0000001080)=0xfff)
syz_open_procfs$namespace(r1, &(0x7f00000010c0)='ns/time\x00')
madvise(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0xb)
process_mrelease(r6, 0x0)
ioctl$SOUND_MIXER_READ_RECMASK(r2, 0x80044dfd, &(0x7f0000001100))

4.96333384s ago: executing program 5 (id=434):
r0 = socket$kcm(0x2, 0x5, 0x84)
sendmsg$kcm(r0, &(0x7f0000000600)={&(0x7f0000000540)=@l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x1}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000240)='~', 0x1}], 0x1}, 0x48000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x4, &(0x7f0000000040)=ANY=[@ANYRES32=r0, @ANYRES8=r0], &(0x7f00000000c0)='syzkaller\x00', 0x2, 0x0, 0x0, 0x40f00, 0x4a, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r2 = getpid()
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffffd)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$kcm(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="89000000120081ae4d060cdc030000007f1be3f74002000000e2ffca1b1f00fff40004c00e72f750375eeb8a56331d169cd7815e381ad6e747073a0093b837dc6cc01e32efaec8c7a6ec001228000140070b1c000a0004009bbc7a46e398b21000040000ab2ace935daa434e1ae73666d70200dcdf0c171308f8b83ed327957fed0009ef8f0a947ee2", 0x89}], 0x1}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
syz_mount_image$minix(&(0x7f0000000180), &(0x7f0000000100)='./file1\x00', 0x14, &(0x7f0000000a00)=ANY=[@ANYBLOB="00046a4578002c65696e4c78002c2c5164e5762f76736f0200002c00d28cc435d59bfdf7628ef1a31858e6f340794be32b5fc494b24fc48364990a15a2fd331847f7784971a3e9fefed82655e1939dbc59660a0d7b112b391e6434ea31e2418eaa6595279acfdfa4f8cbeba4fe9b0765df425a2333f7b1efd3f8a30000973355230e4dccd6773e98e5e774568bdb282585e8b56fae8b1c6fd48c2eee02ac19fa12cf0181e6e9be0700000035863863099145439e3d8bcfea03af8ca08402db3d35cdf77683b9ca2749f88705974aa46462deb98bfa908753e715df35ebb6f61e36b66c9e756d43be99c75efd874746ff26ae952689b2906895359ca933a60fec248eb50bc6165f07800a46e5093600"/287, @ANYRES64, @ANYRES8, @ANYRES64, @ANYRESDEC=0x0, @ANYRESDEC], 0x1, 0x174, &(0x7f0000000880)="$eJzs271OKkEYxvFngMPH+eQcjhbGwsTGRhYwQe3wRkwIrIS4KBEbiAl6Kd6VF6GFnYURwwJrWDQqybIC/1+z8/juOLOEgbdBAJZWSRsyMor3w3oy3c2YsLcEYEZ6w+tTD8DyiT6EvQMA4bg7kJqSbu8vKorGJ/qDfr00qkcSk/UraS02rJukUv7+4lrGjOab75PzK4ProP7j1f+/tTla/6d+6bf+KK2/+qfMsF715q9O2wYBALBUjLL+PPaHiI7qjp3z8jc3570cd3PBl3e8nHBztnLqVIN6BABTirxz/qO+8x/znX8A86vV7hyXHcc+YzA3g65mvOjhzeDN8tY9SX2Fl2VOBqnQVr/81KywP5kABM06bzStVruzXW+Ua3bNPikWisX93N5u3nIbf2u8/QewQF6+9MPeCQAAAAAAAAAAAAAAmNZ/rXz01sdgdwIAAAAgaLP47VHYzwgAAAAAAAAAAAAAAAAAwKJ5DgAA//8y1x45")
unlink(&(0x7f0000000180)='./file1\x00')
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4f25, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}, 0x1c)
getsockname$netrom(0xffffffffffffffff, 0x0, &(0x7f0000000340))
r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0)
write$binfmt_aout(r6, &(0x7f0000000080)=ANY=[], 0xf43b)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000003c0)="5c00000014006b03000000d86e6c1d0002845da60600000000000000e3f58e76110165f450e71b0075e3002500028d459e37000f0000000000bf9367b47e51f60a64c9f4d4938037e786a6d0bdd700"/92, 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x40004041)

4.774534213s ago: executing program 0 (id=435):
openat(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/pids.max\x00', 0x2, 0x0)
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x80000}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)
r3 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xa1, 0x12, 0x17, 0x10, 0xb95, 0x172a, 0xf7f4, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xfb, 0x0, 0x2, 0x6c, 0x5d, 0x65, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r3, 0x0, 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000780)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)={0x40, 0x13, 0x6, @broadcast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$sndpcmc(&(0x7f00000002c0), 0x0, 0x0)
mmap$snddsp(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x11, r4, 0x0)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000180)={0x44, &(0x7f0000000000)={0x0, 0x15, 0x1, 'A'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r3, 0x0, &(0x7f0000000600)={0x1c, &(0x7f00000004c0)={0x40, 0x8, 0x2, "e389"}, 0x0, 0x0})
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x410000, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_WOL_SET(r6, &(0x7f0000002440)={0x0, 0x0, &(0x7f0000002400)={&(0x7f00000000c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000ffdbe8251c00000018000180140002"], 0x2c}, 0x1, 0x0, 0x0, 0x4000080}, 0x4000000)
ioctl$SNDCTL_DSP_GETBLKSIZE(r5, 0xc0045004, &(0x7f00000000c0))

4.418482317s ago: executing program 4 (id=436):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x1, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x8001, 0x2400}, 0xa5, 0x4, 0x10100000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r1, 0x0, 0x800)
bind$alg(r1, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb0100520000000000000034000000340000000600000004"], 0x0, 0x52}, 0x28)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r4 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x40}], 0x30}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x34, r6, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0)

4.228167091s ago: executing program 3 (id=437):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, 0x0, 0x8004) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000280), 0x800) (async)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async, rerun: 64)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (rerun: 64)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f00000003c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
ioctl$AUTOFS_IOC_FAIL(0xffffffffffffffff, 0x4c80, 0xffffffffffffffb6) (async, rerun: 64)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) (async, rerun: 64)
r7 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
pread64(r7, &(0x7f0000001500)=""/4075, 0xfeb, 0x7fff) (async)
r8 = socket(0x28, 0x5, 0x0) (async)
setrlimit(0x8, 0x0)
listen(r8, 0x8b) (async)
syz_usb_connect(0x0, 0x0, 0x0, 0x0) (async)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESDEC=r0, @ANYRESHEX=r0], 0x108}}, 0x0)

4.144826627s ago: executing program 4 (id=438):
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace_dev_match', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
syz_mount_image$erofs(&(0x7f00000003c0), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000240)=ANY=[], 0x0, 0x17d, &(0x7f0000001ac0)="$eJzsmLFP+kAUx7/vyg/yMy6uLg4SxcHSFjUuxLA5mogaNwlUghYx0EGYdPH/cHZwdvOPMM7qYFwY3Uxqej3oQQR10MT4PsPj+7h313evyXcoGIb5szw+vNyvFe+EAWASaaTU/89GXCO0+tfb83Jraj1/OfeUv041robPIwBB8PnnJwDcFAz4Kg+Cwd1p9VuE6OstCCwovQOCqfQeBLaVdkHYVfpA042w3jT3a55rlhteJRRWGOwwOGHIDffXPSNUtP5IW2+1O4clz3Ob3yg+ml+3IJDX+tPfV282ljY/GwK20jkQNpVeRao3m2gk2v2nE/H5xg/fnwULFr9NxP4UXBDmNX9KaP6R9evH2Va7s1irl6pu1T1ynNyKtWRZy05WGlEUx/jff+lPE9r5/0bUJimJk5LvN+0o9nMniu85rpD+J5CZjfLQ+5Mju4nWSe0jqTLGmHKGYRiGYRiGYRiGYRiGYZgvMAOSX0EldIo4GcDZkNVvAQAA///an3MA")
mkdir(&(0x7f0000000080)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x100)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
renameat2(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000001240)='./file0/file0\x00', 0x2)
close_range(r2, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
ioctl$SNDCTL_SEQ_TESTMIDI(0xffffffffffffffff, 0x40045108, &(0x7f0000000280)=0x4)
ioctl$RTC_WKALM_SET(0xffffffffffffffff, 0x40187014, &(0x7f0000000040)={0x0, 0x0, {0x0, 0xfffffffb, 0x0, 0x0, 0x7}})
syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f00000001c0)=ANY=[@ANYRES16=0x0, @ANYRES64=0x0, @ANYRESOCT, @ANYRESOCT, @ANYRES8, @ANYBLOB="e1cc9e585bf1ccbca5939bcef3ab754c3b730034e20162", @ANYRESOCT, @ANYRES16, @ANYRES8], 0x1, 0x1d2, &(0x7f0000000580)="$eJzslU9rE0EYxn+zO2kSzaFnrxbbi7bZgvgN7AfwAxjStRYT/3QDmlAweunFg/glCn4KD4LePYgIXupBQQ8VTxWJzM474ywNRMVQCvPA8j7vM++fmVlm5mZxr6gDPw93uyxSQtHivVJoYFlZ7WjB2m9iJ4JP2vpt0Z+L/Si2GI7ePLF0dKvT6+U7xXAGUQpmxVTIcUn/cbMp5PXjqqL4tzrzJ4PU7uzxoacVpT4tRnI58VXMg3xvQah8/t8tasx7FeCVH63Zv+ndM/s7p8akkt6kui2njyR/lVUg11dx9VHC19J5e7jbNeS63GJG27SfOxJljHFeBjHnNIxBpUx8HV3elrAMrA76d1eL4ejidr+zlW/lt7Ns/fLaq7NyRCcPYbuXr6lgGokhGg9zTpvBeA348Ht8TAAVTM3gDCiX61Lc5bxyPkhsQhLkhjUMGrzw/euipfS5xgUawP2xGc6wu7WEqaa5YZa2gSIVp62DecIRCY1y4FL3Tm9zD4VyaftoX6N9QM07mTimUb5+xS9/T+yS2A2x+2IPxLq3y71JuqzwRbyVMSzwoDMY7JSPl2Vey7yWLfrOiXR1r6FyM6kTEREREREREXFK8CsAAP//TTFPEQ==")
mount$tmpfs(0x0, &(0x7f00000002c0)='\x00', &(0x7f0000000300), 0x200000, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

3.55601706s ago: executing program 5 (id=439):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, 0x0)
syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000200180000000000000000000850000007b00000095"], &(0x7f00000001c0)='GPL\x00', 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, &(0x7f00000002c0)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kfree\x00', r5}, 0x18)
unshare(0x2040400)
r6 = fsopen(&(0x7f0000000440)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)

3.45333277s ago: executing program 6 (id=440):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x4, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4)

2.403639024s ago: executing program 5 (id=441):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r0, 0x0, 0x3, 0x4000043)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000140), 0x1a1002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$FUSE_LK(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, {{0xc000000000000, 0x40, 0x1, r2}}}, 0x28)
r5 = socket$inet_tcp(0x2, 0x1, 0x0)
mount(0x0, &(0x7f0000000080)='.\x00', 0x0, 0x60048, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4)
sendto$inet(r5, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r5, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)

2.307505817s ago: executing program 6 (id=442):
r0 = fanotify_init(0x0, 0x80000)
readv(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x83}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x2000000, &(0x7f00000001c0)="aeb16eaabacd57a150df5f822c50944e8b2a826f368a691df8349a", 0x1b, &(0x7f0000000200), &(0x7f0000000300), &(0x7f0000000640)="0007bb2fd8b929b5065cd376dc7336c29ed39e187c0d78aee218ed42e1b883d2f88da74db1ade3dc0b8309a44bfd01b1e2f157050f48e4cf69feba32113b2c948232276f763a6969e79dededfa5b39053f84f7f0dbe748c82d131ed847dbf2871b536a1bbf3b4e2fa94cbf57001ff365db082e6d7ee0f6160d3f74bbc15deed7e6e9ba13ebf71066dd2b52f8cfab307586995af5ab3581936daecc36e096ca401f38f6f3375abb5bcaf3cd79336eacb5d752d487981d00be8d5c42b9013f5e1e38a1f51e158176b165cfb0994236b4a01f2727ca479c41e53466e9b4d18e8d3017a39711c941204ac9adfd8fc6267fbbfa49d88da081f07d2b7e4fdf61006ab684b898b701fc0fef3c1d63ea91c3b487479d617dce5fcccf432488c998c7452856910e8da5bd4d8ed8a95cbf5554bfeffefe83bdf9b4afcd07a56987017f61fbca509c1f0ef9c43c5a9c9da7156d55fe9579ab6f69cbd8e42f929e94a375fa5a154839533d238a4d397075b3c53b4fc379e8de7f5d54cc01575a3974a9adb69d5a7d0be134078aae962c1a5083fb6852f0ad3cf5cf831c23f751cb3e41f624477e7b80ab67c32d08b2a53414790cdb13822e9759127227488d62532751efc58774e7a87d2e7d0ed2c513159726ad97a0e0d1e8c4e757f679b14570cb2b4bb616c2db62765cf10a0771c2637dc31e116da6e2fa8dca4e73bb2a3d50a78f23f8d8d5d763a45f4722dc5358dfddc64201ac905c0e5b7372993139a2a3e088595dc2caa34e9a618d5e7a773d57cca68d030a4a332ea3703e0fa71dae17e6e06f13b0941aad352ba36f7c25a9f649e784acb18f19dbc7a27e2f4ea67894d142d1f9560550a983289380de4003097b08d938982eb461b661b5d16d6627b3576c490d47512135902d4131d88460fe8471ab5e998eb1831b2a18d7f3ad505e2c8baf90eb85171db22f38ec03c0e53fc5997bfc64cb766c5c93af8b5b1bd07d7cf06b93f667ed49579460a1d1954cba53474454a190a355265e25931c1139ced6f515847e8a9ae4d3bcf8bed3a5033d40765cc13cb01dd10dabde8478b63df944148d5f30a59dd531e785a93eaff8b684153cd8cf2aa95ffbc15f05af399612e11d24613a4d857b24dde923fe00ea3be5163cfa7ceaf16d9537a27392e160f1285a33be1aade244f7e59089d8551a3ddd0d602a0dfa6ca74eb61c219afb75885749513a316927d1ddc4b26d6c6c0a622595f65941f367ce77e3f562c402c9cca1424d018f2a3c410674af44a916c3e609ab2b380c46d4de2e44dc0f397eeee80004d2a629e92bd09115ee5532904af87499e1ae25653087877d071d1c965f79e23b94d512ac05caa97f1dfdc5cb918443b73f2f0dde456da6ab6061f92ccec06300fee2af1e9b84892ee8d42a482c8952d25e67742cc68fb356d81bb52570417f379ba33fb831c938d0d9e6361deb527250efa1e25e3df6e8a40fce37a1021f0773dac44db7d2278e78cf32cbc34e2e398eb5c5410b364a627bd363d44371b66731cd53bc584c67c98641aae45545deb5476ba065fca7700e46594cb416a6c1cd00053800e55e100795d8f975f3da524f9a4bfdcb8d7883444f5de3a70e0feaeb7ff2b923e442022f04426fda015995722e46574cc258e0b145845761582da9c678bedccd26f40a0ad2b35934e27437cf84b1833643c5f2730f453dfcaa241c3a459337b3760eb4af1afee55d1f9fda81bc732c04c60dbc2b5e518a64ec7fe8f18dc587802e14d59ae7dd39e65a2a53310f5e977060a2b7afa105dc827ba75815026249ec8c4979bfec43dcdc9b6435dbfa33ff6fb6248d5ce75c3402079b6742dde4e608d0a8948a4946e063835b55664cc87b54f00cf885b40ceb43049225234e13334fdcf009065b39a708d781b12cc3f20a03da295a13a80bba60214e89f243a79c4602d2d95794f097fcaccc2ad70ad8d562a9445ad2679b88320c05bc6f74fb854b51089c602e725ce49149f40127796fa31552d739d177d4503af382f0a5ed60052f0750c542ce5dac7c950bb727a3cbd73ace42c026f34e54a96acc8121bfe2ed5e14a2b6267db1aa060d4ab1309fd42b1b448598a47dc2e827eb401dcfbd025740081430dba2fba027d388931cc6d1ce540d421a77f717b7d4422b5803b588819c3134cc9ef6386ccd741bf1f6b088ae1d13d1f7c6095f723b1446716fd046ac7481cd0d79e52100938bdf1e820cf1c54d3d4e40ebab3f0d3243bf56642f779af07595276d8937336f8ee5f882b6885f166ba360df76efcc781900e8c86632c235a3622bec8e41d74b73c0dae2e489fb84f8ba7d67622738feccd49db1ce268c35d1d2d3a199664c813a3f4b24393d90819c6b17339147a05547b126ce7b36c8f07d1c5e7b7c5b299619a9ca5c46525dac9f16971e8e8373523e630bbc5fa3b0354ad5d7991f69412ffbb967cc1f8b7065e158f2140a24bfb9f0f8c9a4e9c2b86d1d7489da1457c442bd5e6f63260ac5af21ba59b5320453cdd19a0152f993f8c35e1815ced02bf92c0c12af0987ebcb468ea44411dcf2e390e9ae61852e64febcd2c3ebf6ac677f11169603e59cd40dba31ac2c5f03490e7f7b7c6ce40a8c20da23d8361e259299388674ceb4fca0d73da724362c4a0bb3dbc7a3e75acba315a98f2a90a4bb538a30aef5fb1cc8d6e8e7c3004a8821914873b2b69ebec9ed59a3198304c448c6aa94543221662d2216982e5687e08cdc6bdea65e8d5f578919808ba2c751db9a1f2107747518d87f10f24b91c46a35dc7d781f0bec71f98d542f86f6aa88b68a2f3f7d156de492c24df58f1c3d7221527547ec6b2d63526adc790142866570eeb509aef12043148dd80a45574601af6592b8c4ae045cc42c39cc00e6fc2812de80e9d888c1a51dd0cdc6051f3f081c25d464f88d336fec7449dfe945cac1c286f8f0db9bdf0059597f43426b6769b9948e6b523366c0e8f31515ce6287cf5aa471e2080f9932b6d8e12d1d3e502d35dc66dc63df77843c7d3c097173c32d65b6d827f6b99a98e27ac0297a87f199042e8e9f772065cb62744b6ab4d0792faa2124d452d138aab08f3b97f25a6faf0355f9ed54aa9750ddc8138c2e55c41017c04cf9c49ee044e7b7a08524ec823d41a7133822ef3ddc4a9bb4b454767e52ac0d28f138f9eed1fbf4114dea045e0cafef89fc141bc63c0a1ef71ec762bed6d96ed3af86378f67a0e2ec78e4197618ac1044fdbbd4c09c79dd7d5526a4d2c25cd9fbab618f0a4aaf21d9d8e298048aab8531be4ce4452148ce05189cddb85f715d54d01e605953fa5cda2b37db5ad5e58240e9e9a540c9c312c79db8cb457bc07dd64cc9c1978ccbada336cf2717bad3ae72427c096193c6ae9c4045320c21592f0973ee13e8ff6f07c4cbadb5849f204847c2d6583ec8fce13793ec667d9d01833fa5367a05019f6f2e7c17e1307d78b8a0a051beb54237d0695e70287894419d8d7f62225f94f0b505bab065810e1bca9c149dabf9ace7fd6030b0b5903d91ccd8c22e1d0c05b2338277b49efe9fe3f580daa7d6b8b7be54972ad1eec8a6d25a83de2f3581f45f21b725754f424bb3444c7a0e1496e7f1ba63771bac6b51b3cb324b7230ed991b89cfc8e7eb0e089fda511ab74e0104d703505fcf8c20bb15dbc5afd4bac9d7e396c39535d950dab1e7a5403b4cc3acbed7d5dc6dbe40cac39b8beedb0ae855569b1c0cf4feccf4e153369bfacd1e5bb90479a41ccb50299954974bcb3daf7f649375a15f853b28462d9301002282d574b9e7ad10787747251938225eb55898227c2579fe54cf363190ef92d89c3bedf5b485fcde9eb08b22ea9aa9b0ebf16b1b19fe869cc056ae71a879f05ed9a69c122cbe772d7492e7c4f4f293cd3844dc27a826dbb7a14f956b1f6c4fe293e86f79fd9d37482ecea8c008c9d3ace0816947f9eb8984409eccfbcb48d789c7855fbc72ade57a3a5f5a0bff3e1118ef587e9f923f88639de9adf8c603553baf0c3734d03e243f653dba15c7cb8914a61ffcf8e9513a642d98cfaa9ed7daca9bf7d3f6dab58bf8f3b0294884972b78cab3638faa50b9f6e3d7ecdb079846c39ba66132d4f143b0c7c129cddcfe982a0518cd7d92dd5b3c2156fbafca13e42f105ef84d6aac127f18e4ad869bfdb1615a767d314ee41f886b4d5cc9650222c79e7e1caaea1add4544d090b407dcb8537029069b98ea5424f5598439942d17b3117fb71ab75944b9a9e1afdd7a1b680347d916a4d6f76c2db213b32f0cb7c8eb0c0141bd5f3b1341353f5018abc4a2cae89588dea87ab41878ac466161a91b926222b939b0585cb2fdd5e069884baafae85b7614c22c5e4bfc487b25a713dbbc129c3f7bffc2ef3ef4db7a79d088327347b4be6bb747f2c33d0421af96a27360cd5edd50901422292cd36b2a2d7d060f4b8f56f4ad002bda3b3e636e95fea53f0fb2a51df3226c6661358ab70e520a77b035c2eb029cd92ebfcf60041ff7b6e62c09f0d1cdf2ace85cdc6bd7757ae79ff8e8428e10ffe1ebd0f395942cdc38fd25063455062b52dec83611f85554dd2caff3d5b8c7f60fdc1239b1e3eaa2d68672cce20b143d0720741ff2d8d1dff8556290e34b9059b9c9f4d228dd717c1c8b861c4dcf8b8308e5a4f938cc682e157d44a423bee3d83a67116b70e0083d9d3f06d58b3d64a55853c903ce31fb0a590783ce3ed33837f41c09ab4688e379aa84a1856da2d3395ad2dde30d6f173ae11301eec3e7a2db7a918d89479ae5206bc65bb62ebc08ee8f2191e5c52a796a4e53e236a5d73c1a9963c7f9cf37720506cd95ab4cc8a2937b6539954a62aca61794978d51375d7b860a4f0e2d51bb638dba83e86a922926db3e6c79e527cfa80b5c062801d9220856d9812c860aae4f448296ccde1d449bf8d49bfa3c1a2b575403b18995dfa6c02136b5b51118919c1779d31026a9aa0aa7d69d3c068de283cddc9f3f4975e87079287770cfbdebb50f09b35ade4df7a2d9d2ada158c3da22de7601044d9bb4aa0b733201c39ece8af6b4fc604f0dd8c01e7e38a11f78bdc1910e690d712327b9ca4eac4d3d625e13bd6b863be8f52c7df09dfeb989c1a44b7df25db729449a3f660ce590121927e026ee1542ac2223b61cafd0dea2f35f88eb535be495d636bd0708cdd84726d394fcb0769c70562f98cd9638a76258821c00ee290bbf0ef500de78adb4bbf27688632930d70951fa4dba7be5ca88fedaedd6d56e425321d91ce919428e297cc94309d9bbe37992ee453183aded56b487b55f9012edc18c1d6f753313ff68d119d19764b657a688021226836b406c206b9c13c8ae96fc2845833967a6fd402684996af9e58f1117679559d605e2474437d35508f2f6e8ee4cd88ea9c54336859f1320037d365a54c70688d4a944f919f2acb7a5a7d1191604e89c30b7e9850a1a944703da4c1885612fda3e6e9e260e4256681ffc6987784ee646e56f2696fa3dc1d7040faa87b4c7a3240b061e5d7b473c5e6a9338008ffb5d1e2e1a41bfaa30fdc8f129e621f97b8e11d10c9b0943302d9c807fb46fa98d23b5d6427f3045d12da1a17397ae93484fd2bc5cbb24d32d589c6518f4bfac2c74de47042d656e1f45b3328b9cfe5c10693d7aff08b9a2e61896ec0f60bbb6ac87a8f87c7d24c9ba8d83f43b5eb6632099d4afc95d61157830652ff2078e0404881c769299912883f95697b11828254e21c1a6e18c2510ce90f67021e7693420bd6fda038cedf6947b55ecd5d1132d8a44")
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000000)='./bus\x00', 0x300000a, &(0x7f0000000380)={[{@metadata_ratio={'metadata_ratio', 0x3d, 0x401}}, {}, {@fatal_errors_bug}, {@datacow}, {@ssd}, {@clear_cache}, {@nobarrier}, {@nodatacow}, {@nodiscard}, {@enospc_debug}, {@ssd_spread}, {@noflushoncommit}]}, 0x3, 0x55a3, &(0x7f000000e0c0)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKAbRbfDNkX/YqW/AwN3Zcr8vqr3G4d+3Slh9cnJhqK53vrsB3cqRxV6QdatulpK6iOHaLg7bHau60XvNsKtvMST1vuF6nMN5TNW0LVoXxm26zpCzrmx0fKQ2Njn2I17aDned2mc2ZsTbrXvA5jBxq2y+vwgdpJ9Ze9PfHglSf/8fR956+duq3dfC5nk+amd7TqkHnN9ZrnMZrg86QXvP0KviUN9aUrhHD8nz5f9sycl3bf+MGrJ068/YWLr5628JopE58d9Iux/3jtLndPu7xg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MbKxP5uYAAADQa/SGvaZfHf3qS6c+dPeiF5cfV/Hdcb86abf6irO/33H8rivHf/HSK9sf36Vg/j+0tOP/8ZB/Xe5oV4cwoStxwYAQdut6PAn8LHbn5AEh7NWVaskPHJYKrA7hC12J/bNVpUr0jSWGpgK/r88EJqQCa2KgJRW4MQaWpAIXxsCKVGBGDKxOBQ6PgdCeP44D6jPjKDlQEwOtyUZcEc9CeKc+tpbaVuuyVQEAAGwnmdlhZf7dnHMdtjVDnF6uqOkpQzwDu2iG6lQN6RlsdlpVtIaKnmoo76mG7LgXffTwC2ou66nmgtMwyvIzfDjkO+UDJu79o7tuHHFT84sTv/vu2OO/8uc33129/z/993vOmX/dAQXz/6aPnv9Xd9ORsoLj/yFM7vobc5dnIh3ZeGtLXgYAAABgG1z12NInbzjgqP9z38v33fmla28oX3311//vKxsv2HvUccPL+v7dt1cUzP8nlHb+f9wn0icnc3g07oaYPSCEpvxAUu3BhYHkqHe/TAAAAAB6g+zx+Oyx8PbMbXKKdno+XZi/ZSvzxwP/E7rNf/mmv372y9c+eeLCYftsuOK/nflB2efH/m6XY9eOfPytPYf9Q0PfwvP/W0o7/782/zbpxJrYiysHhNA3J/BI7GVnoMvQGHj50PxAZvxr4gZYHKvKnJiQrWpxLNEaA02pwLJiJX6bLbFbfiDzZGUbvyA7jvZMiZwAAAAAfOLi7oB4XD6e/3/P5AO+tP+gl8a8uOe9C1+bsPSEU2t/uM8tu74+oGPSmAMnHHLEMwXz/9atO/+/ax5ccHp/R78QRlaE0Cf9w4BHa5OFAWOgriyTuL82qatPuqrzakMY3zmwdFWvZNb/r0ivMfhETVJVDOy29083DetM3FATwsjcwDPfvH5MZ2J+KpBt/Bs1IQzpHG268ZV9k8Yr041f0zeEPXMC2apO7htCZ2NV6aoerM5cxyBd1W3VIQzMCWSrOrA6hIUBgF4q/iudmfvgvIVnz57e0dF2xg5MxH34NWFWe0db44w5HTOri/RpZqrPecsYnVc4plKvfPN8ZomiqUNuH15KOvs7wabctjL78QtOHMzcj9+FKrvG2VyZd3d0esjD9ylsIuR8kyo25PIdPOTa3Eq2PIkF9cf8VaFf6LtgXtsZjWdNnz//jFHJ31KzNyd/42GmZFuNSm+r2u76VsLLo+hqWSkfd1vtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbkbw9D3a+7qlND3Xx9iePajkPdvSKnkk/iU0NCQqK3JaYvKTt/wrRf3/+tPdacdtZJe/z9HjNHnPRXl/9m7omNh0z+1fV/ubZg/j/3o+f/8VMnfvJn1mcodvy/IR7mTx7fcpi/NQaWlXr8v6HY0fzsiQFDU4FFMbDIYX4AAAA+G+LuyLg3M+6Vvq7un+4+cuaMQ97/5QlTrv7bseNOPWv9vg0XX33skv+w/p0lq454u2D+v6i03/9vp/X/s0vXf63YMv/7xxJNxdb/Ty/zn13/f1Gx9f/Ty/xn1/9f9ims/78gG0htknes/w8AAHwWfHLr//e4vH/6AgEFGXpc3j99gYCCDD0u41/qBQK2ev3/OR1/UTvo8jnjDh0x98ePrNp7ycDbvvT8xF/vs/SgEfeuvOW9UbcWzP+XlDb/t3A/AAAA7Dwe+mXfb1/87rD7n3rk/SPLLv3txpuO/6u2Aw75w8DmUyYfXfP9m/6tYP6/rLT5/ye//l8odv7/0GKBlmILA1r/DwAAgF6q2Pp/Nw98eejq+SNufOznb97yUusvZo5/7d8t+cFXpg9runnNut80zFhfMP9fUdr8P552UZ6XO/bmw/pkTbuQXtNuY332JwMAAADQO5SHxsbKEvPmrYx62Mdvc11mKdCPSud6+r5BqxaUP3RVWfXGH1wy7ZDGc489c86RF63/fu2TP6md2lh9RsH8f3Vp8/+832U8UDup/rK3Jx784cqT/3j6vvPXTt1y/B8AAADYcUrdLwEAAAAAAAAAAAAAAHz6nmpdetAHo45+Y+Zeo/70jWNf+MHiL37zkb+59s9n/vzw+/Zq3zxsSsHv/8PkrnLFfv8fr/sXf1+wa17u2GrP6/9l7k855taFXUsWPlofwj65gdnnz/5cyFybf7/cwKqp+w/uTJyfLnHfi4e/1pmYlg4cNWKX9zoT41OB1rhI4hfSgXhVxff6pwJxecUn04G4PVakA1WZwCX9k3GUpbfVhrpkW5Wlt9VzdSEMyAlkt9XddUkbZekBXpUKZAd4ejoQBzgpEyhP9+rWfkmvYqAuFv2bfkmvAADYacVvgZVhVntHW1P8Ch9vd6/Iv43yliw7r7DashKbfz6zNNnUIbcPLyXdJ/1ddMu1xitDdecQRhV8Xc3NUtY1yu1TSw+bbtciQ+5ptbfyIuXStnbTVRUfUU0yosYZczpmVvY48NE9Z2mu6DHLqILJTm6W8q5NWkItJfSlhBGVuG1K6HK8Xx4aG/ukco2LwYaQp6dXRKm/189d56/YqyA3z9/WXHtpn8F93v+38Rc99OCAyo5TJ7ddtPtj/zxw1Mwf//DB1mt+XzD/byht/l+dO673MhcDWBSvrHfwgBBaSxwRAAAAfPb9z3OX33HinDUbZq2uePZ3v5tdftyJlZvPueucsy967v7FR13y72/e1viKsqc2nfjGprP++o2ffOW6h8966fAZZ901ad0h69uqb/zuXyw/dUjB/H9oafP/uAcrcyg42duxOl7//4IBIXRdWr8hCfwsDvfkASHs1ZVqiSWSC+p/LZZoSgI/iztM9o8lWlvyq+obAytSgd/XZwKrU4E1MZDZS/HTkNmVc0V9CGO6UpPzS8yNJRpSgeNiYGgq0BgDTalA/xiYkAq82T8TaEkF/jEGQnv+trqzf2ZbAQAAbI3MPKsy/25Iz/NWVPSUoaynDLU9ZSjvKUN1TxmKjSLevyNmqEydvFKWk6kyXWtNqpaCDPFi+Fvdr4IM4bf5OdMFC5qO5x9kzzcoy88w7od3tB70tXk/3nTxjx4/8sALj1xy5duXHt1v8JXP/u/2c/v131RbMP9vKm3+X5t/m7S+Js7/t1z/Lwk8Ert3ZTx1fGgMvHxofiCzY2BNnOwuzlbVkimRmbQvjiUmxMDQVGBuDExIBVonZwLLBucHMjPtbOMXZBtvz5TICQAAAMAnLu4giLtp4vx/5bjwzh5Hvt+8+5UD5457/JHzjphes2t1zT+PX7t0/KXVD+3Xt2D+P6G0+X9sr19uYxfG3rzaP4S7y7b0JhsYUZcE4n6Muvjz+D3qQvhczg6ObIm22qREVarh8HBN8gv1qnRV99YkawzE+1OeeHDVZZ2Jq2pC2Ddn70u2jReqkzZq0oFhVUmgNh2YU5EE4p6fbOCe8iQA2yy7VzC+oDKnumQ1dF+uyOvvs3JN0PTwCvaBdpOvu99c7SjV6Qcy+1Sztu5pK6iOHaLg7bHau603vtsavNtyv0hlvqFs3hKqDuUz22ZNX9AxPz6S+0vWAjvoec79lWop6e3wOlz08Xvbs+p0B5pSHx9N3Zfr/nVYFqt7oHZS/WVvTzx45cl/PH3f+WunltyNIuIPhQ++de4Bz+Vs3h2tOmRec73u86TF50lv/Dcw1NMWQlh+wawnn/iX95+vWN/8Xw4cu/y2Nx9b/pODHpg14gsbLvnyxrfePapg/t9S2vy/InXb5YO4MecNCGF4zsZ9NG7+iQOSz8GcQPIpObAwkBxyX19f9JMTAAAAtrfs7o7s/oL2zG1yQnh6nlyYv2Ur88f9FRO6zV9qvweO+YfvHXrV69/4+vrdL3906VPr/tObrxwx7dAHNj29YuXrzcd+/umC+X/rR8//+6a66fi/4//sII7/d2tn3xXdN/3Aom3aFV1QHTuE4//d2tnfbY7/d8vxf8f/u+P4fw8c/+/Wzv60FXxLmutLVwihdcANt/+idvrwflec860Za3/+9DtN416oO/foO//H4YvDNeet+nPB/H9uafN/6/91v2hfdv2/1mLr/80ttv7fIuv/AQAAO1SRhebS87yC1fsKMqRX7yvI0OMCgT0uMWj9v61e/6/2pLNPeqX+rb2umXj7f75z+oXPn3Tis/v2ef6E20+4aeTVw1/68oaC+f+i0ub/8eXQL7f13rL+39DJRapaEgNzLQwIAADAzqjYDgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+XSseXPzFzYv3OeimZz9/0+H/umzNrL1/dcDm0WNObhy+eGDZlX/3L28NWrDwjbZJZ17bMn35NRtWLg2hvatcWVK87KFB5eWj/3DMXbdd8XDTtMFTzq3O1FuZuf1iXu7Y6of1ISzLeaQuJjbWd97ZEphyzK0LKzoTj9aHsE9uYPb5sz/XmbixPoT9cgOrpu4/uDNxfrrEfS8e/lpnYlo6cNSIXd7rTIzPBMrS3b2uf9LdsnR3L+sfwoCcQLa73+6fX1W2jf+YCZSn27i5LmkjBupi0R/VJW3EQEcs0d43hJEVIfRJV/Xr6qSqPumq/r46qapPuqr/Wh3C+BBCRbqqF6uSqirSI19blVQVA7vt/dNNwzoTy6pCGJkbeOab14/pTJyeCmQb/3pVCEM6XzLpxu+oTBqvTDd+VWUIe4YQqtIl/rUiKVGVLvFKRQgDcwLZxk+tCGFh4DMhfvjMzH1w3sKzZ0/v6Gg7YwcmqjJt1YRZ7R1tjTPmdMysTvWpmLKc9ObzPv7Yn990zozO26lDbh9eSroiU66yq8vNlXl3R+/svY/9qs2tZMvzUVB/zF8V+oW+C+a1ndF41vT5888YlfwtNXtz8rdPJppsq1G9ZVvtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbk7/YY6vWf/FB3r8ip5JP4AJCQkOhtifK8T7emnf2DvOCL/paOVobqrg/ogmlFbpayrlFuj0Ef9jFH/HG+p/Q4olEFE4eCLM09ZxldMJnYkqUmydL1va5gcphbU3nXJo33y0NjY59i26Eh/27u5n1rGzbvusymKzUNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//5twzl8=")
timer_create(0x0, 0x0, &(0x7f0000000100)=<r1=>0x0)
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
timer_delete(r1)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r2, &(0x7f0000000180)='~', 0x1, 0x2000001, &(0x7f0000000140)={0xa, 0x4e23, 0x2, @private0, 0x2}, 0x1c)
recvmmsg(r2, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x100, 0x0)
shutdown(r2, 0x1)
timer_create(0x3, &(0x7f0000000140)={0x0, 0x11, 0x2, @thr={&(0x7f0000000380)="3d3e89bb5d8bb50a268bb6cd7bc321acbe396cbe77688de870e74324c100f6da5851af3d5b12c451601c79dab67e1b27b8f487c8ea711d1b37d8085d463b5fd317570ccabc2c053ef05bcae246d9501adb56cf3ab97c6bc20b31fe9a0a49b245ddbd1e4afd6756ee9822bb67a99c267ec1b38fcb40d4914f1ffe589ddb49d3af5bb74d6fd44bb35346b1a7c417e3624923af25a720c5f70a980f162073351a18720a53462e8c37e2c90d8880b6ea4f791de1a0ded5a7e5ba7cac00fb6dab64ff118263844fd89edc5a9606fc598951be0302411b986b165acec4da043a0241383a04340a09ee53d869", &(0x7f0000000540)="79577952401cc8594074acf30c68d9965d319c0078c1290cd376327359cd29339b18123a6da87ef6dbc827c9d3d521b2f6c0465a136537ade4fc01f7e15677553c28954fb15d34f78293e5195a521262c90357a9d17e37bd4d8a843d1eb50f63b10d42e8a8c09c06e3aed9bce3982ce3f94bc1ec4a92405544d410b3c5e67d16206b788d844b5c45583fbebe0d948c42e0f8836d6331da25c67e95"}}, &(0x7f0000000340))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
fanotify_init(0x0, 0x80000) (async)
readv(r0, &(0x7f0000000100)=[{&(0x7f0000000040)=""/175, 0xaf}], 0x1) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x2, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x83}]}, &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) (async)
syz_clone(0x2000000, &(0x7f00000001c0)="aeb16eaabacd57a150df5f822c50944e8b2a826f368a691df8349a", 0x1b, &(0x7f0000000200), &(0x7f0000000300), &(0x7f0000000640)="0007bb2fd8b929b5065cd376dc7336c29ed39e187c0d78aee218ed42e1b883d2f88da74db1ade3dc0b8309a44bfd01b1e2f157050f48e4cf69feba32113b2c948232276f763a6969e79dededfa5b39053f84f7f0dbe748c82d131ed847dbf2871b536a1bbf3b4e2fa94cbf57001ff365db082e6d7ee0f6160d3f74bbc15deed7e6e9ba13ebf71066dd2b52f8cfab307586995af5ab3581936daecc36e096ca401f38f6f3375abb5bcaf3cd79336eacb5d752d487981d00be8d5c42b9013f5e1e38a1f51e158176b165cfb0994236b4a01f2727ca479c41e53466e9b4d18e8d3017a39711c941204ac9adfd8fc6267fbbfa49d88da081f07d2b7e4fdf61006ab684b898b701fc0fef3c1d63ea91c3b487479d617dce5fcccf432488c998c7452856910e8da5bd4d8ed8a95cbf5554bfeffefe83bdf9b4afcd07a56987017f61fbca509c1f0ef9c43c5a9c9da7156d55fe9579ab6f69cbd8e42f929e94a375fa5a154839533d238a4d397075b3c53b4fc379e8de7f5d54cc01575a3974a9adb69d5a7d0be134078aae962c1a5083fb6852f0ad3cf5cf831c23f751cb3e41f624477e7b80ab67c32d08b2a53414790cdb13822e9759127227488d62532751efc58774e7a87d2e7d0ed2c513159726ad97a0e0d1e8c4e757f679b14570cb2b4bb616c2db62765cf10a0771c2637dc31e116da6e2fa8dca4e73bb2a3d50a78f23f8d8d5d763a45f4722dc5358dfddc64201ac905c0e5b7372993139a2a3e088595dc2caa34e9a618d5e7a773d57cca68d030a4a332ea3703e0fa71dae17e6e06f13b0941aad352ba36f7c25a9f649e784acb18f19dbc7a27e2f4ea67894d142d1f9560550a983289380de4003097b08d938982eb461b661b5d16d6627b3576c490d47512135902d4131d88460fe8471ab5e998eb1831b2a18d7f3ad505e2c8baf90eb85171db22f38ec03c0e53fc5997bfc64cb766c5c93af8b5b1bd07d7cf06b93f667ed49579460a1d1954cba53474454a190a355265e25931c1139ced6f515847e8a9ae4d3bcf8bed3a5033d40765cc13cb01dd10dabde8478b63df944148d5f30a59dd531e785a93eaff8b684153cd8cf2aa95ffbc15f05af399612e11d24613a4d857b24dde923fe00ea3be5163cfa7ceaf16d9537a27392e160f1285a33be1aade244f7e59089d8551a3ddd0d602a0dfa6ca74eb61c219afb75885749513a316927d1ddc4b26d6c6c0a622595f65941f367ce77e3f562c402c9cca1424d018f2a3c410674af44a916c3e609ab2b380c46d4de2e44dc0f397eeee80004d2a629e92bd09115ee5532904af87499e1ae25653087877d071d1c965f79e23b94d512ac05caa97f1dfdc5cb918443b73f2f0dde456da6ab6061f92ccec06300fee2af1e9b84892ee8d42a482c8952d25e67742cc68fb356d81bb52570417f379ba33fb831c938d0d9e6361deb527250efa1e25e3df6e8a40fce37a1021f0773dac44db7d2278e78cf32cbc34e2e398eb5c5410b364a627bd363d44371b66731cd53bc584c67c98641aae45545deb5476ba065fca7700e46594cb416a6c1cd00053800e55e100795d8f975f3da524f9a4bfdcb8d7883444f5de3a70e0feaeb7ff2b923e442022f04426fda015995722e46574cc258e0b145845761582da9c678bedccd26f40a0ad2b35934e27437cf84b1833643c5f2730f453dfcaa241c3a459337b3760eb4af1afee55d1f9fda81bc732c04c60dbc2b5e518a64ec7fe8f18dc587802e14d59ae7dd39e65a2a53310f5e977060a2b7afa105dc827ba75815026249ec8c4979bfec43dcdc9b6435dbfa33ff6fb6248d5ce75c3402079b6742dde4e608d0a8948a4946e063835b55664cc87b54f00cf885b40ceb43049225234e13334fdcf009065b39a708d781b12cc3f20a03da295a13a80bba60214e89f243a79c4602d2d95794f097fcaccc2ad70ad8d562a9445ad2679b88320c05bc6f74fb854b51089c602e725ce49149f40127796fa31552d739d177d4503af382f0a5ed60052f0750c542ce5dac7c950bb727a3cbd73ace42c026f34e54a96acc8121bfe2ed5e14a2b6267db1aa060d4ab1309fd42b1b448598a47dc2e827eb401dcfbd025740081430dba2fba027d388931cc6d1ce540d421a77f717b7d4422b5803b588819c3134cc9ef6386ccd741bf1f6b088ae1d13d1f7c6095f723b1446716fd046ac7481cd0d79e52100938bdf1e820cf1c54d3d4e40ebab3f0d3243bf56642f779af07595276d8937336f8ee5f882b6885f166ba360df76efcc781900e8c86632c235a3622bec8e41d74b73c0dae2e489fb84f8ba7d67622738feccd49db1ce268c35d1d2d3a199664c813a3f4b24393d90819c6b17339147a05547b126ce7b36c8f07d1c5e7b7c5b299619a9ca5c46525dac9f16971e8e8373523e630bbc5fa3b0354ad5d7991f69412ffbb967cc1f8b7065e158f2140a24bfb9f0f8c9a4e9c2b86d1d7489da1457c442bd5e6f63260ac5af21ba59b5320453cdd19a0152f993f8c35e1815ced02bf92c0c12af0987ebcb468ea44411dcf2e390e9ae61852e64febcd2c3ebf6ac677f11169603e59cd40dba31ac2c5f03490e7f7b7c6ce40a8c20da23d8361e259299388674ceb4fca0d73da724362c4a0bb3dbc7a3e75acba315a98f2a90a4bb538a30aef5fb1cc8d6e8e7c3004a8821914873b2b69ebec9ed59a3198304c448c6aa94543221662d2216982e5687e08cdc6bdea65e8d5f578919808ba2c751db9a1f2107747518d87f10f24b91c46a35dc7d781f0bec71f98d542f86f6aa88b68a2f3f7d156de492c24df58f1c3d7221527547ec6b2d63526adc790142866570eeb509aef12043148dd80a45574601af6592b8c4ae045cc42c39cc00e6fc2812de80e9d888c1a51dd0cdc6051f3f081c25d464f88d336fec7449dfe945cac1c286f8f0db9bdf0059597f43426b6769b9948e6b523366c0e8f31515ce6287cf5aa471e2080f9932b6d8e12d1d3e502d35dc66dc63df77843c7d3c097173c32d65b6d827f6b99a98e27ac0297a87f199042e8e9f772065cb62744b6ab4d0792faa2124d452d138aab08f3b97f25a6faf0355f9ed54aa9750ddc8138c2e55c41017c04cf9c49ee044e7b7a08524ec823d41a7133822ef3ddc4a9bb4b454767e52ac0d28f138f9eed1fbf4114dea045e0cafef89fc141bc63c0a1ef71ec762bed6d96ed3af86378f67a0e2ec78e4197618ac1044fdbbd4c09c79dd7d5526a4d2c25cd9fbab618f0a4aaf21d9d8e298048aab8531be4ce4452148ce05189cddb85f715d54d01e605953fa5cda2b37db5ad5e58240e9e9a540c9c312c79db8cb457bc07dd64cc9c1978ccbada336cf2717bad3ae72427c096193c6ae9c4045320c21592f0973ee13e8ff6f07c4cbadb5849f204847c2d6583ec8fce13793ec667d9d01833fa5367a05019f6f2e7c17e1307d78b8a0a051beb54237d0695e70287894419d8d7f62225f94f0b505bab065810e1bca9c149dabf9ace7fd6030b0b5903d91ccd8c22e1d0c05b2338277b49efe9fe3f580daa7d6b8b7be54972ad1eec8a6d25a83de2f3581f45f21b725754f424bb3444c7a0e1496e7f1ba63771bac6b51b3cb324b7230ed991b89cfc8e7eb0e089fda511ab74e0104d703505fcf8c20bb15dbc5afd4bac9d7e396c39535d950dab1e7a5403b4cc3acbed7d5dc6dbe40cac39b8beedb0ae855569b1c0cf4feccf4e153369bfacd1e5bb90479a41ccb50299954974bcb3daf7f649375a15f853b28462d9301002282d574b9e7ad10787747251938225eb55898227c2579fe54cf363190ef92d89c3bedf5b485fcde9eb08b22ea9aa9b0ebf16b1b19fe869cc056ae71a879f05ed9a69c122cbe772d7492e7c4f4f293cd3844dc27a826dbb7a14f956b1f6c4fe293e86f79fd9d37482ecea8c008c9d3ace0816947f9eb8984409eccfbcb48d789c7855fbc72ade57a3a5f5a0bff3e1118ef587e9f923f88639de9adf8c603553baf0c3734d03e243f653dba15c7cb8914a61ffcf8e9513a642d98cfaa9ed7daca9bf7d3f6dab58bf8f3b0294884972b78cab3638faa50b9f6e3d7ecdb079846c39ba66132d4f143b0c7c129cddcfe982a0518cd7d92dd5b3c2156fbafca13e42f105ef84d6aac127f18e4ad869bfdb1615a767d314ee41f886b4d5cc9650222c79e7e1caaea1add4544d090b407dcb8537029069b98ea5424f5598439942d17b3117fb71ab75944b9a9e1afdd7a1b680347d916a4d6f76c2db213b32f0cb7c8eb0c0141bd5f3b1341353f5018abc4a2cae89588dea87ab41878ac466161a91b926222b939b0585cb2fdd5e069884baafae85b7614c22c5e4bfc487b25a713dbbc129c3f7bffc2ef3ef4db7a79d088327347b4be6bb747f2c33d0421af96a27360cd5edd50901422292cd36b2a2d7d060f4b8f56f4ad002bda3b3e636e95fea53f0fb2a51df3226c6661358ab70e520a77b035c2eb029cd92ebfcf60041ff7b6e62c09f0d1cdf2ace85cdc6bd7757ae79ff8e8428e10ffe1ebd0f395942cdc38fd25063455062b52dec83611f85554dd2caff3d5b8c7f60fdc1239b1e3eaa2d68672cce20b143d0720741ff2d8d1dff8556290e34b9059b9c9f4d228dd717c1c8b861c4dcf8b8308e5a4f938cc682e157d44a423bee3d83a67116b70e0083d9d3f06d58b3d64a55853c903ce31fb0a590783ce3ed33837f41c09ab4688e379aa84a1856da2d3395ad2dde30d6f173ae11301eec3e7a2db7a918d89479ae5206bc65bb62ebc08ee8f2191e5c52a796a4e53e236a5d73c1a9963c7f9cf37720506cd95ab4cc8a2937b6539954a62aca61794978d51375d7b860a4f0e2d51bb638dba83e86a922926db3e6c79e527cfa80b5c062801d9220856d9812c860aae4f448296ccde1d449bf8d49bfa3c1a2b575403b18995dfa6c02136b5b51118919c1779d31026a9aa0aa7d69d3c068de283cddc9f3f4975e87079287770cfbdebb50f09b35ade4df7a2d9d2ada158c3da22de7601044d9bb4aa0b733201c39ece8af6b4fc604f0dd8c01e7e38a11f78bdc1910e690d712327b9ca4eac4d3d625e13bd6b863be8f52c7df09dfeb989c1a44b7df25db729449a3f660ce590121927e026ee1542ac2223b61cafd0dea2f35f88eb535be495d636bd0708cdd84726d394fcb0769c70562f98cd9638a76258821c00ee290bbf0ef500de78adb4bbf27688632930d70951fa4dba7be5ca88fedaedd6d56e425321d91ce919428e297cc94309d9bbe37992ee453183aded56b487b55f9012edc18c1d6f753313ff68d119d19764b657a688021226836b406c206b9c13c8ae96fc2845833967a6fd402684996af9e58f1117679559d605e2474437d35508f2f6e8ee4cd88ea9c54336859f1320037d365a54c70688d4a944f919f2acb7a5a7d1191604e89c30b7e9850a1a944703da4c1885612fda3e6e9e260e4256681ffc6987784ee646e56f2696fa3dc1d7040faa87b4c7a3240b061e5d7b473c5e6a9338008ffb5d1e2e1a41bfaa30fdc8f129e621f97b8e11d10c9b0943302d9c807fb46fa98d23b5d6427f3045d12da1a17397ae93484fd2bc5cbb24d32d589c6518f4bfac2c74de47042d656e1f45b3328b9cfe5c10693d7aff08b9a2e61896ec0f60bbb6ac87a8f87c7d24c9ba8d83f43b5eb6632099d4afc95d61157830652ff2078e0404881c769299912883f95697b11828254e21c1a6e18c2510ce90f67021e7693420bd6fda038cedf6947b55ecd5d1132d8a44") (async)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000000)='./bus\x00', 0x300000a, &(0x7f0000000380)={[{@metadata_ratio={'metadata_ratio', 0x3d, 0x401}}, {}, {@fatal_errors_bug}, {@datacow}, {@ssd}, {@clear_cache}, {@nobarrier}, {@nodatacow}, {@nodiscard}, {@enospc_debug}, {@ssd_spread}, {@noflushoncommit}]}, 0x3, 0x55a3, &(0x7f000000e0c0)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKAbRbfDNkX/YqW/AwN3Zcr8vqr3G4d+3Slh9cnJhqK53vrsB3cqRxV6QdatulpK6iOHaLg7bHau60XvNsKtvMST1vuF6nMN5TNW0LVoXxm26zpCzrmx0fKQ2Njn2I17aDned2mc2ZsTbrXvA5jBxq2y+vwgdpJ9Ze9PfHglSf/8fR956+duq3dfC5nk+amd7TqkHnN9ZrnMZrg86QXvP0KviUN9aUrhHD8nz5f9sycl3bf+MGrJ068/YWLr5628JopE58d9Iux/3jtLndPu7xg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MbKxP5uYAAADQa/SGvaZfHf3qS6c+dPeiF5cfV/Hdcb86abf6irO/33H8rivHf/HSK9sf36Vg/j+0tOP/8ZB/Xe5oV4cwoStxwYAQdut6PAn8LHbn5AEh7NWVaskPHJYKrA7hC12J/bNVpUr0jSWGpgK/r88EJqQCa2KgJRW4MQaWpAIXxsCKVGBGDKxOBQ6PgdCeP44D6jPjKDlQEwOtyUZcEc9CeKc+tpbaVuuyVQEAAGwnmdlhZf7dnHMdtjVDnF6uqOkpQzwDu2iG6lQN6RlsdlpVtIaKnmoo76mG7LgXffTwC2ou66nmgtMwyvIzfDjkO+UDJu79o7tuHHFT84sTv/vu2OO/8uc33129/z/993vOmX/dAQXz/6aPnv9Xd9ORsoLj/yFM7vobc5dnIh3ZeGtLXgYAAABgG1z12NInbzjgqP9z38v33fmla28oX3311//vKxsv2HvUccPL+v7dt1cUzP8nlHb+f9wn0icnc3g07oaYPSCEpvxAUu3BhYHkqHe/TAAAAAB6g+zx+Oyx8PbMbXKKdno+XZi/ZSvzxwP/E7rNf/mmv372y9c+eeLCYftsuOK/nflB2efH/m6XY9eOfPytPYf9Q0PfwvP/W0o7/782/zbpxJrYiysHhNA3J/BI7GVnoMvQGHj50PxAZvxr4gZYHKvKnJiQrWpxLNEaA02pwLJiJX6bLbFbfiDzZGUbvyA7jvZMiZwAAAAAfOLi7oB4XD6e/3/P5AO+tP+gl8a8uOe9C1+bsPSEU2t/uM8tu74+oGPSmAMnHHLEMwXz/9atO/+/ax5ccHp/R78QRlaE0Cf9w4BHa5OFAWOgriyTuL82qatPuqrzakMY3zmwdFWvZNb/r0ivMfhETVJVDOy29083DetM3FATwsjcwDPfvH5MZ2J+KpBt/Bs1IQzpHG268ZV9k8Yr041f0zeEPXMC2apO7htCZ2NV6aoerM5cxyBd1W3VIQzMCWSrOrA6hIUBgF4q/iudmfvgvIVnz57e0dF2xg5MxH34NWFWe0db44w5HTOri/RpZqrPecsYnVc4plKvfPN8ZomiqUNuH15KOvs7wabctjL78QtOHMzcj9+FKrvG2VyZd3d0esjD9ylsIuR8kyo25PIdPOTa3Eq2PIkF9cf8VaFf6LtgXtsZjWdNnz//jFHJ31KzNyd/42GmZFuNSm+r2u76VsLLo+hqWSkfd1vtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbkbw9D3a+7qlND3Xx9iePajkPdvSKnkk/iU0NCQqK3JaYvKTt/wrRf3/+tPdacdtZJe/z9HjNHnPRXl/9m7omNh0z+1fV/ubZg/j/3o+f/8VMnfvJn1mcodvy/IR7mTx7fcpi/NQaWlXr8v6HY0fzsiQFDU4FFMbDIYX4AAAA+G+LuyLg3M+6Vvq7un+4+cuaMQ97/5QlTrv7bseNOPWv9vg0XX33skv+w/p0lq454u2D+v6i03/9vp/X/s0vXf63YMv/7xxJNxdb/Ty/zn13/f1Gx9f/Ty/xn1/9f9ims/78gG0htknes/w8AAHwWfHLr//e4vH/6AgEFGXpc3j99gYCCDD0u41/qBQK2ev3/OR1/UTvo8jnjDh0x98ePrNp7ycDbvvT8xF/vs/SgEfeuvOW9UbcWzP+XlDb/t3A/AAAA7Dwe+mXfb1/87rD7n3rk/SPLLv3txpuO/6u2Aw75w8DmUyYfXfP9m/6tYP6/rLT5/ye//l8odv7/0GKBlmILA1r/DwAAgF6q2Pp/Nw98eejq+SNufOznb97yUusvZo5/7d8t+cFXpg9runnNut80zFhfMP9fUdr8P552UZ6XO/bmw/pkTbuQXtNuY332JwMAAADQO5SHxsbKEvPmrYx62Mdvc11mKdCPSud6+r5BqxaUP3RVWfXGH1wy7ZDGc489c86RF63/fu2TP6md2lh9RsH8f3Vp8/+832U8UDup/rK3Jx784cqT/3j6vvPXTt1y/B8AAADYcUrdLwEAAAAAAAAAAAAAAHz6nmpdetAHo45+Y+Zeo/70jWNf+MHiL37zkb+59s9n/vzw+/Zq3zxsSsHv/8PkrnLFfv8fr/sXf1+wa17u2GrP6/9l7k855taFXUsWPlofwj65gdnnz/5cyFybf7/cwKqp+w/uTJyfLnHfi4e/1pmYlg4cNWKX9zoT41OB1rhI4hfSgXhVxff6pwJxecUn04G4PVakA1WZwCX9k3GUpbfVhrpkW5Wlt9VzdSEMyAlkt9XddUkbZekBXpUKZAd4ejoQBzgpEyhP9+rWfkmvYqAuFv2bfkmvAADYacVvgZVhVntHW1P8Ch9vd6/Iv43yliw7r7DashKbfz6zNNnUIbcPLyXdJ/1ddMu1xitDdecQRhV8Xc3NUtY1yu1TSw+bbtciQ+5ptbfyIuXStnbTVRUfUU0yosYZczpmVvY48NE9Z2mu6DHLqILJTm6W8q5NWkItJfSlhBGVuG1K6HK8Xx4aG/ukco2LwYaQp6dXRKm/189d56/YqyA3z9/WXHtpn8F93v+38Rc99OCAyo5TJ7ddtPtj/zxw1Mwf//DB1mt+XzD/byht/l+dO673MhcDWBSvrHfwgBBaSxwRAAAAfPb9z3OX33HinDUbZq2uePZ3v5tdftyJlZvPueucsy967v7FR13y72/e1viKsqc2nfjGprP++o2ffOW6h8966fAZZ901ad0h69uqb/zuXyw/dUjB/H9oafP/uAcrcyg42duxOl7//4IBIXRdWr8hCfwsDvfkASHs1ZVqiSWSC+p/LZZoSgI/iztM9o8lWlvyq+obAytSgd/XZwKrU4E1MZDZS/HTkNmVc0V9CGO6UpPzS8yNJRpSgeNiYGgq0BgDTalA/xiYkAq82T8TaEkF/jEGQnv+trqzf2ZbAQAAbI3MPKsy/25Iz/NWVPSUoaynDLU9ZSjvKUN1TxmKjSLevyNmqEydvFKWk6kyXWtNqpaCDPFi+Fvdr4IM4bf5OdMFC5qO5x9kzzcoy88w7od3tB70tXk/3nTxjx4/8sALj1xy5duXHt1v8JXP/u/2c/v131RbMP9vKm3+X5t/m7S+Js7/t1z/Lwk8Ert3ZTx1fGgMvHxofiCzY2BNnOwuzlbVkimRmbQvjiUmxMDQVGBuDExIBVonZwLLBucHMjPtbOMXZBtvz5TICQAAAMAnLu4giLtp4vx/5bjwzh5Hvt+8+5UD5457/JHzjphes2t1zT+PX7t0/KXVD+3Xt2D+P6G0+X9sr19uYxfG3rzaP4S7y7b0JhsYUZcE4n6Muvjz+D3qQvhczg6ObIm22qREVarh8HBN8gv1qnRV99YkawzE+1OeeHDVZZ2Jq2pC2Ddn70u2jReqkzZq0oFhVUmgNh2YU5EE4p6fbOCe8iQA2yy7VzC+oDKnumQ1dF+uyOvvs3JN0PTwCvaBdpOvu99c7SjV6Qcy+1Sztu5pK6iOHaLg7bHau603vtsavNtyv0hlvqFs3hKqDuUz22ZNX9AxPz6S+0vWAjvoec79lWop6e3wOlz08Xvbs+p0B5pSHx9N3Zfr/nVYFqt7oHZS/WVvTzx45cl/PH3f+WunltyNIuIPhQ++de4Bz+Vs3h2tOmRec73u86TF50lv/Dcw1NMWQlh+wawnn/iX95+vWN/8Xw4cu/y2Nx9b/pODHpg14gsbLvnyxrfePapg/t9S2vy/InXb5YO4MecNCGF4zsZ9NG7+iQOSz8GcQPIpObAwkBxyX19f9JMTAAAAtrfs7o7s/oL2zG1yQnh6nlyYv2Ur88f9FRO6zV9qvweO+YfvHXrV69/4+vrdL3906VPr/tObrxwx7dAHNj29YuXrzcd+/umC+X/rR8//+6a66fi/4//sII7/d2tn3xXdN/3Aom3aFV1QHTuE4//d2tnfbY7/d8vxf8f/u+P4fw8c/+/Wzv60FXxLmutLVwihdcANt/+idvrwflec860Za3/+9DtN416oO/foO//H4YvDNeet+nPB/H9uafN/6/91v2hfdv2/1mLr/80ttv7fIuv/AQAAO1SRhebS87yC1fsKMqRX7yvI0OMCgT0uMWj9v61e/6/2pLNPeqX+rb2umXj7f75z+oXPn3Tis/v2ef6E20+4aeTVw1/68oaC+f+i0ub/8eXQL7f13rL+39DJRapaEgNzLQwIAADAzqjYDgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+XSseXPzFzYv3OeimZz9/0+H/umzNrL1/dcDm0WNObhy+eGDZlX/3L28NWrDwjbZJZ17bMn35NRtWLg2hvatcWVK87KFB5eWj/3DMXbdd8XDTtMFTzq3O1FuZuf1iXu7Y6of1ISzLeaQuJjbWd97ZEphyzK0LKzoTj9aHsE9uYPb5sz/XmbixPoT9cgOrpu4/uDNxfrrEfS8e/lpnYlo6cNSIXd7rTIzPBMrS3b2uf9LdsnR3L+sfwoCcQLa73+6fX1W2jf+YCZSn27i5LmkjBupi0R/VJW3EQEcs0d43hJEVIfRJV/Xr6qSqPumq/r46qapPuqr/Wh3C+BBCRbqqF6uSqirSI19blVQVA7vt/dNNwzoTy6pCGJkbeOab14/pTJyeCmQb/3pVCEM6XzLpxu+oTBqvTDd+VWUIe4YQqtIl/rUiKVGVLvFKRQgDcwLZxk+tCGFh4DMhfvjMzH1w3sKzZ0/v6Gg7YwcmqjJt1YRZ7R1tjTPmdMysTvWpmLKc9ObzPv7Yn990zozO26lDbh9eSroiU66yq8vNlXl3R+/svY/9qs2tZMvzUVB/zF8V+oW+C+a1ndF41vT5888YlfwtNXtz8rdPJppsq1G9ZVvtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbk7/YY6vWf/FB3r8ip5JP4AJCQkOhtifK8T7emnf2DvOCL/paOVobqrg/ogmlFbpayrlFuj0Ef9jFH/HG+p/Q4olEFE4eCLM09ZxldMJnYkqUmydL1va5gcphbU3nXJo33y0NjY59i26Eh/27u5n1rGzbvusymKzUNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//5twzl8=") (async)
timer_create(0x0, 0x0, &(0x7f0000000100)) (async)
timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) (async)
timer_delete(r1) (async)
mount$bind(0x0, &(0x7f0000000100)='.\x00', 0x0, 0x21, 0x0) (async)
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
sendto$inet6(r2, &(0x7f0000000180)='~', 0x1, 0x2000001, &(0x7f0000000140)={0xa, 0x4e23, 0x2, @private0, 0x2}, 0x1c) (async)
recvmmsg(r2, &(0x7f0000000380)=[{{0x0, 0x0, 0x0}, 0x9}], 0x1, 0x100, 0x0) (async)
shutdown(r2, 0x1) (async)
timer_create(0x3, &(0x7f0000000140)={0x0, 0x11, 0x2, @thr={&(0x7f0000000380)="3d3e89bb5d8bb50a268bb6cd7bc321acbe396cbe77688de870e74324c100f6da5851af3d5b12c451601c79dab67e1b27b8f487c8ea711d1b37d8085d463b5fd317570ccabc2c053ef05bcae246d9501adb56cf3ab97c6bc20b31fe9a0a49b245ddbd1e4afd6756ee9822bb67a99c267ec1b38fcb40d4914f1ffe589ddb49d3af5bb74d6fd44bb35346b1a7c417e3624923af25a720c5f70a980f162073351a18720a53462e8c37e2c90d8880b6ea4f791de1a0ded5a7e5ba7cac00fb6dab64ff118263844fd89edc5a9606fc598951be0302411b986b165acec4da043a0241383a04340a09ee53d869", &(0x7f0000000540)="79577952401cc8594074acf30c68d9965d319c0078c1290cd376327359cd29339b18123a6da87ef6dbc827c9d3d521b2f6c0465a136537ade4fc01f7e15677553c28954fb15d34f78293e5195a521262c90357a9d17e37bd4d8a843d1eb50f63b10d42e8a8c09c06e3aed9bce3982ce3f94bc1ec4a92405544d410b3c5e67d16206b788d844b5c45583fbebe0d948c42e0f8836d6331da25c67e95"}}, &(0x7f0000000340)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)

2.259883743s ago: executing program 4 (id=443):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000001c0)='source', 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r4, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000600)=ANY=[], 0x110)
setsockopt$inet_group_source_req(r4, 0x0, 0x2c, &(0x7f00000004c0)={0x2, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @empty}}}, 0x108)

1.307116562s ago: executing program 5 (id=444):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x30000, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="2c00000010000900000000000009000003"], 0x2c}}, 0x48800)

602.785137ms ago: executing program 4 (id=445):
r0 = syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1b1c, 0x1c09, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x0, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0x0, 0x80, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x408, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x9, 0x8, 0x7}}, [{{0x9, 0x5, 0x2, 0x3, 0x40, 0x6, 0x9, 0x9}}]}}}]}}]}}, 0x0)
r1 = socket(0x0, 0x80000, 0xed780b5f)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'virt_wifi0\x00'})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)=ANY=[@ANYBLOB="000008000000080482"], 0x0, 0x0, 0x0, 0x0}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x800, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0xffffffb3, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x18, 0x1411, 0x1, 0x70bd29, 0x0, "", [@RDMA_NLDEV_ATTR_STAT_MODE={0x8}]}, 0x18}}, 0x24000000)
syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000080)='\x00')
socket$nl_netfilter(0x10, 0x3, 0xc)

496.303614ms ago: executing program 5 (id=446):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200410, &(0x7f0000000a40)={[{@nodiscard}, {}, {@acl}, {@min_batch_time={'min_batch_time', 0x3d, 0x6}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@jqfmt_vfsv1}, {@nodelalloc}, {@auto_da_alloc}, {@discard}]}, 0x5, 0x591, &(0x7f0000000f80)="$eJzs3V1rFFcfAPD/bBKNL89jBJHaiyJ4UYt1Y5LWFyjUXpZWKrT3dknWINm4kt2ISYXqRb3pTZFCKRVKP0Dveyn9Av0UQitIkdBSpJAyu7PJmuzmzdVd3d8PRs+Zmew5Z8/8Z8+ZmWUD6FtH039yEUci4psk4kDTtsHINh6t77f0+OZkuiSxvPzpn0kk2brG/kn2/74s81pE/PpVxIlcff1Q02tXFhZnCqVScS7Lj1Znr41WFhZPXpktTBeni1fHJybOvjs8fu7M6Y619a2Lf3//yf0Ph78+tvTdzw8P3k3ifOzPtjW34xncas4cLfybpYbi/JodxzpQWC9Jul0BdmQgi/M0No/EgRjIoh549X0ZEctAn0rEP/SpxjigMbfv0Dz4pfHog/oEaH37B+vXRmK4Njfau5Q8NTNK57sjHSg/LeOXP+7dTZfY+DrEnk3yANty63ZEnBocXH/+S7Lz386dql083tjaMvrt8we66X46/nm71fgntzL+iRbjn30tYncnNo//3MOnsh2+0ZCO/95rOf5dOXWNDGS5/9XGfEPJ5Sul4qmI+H9EHI+h3Wl+o/s5Z5ceLLfb1jz+S5e0/MZYMKvHw8Hdtcv0K6YK1cKztXrVo9sRr7cc/yYr/Z+06P/0/bi44SuvdtTh4r032u21efufr+WfIt5s2f+r9U/a3p+cGD935vRo7XgYbRwV6/115/Bv7crvdvvT/t+7cftHkub7tZXtl/Hj8JNiu21bPP6fkh7/u5LPauld2bobhWp1bixiV/Lx+vXjq3/byDf2T9t//NjG579Wx386+fp8i+2/c+hO2117of+nttX/2088+OiLH9qVv7X+f6eWOp6tWXP+e7LmUkbNVivYobcRAAAAAAAAekIuIvZHksuvpHO5fL7+fMeh2JsrlSvVE5fL81enovZd2ZEYyjXudB+o3YKtPw8xlj0P23g+YnxNfiIiDkbEtwN7avn8ZLk01e3GAwAAAAAAAAAAAAAAAAAAQI/Y1+b7/6nfB7pdO+C5q/2wwe5u1wLohk1/8r8Tv/QE9KRN4x94ZYl/6F/iH/qX+If+Jf6hf4l/6F+t49/TP9APfP4DAAAAAAAAAAAAAAAAAAAAAAAAAABAR128cCFdlpce35xM81PXF+ZnytdPThUrM/nZ+cn8ZHnuWn66XJ4uFfOT5dnNXq9ULl8bG4/5G6PVYqU6WllYvDRbnr9avXRltjBdvFQceiGtAgAAAAAAAAAAAAAAAAAAgJdLZWFxplAqFedecGIwulDoDhPvR09U43k2sG5Hfz64ftM/EdEL7ZJ4hkSXT0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0OS/AAAA//8Umzy+")
chdir(&(0x7f0000000380)='./file0\x00')
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000001000/0x4000)=nil)
brk(0x400000ffc000)
brk(0x400000ffc020)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000004c0)='blkio.bfq.io_serviced\x00', 0x26e1, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0xc0189436, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)=@o_path={0x0, 0x0, 0x4010, r1}, 0x18)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mknod$loop(0x0, 0x0, 0x1)
r3 = dup(0xffffffffffffffff)
brk(0x832)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000080)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@ipv6_newnexthop={0x24, 0x68, 0x309, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}, @NHA_ID={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)
r5 = syz_io_uring_setup(0x24f6, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100)=<r6=>0x0, &(0x7f0000000140)=<r7=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='8'], 0x38}}, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r8, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r8, 0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r5, 0x2d3e, 0x0, 0x0, 0x0, 0x0)
setsockopt(r3, 0x1, 0x20, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6gretap0\x00'})

386.29466ms ago: executing program 3 (id=447):
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, 0x0)
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201050037057b082d0800014b702c02030109021200070100a0000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000300)={0x44, &(0x7f0000000100)=ANY=[@ANYBLOB="400006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

0s ago: executing program 0 (id=448):
r0 = socket$alg(0x26, 0x5, 0x0)
r1 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r3, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x1, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x8001, 0x2400}, 0xa5, 0x4, 0x10100000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r1, 0x0, 0x800)
bind$alg(r1, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="9feb0100520000000000000034000000340000000600000004"], 0x0, 0x52}, 0x28)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10)
r4 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)=[@op={0x18, 0x117, 0x3, 0x1}, @assoc={0x18, 0x117, 0x4, 0x40}], 0x30}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$GTP_CMD_NEWPDP(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x34, r6, 0x1, 0x0, 0x0, {}, [@GTPA_LINK={0x8}, @GTPA_I_TEI={0x8}, @GTPA_O_TEI={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}]}, 0x34}}, 0x0)

kernel console output (not intermixed with test programs):

irty (err -117)
[   98.737243][ T6203] EXT4-fs (loop3): 1 orphan inode deleted
[   98.754783][ T6203] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.757848][ T5952] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #3: block 1: comm kworker/u8:9: lblock 1 mapped to illegal pblock 1 (length 1)
[   98.837115][ T5952] Quota error (device loop3): remove_tree: Can't read quota data block 1
[   98.851703][ T5952] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u8:9: Failed to release dquot type 0
[   99.998825][ T6224] loop1: detected capacity change from 0 to 131072
[  100.280212][ T6224] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  100.288471][ T6224] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  100.397028][ T6231] loop4: detected capacity change from 0 to 2048
[  100.407974][ T6224] F2FS-fs (loop1): invalid crc value
[  100.622246][ T6231] UDF-fs: warning (device loop4): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  100.780658][ T6238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  100.801216][ T6238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  100.816925][ T6238] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #2: block 16: comm syz.3.48: lblock 0 mapped to illegal pblock 16 (length 1)
[  100.867005][ T6224] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  100.874234][ T6224] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  100.898389][ T6224] F2FS-fs (loop1): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  101.103082][ T6238] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #2: block 16: comm syz.3.48: lblock 0 mapped to illegal pblock 16 (length 1)
[  101.177675][ T6241] openvswitch: netlink: Message has 24 unknown bytes.
[  101.734201][ T6238] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  101.807441][ T6238] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  101.882376][ T6238] EXT4-fs error (device loop3): ext4_map_blocks:780: inode #2: block 16: comm syz.3.48: lblock 0 mapped to illegal pblock 16 (length 1)
[  102.481723][ T6241] syz.1.54 (6241): drop_caches: 2
[  102.488791][ T6241] syz.1.54 (6241): drop_caches: 2
[  102.495154][ T6250] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[  102.798358][   T77] usb 4-1: USB disconnect, device number 2
[  102.854522][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  102.952873][ T5828] EXT4-fs error (device loop3): __ext4_get_inode_loc:4791: comm syz-executor: Invalid inode table block 1 in block_group 0
[  103.007808][ T5828] EXT4-fs error (device loop3) in ext4_reserve_inode_write:6254: Corrupt filesystem
[  103.041234][ T5828] EXT4-fs error (device loop3): ext4_quota_off:7217: inode #3: comm syz-executor: mark_inode_dirty error
[  103.754442][ T6261] syz.3.60 uses obsolete (PF_INET,SOCK_PACKET)
[  103.814836][ T6263] loop4: detected capacity change from 0 to 16
[  103.877332][ T6265] loop0: detected capacity change from 0 to 64
[  103.889996][ T6263] erofs (device loop4): mounted with root inode @ nid 36.
[  103.961050][ T6265] syz.0.64: attempt to access beyond end of device
[  103.961050][ T6265] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  104.012245][ T6265] Buffer I/O error on dev loop0, logical block 134217734, async page read
[  104.072886][ T6265] syz.0.64: attempt to access beyond end of device
[  104.072886][ T6265] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  104.152549][ T6265] Buffer I/O error on dev loop0, logical block 134217734, async page read
[  104.222339][ T6265] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only
[  104.310786][ T6265] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  104.340471][ T6269] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  104.341502][ T6265] overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null.
[  104.787101][ T6277] loop1: detected capacity change from 0 to 16
[  104.803679][ T6277] erofs (device loop1): mounted with root inode @ nid 36.
[  105.343420][ T6279] loop3: detected capacity change from 0 to 1024
[  105.387041][ T5838] syz-executor: attempt to access beyond end of device
[  105.387041][ T5838] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  105.452311][ T5838] Buffer I/O error on dev loop0, logical block 134217734, async page read
[  105.462507][ T5838] syz-executor: attempt to access beyond end of device
[  105.462507][ T5838] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  105.504493][ T5838] Buffer I/O error on dev loop0, logical block 134217734, async page read
[  105.543367][   T12] hfsplus: b-tree write err: -5, ino 8
[  105.556293][ T5838] Trying to free block not in datazone
[  105.829136][ T6282] loop1: detected capacity change from 0 to 4096
[  106.429626][ T6286] loop3: detected capacity change from 0 to 131072
[  106.847209][ T6286] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[  106.855389][ T6286] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  106.862832][ T6282] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  106.903345][ T6286] F2FS-fs (loop3): invalid crc value
[  106.997247][ T6286] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  107.004356][ T6286] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  107.029389][ T6286] F2FS-fs (loop3): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  107.072280][ T6282] ntfs3(loop1): ino=3, ntfs_set_state failed, -22.
[  107.243051][ T6282] ntfs3(loop1): Failed to initialize $Extend/$Reparse.
[  107.256875][   T78] ntfs3(loop1): ino=3, ntfs3_write_inode failed, -22.
[  107.284148][ T6282] ntfs3(loop1): ino=3, ntfs_set_state failed, -22.
[  107.318766][ T6282] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  108.162569][ T6300] openvswitch: netlink: Message has 24 unknown bytes.
[  108.182294][ T6300] syz.3.69 (6300): drop_caches: 2
[  108.195001][ T6300] syz.3.69 (6300): drop_caches: 2
[  108.566640][ T6282] ntfs3(loop1): ino=3, ntfs_set_state failed, -22.
[  108.621666][   T78] ntfs3(loop1): ino=3, ntfs3_write_inode failed, -22.
[  109.109804][ T6308] loop0: detected capacity change from 0 to 2048
[  109.193691][ T6308] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  109.468137][ T6312] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  110.124804][ T6316] loop4: detected capacity change from 0 to 256
[  110.435715][ T6316] FAT-fs (loop4): Directory bread(block 64) failed
[  110.487718][ T6316] FAT-fs (loop4): Directory bread(block 65) failed
[  110.507715][ T6318] loop0: detected capacity change from 0 to 4096
[  110.518936][ T6316] FAT-fs (loop4): Directory bread(block 66) failed
[  110.526107][ T6316] FAT-fs (loop4): Directory bread(block 67) failed
[  110.532775][ T6316] FAT-fs (loop4): Directory bread(block 68) failed
[  110.539413][ T6316] FAT-fs (loop4): Directory bread(block 69) failed
[  110.546745][ T6316] FAT-fs (loop4): Directory bread(block 70) failed
[  110.546924][ T5835] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  110.553580][ T6316] FAT-fs (loop4): Directory bread(block 71) failed
[  110.553684][ T6316] FAT-fs (loop4): Directory bread(block 72) failed
[  110.553706][ T6316] FAT-fs (loop4): Directory bread(block 73) failed
[  110.573299][ T5835] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  110.672402][ T5835] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  110.682324][ T6324] loop1: detected capacity change from 0 to 16
[  110.725221][ T6324] erofs (device loop1): mounted with root inode @ nid 36.
[  110.857927][ T5835] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  110.874456][ T5835] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  111.172383][ T6327] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  112.409953][ T6321] chnl_net:caif_netlink_parms(): no params data found
[  112.547381][ T6338] loop1: detected capacity change from 0 to 4096
[  113.676916][   T50] Bluetooth: hci5: command tx timeout
[  113.706055][ T6338] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  114.006422][ T6338] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  114.167549][   T30] audit: type=1800 audit(1751626908.178:4): pid=6352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.81" name="file1" dev="loop1" ino=30 res=0 errno=0
[  114.580987][ T6321] bridge0: port 1(bridge_slave_0) entered blocking state
[  114.612821][ T6321] bridge0: port 1(bridge_slave_0) entered disabled state
[  114.621982][ T6321] bridge_slave_0: entered allmulticast mode
[  114.635532][ T6321] bridge_slave_0: entered promiscuous mode
[  114.648561][ T6321] bridge0: port 2(bridge_slave_1) entered blocking state
[  114.660126][ T6321] bridge0: port 2(bridge_slave_1) entered disabled state
[  114.669819][ T6321] bridge_slave_1: entered allmulticast mode
[  114.693355][ T6321] bridge_slave_1: entered promiscuous mode
[  114.782971][ T6321] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  114.795728][ T6321] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  115.247783][ T6321] team0: Port device team_slave_0 added
[  115.280873][ T6362] use of bytesused == 0 is deprecated and will be removed in the future,
[  115.289481][ T6362] use the actual size instead.
[  115.318748][ T6321] team0: Port device team_slave_1 added
[  115.682052][ T6359] loop3: detected capacity change from 0 to 4096
[  115.714147][ T6357] loop4: detected capacity change from 0 to 131072
[  115.726641][ T6357] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0)
[  115.730723][ T6359] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512).
[  115.734903][ T6357] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  115.762174][ T6321] batman_adv: batadv0: Adding interface: batadv_slave_0
[  115.772645][   T50] Bluetooth: hci5: command tx timeout
[  115.778372][ T6357] F2FS-fs (loop4): invalid crc value
[  115.787457][ T6321] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.814007][ T6321] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  115.831263][ T6321] batman_adv: batadv0: Adding interface: batadv_slave_1
[  115.838561][ T6321] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  115.865289][ T6321] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  115.969708][ T6357] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  115.976801][ T6357] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  115.993317][ T6357] F2FS-fs (loop4): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  116.199921][ T6359] ntfs3(loop3): Failed to initialize $Extend/$Reparse.
[  116.557095][ T6381] openvswitch: netlink: Message has 24 unknown bytes.
[  116.582669][ T6381] syz.4.83 (6381): drop_caches: 2
[  116.588110][ T6381] syz.4.83 (6381): drop_caches: 2
[  116.832141][ T6359] netlink: 16 bytes leftover after parsing attributes in process `syz.3.84'.
[  116.943823][ T6359] netlink: 52 bytes leftover after parsing attributes in process `syz.3.84'.
[  117.012715][ T6383] loop0: detected capacity change from 0 to 16
[  117.061113][ T6383] erofs (device loop0): mounted with root inode @ nid 36.
[  117.425787][ T6321] hsr_slave_0: entered promiscuous mode
[  117.483297][ T6321] hsr_slave_1: entered promiscuous mode
[  117.534394][ T6321] debugfs: 'hsr0' already exists in 'hsr'
[  117.540156][ T6321] Cannot create hsr debugfs directory
[  117.546415][ T6359] netlink: 16 bytes leftover after parsing attributes in process `syz.3.84'.
[  117.879430][   T50] Bluetooth: hci5: command tx timeout
[  118.997419][ T6393] loop3: detected capacity change from 0 to 128
[  119.023476][ T6393] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  119.106322][ T6393] ext4 filesystem being mounted at /18/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  119.208565][ T6403] EXT4-fs warning (device loop3): verify_group_input:137: Cannot add at group 65537 (only 1 groups)
[  119.525795][ T5828] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  119.822424][ T5945] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  119.982483][   T50] Bluetooth: hci5: command tx timeout
[  120.032541][ T5945] usb 2-1: Using ep0 maxpacket: 8
[  120.092664][ T5945] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 7
[  120.104470][ T6321] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  120.135932][ T6321] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  120.137198][ T5945] usb 2-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  120.167462][ T6321] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  120.217909][ T6321] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  120.268709][ T5945] usb 2-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  120.283087][ T5945] usb 2-1: Product: syz
[  120.287290][ T5945] usb 2-1: Manufacturer: syz
[  120.296665][ T5945] usb 2-1: SerialNumber: syz
[  120.536319][ T6408] loop1: detected capacity change from 0 to 128
[  120.565487][ T6408] FAT-fs (loop1): bogus number of reserved sectors
[  120.602378][ T6408] FAT-fs (loop1): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero
[  120.629522][ T6408] FAT-fs (loop1): Can't find a valid FAT filesystem
[  120.666211][ T6424] loop4: detected capacity change from 0 to 64
[  120.726519][ T6424] syz.4.89: attempt to access beyond end of device
[  120.726519][ T6424] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  120.788797][ T6424] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  120.860691][ T6424] syz.4.89: attempt to access beyond end of device
[  120.860691][ T6424] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  120.911773][ T6424] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  120.940713][ T6424] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only
[  120.965659][ T6424] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  120.988184][ T6425] overlayfs: missing 'lowerdir'
[  120.999356][ T6424] overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null.
[  121.072170][ T6321] 8021q: adding VLAN 0 to HW filter on device bond0
[  121.110553][ T6321] 8021q: adding VLAN 0 to HW filter on device team0
[  121.132046][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  121.139270][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  121.184682][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  121.191885][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  121.327363][ T5945] usb 2-1: Invalid connection information received from device
[  121.348813][ T5945] usb 2-1: USB disconnect, device number 5
[  121.409948][ T6419] loop0: detected capacity change from 0 to 131072
[  121.433111][ T6419] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[  121.441241][ T6419] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  121.460031][ T6419] F2FS-fs (loop0): invalid crc value
[  121.503120][ T5830] syz-executor: attempt to access beyond end of device
[  121.503120][ T5830] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  121.582831][ T5830] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  121.591643][ T5830] syz-executor: attempt to access beyond end of device
[  121.591643][ T5830] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  121.610543][ T5830] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  121.711922][ T6419] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  121.722628][ T6419] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  121.822126][ T6419] F2FS-fs (loop0): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  121.854657][ T5830] Trying to free block not in datazone
[  122.229339][ T6438] openvswitch: netlink: Message has 24 unknown bytes.
[  122.457611][ T6438] syz.0.98 (6438): drop_caches: 2
[  122.470224][ T6438] syz.0.98 (6438): drop_caches: 2
[  122.739639][ T6444] xt_CT: No such helper "snmp"
[  123.149097][ T6449] loop1: detected capacity change from 0 to 4096
[  123.159468][ T6449] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  123.247807][ T6321] 8021q: adding VLAN 0 to HW filter on device batadv0
[  123.680530][ T6449] ntfs3(loop1): Failed to initialize $Extend/$Reparse.
[  124.023270][    T9] usb 4-1: new low-speed USB device number 3 using dummy_hcd
[  124.033785][ T6449] netlink: 16 bytes leftover after parsing attributes in process `syz.1.102'.
[  124.092605][ T6449] netlink: 52 bytes leftover after parsing attributes in process `syz.1.102'.
[  124.101481][ T6449] netlink: 16 bytes leftover after parsing attributes in process `syz.1.102'.
[  124.132070][ T6457] loop0: detected capacity change from 0 to 4096
[  124.147307][ T6457] ntfs3(loop0): Different NTFS sector size (2048) and media sector size (512).
[  124.225605][    T9] usb 4-1: config 0 has an invalid interface number: 1 but max is 0
[  124.239171][    T9] usb 4-1: config 0 has no interface number 0
[  124.280969][    T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  124.319496][ T6457] ntfs3(loop0): Failed to initialize $Extend/$ObjId.
[  124.330514][ T6468] FAULT_INJECTION: forcing a failure.
[  124.330514][ T6468] name failslab, interval 1, probability 0, space 0, times 0
[  124.337305][    T9] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  124.372340][ T6468] CPU: 1 UID: 0 PID: 6468 Comm: syz.4.105 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  124.372360][ T6468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  124.372373][ T6468] Call Trace:
[  124.372388][ T6468]  <TASK>
[  124.372396][ T6468]  dump_stack_lvl+0x189/0x250
[  124.372434][ T6468]  ? __pfx____ratelimit+0x10/0x10
[  124.372460][ T6468]  ? __pfx_dump_stack_lvl+0x10/0x10
[  124.372483][ T6468]  ? __pfx__printk+0x10/0x10
[  124.372508][ T6468]  ? __pfx___might_resched+0x10/0x10
[  124.372534][ T6468]  should_fail_ex+0x414/0x560
[  124.372560][ T6468]  should_failslab+0xa8/0x100
[  124.372586][ T6468]  __kmalloc_cache_noprof+0x70/0x3d0
[  124.372609][ T6468]  ? binder_get_thread+0x1c8/0x6d0
[  124.372629][ T6468]  binder_get_thread+0x1c8/0x6d0
[  124.372651][ T6468]  binder_ioctl+0x273/0x19c0
[  124.372669][ T6468]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  124.372690][ T6468]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  124.372711][ T6468]  ? do_vfs_ioctl+0xbe8/0x1430
[  124.372731][ T6468]  ? __pfx_binder_ioctl+0x10/0x10
[  124.372749][ T6468]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  124.372783][ T6468]  ? __lock_acquire+0xab9/0xd20
[  124.372820][ T6468]  ? __fget_files+0x2a/0x420
[  124.372838][ T6468]  ? __fget_files+0x2a/0x420
[  124.372853][ T6468]  ? __fget_files+0x3a0/0x420
[  124.372867][ T6468]  ? __fget_files+0x2a/0x420
[  124.372886][ T6468]  ? bpf_lsm_file_ioctl+0x9/0x20
[  124.372906][ T6468]  ? __pfx_binder_ioctl+0x10/0x10
[  124.372924][ T6468]  __se_sys_ioctl+0xfc/0x170
[  124.372947][ T6468]  do_syscall_64+0xfa/0x3b0
[  124.372962][ T6468]  ? lockdep_hardirqs_on+0x9c/0x150
[  124.372985][ T6468]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.373000][ T6468]  ? clear_bhb_loop+0x60/0xb0
[  124.373020][ T6468]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  124.373036][ T6468] RIP: 0033:0x7f6e9a18e929
[  124.373057][ T6468] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.373070][ T6468] RSP: 002b:00007f6e9b000038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  124.373095][ T6468] RAX: ffffffffffffffda RBX: 00007f6e9a3b6080 RCX: 00007f6e9a18e929
[  124.373108][ T6468] RDX: 0000200000000540 RSI: 00000000c0306201 RDI: 0000000000000004
[  124.373119][ T6468] RBP: 00007f6e9b000090 R08: 0000000000000000 R09: 0000000000000000
[  124.373130][ T6468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  124.373140][ T6468] R13: 0000000000000001 R14: 00007f6e9a3b6080 R15: 00007ffc47c6bf38
[  124.373169][ T6468]  </TASK>
[  124.373443][ T6468] binder: 6464:6468 ioctl c0306201 200000000540 returned -12
[  124.381740][    T9] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  124.483422][   T30] audit: type=1800 audit(1751626918.468:5): pid=6470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.103" name="file1" dev="loop0" ino=30 res=0 errno=0
[  124.690735][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  124.730664][ T6472] loop1: detected capacity change from 0 to 512
[  124.733564][    T9] usb 4-1: config 0 descriptor??
[  124.765795][ T6472] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  124.768530][ T6454] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  124.809996][ T6321] veth0_vlan: entered promiscuous mode
[  124.819264][ T6472] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2842e12c, mo2=0002]
[  124.836814][ T6472] System zones: 1-12
[  124.851510][ T6472] EXT4-fs (loop1): orphan cleanup on readonly fs
[  124.869810][    T9] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  124.875923][ T6321] veth1_vlan: entered promiscuous mode
[  124.918290][ T6472] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.106: invalid indirect mapped block 12 (level 1)
[  125.007392][ T6472] EXT4-fs (loop1): Remounting filesystem read-only
[  125.029302][ T6472] EXT4-fs (loop1): 1 truncate cleaned up
[  125.040789][ T6472] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none.
[  125.056876][ T6476] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.164239][ T5840] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007.
[  125.243407][    T9] usb 4-1: USB disconnect, device number 3
[  125.369007][ T6484] loop1: detected capacity change from 0 to 64
[  125.381082][ T6321] veth0_macvtap: entered promiscuous mode
[  125.445979][ T6484] syz.1.108: attempt to access beyond end of device
[  125.445979][ T6484] loop1: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  125.473639][ T6484] Buffer I/O error on dev loop1, logical block 134217734, async page read
[  125.488572][ T6476] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.507573][ T6484] syz.1.108: attempt to access beyond end of device
[  125.507573][ T6484] loop1: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  125.534110][ T6484] Buffer I/O error on dev loop1, logical block 134217734, async page read
[  125.551400][ T6484] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only
[  125.561784][ T6484] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  125.573411][ T6484] overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null.
[  125.597142][ T6321] veth1_macvtap: entered promiscuous mode
[  125.602409][ T5942] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  125.631841][ T6321] batman_adv: batadv0: Interface activated: batadv_slave_0
[  125.650464][ T6321] batman_adv: batadv0: Interface activated: batadv_slave_1
[  125.683298][ T1155] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  125.699087][ T1155] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  125.699476][ T6484] overlayfs: missing 'lowerdir'
[  125.710903][ T1155] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  125.770527][ T6476] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  125.786785][ T5942] usb 5-1: Using ep0 maxpacket: 8
[  125.811590][ T1155] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  125.834810][ T5942] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  125.845068][ T5840] syz-executor: attempt to access beyond end of device
[  125.845068][ T5840] loop1: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  125.847729][ T5942] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  125.883976][ T5942] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  125.893778][ T5942] usb 5-1: Product: syz
[  125.898054][ T5942] usb 5-1: Manufacturer: syz
[  125.902661][ T5840] Buffer I/O error on dev loop1, logical block 134217734, async page read
[  125.902981][ T5840] syz-executor: attempt to access beyond end of device
[  125.902981][ T5840] loop1: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  125.903005][ T5840] Buffer I/O error on dev loop1, logical block 134217734, async page read
[  125.940835][ T5942] usb 5-1: SerialNumber: syz
[  126.023259][ T5840] Trying to free block not in datazone
[  126.161065][ T6477] loop0: detected capacity change from 0 to 40427
[  126.165568][ T5942] usb 5-1: Handspring Visor / Palm OS: No valid connect info available
[  126.253654][ T6489] FAULT_INJECTION: forcing a failure.
[  126.253654][ T6489] name failslab, interval 1, probability 0, space 0, times 0
[  126.266482][ T6489] CPU: 1 UID: 0 PID: 6489 Comm: syz.3.111 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  126.266505][ T6489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  126.266515][ T6489] Call Trace:
[  126.266523][ T6489]  <TASK>
[  126.266531][ T6489]  dump_stack_lvl+0x189/0x250
[  126.266559][ T6489]  ? __pfx____ratelimit+0x10/0x10
[  126.266584][ T6489]  ? __pfx_dump_stack_lvl+0x10/0x10
[  126.266608][ T6489]  ? __pfx__printk+0x10/0x10
[  126.266632][ T6489]  ? fs_reclaim_acquire+0x7d/0x100
[  126.266657][ T6489]  should_fail_ex+0x414/0x560
[  126.266683][ T6489]  ? io_pin_pages+0x9a/0x1a0
[  126.266698][ T6489]  should_failslab+0xa8/0x100
[  126.266724][ T6489]  __kvmalloc_node_noprof+0x161/0x5f0
[  126.266749][ T6489]  ? io_pin_pages+0x9a/0x1a0
[  126.266771][ T6489]  io_pin_pages+0x9a/0x1a0
[  126.266791][ T6489]  io_region_pin_pages+0x7d/0x190
[  126.266814][ T6489]  io_create_region+0x386/0x480
[  126.266842][ T6489]  io_create_region_mmap_safe+0xc0/0x160
[  126.266865][ T6489]  ? __pfx_io_create_region_mmap_safe+0x10/0x10
[  126.266886][ T6489]  ? __kasan_kmalloc+0x93/0xb0
[  126.266919][ T6489]  io_register_pbuf_ring+0x428/0x6b0
[  126.266942][ T6489]  ? __pfx_io_register_pbuf_ring+0x10/0x10
[  126.266964][ T6489]  ? lockdep_hardirqs_on+0x9c/0x150
[  126.266999][ T6489]  ? __se_sys_io_uring_register+0x682/0x11b0
[  126.267024][ T6489]  __se_sys_io_uring_register+0x692/0x11b0
[  126.267049][ T6489]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[  126.267066][ T6489]  ? ksys_write+0x22a/0x250
[  126.267127][ T6489]  ? __pfx_ksys_write+0x10/0x10
[  126.267157][ T6489]  ? do_syscall_64+0xbe/0x3b0
[  126.267178][ T6489]  do_syscall_64+0xfa/0x3b0
[  126.267196][ T6489]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.267213][ T6489]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  126.267229][ T6489]  ? clear_bhb_loop+0x60/0xb0
[  126.267249][ T6489]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  126.267266][ T6489] RIP: 0033:0x7fb82a58e929
[  126.267282][ T6489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  126.267296][ T6489] RSP: 002b:00007fb82b472038 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  126.267315][ T6489] RAX: ffffffffffffffda RBX: 00007fb82a7b6160 RCX: 00007fb82a58e929
[  126.267327][ T6489] RDX: 0000200000000900 RSI: 0000000000000016 RDI: 0000000000000005
[  126.267339][ T6489] RBP: 00007fb82b472090 R08: 0000000000000000 R09: 0000000000000000
[  126.267349][ T6489] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001
[  126.267359][ T6489] R13: 0000000000000000 R14: 00007fb82a7b6160 R15: 00007fff7f5a94a8
[  126.267388][ T6489]  </TASK>
[  126.498769][ T5942] usb 5-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  126.567077][ T6476] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  126.579591][ T6477] F2FS-fs (loop0): heap/no_heap options were deprecated
[  126.604284][ T6477] F2FS-fs (loop0): invalid crc value
[  126.626844][ T6477] F2FS-fs (loop0): Ignore s_resuid=60929, s_resgid=0 w/o reserve_root
[  126.673471][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.690866][ T5942] usb 5-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  126.701957][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.730652][ T5942] usb 5-1: Handspring Visor / Palm OS: Number of ports: 2
[  126.762149][ T5942] visor 5-1:1.0: Handspring Visor / Palm OS converter detected
[  126.800357][ T6477] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  126.830765][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.846822][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  126.848726][ T5942] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  126.875021][ T5942] usb 5-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  126.949597][ T1155] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  126.989477][    T9] usb 5-1: USB disconnect, device number 2
[  127.003016][ T6008] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  127.005582][    T9] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  127.077728][ T6008] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  127.163137][ T5952] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  127.340915][ T6501] loop5: detected capacity change from 0 to 128
[  127.379186][ T6501] EXT4-fs (loop5): Test dummy encryption mode enabled
[  127.420529][ T6501] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  127.459851][ T6501] ext4 filesystem being mounted at /1/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  127.507444][ T6501] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  127.545991][ T6501] fscrypt: AES-256-XTS using implementation "xts-aes-aesni-avx"
[  127.928132][ T6497] loop1: detected capacity change from 0 to 131072
[  127.941658][    T9] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  127.951193][ T6497] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  127.959315][ T6497] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  127.974620][ T6497] F2FS-fs (loop1): invalid crc value
[  127.996025][    T9] visor 5-1:1.0: device disconnected
[  128.064928][ T6497] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  128.072641][ T6497] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  128.085902][ T6497] F2FS-fs (loop1): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  128.318029][ T6514] openvswitch: netlink: Message has 24 unknown bytes.
[  128.354148][ T6514] syz.1.112 (6514): drop_caches: 2
[  128.361689][ T6514] syz.1.112 (6514): drop_caches: 2
[  129.877061][ T6519] netlink: 40 bytes leftover after parsing attributes in process `syz.3.117'.
[  130.189681][ T6528] loop4: detected capacity change from 0 to 64
[  130.273773][ T6528] syz.4.119: attempt to access beyond end of device
[  130.273773][ T6528] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  130.364350][ T6528] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  130.391589][ T6528] syz.4.119: attempt to access beyond end of device
[  130.391589][ T6528] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  130.499134][ T6533] loop0: detected capacity change from 0 to 16
[  130.652287][  T121] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  130.698265][ T6533] erofs (device loop0): mounted with root inode @ nid 36.
[  130.803886][ T6528] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  130.883244][ T6528] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only
[  130.897625][ T6528] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  130.908223][ T6528] overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null.
[  130.922948][  T121] usb 4-1: Using ep0 maxpacket: 8
[  130.934372][  T121] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  130.958023][  T121] usb 4-1: config 0 has no interface number 0
[  130.989294][  T121] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  131.025518][  T121] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  131.038294][ T6528] overlayfs: missing 'lowerdir'
[  131.051051][  T121] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  131.074716][ T6321] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  131.092309][  T121] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  131.118502][  T121] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  131.136809][ T5830] syz-executor: attempt to access beyond end of device
[  131.136809][ T5830] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  131.152353][  T121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.162830][ T5830] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  131.178650][  T121] usb 4-1: config 0 descriptor??
[  131.213255][ T5830] syz-executor: attempt to access beyond end of device
[  131.213255][ T5830] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  131.237724][  T121] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  131.260439][ T5830] Buffer I/O error on dev loop4, logical block 134217734, async page read
[  131.323153][ T5830] Trying to free block not in datazone
[  131.469854][   T77] usb 4-1: USB disconnect, device number 4
[  131.489125][   T77] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  131.751212][ T6546] loop1: detected capacity change from 0 to 4096
[  131.770191][ T6546] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  131.783320][   T77] IPVS: starting estimator thread 0...
[  131.792519][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  131.835927][ T6546] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  131.871007][   T30] audit: type=1800 audit(1751626925.878:6): pid=6546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.116" name="file1" dev="loop1" ino=30 res=0 errno=0
[  131.893567][ T6549] IPVS: using max 30 ests per chain, 72000 per kthread
[  132.052918][    T9] usb 5-1: device descriptor read/64, error -71
[  132.726553][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  132.766284][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  132.856166][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  133.952495][    T9] usb 5-1: device descriptor read/64, error -71
[  134.006219][ T6562] loop1: detected capacity change from 0 to 131072
[  134.140210][ T6562] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0)
[  134.148510][ T6562] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  134.175492][ T6562] F2FS-fs (loop1): invalid crc value
[  134.601798][    T9] usb usb5-port1: attempt power cycle
[  135.737034][ T6562] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  135.747118][ T6562] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  135.767014][ T6578] netlink: 'syz.4.134': attribute type 2 has an invalid length.
[  135.775501][ T6562] F2FS-fs (loop1): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  136.000253][ T6587] openvswitch: netlink: Message has 24 unknown bytes.
[  136.736377][ T6578] netlink: 'syz.4.134': attribute type 1 has an invalid length.
[  136.999464][ T6589] loop4: detected capacity change from 0 to 8
[  137.062743][ T6592] loop5: detected capacity change from 0 to 8
[  137.096216][ T6592] SQUASHFS error: zstd decompression error: 10
[  137.108296][ T6592] SQUASHFS error: zstd decompression failed, data probably corrupt
[  137.130485][ T6592] SQUASHFS error: Failed to read block 0x62b: -5
[  137.145489][ T6592] SQUASHFS error: Unable to read metadata cache entry [629]
[  137.167397][ T6578] netlink: 'syz.4.134': attribute type 2 has an invalid length.
[  137.182399][ T6592] SQUASHFS error: Unable to read directory block [629:ff26]
[  137.218151][ T6578] netlink: 'syz.4.134': attribute type 2 has an invalid length.
[  137.239054][ T6593] fuse: root generation should be zero
[  137.293589][ T6578] netlink: 'syz.4.134': attribute type 1 has an invalid length.
[  137.312409][ T6589] Filesystem uses "unknown" compression. This is not supported
[  137.332411][ T6578] netlink: 'syz.4.134': attribute type 1 has an invalid length.
[  137.505421][ T6601] FAULT_INJECTION: forcing a failure.
[  137.505421][ T6601] name failslab, interval 1, probability 0, space 0, times 0
[  137.518506][ T6601] CPU: 1 UID: 0 PID: 6601 Comm: syz.3.138 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  137.518527][ T6601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  137.518537][ T6601] Call Trace:
[  137.518544][ T6601]  <TASK>
[  137.518552][ T6601]  dump_stack_lvl+0x189/0x250
[  137.518579][ T6601]  ? __pfx____ratelimit+0x10/0x10
[  137.518605][ T6601]  ? __pfx_dump_stack_lvl+0x10/0x10
[  137.518628][ T6601]  ? __pfx__printk+0x10/0x10
[  137.518653][ T6601]  ? __pfx___might_resched+0x10/0x10
[  137.518675][ T6601]  ? fs_reclaim_acquire+0x7d/0x100
[  137.518697][ T6601]  should_fail_ex+0x414/0x560
[  137.518723][ T6601]  should_failslab+0xa8/0x100
[  137.518749][ T6601]  __kmalloc_cache_noprof+0x70/0x3d0
[  137.518771][ T6601]  ? vhost_task_create+0xf6/0x290
[  137.518799][ T6601]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  137.518816][ T6601]  vhost_task_create+0xf6/0x290
[  137.518841][ T6601]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  137.518860][ T6601]  ? __pfx_vhost_task_create+0x10/0x10
[  137.518893][ T6601]  ? __pfx_vhost_task_fn+0x10/0x10
[  137.518928][ T6601]  ? kasan_save_track+0x4f/0x80
[  137.518947][ T6601]  ? kasan_save_track+0x3e/0x80
[  137.518973][ T6601]  kvm_mmu_post_init_vm+0x147/0x2b0
[  137.518996][ T6601]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  137.519022][ T6601]  ? __mutex_trylock_common+0x153/0x260
[  137.519056][ T6601]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  137.519079][ T6601]  ? rcu_is_watching+0x15/0xb0
[  137.519100][ T6601]  ? look_up_lock_class+0x74/0x170
[  137.519127][ T6601]  ? register_lock_class+0x51/0x320
[  137.519152][ T6601]  ? __lock_acquire+0xab9/0xd20
[  137.519203][ T6601]  kvm_vcpu_ioctl+0x95c/0xe90
[  137.519233][ T6601]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  137.519254][ T6601]  ? __lock_acquire+0xab9/0xd20
[  137.519293][ T6601]  ? __fget_files+0x2a/0x420
[  137.519312][ T6601]  ? __fget_files+0x2a/0x420
[  137.519327][ T6601]  ? __fget_files+0x3a0/0x420
[  137.519341][ T6601]  ? __fget_files+0x2a/0x420
[  137.519360][ T6601]  ? bpf_lsm_file_ioctl+0x9/0x20
[  137.519381][ T6601]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  137.519404][ T6601]  __se_sys_ioctl+0xfc/0x170
[  137.519428][ T6601]  do_syscall_64+0xfa/0x3b0
[  137.519443][ T6601]  ? lockdep_hardirqs_on+0x9c/0x150
[  137.519467][ T6601]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.519483][ T6601]  ? clear_bhb_loop+0x60/0xb0
[  137.519504][ T6601]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  137.519520][ T6601] RIP: 0033:0x7fb82a58e929
[  137.519536][ T6601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  137.519550][ T6601] RSP: 002b:00007fb82b493038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  137.519568][ T6601] RAX: ffffffffffffffda RBX: 00007fb82a7b6080 RCX: 00007fb82a58e929
[  137.519581][ T6601] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  137.519591][ T6601] RBP: 00007fb82b493090 R08: 0000000000000000 R09: 0000000000000000
[  137.519602][ T6601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  137.519612][ T6601] R13: 0000000000000001 R14: 00007fb82a7b6080 R15: 00007fff7f5a94a8
[  137.519642][ T6601]  </TASK>
[  137.930875][ T6600] loop5: detected capacity change from 0 to 4096
[  137.990868][ T6600] ntfs3(loop5): Different NTFS sector size (2048) and media sector size (512).
[  138.225422][ T6600] ntfs3(loop5): Failed to initialize $Extend/$ObjId.
[  138.758659][   T30] audit: type=1800 audit(1751626932.768:7): pid=6600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.140" name="file1" dev="loop5" ino=30 res=0 errno=0
[  139.482639][ T6614] syz.0.143: attempt to access beyond end of device
[  139.482639][ T6614] nbd0: rw=0, sector=2, nr_sectors = 2 limit=0
[  139.501483][ T6614] syz.0.143: attempt to access beyond end of device
[  139.501483][ T6614] nbd0: rw=0, sector=16, nr_sectors = 2 limit=0
[  139.789702][ T6619] loop3: detected capacity change from 0 to 256
[  139.807980][ T6619] vfat: Bad value for 'utf8'
[  143.206381][ T6631] loop3: detected capacity change from 0 to 2048
[  143.242550][ T6624] netlink: 4 bytes leftover after parsing attributes in process `syz.4.146'.
[  143.385792][ T5973]  loop3: p3 p4 < >
[  143.487525][ T6640] loop4: detected capacity change from 0 to 256
[  143.508182][ T6631]  loop3: p3 p4 < >
[  143.828373][ T6644] loop0: detected capacity change from 0 to 2048
[  144.143343][ T6644] UDF-fs: warning (device loop0): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  144.178349][ T6640] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  144.191611][ T6640] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  144.341057][ T6640] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  144.391238][ T6624] team0 (unregistering): Port device team_slave_0 removed
[  144.408483][ T6624] team0 (unregistering): Port device team_slave_1 removed
[  144.477585][ T6648] loop5: detected capacity change from 0 to 1024
[  144.485662][ T6046] udevd[6046]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  144.490546][ T5973] udevd[5973]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  144.753746][ T6648] netlink: 'syz.5.151': attribute type 24 has an invalid length.
[  144.866991][ T6654] loop1: detected capacity change from 0 to 16
[  144.960145][ T6654] erofs (device loop1): mounted with root inode @ nid 36.
[  144.980507][ T6654] overlayfs: failed to resolve './file1': -2
[  145.398486][ T6653] vlan2: entered allmulticast mode
[  145.428735][ T6046] udevd[6046]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory
[  145.437137][ T6653] macvlan0: entered allmulticast mode
[  145.441731][ T5973] udevd[5973]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory
[  145.513792][ T6653] veth1_vlan: entered allmulticast mode
[  145.654284][ T6665] loop3: detected capacity change from 0 to 2048
[  145.692362][   T77] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  145.701460][ T6665] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  145.842452][   T77] usb 5-1: device descriptor read/64, error -71
[  145.856364][ T6665] FAULT_INJECTION: forcing a failure.
[  145.856364][ T6665] name failslab, interval 1, probability 0, space 0, times 0
[  145.869133][ T6665] CPU: 1 UID: 0 PID: 6665 Comm: syz.3.156 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  145.869146][ T6665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.869152][ T6665] Call Trace:
[  145.869157][ T6665]  <TASK>
[  145.869161][ T6665]  dump_stack_lvl+0x189/0x250
[  145.869181][ T6665]  ? __pfx____ratelimit+0x10/0x10
[  145.869197][ T6665]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.869211][ T6665]  ? __pfx__printk+0x10/0x10
[  145.869223][ T6665]  ? __lock_acquire+0xab9/0xd20
[  145.869239][ T6665]  should_fail_ex+0x414/0x560
[  145.869254][ T6665]  should_failslab+0xa8/0x100
[  145.869269][ T6665]  kmem_cache_alloc_noprof+0x73/0x3c0
[  145.869283][ T6665]  ? sctp_get_port_local+0x6d3/0x1680
[  145.869298][ T6665]  sctp_get_port_local+0x6d3/0x1680
[  145.869315][ T6665]  ? __pfx_sctp_get_port_local+0x10/0x10
[  145.869328][ T6665]  ? sctp_bind_addr_match+0x28b/0x2b0
[  145.869345][ T6665]  sctp_do_bind+0x4ea/0x940
[  145.869363][ T6665]  sctp_connect_new_asoc+0x25c/0x690
[  145.869375][ T6665]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  145.869385][ T6665]  ? __local_bh_enable_ip+0x12d/0x1c0
[  145.869402][ T6665]  ? bpf_lsm_sctp_bind_connect+0x9/0x20
[  145.869414][ T6665]  ? security_sctp_bind_connect+0x7e/0x2e0
[  145.869425][ T6665]  sctp_sendmsg+0x155c/0x2810
[  145.869448][ T6665]  ? __pfx_sctp_sendmsg+0x10/0x10
[  145.869460][ T6665]  ? aa_sk_perm+0x81e/0x950
[  145.869474][ T6665]  ? __pfx_aa_sk_perm+0x10/0x10
[  145.869486][ T6665]  ? sock_rps_record_flow+0x19/0x410
[  145.869502][ T6665]  ? inet_sendmsg+0x2f4/0x370
[  145.869517][ T6665]  __sock_sendmsg+0x19c/0x270
[  145.869533][ T6665]  ____sys_sendmsg+0x52d/0x830
[  145.869548][ T6665]  ? __pfx_____sys_sendmsg+0x10/0x10
[  145.869564][ T6665]  ? import_iovec+0x74/0xa0
[  145.869578][ T6665]  ___sys_sendmsg+0x21f/0x2a0
[  145.869591][ T6665]  ? __pfx____sys_sendmsg+0x10/0x10
[  145.869621][ T6665]  ? __fget_files+0x2a/0x420
[  145.869629][ T6665]  ? __fget_files+0x3a0/0x420
[  145.869644][ T6665]  __sys_sendmmsg+0x227/0x430
[  145.869658][ T6665]  ? __pfx___sys_sendmmsg+0x10/0x10
[  145.869668][ T6665]  ? __mutex_unlock_slowpath+0x1cd/0x700
[  145.869692][ T6665]  ? ksys_write+0x22a/0x250
[  145.869706][ T6665]  ? __pfx_ksys_write+0x10/0x10
[  145.869717][ T6665]  ? rcu_is_watching+0x15/0xb0
[  145.869734][ T6665]  __x64_sys_sendmmsg+0xa0/0xc0
[  145.869747][ T6665]  do_syscall_64+0xfa/0x3b0
[  145.869756][ T6665]  ? lockdep_hardirqs_on+0x9c/0x150
[  145.869769][ T6665]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.869779][ T6665]  ? clear_bhb_loop+0x60/0xb0
[  145.869791][ T6665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.869800][ T6665] RIP: 0033:0x7fb82a58e929
[  145.869810][ T6665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.869821][ T6665] RSP: 002b:00007fb82b493038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  145.869838][ T6665] RAX: ffffffffffffffda RBX: 00007fb82a7b6080 RCX: 00007fb82a58e929
[  145.869850][ T6665] RDX: 0000000000000001 RSI: 0000200000000b40 RDI: 0000000000000008
[  145.869860][ T6665] RBP: 00007fb82b493090 R08: 0000000000000000 R09: 0000000000000000
[  145.869869][ T6665] R10: 000000000600c000 R11: 0000000000000246 R12: 0000000000000001
[  145.869876][ T6665] R13: 0000000000000000 R14: 00007fb82a7b6080 R15: 00007fff7f5a94a8
[  145.869891][ T6665]  </TASK>
[  146.676371][ T6675] FAULT_INJECTION: forcing a failure.
[  146.676371][ T6675] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  146.692490][   T77] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  146.732105][ T6675] CPU: 1 UID: 0 PID: 6675 Comm: syz.3.160 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  146.732127][ T6675] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  146.732137][ T6675] Call Trace:
[  146.732145][ T6675]  <TASK>
[  146.732152][ T6675]  dump_stack_lvl+0x189/0x250
[  146.732181][ T6675]  ? __pfx____ratelimit+0x10/0x10
[  146.732208][ T6675]  ? __pfx_dump_stack_lvl+0x10/0x10
[  146.732230][ T6675]  ? __pfx__printk+0x10/0x10
[  146.732248][ T6675]  ? __might_fault+0xb0/0x130
[  146.732280][ T6675]  should_fail_ex+0x414/0x560
[  146.732305][ T6675]  _copy_from_user+0x2d/0xb0
[  146.732327][ T6675]  rose_rt_ioctl+0x25a/0xfb0
[  146.732354][ T6675]  ? __pfx_rose_rt_ioctl+0x10/0x10
[  146.732385][ T6675]  ? bpf_lsm_capable+0x9/0x20
[  146.732406][ T6675]  ? security_capable+0x7e/0x2e0
[  146.732432][ T6675]  rose_ioctl+0x3ce/0x8b0
[  146.732451][ T6675]  ? __pfx_rose_ioctl+0x10/0x10
[  146.732469][ T6675]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  146.732498][ T6675]  sock_do_ioctl+0xdc/0x300
[  146.732524][ T6675]  ? __pfx_sock_do_ioctl+0x10/0x10
[  146.732544][ T6675]  ? __lock_acquire+0xab9/0xd20
[  146.732580][ T6675]  sock_ioctl+0x576/0x790
[  146.732604][ T6675]  ? __pfx_sock_ioctl+0x10/0x10
[  146.732627][ T6675]  ? __fget_files+0x2a/0x420
[  146.732642][ T6675]  ? __fget_files+0x3a0/0x420
[  146.732656][ T6675]  ? __fget_files+0x2a/0x420
[  146.732675][ T6675]  ? bpf_lsm_file_ioctl+0x9/0x20
[  146.732696][ T6675]  ? __pfx_sock_ioctl+0x10/0x10
[  146.732717][ T6675]  __se_sys_ioctl+0xfc/0x170
[  146.732740][ T6675]  do_syscall_64+0xfa/0x3b0
[  146.732756][ T6675]  ? lockdep_hardirqs_on+0x9c/0x150
[  146.732779][ T6675]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.732795][ T6675]  ? clear_bhb_loop+0x60/0xb0
[  146.732816][ T6675]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  146.732832][ T6675] RIP: 0033:0x7fb82a58e929
[  146.732847][ T6675] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  146.732861][ T6675] RSP: 002b:00007fb82b4b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  146.732880][ T6675] RAX: ffffffffffffffda RBX: 00007fb82a7b5fa0 RCX: 00007fb82a58e929
[  146.732892][ T6675] RDX: 0000200000000380 RSI: 000000000000890b RDI: 0000000000000004
[  146.732903][ T6675] RBP: 00007fb82b4b4090 R08: 0000000000000000 R09: 0000000000000000
[  146.732913][ T6675] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  146.732923][ T6675] R13: 0000000000000000 R14: 00007fb82a7b5fa0 R15: 00007fff7f5a94a8
[  146.732952][ T6675]  </TASK>
[  147.270378][ T6679] loop3: detected capacity change from 0 to 4096
[  147.374174][   T77] usb 5-1: device descriptor read/64, error -71
[  147.492780][   T77] usb usb5-port1: attempt power cycle
[  147.518515][ T6679] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  148.341822][ T6679] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[  148.442470][    T9] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  148.462391][   T30] audit: type=1800 audit(1751626942.468:8): pid=6679 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.161" name="file1" dev="loop3" ino=30 res=0 errno=0
[  148.472364][   T77] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  148.591684][ T6692] loop4: detected capacity change from 0 to 2048
[  148.654795][    T9] usb 6-1: Using ep0 maxpacket: 16
[  148.666371][    T9] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  148.677287][ T6692] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  148.682260][    T9] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  148.700121][    T9] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  148.724780][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  148.748126][    T9] usb 6-1: Product: syz
[  148.773830][   T77] usb 5-1: device not accepting address 8, error -71
[  148.817678][    T9] usb 6-1: Manufacturer: syz
[  149.630191][    T9] usb 6-1: SerialNumber: syz
[  150.568545][    T9] usb 6-1: 0:2 : does not exist
[  151.206201][ T6707] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request
[  152.190246][    T9] usb 6-1: 5:0: failed to get current value for ch 0 (-22)
[  152.216099][ T6722] loop3: detected capacity change from 0 to 16
[  152.472594][ T6723] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request
[  153.272975][ T6722] erofs (device loop3): mounted with root inode @ nid 36.
[  153.852487][ T6724] netlink: 16 bytes leftover after parsing attributes in process `syz.1.169'.
[  153.962869][ T6722] overlayfs: failed to resolve './file1': -2
[  154.782626][    T9] usb 6-1: USB disconnect, device number 2
[  154.934446][ T6734] loop0: detected capacity change from 0 to 64
[  155.181923][ T5973] udevd[5973]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  155.335271][ T6734] syz.0.175: attempt to access beyond end of device
[  155.335271][ T6734] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  155.553559][ T6734] Buffer I/O error on dev loop0, logical block 134217734, async page read
[  155.689156][ T6734] syz.0.175: attempt to access beyond end of device
[  155.689156][ T6734] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  156.050690][ T6734] Buffer I/O error on dev loop0, logical block 134217734, async page read
[  156.417207][ T6734] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only
[  156.613326][ T6734] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  156.624108][ T6734] overlayfs: failed to get uuid (/bus, err=-95); falling back to uuid=null.
[  156.699725][ T6748] loop1: detected capacity change from 0 to 4096
[  156.730153][ T6748] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  156.816669][ T6748] ntfs3(loop1): Failed to initialize $Extend/$ObjId.
[  156.821885][ T6734] overlay: Unknown parameter '/verlay'
[  156.905694][   T30] audit: type=1800 audit(1751626950.918:9): pid=6748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.178" name="file1" dev="loop1" ino=30 res=0 errno=0
[  156.941170][ T5838] syz-executor: attempt to access beyond end of device
[  156.941170][ T5838] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  157.027029][ T5838] Buffer I/O error on dev loop0, logical block 134217734, async page read
[  157.097668][ T5838] syz-executor: attempt to access beyond end of device
[  157.097668][ T5838] loop0: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  157.192498][ T5838] Buffer I/O error on dev loop0, logical block 134217734, async page read
[  157.232746][ T5838] Trying to free block not in datazone
[  158.078686][ T6765] loop4: detected capacity change from 0 to 16
[  158.445209][ T6765] erofs (device loop4): mounted with root inode @ nid 36.
[  158.460054][ T6763] overlayfs: failed to resolve './file1': -2
[  158.918352][ T6777] loop4: detected capacity change from 0 to 8
[  162.337115][   T30] audit: type=1326 audit(1751626956.348:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025778e929 code=0x7ffc0000
[  162.494728][   T30] audit: type=1326 audit(1751626956.348:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025778e929 code=0x7ffc0000
[  162.526537][   T30] audit: type=1326 audit(1751626956.348:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=119 compat=0 ip=0x7f025778e929 code=0x7ffc0000
[  162.551643][   T30] audit: type=1326 audit(1751626956.348:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025778e929 code=0x7ffc0000
[  162.594684][   T30] audit: type=1326 audit(1751626956.348:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f025778e52b code=0x7ffc0000
[  162.660769][   T30] audit: type=1326 audit(1751626956.348:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025778e929 code=0x7ffc0000
[  162.703995][ T6800] loop4: detected capacity change from 0 to 4096
[  162.712768][ T5945] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  162.732266][ T6800] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  162.741279][   T30] audit: type=1326 audit(1751626956.348:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f025778d290 code=0x7ffc0000
[  162.793505][ T6800] ntfs3(loop4): volume is dirty and "force" flag is not set!
[  162.803029][   T30] audit: type=1326 audit(1751626956.348:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025778e929 code=0x7ffc0000
[  162.829317][   T30] audit: type=1326 audit(1751626956.348:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f025778e929 code=0x7ffc0000
[  162.860109][   T30] audit: type=1326 audit(1751626956.348:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6795 comm="syz.5.195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f025778e929 code=0x7ffc0000
[  162.994875][    C0] Unknown status report in ack skb
[  163.230939][ T5945] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  163.242492][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  163.262282][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  163.303641][ T5945] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  163.474238][ T5945] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  163.499601][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.607575][ T5945] usb 1-1: config 0 descriptor??
[  164.247184][ T5945] plantronics 0003:047F:FFFF.0001: ignoring exceeding usage max
[  164.339133][ T5945] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  164.454189][ T5917] usb 1-1: USB disconnect, device number 3
[  164.586446][ T6815] fido_id[6815]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  164.844153][ T6825] loop1: detected capacity change from 0 to 512
[  165.461751][ T6825] EXT4-fs: Ignoring removed oldalloc option
[  165.467937][ T5917] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  165.485708][ T6825] EXT4-fs: Ignoring removed oldalloc option
[  165.865929][ T6836] loop4: detected capacity change from 0 to 2048
[  165.912544][ T5917] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  165.936314][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.016979][ T5917] usb 4-1: Product: syz
[  166.081643][ T5917] usb 4-1: Manufacturer: syz
[  166.151174][ T6836] UDF-fs: warning (device loop4): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  166.259840][ T6825] EXT4-fs (loop1): 1 truncate cleaned up
[  166.402374][ T5917] usb 4-1: SerialNumber: syz
[  166.424475][ T5917] usb 4-1: config 0 descriptor??
[  166.451698][ T6825] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.138948][ T5917] usb 4-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0)
[  167.184729][ T5917] usb 4-1: Firmware version (0.0) predates our first public release.
[  167.402373][ T5917] usb 4-1: Please update to version 0.2 or newer
[  167.914432][ T5840] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.122543][ T6854] loop0: detected capacity change from 0 to 16
[  168.226093][ T6854] erofs (device loop0): mounted with root inode @ nid 36.
[  169.321615][ T5917] usb 4-1: USB disconnect, device number 5
[  169.613582][ T5910] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  169.755802][ T6872] syz.1.211: attempt to access beyond end of device
[  169.755802][ T6872] nbd1: rw=2048, sector=0, nr_sectors = 8 limit=0
[  169.769290][ T6872] SQUASHFS error: Failed to read block 0x0: -5
[  169.775562][ T6872] unable to read squashfs_super_block
[  169.840692][ T6873] o2cb: This node has not been configured.
[  169.846850][ T6873] o2cb: Cluster check failed. Fix errors before retrying.
[  169.855046][ T6873] (syz.1.211,6873,1):user_dlm_register:674 ERROR: status = -22
[  169.863166][ T6873] (syz.1.211,6873,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file1"
[  169.940934][ T5910] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  170.114563][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  170.200878][ T5910] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  170.211104][ T5910] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  170.225432][ T5910] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  170.235108][ T5910] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.266754][ T6870] loop3: detected capacity change from 0 to 4096
[  170.275261][ T5910] usb 5-1: config 0 descriptor??
[  170.338339][ T6870] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512).
[  170.442477][  T121] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  170.506399][ T6870] ntfs3(loop3): Failed to initialize $Extend/$ObjId.
[  170.528482][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  170.528495][   T30] audit: type=1800 audit(1751626964.538:21): pid=6870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.216" name="file1" dev="loop3" ino=30 res=0 errno=0
[  170.614584][  T121] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  170.625192][  T121] usb 2-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6
[  170.634625][  T121] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  170.656663][  T121] usb 2-1: config 0 descriptor??
[  170.708139][  T121] HFC-S_USB 2-1:0.0: probe with driver HFC-S_USB failed with error -5
[  170.721412][ T5910] plantronics 0003:047F:FFFF.0002: ignoring exceeding usage max
[  170.805817][ T5910] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  170.922277][ T5942] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  171.004567][  T121] usb 5-1: USB disconnect, device number 10
[  171.082700][ T5942] usb 1-1: Using ep0 maxpacket: 8
[  171.159623][ T6871] loop1: detected capacity change from 0 to 32768
[  171.166717][ T6871] o2cb: This node has not been configured.
[  171.172554][ T6871] o2cb: Cluster check failed. Fix errors before retrying.
[  171.179676][ T6871] (syz.1.211,6871,1):user_dlm_register:674 ERROR: status = -22
[  171.188649][ T6871] (syz.1.211,6871,1):dlmfs_mkdir:438 ERROR: Error -22 could not register domain "file0"
[  171.303206][ T5942] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7
[  171.333120][ T5942] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  171.342171][ T5942] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  171.361957][ T5942] usb 1-1: Product: syz
[  171.371744][ T5942] usb 1-1: Manufacturer: syz
[  171.376472][ T5942] usb 1-1: SerialNumber: syz
[  171.617643][ T5942] usb 1-1: Handspring Visor / Palm OS: No valid connect info available
[  171.644731][ T5942] usb 1-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  172.567341][ T5942] usb 1-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  172.580518][ T5942] usb 1-1: Handspring Visor / Palm OS: Number of ports: 2
[  172.694241][  T121] usb 2-1: USB disconnect, device number 6
[  172.762513][ T5942] visor 1-1:1.0: Handspring Visor / Palm OS converter detected
[  172.810312][ T5942] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  172.961201][ T5942] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  173.023538][ T6899] FAULT_INJECTION: forcing a failure.
[  173.023538][ T6899] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  173.077708][ T6899] CPU: 1 UID: 0 PID: 6899 Comm: syz.4.223 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  173.077731][ T6899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  173.077740][ T6899] Call Trace:
[  173.077748][ T6899]  <TASK>
[  173.077756][ T6899]  dump_stack_lvl+0x189/0x250
[  173.077784][ T6899]  ? __pfx____ratelimit+0x10/0x10
[  173.077809][ T6899]  ? __pfx_dump_stack_lvl+0x10/0x10
[  173.077832][ T6899]  ? __pfx__printk+0x10/0x10
[  173.077851][ T6899]  ? __might_fault+0xb0/0x130
[  173.077885][ T6899]  should_fail_ex+0x414/0x560
[  173.077912][ T6899]  _copy_from_user+0x2d/0xb0
[  173.077933][ T6899]  vga_arb_write+0x101/0x1f10
[  173.077953][ T6899]  ? __pfx_vga_arb_write+0x10/0x10
[  173.077978][ T6899]  ? bpf_lsm_file_permission+0x9/0x20
[  173.077997][ T6899]  ? security_file_permission+0x75/0x290
[  173.078016][ T6899]  ? rw_verify_area+0x258/0x650
[  173.078038][ T6899]  ? __pfx_vga_arb_write+0x10/0x10
[  173.078056][ T6899]  vfs_write+0x27e/0xa90
[  173.078086][ T6899]  ? __pfx_vfs_write+0x10/0x10
[  173.078109][ T6899]  ? __fget_files+0x2a/0x420
[  173.078128][ T6899]  ? __fget_files+0x2a/0x420
[  173.078142][ T6899]  ? __fget_files+0x3a0/0x420
[  173.078156][ T6899]  ? __fget_files+0x2a/0x420
[  173.078180][ T6899]  ksys_write+0x145/0x250
[  173.078205][ T6899]  ? __pfx_ksys_write+0x10/0x10
[  173.078223][ T6899]  ? rcu_is_watching+0x15/0xb0
[  173.078250][ T6899]  ? do_syscall_64+0xbe/0x3b0
[  173.078270][ T6899]  do_syscall_64+0xfa/0x3b0
[  173.078285][ T6899]  ? lockdep_hardirqs_on+0x9c/0x150
[  173.078308][ T6899]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.078324][ T6899]  ? clear_bhb_loop+0x60/0xb0
[  173.078352][ T6899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.078368][ T6899] RIP: 0033:0x7f6e9a18e929
[  173.078383][ T6899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.078397][ T6899] RSP: 002b:00007f6e9b021038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  173.078416][ T6899] RAX: ffffffffffffffda RBX: 00007f6e9a3b5fa0 RCX: 00007f6e9a18e929
[  173.078428][ T6899] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003
[  173.078438][ T6899] RBP: 00007f6e9b021090 R08: 0000000000000000 R09: 0000000000000000
[  173.078449][ T6899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  173.078459][ T6899] R13: 0000000000000000 R14: 00007f6e9a3b5fa0 R15: 00007ffc47c6bf38
[  173.078487][ T6899]  </TASK>
[  173.086081][ T5942] usb 1-1: USB disconnect, device number 4
[  174.102255][ T6903] loop1: detected capacity change from 0 to 2048
[  174.339602][ T5942] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  174.807872][ T6903] UDF-fs: warning (device loop1): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  174.872631][ T5942] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  174.967637][ T5942] visor 1-1:1.0: device disconnected
[  175.855333][ T6919] loop4: detected capacity change from 0 to 16
[  176.543481][ T6919] erofs (device loop4): mounted with root inode @ nid 36.
[  176.921198][ T6915] loop3: detected capacity change from 0 to 512
[  176.928854][ T6915] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  176.938522][ T6915] EXT4-fs (loop3): can't mount with commit=, fs mounted w/o journal
[  177.230118][ T6930] overlayfs: missing 'lowerdir'
[  177.537082][  T121] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  177.757937][  T121] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  177.918265][  T121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  178.003455][  T121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  178.013416][  T121] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  178.030154][  T121] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  178.040424][  T121] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.327694][  T121] usb 5-1: config 0 descriptor??
[  178.767898][  T121] plantronics 0003:047F:FFFF.0003: ignoring exceeding usage max
[  178.772419][    T9] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  178.801000][  T121] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  178.952907][    T9] usb 4-1: Using ep0 maxpacket: 32
[  178.967107][ T5942] usb 5-1: USB disconnect, device number 11
[  178.985071][    T9] usb 4-1: config 0 interface 0 has no altsetting 0
[  178.991703][    T9] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  179.012604][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.039137][    T9] usb 4-1: config 0 descriptor??
[  179.152132][ T6947] loop0: detected capacity change from 0 to 32768
[  179.172600][ T6947] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.237 (6947)
[  179.222508][  T121] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  179.230897][ T6947] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  179.242690][ T6947] BTRFS info (device loop0): using sha256 (sha256-x86_64) checksum algorithm
[  179.262375][ T6947] BTRFS info (device loop0): disk space caching is enabled
[  179.282811][ T6947] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  179.382330][  T121] usb 2-1: Using ep0 maxpacket: 8
[  179.405019][  T121] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  179.437535][  T121] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32
[  179.460613][ T6978] sctp: [Deprecated]: syz.5.243 (pid 6978) Use of int in max_burst socket option deprecated.
[  179.460613][ T6978] Use struct sctp_assoc_value instead
[  179.487038][  T121] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8
[  179.506557][  T121] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  179.519359][ T6947] BTRFS info (device loop0): rebuilding free space tree
[  179.557156][  T121] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.604249][  T121] usb 2-1: Product: syz
[  179.609344][    T9] corsair-psu 0003:1B1C:1C09.0004: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.3-1/input0
[  179.630716][  T121] usb 2-1: Manufacturer: syz
[  179.642140][ T6947] BTRFS info (device loop0): disabling free space tree
[  179.662324][  T121] usb 2-1: SerialNumber: syz
[  179.672370][ T6947] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  179.714571][ T6947] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  180.370051][  T121] cdc_ncm 2-1:1.0: bind() failure
[  180.384246][  T121] usbtest 2-1:1.0: couldn't get endpoints, -22
[  180.390510][  T121] usbtest 2-1:1.0: probe with driver usbtest failed with error -22
[  180.404603][  T121] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found
[  180.411440][  T121] cdc_ncm 2-1:1.1: bind() failure
[  180.426519][  T121] usbtest 2-1:1.1: couldn't get endpoints, -71
[  180.442081][ T5838] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  180.459451][  T121] usbtest 2-1:1.1: probe with driver usbtest failed with error -71
[  180.497820][  T121] usb 2-1: USB disconnect, device number 7
[  180.556376][ T6941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  180.565408][ T6941] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  180.710487][ T6998] loop1: detected capacity change from 0 to 1024
[  181.452411][ T5917] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  181.822711][ T5917] usb 2-1: Using ep0 maxpacket: 32
[  181.856483][ T7014] loop4: detected capacity change from 0 to 2048
[  181.878398][ T5917] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  181.895623][ T7014] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d
[  181.951364][ T5917] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  181.972534][ T7014] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  182.011369][    T9] corsair-psu 0003:1B1C:1C09.0004: unable to initialize device (-71)
[  182.051310][    T9] corsair-psu 0003:1B1C:1C09.0004: probe with driver corsair-psu failed with error -71
[  182.070022][ T5917] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0
[  182.086998][ T5917] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  182.115578][    T9] usb 4-1: USB disconnect, device number 6
[  182.121490][ T5917] usb 2-1: Product: syz
[  182.131601][ T5917] usb 2-1: Manufacturer: syz
[  182.151420][ T5917] usb 2-1: SerialNumber: syz
[  182.206154][   T30] audit: type=1804 audit(1751626976.088:22): pid=7014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.253" name="/newroot/48/file0/bus" dev="loop4" ino=1367 res=1 errno=0
[  182.277682][ T5917] usb 2-1: config 0 descriptor??
[  182.309002][ T5917] qmi_wwan 2-1:0.0: probe with driver qmi_wwan failed with error -22
[  182.325972][ T7020] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  182.519334][ T5917] usb 2-1: USB disconnect, device number 8
[  182.851890][  T121] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  183.074303][  T121] usb 4-1: Using ep0 maxpacket: 8
[  183.125424][  T121] usb 4-1: config 0 has an invalid interface number: 55 but max is 0
[  183.135152][ T5840] hfsplus: bad catalog entry type
[  183.156956][  T121] usb 4-1: config 0 has no interface number 0
[  183.181507][  T121] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  183.222336][  T121] usb 4-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  183.254646][  T121] usb 4-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  183.460656][  T121] usb 4-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  183.478778][  T121] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  183.488286][  T121] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.507333][  T121] usb 4-1: config 0 descriptor??
[  183.629996][ T7043] FAULT_INJECTION: forcing a failure.
[  183.629996][ T7043] name failslab, interval 1, probability 0, space 0, times 0
[  183.630322][ T7039] loop0: detected capacity change from 0 to 64
[  183.642687][ T7043] CPU: 0 UID: 0 PID: 7043 Comm: syz.4.263 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  183.642709][ T7043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  183.642720][ T7043] Call Trace:
[  183.642727][ T7043]  <TASK>
[  183.642734][ T7043]  dump_stack_lvl+0x189/0x250
[  183.642762][ T7043]  ? __pfx____ratelimit+0x10/0x10
[  183.642787][ T7043]  ? __pfx_dump_stack_lvl+0x10/0x10
[  183.642810][ T7043]  ? __pfx__printk+0x10/0x10
[  183.642833][ T7043]  ? __pfx___might_resched+0x10/0x10
[  183.642855][ T7043]  ? fs_reclaim_acquire+0x7d/0x100
[  183.642876][ T7043]  should_fail_ex+0x414/0x560
[  183.642901][ T7043]  should_failslab+0xa8/0x100
[  183.642926][ T7043]  __kmalloc_cache_noprof+0x70/0x3d0
[  183.642949][ T7043]  ? __se_sys_mount+0x165/0x410
[  183.642963][ T7043]  ? memdup_user+0x99/0xd0
[  183.642984][ T7043]  __se_sys_mount+0x165/0x410
[  183.643005][ T7043]  ? __pfx___se_sys_mount+0x10/0x10
[  183.643019][ T7043]  ? rcu_is_watching+0x15/0xb0
[  183.643045][ T7043]  ? do_syscall_64+0xbe/0x3b0
[  183.643060][ T7043]  ? __x64_sys_mount+0x20/0xc0
[  183.643077][ T7043]  do_syscall_64+0xfa/0x3b0
[  183.643092][ T7043]  ? lockdep_hardirqs_on+0x9c/0x150
[  183.643114][ T7043]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.643130][ T7043]  ? clear_bhb_loop+0x60/0xb0
[  183.643150][ T7043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  183.643166][ T7043] RIP: 0033:0x7f6e9a18e929
[  183.643182][ T7043] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  183.643196][ T7043] RSP: 002b:00007f6e9afdf038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  183.643214][ T7043] RAX: ffffffffffffffda RBX: 00007f6e9a3b6160 RCX: 00007f6e9a18e929
[  183.643227][ T7043] RDX: 0000200000000080 RSI: 00002000000000c0 RDI: 0000000000000000
[  183.643237][ T7043] RBP: 00007f6e9afdf090 R08: 0000200000000340 R09: 0000000000000000
[  183.643249][ T7043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  183.643258][ T7043] R13: 0000000000000000 R14: 00007f6e9a3b6160 R15: 00007ffc47c6bf38
[  183.643285][ T7043]  </TASK>
[  184.007709][ T7039] Trying to free block not in datazone
[  184.045138][  T121] ldusb 4-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  184.057805][   T36] hfsplus: b-tree write err: -5, ino 4
[  184.410346][ T3507] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  184.700053][ T3507] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.412342][ T5945] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  185.481496][ T3507] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  185.550868][ T5910] usb 4-1: USB disconnect, device number 7
[  185.566782][ T7058] overlayfs: missing 'lowerdir'
[  185.852349][ T7060] overlayfs: failed to clone upperpath
[  185.960338][ T5835] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  185.969692][ T5835] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  185.971372][ T5910] ldusb 4-1:0.55: LD USB Device #0 now disconnected
[  185.986911][ T5835] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  185.997840][ T5835] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  186.009651][ T5835] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  186.022255][ T5945] usb 1-1: Using ep0 maxpacket: 32
[  186.040122][ T5945] usb 1-1: config 0 interface 0 has no altsetting 0
[  186.105128][ T5945] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  186.114540][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  186.134359][ T5945] usb 1-1: config 0 descriptor??
[  186.178164][ T3507] bridge0: port 3(netdevsim0) entered disabled state
[  186.284803][ T3507] netdevsim netdevsim1 netdevsim0 (unregistering): left allmulticast mode
[  186.320510][ T3507] netdevsim netdevsim1 netdevsim0 (unregistering): left promiscuous mode
[  186.581724][ T3507] bridge0: port 3(netdevsim0) entered disabled state
[  187.755517][ T3507] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.333692][   T50] Bluetooth: hci4: command tx timeout
[  188.374089][ T5917] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  188.437457][ T7075] openvswitch: netlink: Message has 24 unknown bytes.
[  188.507571][ T5945] corsair-psu 0003:1B1C:1C09.0005: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.0-1/input0
[  188.975688][ T5917] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  189.001320][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  189.040577][ T5917] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  189.055142][ T5917] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  189.068130][ T5917] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  189.077296][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.499041][ T5917] usb 5-1: config 0 descriptor??
[  189.514842][ T5917] usb 5-1: can't set config #0, error -71
[  189.516094][ T7055] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.529754][ T7055] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  190.403647][   T50] Bluetooth: hci4: command tx timeout
[  190.489970][ T5917] usb 5-1: USB disconnect, device number 12
[  190.496012][ T3507] bridge_slave_1: left allmulticast mode
[  190.496149][ T3507] bridge_slave_1: left promiscuous mode
[  190.498073][ T3507] bridge0: port 2(bridge_slave_1) entered disabled state
[  191.103806][ T3507] bridge_slave_0: left allmulticast mode
[  191.109613][ T3507] bridge_slave_0: left promiscuous mode
[  191.122480][ T5945] corsair-psu 0003:1B1C:1C09.0005: unable to initialize device (-71)
[  191.128804][ T3507] bridge0: port 1(bridge_slave_0) entered disabled state
[  191.460706][ T7095] loop3: detected capacity change from 0 to 16
[  192.114665][ T5945] corsair-psu 0003:1B1C:1C09.0005: probe with driver corsair-psu failed with error -71
[  192.226162][ T7095] erofs (device loop3): mounted with root inode @ nid 36.
[  192.658149][   T50] Bluetooth: hci4: command tx timeout
[  192.826869][ T5945] usb 1-1: USB disconnect, device number 5
[  194.068489][ T3507] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  194.079225][ T3507] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  194.093526][ T3507] bond0 (unregistering): Released all slaves
[  194.170717][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  194.177083][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  194.309124][ T7057] chnl_net:caif_netlink_parms(): no params data found
[  194.722010][ T3507] tipc: Disabling bearer <udp:syz2>
[  194.722515][ T5846] Bluetooth: hci4: command tx timeout
[  194.738821][ T3507] tipc: Left network mode
[  195.540551][ T7140] overlayfs: failed to resolve './file0': -2
[  195.932363][  T121] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  196.245205][ T5849] Bluetooth: hci2: command 0x0406 tx timeout
[  196.245227][ T5846] Bluetooth: hci3: command 0x0406 tx timeout
[  196.251265][ T5849] Bluetooth: hci1: command 0x0406 tx timeout
[  196.326241][  T121] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  196.433418][  T121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  196.488807][  T121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  196.709351][  T121] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  196.832320][  T121] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  196.877367][  T121] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  197.044409][  T121] usb 5-1: config 0 descriptor??
[  197.207220][ T7057] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.233294][ T7057] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.240484][ T7057] bridge_slave_0: entered allmulticast mode
[  197.281965][ T7057] bridge_slave_0: entered promiscuous mode
[  197.453815][ T7057] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.460958][ T7057] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.477917][  T121] plantronics 0003:047F:FFFF.0006: ignoring exceeding usage max
[  197.495796][ T7057] bridge_slave_1: entered allmulticast mode
[  197.531742][ T7057] bridge_slave_1: entered promiscuous mode
[  197.581432][  T121] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  197.766947][ T7057] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  197.892224][ T3507] hsr_slave_0: left promiscuous mode
[  197.910479][ T3507] hsr_slave_1: left promiscuous mode
[  197.923339][ T7158] loop0: detected capacity change from 0 to 32768
[  197.935816][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  197.969264][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_0
[  197.983956][ T3507] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  198.011982][ T3507] batman_adv: batadv0: Removing interface: batadv_slave_1
[  198.110307][ T3507] veth1_macvtap: left promiscuous mode
[  198.141668][ T3507] veth0_macvtap: left promiscuous mode
[  198.156794][ T3507] veth1_vlan: left promiscuous mode
[  198.176971][ T3507] veth0_vlan: left promiscuous mode
[  198.552243][ T7170] loop3: detected capacity change from 0 to 16
[  198.591673][ T7170] erofs (device loop3): mounted with root inode @ nid 36.
[  201.455233][  T121] usb 5-1: USB disconnect, device number 13
[  201.818955][ T7190] overlayfs: failed to resolve './file0': -2
[  202.470816][ T7194] FAULT_INJECTION: forcing a failure.
[  202.470816][ T7194] name failslab, interval 1, probability 0, space 0, times 0
[  202.499595][ T7194] CPU: 1 UID: 0 PID: 7194 Comm: syz.4.297 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  202.499619][ T7194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  202.499629][ T7194] Call Trace:
[  202.499637][ T7194]  <TASK>
[  202.499644][ T7194]  dump_stack_lvl+0x189/0x250
[  202.499672][ T7194]  ? __pfx____ratelimit+0x10/0x10
[  202.499696][ T7194]  ? __pfx_dump_stack_lvl+0x10/0x10
[  202.499719][ T7194]  ? __pfx__printk+0x10/0x10
[  202.499744][ T7194]  ? __pfx___might_resched+0x10/0x10
[  202.499765][ T7194]  ? fs_reclaim_acquire+0x7d/0x100
[  202.499787][ T7194]  should_fail_ex+0x414/0x560
[  202.499813][ T7194]  should_failslab+0xa8/0x100
[  202.499839][ T7194]  kmem_cache_alloc_noprof+0x73/0x3c0
[  202.499861][ T7194]  ? alloc_empty_file+0x55/0x1d0
[  202.499883][ T7194]  alloc_empty_file+0x55/0x1d0
[  202.499902][ T7194]  path_openat+0x107/0x3830
[  202.499921][ T7194]  ? arch_stack_walk+0xfc/0x150
[  202.499973][ T7194]  ? kasan_save_track+0x4f/0x80
[  202.499993][ T7194]  ? kasan_save_track+0x3e/0x80
[  202.500011][ T7194]  ? __kasan_slab_alloc+0x6c/0x80
[  202.500032][ T7194]  ? getname_flags+0xb8/0x540
[  202.500049][ T7194]  ? __pfx_path_openat+0x10/0x10
[  202.500067][ T7194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.500104][ T7194]  do_filp_open+0x1fa/0x410
[  202.500124][ T7194]  ? __lock_acquire+0xab9/0xd20
[  202.500145][ T7194]  ? __pfx_do_filp_open+0x10/0x10
[  202.500201][ T7194]  ? _raw_spin_unlock+0x28/0x50
[  202.500222][ T7194]  ? alloc_fd+0x64c/0x6c0
[  202.500257][ T7194]  do_sys_openat2+0x121/0x1c0
[  202.500279][ T7194]  ? __pfx_do_sys_openat2+0x10/0x10
[  202.500306][ T7194]  ? ksys_write+0x22a/0x250
[  202.500331][ T7194]  ? __pfx_ksys_write+0x10/0x10
[  202.500350][ T7194]  ? rcu_is_watching+0x15/0xb0
[  202.500376][ T7194]  __x64_sys_openat+0x138/0x170
[  202.500400][ T7194]  do_syscall_64+0xfa/0x3b0
[  202.500416][ T7194]  ? lockdep_hardirqs_on+0x9c/0x150
[  202.500439][ T7194]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.500457][ T7194]  ? clear_bhb_loop+0x60/0xb0
[  202.500477][ T7194]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  202.500494][ T7194] RIP: 0033:0x7f6e9a18e929
[  202.500510][ T7194] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  202.500523][ T7194] RSP: 002b:00007f6e9b021038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  202.500542][ T7194] RAX: ffffffffffffffda RBX: 00007f6e9a3b5fa0 RCX: 00007f6e9a18e929
[  202.500554][ T7194] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: ffffffffffffff9c
[  202.500566][ T7194] RBP: 00007f6e9b021090 R08: 0000000000000000 R09: 0000000000000000
[  202.500577][ T7194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  202.500587][ T7194] R13: 0000000000000000 R14: 00007f6e9a3b5fa0 R15: 00007ffc47c6bf38
[  202.500615][ T7194]  </TASK>
[  203.161223][ T7198] loop4: detected capacity change from 0 to 16
[  203.297035][ T7198] erofs (device loop4): mounted with root inode @ nid 36.
[  203.992685][ T3507] team0 (unregistering): Port device team_slave_1 removed
[  204.049919][ T3507] team0 (unregistering): Port device team_slave_0 removed
[  204.426895][ T7204] netlink: 'syz.4.300': attribute type 11 has an invalid length.
[  204.439107][ T7204] netlink: 224 bytes leftover after parsing attributes in process `syz.4.300'.
[  205.519059][ T7206] loop4: detected capacity change from 0 to 32768
[  205.536772][ T7206] (syz.4.300,7206,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  205.550626][ T7206] (syz.4.300,7206,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  205.566098][ T7206] (syz.4.300,7206,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x656d756e, computed 0xb6797f2. Applying ECC.
[  205.618689][ T7206] JBD2: Ignoring recovery information on journal
[  205.650772][ T7206] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  205.862121][ T5830] ocfs2: Unmounting device (7,4) on (node local)
[  206.371277][ T7057] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  206.739938][ T7057] team0: Port device team_slave_0 added
[  206.759925][ T7057] team0: Port device team_slave_1 added
[  208.980921][ T7057] batman_adv: batadv0: Adding interface: batadv_slave_0
[  209.220757][ T7228] overlayfs: failed to resolve './file0': -2
[  209.940681][ T7057] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  209.967048][ T7057] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  210.132839][ T7057] batman_adv: batadv0: Adding interface: batadv_slave_1
[  210.139806][ T7057] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  210.397253][ T7057] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  210.589948][ T7240] loop3: detected capacity change from 0 to 1024
[  211.482396][ T7244] loop0: detected capacity change from 0 to 131072
[  211.587590][ T7244] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[  211.595767][ T7244] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  211.692377][ T7251] loop4: detected capacity change from 0 to 2048
[  211.706675][ T7244] F2FS-fs (loop0): invalid crc value
[  211.790735][ T7251] UDF-fs: warning (device loop4): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  212.105865][ T7240] syz.3.310: attempt to access beyond end of device
[  212.105865][ T7240] loop3: rw=0, sector=5778, nr_sectors = 2 limit=1024
[  212.159013][ T7244] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  212.166183][ T7244] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[  212.188374][ T7244] F2FS-fs (loop0): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  212.491561][ T7263] openvswitch: netlink: Message has 24 unknown bytes.
[  212.853133][ T7263] syz.0.312 (7263): drop_caches: 2
[  212.871391][ T7263] syz.0.312 (7263): drop_caches: 2
[  213.350273][ T7057] hsr_slave_0: entered promiscuous mode
[  213.495701][ T7057] hsr_slave_1: entered promiscuous mode
[  214.569635][ T7268] loop4: detected capacity change from 0 to 131072
[  214.578822][ T7268] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0)
[  214.586976][ T7268] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  214.651111][ T7268] F2FS-fs (loop4): invalid crc value
[  214.765729][ T7268] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  214.772841][ T7268] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  214.830958][ T7268] F2FS-fs (loop4): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  215.162455][ T7287] openvswitch: netlink: Message has 24 unknown bytes.
[  215.199865][ T7287] syz.4.314 (7287): drop_caches: 2
[  215.219274][ T7287] syz.4.314 (7287): drop_caches: 2
[  215.970540][ T7291] overlayfs: failed to resolve './file0': -2
[  216.944035][ T7299] loop3: detected capacity change from 0 to 1024
[  217.148165][ T7057] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  217.209932][ T7057] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  217.254189][ T3507] hfsplus: b-tree write err: -5, ino 4
[  217.278587][ T7057] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  217.347120][ T7057] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  217.961043][ T7328] loop3: detected capacity change from 0 to 2048
[  218.238752][    T9] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  218.287069][ T7328] UDF-fs: warning (device loop3): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  218.418466][    T9] usb 1-1: Using ep0 maxpacket: 32
[  218.440659][    T9] usb 1-1: config 0 interface 0 has no altsetting 0
[  218.454439][    T9] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  218.498353][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  218.584204][    T9] usb 1-1: config 0 descriptor??
[  218.627250][ T7057] 8021q: adding VLAN 0 to HW filter on device bond0
[  218.730756][ T7057] 8021q: adding VLAN 0 to HW filter on device team0
[  218.757065][ T3507] bridge0: port 1(bridge_slave_0) entered blocking state
[  218.764220][ T3507] bridge0: port 1(bridge_slave_0) entered forwarding state
[  218.873888][   T78] bridge0: port 2(bridge_slave_1) entered blocking state
[  218.881041][   T78] bridge0: port 2(bridge_slave_1) entered forwarding state
[  219.104053][ T7346] loop3: detected capacity change from 0 to 16
[  219.983063][ T7346] erofs (device loop3): mounted with root inode @ nid 36.
[  220.997817][    T9] corsair-psu 0003:1B1C:1C09.0007: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.0-1/input0
[  222.112480][    T9] corsair-psu 0003:1B1C:1C09.0007: unable to initialize device (-71)
[  222.311964][ T7057] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  222.335214][    T9] corsair-psu 0003:1B1C:1C09.0007: probe with driver corsair-psu failed with error -71
[  222.398557][ T7057] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  222.423192][    T9] usb 1-1: USB disconnect, device number 6
[  222.438318][ T7351] fido_id[7351]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  222.792588][ T5945] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  222.843648][ T7373] loop3: detected capacity change from 0 to 8
[  222.902483][ T7373] squashfs image failed sanity check
[  222.982512][ T5945] usb 5-1: Using ep0 maxpacket: 8
[  223.010274][ T5945] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 7
[  223.058897][ T5945] usb 5-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  223.107354][ T5945] usb 5-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  223.143615][ T5945] usb 5-1: Product: syz
[  223.147793][ T5945] usb 5-1: Manufacturer: syz
[  223.154571][ T7057] 8021q: adding VLAN 0 to HW filter on device batadv0
[  223.157236][ T7380] loop3: detected capacity change from 0 to 2048
[  223.203702][ T5945] usb 5-1: SerialNumber: syz
[  223.439723][ T5945] usb 5-1: palm_os_3_probe - error -71 getting connection information
[  223.529348][ T5945] visor 5-1:1.0: probe with driver visor failed with error -71
[  223.673586][ T5945] usb 5-1: USB disconnect, device number 14
[  225.365350][ T7400] loop3: detected capacity change from 0 to 131072
[  225.426438][ T7400] F2FS-fs (loop3): Wrong CP boundary, start(512) end(1536) blocks(0)
[  225.434678][ T7400] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  225.462038][ T7400] F2FS-fs (loop3): invalid crc value
[  225.574863][ T7057] veth0_vlan: entered promiscuous mode
[  225.591971][ T7400] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  225.599249][ T7400] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4
[  225.612657][ T7400] F2FS-fs (loop3): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  226.143075][ T7424] openvswitch: netlink: Message has 24 unknown bytes.
[  226.165879][ T7424] syz.3.341 (7424): drop_caches: 2
[  226.177071][ T7424] syz.3.341 (7424): drop_caches: 2
[  226.198026][ T7057] veth1_vlan: entered promiscuous mode
[  226.336273][ T7057] veth0_macvtap: entered promiscuous mode
[  226.388311][ T7057] veth1_macvtap: entered promiscuous mode
[  226.510546][ T7057] batman_adv: batadv0: Interface activated: batadv_slave_0
[  226.567231][ T7057] batman_adv: batadv0: Interface activated: batadv_slave_1
[  226.620648][ T6008] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  226.651823][ T6008] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  226.710239][ T6008] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  226.754911][ T6008] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  227.152846][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  227.173990][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  227.471738][ T5951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  228.087533][ T5951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  229.852593][ T5903] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  230.032305][ T5903] usb 7-1: Using ep0 maxpacket: 32
[  230.059903][ T7478] loop4: detected capacity change from 0 to 2048
[  230.062267][ T5903] usb 7-1: config 0 has an invalid interface number: 12 but max is 0
[  230.110169][ T5903] usb 7-1: config 0 has no interface number 0
[  230.134788][ T5903] usb 7-1: config 0 interface 12 has no altsetting 0
[  230.145795][ T7478] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  230.155006][ T5903] usb 7-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  230.193333][ T5903] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  230.212297][ T5903] usb 7-1: Product: syz
[  230.216479][ T5903] usb 7-1: Manufacturer: syz
[  230.221074][ T5903] usb 7-1: SerialNumber: syz
[  230.229446][ T7478] ext4 filesystem being mounted at /73/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  230.241981][ T5903] usb 7-1: config 0 descriptor??
[  230.269725][ T7489] futex_wake_op: syz.5.359 tries to shift op by -1; fix this program
[  230.951731][ T7451] loop0: detected capacity change from 0 to 32768
[  231.017257][ T5830] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  231.050647][ T7451] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  231.493044][ T7451] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_parent(struct super_block *, struct ocfs2_dinode *, struct buffer_head *, int): Group descriptor #17056 has bad chain 1280
[  231.577032][ T7451] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  231.607401][ T7451] OCFS2: File system is now read-only.
[  231.782695][ T7451] (syz.0.351,7451,0):ocfs2_search_chain:1817 ERROR: status = -30
[  231.901372][ T7511] loop4: detected capacity change from 0 to 2048
[  231.968576][ T7511] UDF-fs: warning (device loop4): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  232.229990][ T7451] (syz.0.351,7451,1):ocfs2_search_chain:1940 ERROR: status = -30
[  232.273594][ T7451] (syz.0.351,7451,0):ocfs2_claim_suballoc_bits:2010 ERROR: status = -30
[  232.355431][ T7451] (syz.0.351,7451,0):ocfs2_claim_suballoc_bits:2063 ERROR: status = -30
[  232.394794][ T7451] (syz.0.351,7451,1):ocfs2_claim_new_inode:2298 ERROR: status = -30
[  232.403430][ T7451] (syz.0.351,7451,1):ocfs2_claim_new_inode:2313 ERROR: status = -30
[  232.411460][ T7451] (syz.0.351,7451,1):ocfs2_mknod_locked:641 ERROR: status = -30
[  232.421791][ T7451] (syz.0.351,7451,1):ocfs2_mknod:388 ERROR: status = -30
[  232.429423][ T7451] (syz.0.351,7451,1):ocfs2_mknod:505 ERROR: status = -30
[  232.436713][ T7451] (syz.0.351,7451,1):ocfs2_mkdir:661 ERROR: status = -30
[  232.513814][ T5838] ocfs2: Unmounting device (7,0) on (node local)
[  233.563353][ T5903] f81534 7-1:0.12: f81534_get_register: reg: 1003 failed: -71
[  233.589224][ T5903] f81534 7-1:0.12: f81534_find_config_idx: read failed: -71
[  233.637670][ T5903] f81534 7-1:0.12: f81534_calc_num_ports: find idx failed: -71
[  233.716543][ T5903] f81534 7-1:0.12: probe with driver f81534 failed with error -71
[  234.008140][ T7543] loop4: detected capacity change from 0 to 256
[  234.042557][ T5903] usb 7-1: USB disconnect, device number 2
[  234.310027][ T7543] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d)
[  234.392611][ T7543] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  234.602870][ T7548] loop6: detected capacity change from 0 to 2048
[  234.871896][ T7548] UDF-fs: warning (device loop6): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  235.169177][   T30] audit: type=1800 audit(1751627029.168:23): pid=7543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.369" name="file2" dev="loop4" ino=1048641 res=0 errno=0
[  236.151338][ T7558] loop6: detected capacity change from 0 to 4096
[  236.190069][ T7558] ntfs3: Unknown parameter 'narse'
[  236.510712][ T7570] FAULT_INJECTION: forcing a failure.
[  236.510712][ T7570] name failslab, interval 1, probability 0, space 0, times 0
[  236.524250][ T7570] CPU: 0 UID: 0 PID: 7570 Comm: syz.6.372 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  236.524274][ T7570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  236.524285][ T7570] Call Trace:
[  236.524292][ T7570]  <TASK>
[  236.524301][ T7570]  dump_stack_lvl+0x189/0x250
[  236.524330][ T7570]  ? __pfx____ratelimit+0x10/0x10
[  236.524356][ T7570]  ? __pfx_dump_stack_lvl+0x10/0x10
[  236.524381][ T7570]  ? __pfx__printk+0x10/0x10
[  236.524405][ T7570]  ? __pfx___might_resched+0x10/0x10
[  236.524432][ T7570]  should_fail_ex+0x414/0x560
[  236.524459][ T7570]  should_failslab+0xa8/0x100
[  236.524485][ T7570]  kmem_cache_alloc_noprof+0x73/0x3c0
[  236.524508][ T7570]  ? security_inode_alloc+0x39/0x330
[  236.524534][ T7570]  security_inode_alloc+0x39/0x330
[  236.524558][ T7570]  inode_init_always_gfp+0x9ed/0xdc0
[  236.524589][ T7570]  ? __pfx_sock_alloc_inode+0x10/0x10
[  236.524613][ T7570]  alloc_inode+0x82/0x1b0
[  236.524638][ T7570]  __sock_create+0x12d/0x9f0
[  236.524665][ T7570]  ? __might_fault+0xb0/0x130
[  236.524693][ T7570]  __sys_socketpair+0x1c5/0x560
[  236.524717][ T7570]  __x64_sys_socketpair+0x9b/0xb0
[  236.524737][ T7570]  do_syscall_64+0xfa/0x3b0
[  236.524756][ T7570]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.524771][ T7570]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  236.524787][ T7570]  ? clear_bhb_loop+0x60/0xb0
[  236.524808][ T7570]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  236.524825][ T7570] RIP: 0033:0x7f0f7898e929
[  236.524840][ T7570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  236.524856][ T7570] RSP: 002b:00007f0f79755038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  236.524876][ T7570] RAX: ffffffffffffffda RBX: 00007f0f78bb6160 RCX: 00007f0f7898e929
[  236.524889][ T7570] RDX: 0000000000000000 RSI: 0000000000080803 RDI: 0000000000000022
[  236.524900][ T7570] RBP: 00007f0f79755090 R08: 0000000000000000 R09: 0000000000000000
[  236.524911][ T7570] R10: 0000200000000400 R11: 0000000000000246 R12: 0000000000000001
[  236.524922][ T7570] R13: 0000000000000000 R14: 00007f0f78bb6160 R15: 00007ffebb09fc78
[  236.524951][ T7570]  </TASK>
[  236.525065][ T7570] socket: no more sockets
[  237.273802][ T5835] Bluetooth: hci5: command 0x0406 tx timeout
[  237.610727][ T7584] loop4: detected capacity change from 0 to 2048
[  237.657693][ T7584] UDF-fs: warning (device loop4): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  238.467333][ T7562] loop0: detected capacity change from 0 to 40427
[  238.513303][  T121] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  238.544325][ T7562] F2FS-fs (loop0): build fault injection rate: 690
[  238.565839][ T7562] F2FS-fs (loop0): Image doesn't support compression
[  238.575963][ T7562] F2FS-fs (loop0): Image doesn't support compression
[  238.659819][ T7562] F2FS-fs (loop0): invalid crc value
[  239.022295][  T121] usb 7-1: Using ep0 maxpacket: 8
[  239.057811][  T121] usb 7-1: config 0 has an invalid interface number: 55 but max is 0
[  239.082241][  T121] usb 7-1: config 0 has no interface number 0
[  239.102126][  T121] usb 7-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  239.147180][  T121] usb 7-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  239.192283][  T121] usb 7-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  239.239048][  T121] usb 7-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  239.646010][  T121] usb 7-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  239.656661][  T121] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  239.988578][ T7614] loop3: detected capacity change from 0 to 2048
[  240.050932][ T7614] UDF-fs: warning (device loop3): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  240.080557][ T7562] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  240.274128][  T121] usb 7-1: config 0 descriptor??
[  240.402643][  T121] ldusb 7-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  241.113516][ T7626] netlink: 256 bytes leftover after parsing attributes in process `syz.4.386'.
[  241.194858][ T7636] lo speed is unknown, defaulting to 1000
[  241.201538][ T7636] lo speed is unknown, defaulting to 1000
[  241.220993][ T7636] lo speed is unknown, defaulting to 1000
[  241.274160][ T7636] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  241.421991][ T7636] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  241.545008][ T7626] unsupported nlmsg_type 40
[  241.573001][ T7636] lo speed is unknown, defaulting to 1000
[  241.583076][ T7636] lo speed is unknown, defaulting to 1000
[  241.592151][ T7636] lo speed is unknown, defaulting to 1000
[  241.600638][ T7636] lo speed is unknown, defaulting to 1000
[  241.602750][ T5917] usb 7-1: USB disconnect, device number 3
[  241.608600][ T7636] lo speed is unknown, defaulting to 1000
[  241.612304][ T5945] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  241.619571][ T7636] lo speed is unknown, defaulting to 1000
[  241.653507][ T5917] ldusb 7-1:0.55: LD USB Device #0 now disconnected
[  241.898744][ T5945] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[  241.982411][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  242.017379][ T5945] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  242.047550][ T5945] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[  242.091092][ T5945] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00
[  242.142792][ T5945] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  242.188491][ T5945] usb 4-1: config 0 descriptor??
[  242.550397][ T7648] loop9: detected capacity change from 0 to 7
[  242.953892][ T7648] Dev loop9: unable to read RDB block 7
[  242.961225][ T7648]  loop9: unable to read partition table
[  242.975177][ T7648] loop9: partition table beyond EOD, truncated
[  242.982680][ T7648] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5)
[  243.794101][ T5945] usbhid 4-1:0.0: can't add hid device: -71
[  243.800114][ T5945] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  243.830185][ T5945] usb 4-1: USB disconnect, device number 8
[  245.889638][ T7665] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  246.242410][ T7648] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  246.432826][ T5151] Bluetooth: hci1: command 0x0406 tx timeout
[  246.477271][ T7648] Bluetooth: hci1: Opcode 0x0406 failed: -110
[  247.242037][ T7672] loop4: detected capacity change from 0 to 131072
[  247.259740][ T7672] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0)
[  247.270567][ T7672] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  247.314717][ T7672] F2FS-fs (loop4): invalid crc value
[  247.411486][ T7682] netlink: 'syz.3.396': attribute type 1 has an invalid length.
[  247.444749][ T7648] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  247.452370][ T7648] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  247.468529][ T7672] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  247.474397][ T7682] netlink: 'syz.3.396': attribute type 4 has an invalid length.
[  247.478289][ T7672] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  247.512345][ T7682] netlink: 192 bytes leftover after parsing attributes in process `syz.3.396'.
[  247.521347][ T7672] F2FS-fs (loop4): checksum invalid, nid = 4, ino_of_node = 4, 8e2acc4a vs. 159afe7
[  247.754146][ T7648] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  247.899004][ T7695] syz.4.395 (7695): drop_caches: 2
[  247.904623][ T7695] syz.4.395 (7695): drop_caches: 2
[  248.359880][ T7648] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  248.412414][ T7648] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  248.418395][ T7648] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  248.468792][ T7648] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  248.482791][ T5151] Bluetooth: hci1: command 0x0406 tx timeout
[  248.495449][ T7648] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  248.529533][ T7648] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  249.244460][ T5945] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  249.532351][ T5151] Bluetooth: hci3: command 0x0406 tx timeout
[  249.585339][ T5945] usb 7-1: Using ep0 maxpacket: 32
[  249.803965][ T5945] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[  249.812072][ T5945] usb 7-1: config 0 has no interface number 0
[  249.846527][ T5151] Bluetooth: hci2: command 0x0406 tx timeout
[  249.862583][ T5945] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  249.871624][ T5945] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  249.891151][ T5945] usb 7-1: Product: syz
[  249.895569][ T5945] usb 7-1: Manufacturer: syz
[  249.900168][ T5945] usb 7-1: SerialNumber: syz
[  249.908945][ T5945] usb 7-1: config 0 descriptor??
[  249.918530][ T5945] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  249.967245][ T7689] loop0: detected capacity change from 0 to 32768
[  250.135861][ T7689] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.397 (7689)
[  250.154631][ T5945] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  251.163111][ T5151] Bluetooth: hci5: command 0x0406 tx timeout
[  251.167241][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout
[  251.213048][ T5945] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  251.622566][ T5835] Bluetooth: hci3: command 0x0406 tx timeout
[  251.670899][ T7721] x_tables: duplicate entry at hook 1
[  251.752485][ T7724] netlink: 32 bytes leftover after parsing attributes in process `syz.6.401'.
[  251.926107][ T5835] Bluetooth: hci2: command 0x0406 tx timeout
[  252.303544][ T5903] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  252.361138][ T7703] loop6: detected capacity change from 0 to 4096
[  252.594178][ T5903] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  252.823520][ T5903] usb 1-1: config 0 has no interface number 0
[  253.008561][ T5903] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  253.060835][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.091262][ T7703] ntfs3(loop6): Failed to read $AttrDef (-4).
[  253.120712][ T5903] usb 1-1: config 0 descriptor??
[  253.185517][ T5903] usb 1-1: selecting invalid altsetting 1
[  253.205782][ T5835] Bluetooth: hci5: command 0x0406 tx timeout
[  253.211813][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout
[  253.228470][ T5903] dvb_ttusb_budget: ttusb_init_controller: error
[  253.262372][ T5903] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  253.337142][    C0] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[  253.362705][ T5945] usb 7-1: USB disconnect, device number 4
[  253.387384][ T5945] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  253.498495][ T5945] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  253.579322][ T7742] loop3: detected capacity change from 0 to 1024
[  253.589409][ T5945] quatech2 7-1:0.51: device disconnected
[  253.656916][ T7742] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.708595][ T5903] DVB: Unable to find symbol cx22700_attach()
[  254.468005][ T5903] DVB: Unable to find symbol tda10046_attach()
[  254.537209][ T5903] dvb_ttusb_budget: no frontend driver found for device [0b48:1005]
[  254.609751][ T5903] usb 1-1: USB disconnect, device number 7
[  254.956618][ T5828] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  255.292658][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout
[  255.364809][ T7773] loop3: detected capacity change from 0 to 8
[  255.381561][ T7775] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  255.608177][ T1301] ieee802154 phy0 wpan0: encryption failed: -22
[  255.614646][ T1301] ieee802154 phy1 wpan1: encryption failed: -22
[  255.874473][ T7784] loop4: detected capacity change from 0 to 128
[  256.482505][ T7788] loop3: detected capacity change from 0 to 16
[  256.493329][ T7788] erofs (device loop3): mounted with root inode @ nid 36.
[  256.548574][ T7784] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  256.683303][ T7781] lo speed is unknown, defaulting to 1000
[  256.796951][ T7789] netlink: 4 bytes leftover after parsing attributes in process `syz.5.415'.
[  258.199402][ T7798] loop6: detected capacity change from 0 to 2048
[  258.616227][ T7798] UDF-fs: warning (device loop6): udf_load_logicalvol: Damaged or missing LVID, forcing readonly mount
[  258.775017][ T7801] loop3: detected capacity change from 0 to 16
[  258.833361][ T7801] erofs (device loop3): mounted with root inode @ nid 36.
[  259.934462][ T7815] FAULT_INJECTION: forcing a failure.
[  259.934462][ T7815] name failslab, interval 1, probability 0, space 0, times 0
[  259.992164][ T7815] CPU: 1 UID: 0 PID: 7815 Comm: syz.6.420 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  259.992193][ T7815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  259.992211][ T7815] Call Trace:
[  259.992218][ T7815]  <TASK>
[  259.992225][ T7815]  dump_stack_lvl+0x189/0x250
[  259.992255][ T7815]  ? __pfx____ratelimit+0x10/0x10
[  259.992280][ T7815]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.992304][ T7815]  ? __pfx__printk+0x10/0x10
[  259.992328][ T7815]  ? __pfx___might_resched+0x10/0x10
[  259.992355][ T7815]  should_fail_ex+0x414/0x560
[  259.992381][ T7815]  should_failslab+0xa8/0x100
[  259.992408][ T7815]  __kmalloc_cache_noprof+0x70/0x3d0
[  259.992431][ T7815]  ? binder_get_thread+0x1c8/0x6d0
[  259.992460][ T7815]  binder_get_thread+0x1c8/0x6d0
[  259.992483][ T7815]  binder_ioctl+0x273/0x19c0
[  259.992501][ T7815]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  259.992522][ T7815]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  259.992543][ T7815]  ? do_vfs_ioctl+0xbe8/0x1430
[  259.992562][ T7815]  ? __pfx_binder_ioctl+0x10/0x10
[  259.992580][ T7815]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  259.992614][ T7815]  ? __lock_acquire+0xab9/0xd20
[  259.992654][ T7815]  ? __fget_files+0x2a/0x420
[  259.992674][ T7815]  ? __fget_files+0x2a/0x420
[  259.992687][ T7815]  ? __fget_files+0x3a0/0x420
[  259.992702][ T7815]  ? __fget_files+0x2a/0x420
[  259.992721][ T7815]  ? bpf_lsm_file_ioctl+0x9/0x20
[  259.992742][ T7815]  ? __pfx_binder_ioctl+0x10/0x10
[  259.992760][ T7815]  __se_sys_ioctl+0xfc/0x170
[  259.992783][ T7815]  do_syscall_64+0xfa/0x3b0
[  259.992798][ T7815]  ? lockdep_hardirqs_on+0x9c/0x150
[  259.992822][ T7815]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.992838][ T7815]  ? clear_bhb_loop+0x60/0xb0
[  259.992859][ T7815]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.992875][ T7815] RIP: 0033:0x7f0f7898e929
[  259.992891][ T7815] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.992905][ T7815] RSP: 002b:00007f0f79796038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  259.992924][ T7815] RAX: ffffffffffffffda RBX: 00007f0f78bb6080 RCX: 00007f0f7898e929
[  259.992937][ T7815] RDX: 0000200000000540 RSI: 00000000c0306201 RDI: 0000000000000004
[  259.992948][ T7815] RBP: 00007f0f79796090 R08: 0000000000000000 R09: 0000000000000000
[  259.992959][ T7815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  259.992970][ T7815] R13: 0000000000000001 R14: 00007f0f78bb6080 R15: 00007ffebb09fc78
[  259.992998][ T7815]  </TASK>
[  260.297368][ T7823] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  260.297394][ T7819] loop3: detected capacity change from 0 to 256
[  260.332798][ T7815] binder: 7811:7815 ioctl c0306201 200000000540 returned -12
[  260.349179][ T7819] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe9e488b, utbl_chksum : 0xe619d30d)
[  260.471051][ T7819] exFAT-fs (loop3): error, invalid access to FAT bad cluster (entry 0x00000005)
[  260.529182][ T5903] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  260.537528][ T7819] exFAT-fs (loop3): Filesystem has been set read-only
[  260.544378][ T7819] exFAT-fs (loop3): failed to initialize root inode
[  260.611747][ T7828] loop4: detected capacity change from 0 to 16
[  260.644864][ T7828] erofs (device loop4): mounted with root inode @ nid 36.
[  260.692296][ T5903] usb 1-1: Using ep0 maxpacket: 32
[  260.706700][ T5903] usb 1-1: config 0 interface 0 has no altsetting 0
[  260.739285][ T5903] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  260.768687][ T5903] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.649722][ T5903] usb 1-1: config 0 descriptor??
[  261.743476][ T7840] trusted_key: syz.6.427 sent an empty control message without MSG_MORE.
[  261.821490][ T7844] FAULT_INJECTION: forcing a failure.
[  261.821490][ T7844] name failslab, interval 1, probability 0, space 0, times 0
[  261.876217][ T7844] CPU: 0 UID: 0 PID: 7844 Comm: syz.6.427 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  261.876242][ T7844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  261.876252][ T7844] Call Trace:
[  261.876259][ T7844]  <TASK>
[  261.876267][ T7844]  dump_stack_lvl+0x189/0x250
[  261.876294][ T7844]  ? __pfx____ratelimit+0x10/0x10
[  261.876319][ T7844]  ? __pfx_dump_stack_lvl+0x10/0x10
[  261.876343][ T7844]  ? __pfx__printk+0x10/0x10
[  261.876364][ T7844]  ? __pfx___might_resched+0x10/0x10
[  261.876395][ T7844]  ? fs_reclaim_acquire+0x7d/0x100
[  261.876417][ T7844]  should_fail_ex+0x414/0x560
[  261.876444][ T7844]  should_failslab+0xa8/0x100
[  261.876470][ T7844]  __kmalloc_noprof+0xcb/0x4f0
[  261.876493][ T7844]  ? sock_kmalloc+0xd6/0x160
[  261.876519][ T7844]  sock_kmalloc+0xd6/0x160
[  261.876542][ T7844]  aead_recvmsg+0x885/0x13f0
[  261.876558][ T7844]  ? __lock_acquire+0xab9/0xd20
[  261.876599][ T7844]  ? __pfx_aead_recvmsg+0x10/0x10
[  261.876614][ T7844]  ? __lock_acquire+0xab9/0xd20
[  261.876635][ T7844]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[  261.876653][ T7844]  ? security_socket_recvmsg+0x7e/0x2e0
[  261.876676][ T7844]  ? __pfx_aead_recvmsg+0x10/0x10
[  261.876692][ T7844]  sock_recvmsg+0x22c/0x270
[  261.876720][ T7844]  ____sys_recvmsg+0x1c9/0x460
[  261.876748][ T7844]  ? __pfx_____sys_recvmsg+0x10/0x10
[  261.876785][ T7844]  ? import_iovec+0x74/0xa0
[  261.876809][ T7844]  ___sys_recvmsg+0x1b5/0x510
[  261.876836][ T7844]  ? __pfx____sys_recvmsg+0x10/0x10
[  261.876881][ T7844]  ? __fget_files+0x3a0/0x420
[  261.876907][ T7844]  do_recvmmsg+0x307/0x770
[  261.876938][ T7844]  ? __pfx_do_recvmmsg+0x10/0x10
[  261.876971][ T7844]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  261.877006][ T7844]  __x64_sys_recvmmsg+0x190/0x240
[  261.877031][ T7844]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  261.877058][ T7844]  ? do_syscall_64+0xbe/0x3b0
[  261.877079][ T7844]  do_syscall_64+0xfa/0x3b0
[  261.877093][ T7844]  ? lockdep_hardirqs_on+0x9c/0x150
[  261.877115][ T7844]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.877131][ T7844]  ? clear_bhb_loop+0x60/0xb0
[  261.877152][ T7844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  261.877168][ T7844] RIP: 0033:0x7f0f7898e929
[  261.877184][ T7844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  261.877199][ T7844] RSP: 002b:00007f0f79796038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  261.877218][ T7844] RAX: ffffffffffffffda RBX: 00007f0f78bb6080 RCX: 00007f0f7898e929
[  261.877231][ T7844] RDX: 0000000000000001 RSI: 00002000000008c0 RDI: 0000000000000004
[  261.877242][ T7844] RBP: 00007f0f79796090 R08: 0000000000000000 R09: 0000000000000000
[  261.877253][ T7844] R10: 00000000000000cb R11: 0000000000000246 R12: 0000000000000001
[  261.877264][ T7844] R13: 0000000000000001 R14: 00007f0f78bb6080 R15: 00007ffebb09fc78
[  261.877294][ T7844]  </TASK>
[  261.877346][ T7843] loop3: detected capacity change from 0 to 164
[  262.264814][ T7843] isofs_fill_super: bread failed, dev=loop3, iso_blknum=41, block=164
[  262.800678][ T5903] corsair-psu 0003:1B1C:1C09.0008: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.0-1/input0
[  262.933646][ T7855] nvme_fabrics: unknown parameter or missing value '(' in ctrl creation request
[  263.562687][ T5903] corsair-psu 0003:1B1C:1C09.0008: unable to initialize device (-71)
[  263.585572][ T5903] corsair-psu 0003:1B1C:1C09.0008: probe with driver corsair-psu failed with error -71
[  264.041947][ T5903] usb 1-1: USB disconnect, device number 8
[  264.158732][ T7862] fido_id[7862]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/1-1/report_descriptor': No such file or directory
[  264.661746][ T7885] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  264.842311][   T77] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  265.012256][   T77] usb 1-1: Using ep0 maxpacket: 16
[  265.043237][   T77] usb 1-1: config 0 has an invalid interface number: 251 but max is 0
[  265.107209][   T77] usb 1-1: config 0 has no interface number 0
[  265.135984][ T7893] loop4: detected capacity change from 0 to 16
[  265.152338][   T77] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  265.182829][ T7893] erofs (device loop4): mounted with root inode @ nid 36.
[  265.192078][   T77] usb 1-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  265.229326][   T77] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[  265.253224][   T77] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.268638][   T77] usb 1-1: Product: syz
[  265.277414][   T77] usb 1-1: Manufacturer: syz
[  265.286630][   T77] usb 1-1: SerialNumber: syz
[  265.304357][   T77] usb 1-1: config 0 descriptor??
[  265.318524][ T7881] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  265.332668][ T7881] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  266.624286][ T7879] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  266.650305][ T7879] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  267.712148][   T77] asix 1-1:0.251 (unnamed net_device) (uninitialized): Invalid PHY address 0x89
[  267.737906][ T7919] netlink: 24 bytes leftover after parsing attributes in process `syz.5.444'.
[  268.264136][   T77] usb 1-1: USB disconnect, device number 9
[  268.734488][    T9] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  268.932316][    T9] usb 5-1: Using ep0 maxpacket: 32
[  268.982594][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  268.992319][   T77] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  268.999493][    T9] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c09, bcdDevice= 0.00
[  269.052712][   T31] INFO: task syz.2.38:6159 blocked for more than 163 seconds.
[  269.060233][   T31]       Not tainted 6.16.0-rc4-next-20250703-syzkaller #0
[  269.072329][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.104666][    T9] usb 5-1: config 0 descriptor??
[  269.113750][ T7935] sch_tbf: burst 32855 is lower than device lo mtu (65550) !
[  269.125197][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  269.182295][   T31] task:syz.2.38        state:D stack:26072 pid:6159  tgid:6158  ppid:5829   task_flags:0x400140 flags:0x00004004
[  269.232479][   T77] usb 4-1: Using ep0 maxpacket: 8
[  269.242286][   T31] Call Trace:
[  269.245605][   T31]  <TASK>
[  269.259305][   T31]  __schedule+0x16f5/0x4d00
[  269.272272][   T31]  ? schedule+0x165/0x360
[  269.292605][   T31]  ? __pfx___schedule+0x10/0x10
[  269.297543][   T31]  ? schedule+0x91/0x360
[  269.301825][   T31]  schedule+0x165/0x360
[  269.322386][   T77] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7
[  269.372287][   T31]  schedule_preempt_disabled+0x13/0x30
[  269.377785][   T31]  __mutex_lock+0x724/0xe80
[  269.412411][   T31]  ? __mutex_lock+0x51b/0xe80
[  269.422328][   T31]  ? fdget_pos+0x247/0x320
[  269.426792][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  269.462310][   T31]  ? __fget_files+0x2a/0x420
[  269.472656][   T77] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b
[  269.481703][   T77] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3
[  269.512296][   T31]  ? __fget_files+0x3a0/0x420
[  269.517002][   T31]  ? __fget_files+0x2a/0x420
[  269.521616][   T31]  fdget_pos+0x247/0x320
[  269.530723][   T77] usb 4-1: Product: syz
[  269.542270][   T77] usb 4-1: Manufacturer: syz
[  269.553177][   T31]  do_writev+0x81/0x2d0
[  269.557371][   T31]  ? __pfx_do_writev+0x10/0x10
[  269.562144][   T31]  ? rcu_is_watching+0x15/0xb0
[  269.566991][   T77] usb 4-1: SerialNumber: syz
[  269.608730][   T31]  ? do_syscall_64+0xbe/0x3b0
[  269.622722][    T9] corsair-psu 0003:1B1C:1C09.0009: hidraw0: USB HID v4.08 Device [HID 1b1c:1c09] on usb-dummy_hcd.4-1/input0
[  269.632289][   T31]  do_syscall_64+0xfa/0x3b0
[  269.638807][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  269.690032][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.703448][   T31]  ? clear_bhb_loop+0x60/0xb0
[  269.718158][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  269.740046][   T31] RIP: 0033:0x7fbc77b8e929
[  269.755769][   T31] RSP: 002b:00007fbc789b5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014
[  269.784919][   T31] RAX: ffffffffffffffda RBX: 00007fbc77db5fa0 RCX: 00007fbc77b8e929
[  269.995518][   T77] usb 4-1: Handspring Visor / Palm OS: No valid connect info available
[  270.320126][   T31] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 000000000000000d
[  270.328292][   T77] usb 4-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  270.336162][   T31] RBP: 00007fbc77c10b39 R08: 0000000000000000 R09: 0000000000000000
[  270.344200][   T77] usb 4-1: Handspring Visor / Palm OS: port 0, is for Generic use
[  270.352016][   T77] usb 4-1: Handspring Visor / Palm OS: Number of ports: 2
[  270.359184][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  270.367329][   T31] R13: 0000000000000000 R14: 00007fbc77db5fa0 R15: 00007ffd49a5c158
[  270.375487][   T77] usb 4-1: palm_os_3_probe - error -71 getting bytes available request
[  270.383878][   T31]  </TASK>
[  270.387078][   T31] 
[  270.387078][   T31] Showing all locks held in the system:
[  270.402384][   T77] visor 4-1:1.0: Handspring Visor / Palm OS converter detected
[  270.413460][   T31] 6 locks held by kworker/0:0/9:
[  270.418403][   T31]  #0: ffff8881442ec148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  270.482868][   T77] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  270.521068][   T77] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  270.529933][   T31]  #1: ffffc900000e7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  270.600390][   T77] usb 4-1: USB disconnect, device number 9
[  270.610555][   T31]  #2: ffff888027a8f198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[  270.635530][   T77] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  270.647252][   T31]  #3: ffff88807d4db198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  270.671694][   T31]  #4: ffff88807d4df160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  270.692555][   T77] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  270.740712][   T31]  #5: ffff88805aea9a20 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400
[  270.755092][   T77] visor 4-1:1.0: device disconnected
[  270.786886][   T31] 2 locks held by kworker/u8:1/13:
[  270.801435][   T31]  #0: ffff8880b8739f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  270.838593][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0
[  270.872494][   T31] 1 lock held by khungtaskd/31:
[  270.889899][   T31]  #0: ffffffff8e13bf60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  270.926101][   T31] 3 locks held by kworker/1:1/77:
[  270.945605][   T31]  #0: ffff8881442ec148 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  270.986924][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0
[  271.008617][   T31]  #2: ffff88801da8d0c8 (&ACCESS_PRIVATE(ssp->srcu_sup, lock)){....}-{3:3}, at: srcu_reschedule+0x44/0x170
[  271.027079][   T31] 1 lock held by udevd/5201:
[  271.031874][   T31] 2 locks held by getty/5593:
[  271.037027][   T31]  #0: ffff88814d96e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  271.056064][   T31]  #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  271.071138][   T31] 3 locks held by kworker/0:5/5945:
[  271.081962][   T31]  #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  271.103899][   T31]  #1: ffffc900053c7bc0 (xfrm_state_gc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  271.129783][   T31]  #2: ffffffff8e141a78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x2f6/0x730
[  271.168824][   T31] 3 locks held by kworker/u8:8/5951:
[  271.182240][   T31]  #0: ffff8880b8739f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  271.213842][   T31]  #1: ffff8880b8723f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39a/0x6d0
[  271.246701][   T31]  #2: ffff8880b8725958 (&base->lock){-.-.}-{2:2}, at: __mod_timer+0x1ae/0xf30
[  271.261348][   T31] 1 lock held by syz.2.38/6159:
[  271.269160][   T31]  #0: ffff88801dece478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320
[  271.290348][   T31] 3 locks held by syz.2.38/6161:
[  271.307248][   T31]  #0: ffff88801dece478 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x247/0x320
[  271.333609][   T31]  #1: ffff88803109a428 (sb_writers#21){.+.+}-{0:0}, at: vfs_writev+0x288/0x960
[  271.357440][   T31]  #2: ffff88805dbb8148 (&sb->s_type->i_mutex_key#28){++++}-{4:4}, at: netfs_start_io_direct+0x1ef/0x230
[  271.389204][   T31] 2 locks held by syz.3.433/7882:
[  271.401666][   T31] 2 locks held by syz.5.446/7925:
[  271.408150][   T31] 1 lock held by dhcpcd-run-hook/7952:
[  271.414994][   T31] 
[  271.417477][   T31] =============================================
[  271.417477][   T31] 
[  271.440148][   T31] NMI backtrace for cpu 1
[  271.440165][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  271.440185][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  271.440196][   T31] Call Trace:
[  271.440203][   T31]  <TASK>
[  271.440210][   T31]  dump_stack_lvl+0x189/0x250
[  271.440237][   T31]  ? __wake_up_klogd+0xd9/0x110
[  271.440257][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.440280][   T31]  ? __pfx__printk+0x10/0x10
[  271.440310][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  271.440337][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  271.440357][   T31]  ? _printk+0xcf/0x120
[  271.440378][   T31]  ? __pfx__printk+0x10/0x10
[  271.440405][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  271.440427][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  271.440452][   T31]  watchdog+0xfee/0x1030
[  271.440472][   T31]  ? watchdog+0x1de/0x1030
[  271.440496][   T31]  kthread+0x70e/0x8a0
[  271.440517][   T31]  ? __pfx_watchdog+0x10/0x10
[  271.440533][   T31]  ? __pfx_kthread+0x10/0x10
[  271.440552][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  271.440574][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.440596][   T31]  ? __pfx_kthread+0x10/0x10
[  271.440613][   T31]  ret_from_fork+0x3fc/0x770
[  271.440637][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  271.440664][   T31]  ? __switch_to_asm+0x39/0x70
[  271.440679][   T31]  ? __switch_to_asm+0x33/0x70
[  271.440694][   T31]  ? __pfx_kthread+0x10/0x10
[  271.440711][   T31]  ret_from_fork_asm+0x1a/0x30
[  271.440746][   T31]  </TASK>
[  271.440769][   T31] Sending NMI from CPU 1 to CPUs 0:
[  271.605411][    C0] NMI backtrace for cpu 0
[  271.605429][    C0] CPU: 0 UID: 0 PID: 6008 Comm: kworker/u8:10 Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  271.605449][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  271.605459][    C0] Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet
[  271.605490][    C0] RIP: 0010:__lock_acquire+0x50c/0xd20
[  271.605512][    C0] Code: 49 83 c7 28 41 89 c4 48 39 cb 0f 8d d6 00 00 00 48 83 fb 31 0f 83 92 00 00 00 41 8b 07 25 ff 1f 00 00 48 0f a3 05 24 34 0a 12 <73> 10 48 69 c0 c8 00 00 00 48 8d 88 f0 d2 48 93 eb 40 83 3d 6b c3
[  271.605536][    C0] RSP: 0018:ffffc9000b657770 EFLAGS: 00000003
[  271.605550][    C0] RAX: 000000000000075e RBX: 0000000000000002 RCX: 0000000000000003
[  271.605561][    C0] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff88807b6e0000
[  271.605571][    C0] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff8b37e768
[  271.605582][    C0] R10: dffffc0000000000 R11: ffffed100a239a17 R12: 00000000ffffff05
[  271.605594][    C0] R13: 0000000000000001 R14: ffff88807b6e0b68 R15: ffff88807b6e0b60
[  271.605606][    C0] FS:  0000000000000000(0000) GS:ffff888125c1e000(0000) knlGS:0000000000000000
[  271.605619][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  271.605631][    C0] CR2: 00005630f3a75950 CR3: 000000007800a000 CR4: 00000000003526f0
[  271.605645][    C0] Call Trace:
[  271.605652][    C0]  <TASK>
[  271.605663][    C0]  ? batadv_iv_ogm_schedule+0x3f8/0xea0
[  271.605685][    C0]  lock_acquire+0x120/0x360
[  271.605703][    C0]  ? batadv_iv_ogm_schedule+0x3f8/0xea0
[  271.605729][    C0]  ? batadv_iv_ogm_schedule+0x3f8/0xea0
[  271.605753][    C0]  batadv_iv_ogm_schedule+0x41c/0xea0
[  271.605774][    C0]  ? batadv_iv_ogm_schedule+0x3f8/0xea0
[  271.605802][    C0]  ? batadv_iv_ogm_schedule+0x3f8/0xea0
[  271.605823][    C0]  ? __pfx_batadv_iv_ogm_schedule+0x10/0x10
[  271.605846][    C0]  ? batadv_send_skb_packet+0x45d/0x6d0
[  271.605868][    C0]  batadv_iv_send_outstanding_bat_ogm_packet+0x6c6/0x7e0
[  271.605896][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  271.605917][    C0]  process_scheduled_works+0xae1/0x17b0
[  271.605949][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  271.605976][    C0]  worker_thread+0x8a0/0xda0
[  271.605997][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  271.606023][    C0]  ? __kthread_parkme+0x7b/0x200
[  271.606048][    C0]  kthread+0x70e/0x8a0
[  271.606064][    C0]  ? __pfx_worker_thread+0x10/0x10
[  271.606084][    C0]  ? __pfx_kthread+0x10/0x10
[  271.606099][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  271.606125][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.606148][    C0]  ? __pfx_kthread+0x10/0x10
[  271.606162][    C0]  ret_from_fork+0x3fc/0x770
[  271.606183][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  271.606205][    C0]  ? __switch_to_asm+0x39/0x70
[  271.606221][    C0]  ? __switch_to_asm+0x33/0x70
[  271.606235][    C0]  ? __pfx_kthread+0x10/0x10
[  271.606250][    C0]  ret_from_fork_asm+0x1a/0x30
[  271.606272][    C0]  </TASK>
[  271.755700][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  271.755720][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250703-syzkaller #0 PREEMPT(full) 
[  271.755740][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  271.755751][   T31] Call Trace:
[  271.755760][   T31]  <TASK>
[  271.755768][   T31]  dump_stack_lvl+0x99/0x250
[  271.755797][   T31]  ? __asan_memcpy+0x40/0x70
[  271.755818][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  271.755842][   T31]  ? __pfx__printk+0x10/0x10
[  271.755873][   T31]  panic+0x2db/0x790
[  271.755901][   T31]  ? __pfx_panic+0x10/0x10
[  271.755924][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  271.755952][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  271.755974][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  271.756003][   T31]  watchdog+0x102d/0x1030
[  271.756024][   T31]  ? watchdog+0x1de/0x1030
[  271.756049][   T31]  kthread+0x70e/0x8a0
[  271.756070][   T31]  ? __pfx_watchdog+0x10/0x10
[  271.756087][   T31]  ? __pfx_kthread+0x10/0x10
[  271.756106][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  271.756128][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  271.756151][   T31]  ? __pfx_kthread+0x10/0x10
[  271.756168][   T31]  ret_from_fork+0x3fc/0x770
[  271.756192][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  271.756219][   T31]  ? __switch_to_asm+0x39/0x70
[  271.756234][   T31]  ? __switch_to_asm+0x33/0x70
[  271.756250][   T31]  ? __pfx_kthread+0x10/0x10
[  271.756267][   T31]  ret_from_fork_asm+0x1a/0x30
[  271.756298][   T31]  </TASK>
[  272.041729][   T31] Kernel Offset: disabled
[  272.046037][   T31] Rebooting in 86400 seconds..