last executing test programs: 26.399681713s ago: executing program 0 (id=175): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000004c80)={@fallback, 0xffffffffffffffff, 0xe, 0x2002}, 0x20) syz_usb_connect(0x3, 0x52, &(0x7f0000000280)=ANY=[@ANYBLOB="12011001a192fa402104f501da5702000001090240000101007490090479ff000202ff000d240f0102000000faff040040052406000005240008000d240f01"], 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r4, 0x0, 0x8880) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f0000000280)=[{0x28, 0x8, 0x0, 0xbfffdffe}, {0x80000006, 0x9, 0x9, 0x5}]}, 0x10) bind$bt_hci(r7, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r7, &(0x7f0000000000)="09000300010000", 0x7) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r5) sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000080)=r1, 0x4) r8 = fsopen(&(0x7f0000000380)='hugetlbfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000540)='umd\xa0Z\xac\xfb\xe9\xb2\xb8FK\xa9\x1a\xaf\xb0\x95d\xdb@~\x93x\xa6\x19\xb1b\xd0\xf9\xf9\xc2 \x02\x00\x00\x00\x00\x00\x00\xa2\xab\x87\xa6s\t1`\x89\xa3$\xc6\xbb\x01\xcfbyX\n\xd3F\x17:%\xd3RI\xea\x92EN\xcf\x93]\x04\x8a\x8f\xab\xea\x8b\'\xba\x1fE\xff\xe2+ \xc7\xe7\xfe\xb7)z%\xbe\x1f\x13\xb3\xe29\x98\x88\xed_\x98\x94!*\x8e\xb0\x8d\x0f\x1fLf-L;\xd5X\xae\xd9\x85\xf8i7a\xf2\x03\x8e\xf2@\x06\xd6\x1f\xa0P\x16-\x1a\xa0\x19\xb8\xa1V4\xa9\xbc/\xf2\xf5\xad\xd7R\xaf}\xef\x93\x9d\xe2\x16Ghy\xd5\xe9U\xcfm\x10\x8aF\x1a\xf8\x01\x82ML\x80m\x8av]<\xf0\xfe\x1c\x1d\xf7~\xc1\x8e\xea1;h\xe7j\xcaE\xb2\xf5\xf6\xc4\xd5!Z\xda\xd2\xc3\xe3H\x99\x96j]\xe4\x82\xea\x15\xea\x89\r\xcf\xa8\x95t', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 22.600390736s ago: executing program 0 (id=182): prlimit64(0x0, 0x6, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpgrp(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4081, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x70}, [@ldst={0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000640)='syzkaller\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/181, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x24}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 21.335769477s ago: executing program 0 (id=184): prlimit64(0x0, 0x6, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4081, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x70}, [@ldst={0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000640)='syzkaller\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/181, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x24}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) getpid() socketpair$unix(0x1, 0x2, 0x0, 0x0) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 17.818055612s ago: executing program 0 (id=190): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000004c80)={@fallback, 0xffffffffffffffff, 0xe, 0x2002}, 0x20) syz_usb_connect(0x3, 0x52, &(0x7f0000000280)=ANY=[@ANYBLOB="12011001a192fa402104f501da5702000001090240000101007490090479ff000202ff000d240f0102000000faff040040052406000005240008000d240f01"], 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r4, 0x0, 0x8880) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f0000000280)=[{0x28, 0x8, 0x0, 0xbfffdffe}, {0x80000006, 0x9, 0x9, 0x5}]}, 0x10) bind$bt_hci(r7, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r7, &(0x7f0000000000)="09000300010000", 0x7) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r5) sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000080)=r1, 0x4) r8 = fsopen(&(0x7f0000000380)='hugetlbfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000540)='umd\xa0Z\xac\xfb\xe9\xb2\xb8FK\xa9\x1a\xaf\xb0\x95d\xdb@~\x93x\xa6\x19\xb1b\xd0\xf9\xf9\xc2 \x02\x00\x00\x00\x00\x00\x00\xa2\xab\x87\xa6s\t1`\x89\xa3$\xc6\xbb\x01\xcfbyX\n\xd3F\x17:%\xd3RI\xea\x92EN\xcf\x93]\x04\x8a\x8f\xab\xea\x8b\'\xba\x1fE\xff\xe2+ \xc7\xe7\xfe\xb7)z%\xbe\x1f\x13\xb3\xe29\x98\x88\xed_\x98\x94!*\x8e\xb0\x8d\x0f\x1fLf-L;\xd5X\xae\xd9\x85\xf8i7a\xf2\x03\x8e\xf2@\x06\xd6\x1f\xa0P\x16-\x1a\xa0\x19\xb8\xa1V4\xa9\xbc/\xf2\xf5\xad\xd7R\xaf}\xef\x93\x9d\xe2\x16Ghy\xd5\xe9U\xcfm\x10\x8aF\x1a\xf8\x01\x82ML\x80m\x8av]<\xf0\xfe\x1c\x1d\xf7~\xc1\x8e\xea1;h\xe7j\xcaE\xb2\xf5\xf6\xc4\xd5!Z\xda\xd2\xc3\xe3H\x99\x96j]\xe4\x82\xea\x15\xea\x89\r\xcf\xa8\x95t', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 14.47510293s ago: executing program 2 (id=195): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_rdma(0x10, 0x3, 0x14) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$TIPC_CONN_TIMEOUT(r3, 0x10f, 0x82, 0x0, &(0x7f00000000c0)) (fail_nth: 1) 11.223090396s ago: executing program 0 (id=201): r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000004c0)=@urb_type_control={0x2, {0x0, 0x1}, 0x3f, 0x0, &(0x7f0000000240)={0x1, 0xf, 0x0, 0x1}, 0x8, 0x4, 0x0, 0x0, 0x3ff, 0x1ffffd, 0x0}) close(r0) syz_usb_connect$cdc_ncm(0x6, 0x73, &(0x7f0000000040)=ANY=[@ANYBLOB="12015002020000002505a1a44000010203010902610002010484080000000001020d000005240600010524020006000606241a798b8b6d2401040109058103000258057f0904010000020d00000904010102020d00000905820238007f0117090503"], 0x0) syz_usb_connect(0x3, 0xf5, &(0x7f0000000000)=ANY=[], 0x0) syz_usb_connect$cdc_ecm(0x3, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000102505a1a440000000010109024c07010100c08109040000fe03020000052406000005240002000d240f01bfffffff0000000000042413020424130109058103000407100709058202000207fc00090503"], 0x0) r1 = memfd_create(&(0x7f0000000280)='-B\xd5N4:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc8<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGUOMX\x164\xec\x06i\x85\x93\x87YB.e\xea2|A\x95\x05\xc3\x11\xde\xa0\x14*4\x83J\xa1\xddc\xde\x91 sO\xfb\xcc\r\xa8\x05\xa3\xab\xe6\xb5\xe4\x8b\x128\xa8\x05\xf9\f\xb4\x97\x1c\x82\xfd\x80O\x00\x00\x00\x00\x00\x00\x00', 0x1) r2 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000400)='/proc/asound/card0/oss_mixer\x00', 0x4000, 0x0) lstat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000580)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xffffffffffffffff}}, './file0\x00'}) fchown(r2, r3, r4) r5 = dup(r1) r6 = socket$inet(0xa, 0x801, 0x0) setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x44, 0x6, 0x398, 0x160, 0x98, 0x220, 0x308, 0x220, 0x3d0, 0x3d0, 0x3d0, 0x3d0, 0x3d0, 0x6, 0x0, {[{{@ip={@broadcast, @dev, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28}}, {{@ip={@remote, @local, 0x0, 0x0, 'vcan0\x00', 'sit0\x00', {}, {}, 0x6, 0x0, 0x48}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @multicast2}}}, {{@uncond, 0x0, 0x70, 0x98}, @ECN={0x28}}, {{@ip={@rand_addr, @multicast2, 0xffffffff, 0x0, 'syzkaller0\x00', 'bond0\x00'}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x3f8) write$binfmt_elf32(r5, &(0x7f0000000480)=ANY=[@ANYBLOB="7f454c464a030103ff0700000000000002000300040000003e03000038000000d600000097700000fe0320"], 0x58) execveat(r5, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) ioctl$VHOST_SET_MEM_TABLE(r5, 0x4008af03, &(0x7f00000001c0)={0x2, 0x0, [{0x30000, 0xa7, &(0x7f00000000c0)=""/167}, {0x1, 0x33, &(0x7f0000000180)=""/51}]}) setuid(0xee01) r7 = socket(0x1, 0x5, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x89fe, &(0x7f0000000340)={'bridge0\x00', &(0x7f0000000000)=@ethtool_coalesce={0xf, 0x0, 0x1fd, 0x0, 0x7, 0x9, 0x0, 0x5, 0x9, 0x5, 0xca1, 0x8, 0x1, 0x6, 0xff, 0x9, 0x3, 0x7, 0x7, 0xb, 0x64, 0x1000, 0xc}}) r8 = socket(0x2, 0x2, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_usb_connect(0x0, 0x2d, &(0x7f00000005c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd00090582020002"], 0x0) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000680)=@mangle={'mangle\x00', 0x1f, 0x6, 0x7e8, 0x628, 0x418, 0x328, 0x0, 0x418, 0x718, 0x718, 0x718, 0x718, 0x718, 0x6, &(0x7f0000000600), {[{{@uncond, 0x0, 0x300, 0x328, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x8}}, @common=@unspec=@bpf0={{0x230}, {0x14, [{0x3ff, 0x9, 0x7, 0x3}, {0x8, 0xf, 0x2, 0x2}, {0x6, 0xf, 0xc, 0x4}, {0x1, 0x3, 0x0, 0x400}, {0xc, 0x1, 0x3, 0x3}, {0x5, 0xac, 0xd3, 0x7}, {0x80, 0x80, 0xd, 0x6}, {0xf1, 0x8, 0x0, 0x7}, {0x7ff, 0x4, 0x3, 0x8}, {0x9, 0x8, 0x6, 0x8}, {0x7, 0x2, 0xac, 0x40}, {0x8000, 0x3f, 0x1, 0x6f618725}, {0x4fa, 0x13, 0x9, 0x8}, {0x0, 0x5, 0x4, 0xfffffffe}, {0x1, 0x33, 0x1, 0x4}, {0x70, 0x8, 0xe1, 0x2000}, {0xf, 0x9, 0x52, 0x6}, {0x2, 0x6, 0x2, 0xffffffff}, {0x0, 0x0, 0x0, 0x3}, {0x80, 0x9, 0x5, 0x9}, {0x9, 0x80, 0x1, 0xfd40}, {0x2, 0x6, 0x7, 0x100}, {0x3, 0x3, 0xa2, 0x2}, {0x23f, 0xd, 0x5, 0x100}, {0xff45, 0x5, 0x1, 0x8}, {0xc09, 0x1, 0x3, 0x4}, {0x6, 0x4, 0x5, 0xb}, {0x2, 0x3, 0x5, 0x7f}, {0xe, 0xff, 0xb, 0x4}, {0x3, 0xac, 0x0, 0x100000}, {0x0, 0x80, 0x2d, 0x9}, {0x3, 0x3, 0xf8, 0x6d02ad3a}, {0x2, 0x6, 0xb3, 0x40000}, {0x9, 0x1, 0xc, 0x7fffffff}, {0x1, 0xe6, 0x7, 0x4}, {0x4, 0x9, 0x8, 0x3}, {0x4, 0x7, 0x8}, {0x7cb5, 0x8, 0x3, 0x3}, {0x100, 0x56, 0x1, 0xf}, {0x2, 0x5, 0x1, 0x1}, {0x5, 0x56}, {0x800, 0x9, 0x0, 0x6}, {0x8, 0x5f, 0xd9, 0x6d4}, {0x3, 0x5, 0x2, 0x7}, {0x5, 0x8, 0x9, 0x40}, {0x2, 0x98, 0x3, 0xfff}, {0x3, 0xa, 0x3, 0x3}, {0x4, 0xee, 0x9, 0x3}, {0x1ff, 0x6, 0x2, 0x2800}, {0x28, 0x80, 0x4}, {0xff9b, 0xff, 0x0, 0xc7}, {0x16f9, 0x81, 0x2, 0x5}, {0xc, 0x40, 0xe, 0x9}, {0x9, 0x65, 0x6, 0x1}, {0x1, 0x2, 0x7f, 0x81}, {0x4, 0xd0, 0x3, 0x5c4}, {0xe981, 0x7, 0xf9, 0x7ff}, {0xb, 0x4, 0x6, 0x80000001}, {0x2, 0xff, 0xfb, 0x3}, {0x9, 0x59, 0x0, 0x89d}, {0x7, 0x8, 0x9, 0x10000}, {0x2, 0xf, 0x0, 0x100}, {0x9, 0xfe, 0x4, 0x200}, {0x6, 0xe, 0xfe, 0x4}], {0x1}}}]}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x17}, @empty, [0xffffffff, 0xff000000, 0x0, 0xffffff00], [0xff, 0xff000000, 0x0, 0xff000000], 'wlan1\x00', 'syzkaller1\x00', {0xff}, {0xff}, 0x84, 0x3, 0x6, 0x8}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}, @ipv6=@mcast2, 0x24, 0x1c, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @HL={0x28, 'HL\x00', 0x0, {0x1, 0x2}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@common=@hl={{0x28}, {0x2, 0xe}}, @common=@hl={{0x28}, {0x1, 0x6}}]}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@empty, @ipv6=@remote, 0x2, 0x8, 0x2}}}, {{@ipv6={@local, @mcast1, [0xff, 0xff000000, 0xffff00, 0xa8b1ec008f0baeb0], [0x0, 0xffffffff, 0xff000000], 'ip6tnl0\x00', 'wlan0\x00', {}, {0xff}, 0x1, 0xdf, 0x1, 0x14}, 0x0, 0xa8, 0xf0}, @DNPT={0x48, 'DNPT\x00', 0x0, {@ipv6=@empty, @ipv6=@local, 0x10, 0x11, 0x8}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x848) syz_usb_control_io$hid(r10, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r10, 0x82, 0xa8, &(0x7f0000000100)=ANY=[@ANYBLOB="1b1b", @ANYRES16=r9]) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xd) 10.816087669s ago: executing program 2 (id=202): prlimit64(0x0, 0x6, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpgrp(0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4081, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x70}, [@ldst={0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000640)='syzkaller\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/181, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x24}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 9.617721058s ago: executing program 3 (id=203): r0 = socket$inet6_udp(0xa, 0x2, 0x0) close(r0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000) 8.768361035s ago: executing program 2 (id=204): r0 = socket$inet6_udp(0xa, 0x2, 0x0) close(r0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000) (fail_nth: 1) 7.919839983s ago: executing program 1 (id=205): syz_mount_image$ext4(&(0x7f0000000ac0)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x3810745, &(0x7f00000000c0), 0x1, 0x46b, &(0x7f0000000b00)="$eJzs3M1vVFUbAPDn3s4AL/AyFfEDBK2isfGjpQWVhS40mrjQxEQXuKxtIchADa2JEKLVGFwaEvfGpYl/gStXRl2ZuNW9ISFKTEA3jrkz99LOMFOmMO1A5/dLLpwz98w958k953LmnBkCGFgj2R9JxPaI+DUiKo1sc4GRxl9XL5+b/vvyuekkarU3/0jq5a5cPjddFC3ety3PjKYR6adJXkmz+TNnT0xVq7On8/z4wsn3xufPnH36+MmpY7PHZk9NHj586ODEc89OPtOTOLM2Xdnz4dze3a++feH16SMX3vnxm6y99+5rnF8eRze2d1FmJAv8z1pd67nHVlPZHeDf2lKcSanfraFbQxGR3a5yffxXYiiWbl4lXvmkr40D1lT2zN7c+fRiDdjAkuh3C4D+KP6hzz7/Fsc6TT1uC5debHwAyuK+mh+NM6VI8zLlNax/JCKOLP7zZXZEyzpErc26AQDArfoum/88df38r7430ijywra8bCUihiPirojYGRF3R8SuiLgnL3tfRNy/yvpbt4aun3+mF282tm5k87/n872t5vlfMfuL4aE89/96/OXk6PHq7IGI2BERo1HenOUn2l28uMTLv3zeqf7l87/syOov5oL5RS6WWhboZqYWpno1Kb30ccSeUrv4k2s7AVlf2B0Re1Z36R1F4vgTX+/tVOjG8a+gB/tMta8iHm/c/8Voib+QrLw/Ob4lqrMHxotecb2ffj7/Rqf6byn+Hsju/9bm/t9SovJXsny/dn71dZz/7bOOnylLN9n/NyVv1fdgN+WvfTC1sHB6ImJT8lo93/T65NJ7i3xRPot/dP9S/BFL439n/p4s/gciIuvE+yLiwYh4KL93D0fEIxGxf4X4f3jp0Xc7nbsd7v9M2+fftf4/3Hz/V58YOvH9t53q7+75d6ieGs1fqT//bqBzc7bkJW62NwMAAMCdJ61/lz1Jx66l03RsrPF9+V2xNa3OzS88eXTu/VMzje+8D0c5LVa6KsvWQyeSxfyKjfxkvlZcnD+Yrxt/MfS/en5seq460+fYYdBt6zD+M78P9bt1wJq70T6a5wBsXK3jP+1TO4D15/faMLiMfxhc3Y7/Q2vcDmD9tRv/H7XkrQHCxmT+D4PL+IfBZfzD4DL+YSDdyu/61ypRWuHX++uWKK/4nwhInI30tmiGRJtEqQeju88PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB75LwAA//+MOu7f") bpf$ENABLE_STATS(0x20, 0x0, 0x0) (async) r0 = socket$packet(0x11, 0x2, 0x300) (async) syz_mount_image$xfs(&(0x7f0000009700), &(0x7f0000009740)='./file0\x00', 0x4000000, &(0x7f00000000c0)={[{@filestreams}, {@usrquota}, {@noalign}, {@pquota}, {@inode32}, {@discard}, {@prjquota}, {@usrquota}, {@gquota}, {@nolargeio}]}, 0x1, 0x975c, &(0x7f000000b580)="$eJzs/QWcbXWhuP/PgUM3giBSUmKSEqJIhyJKihKCtKSACCgdSqigCCjd3d2d0t3d3R3/14EDKj5wvd/f/V+8Ps/zYmbPjlnz2Z/3Wou9Z83Ze6n5FptrYGDMgfd6//RvXbTbvcstPtpC6528y+Bb9t5x4SeGXjz8eydjzTH0dM6hp3MNDAwMGrqcQe9dNnj2k04eZmDwwJD//taoI408zKgDAyMPPTt0OQMzv3cyyiHv3+6dD8UDnXTIj9vhvY93G23IQoZ8sczyb609MDAw4t99/5BxTftPd1TaUnPOP9/frD5wG2bo1YP+dt27p4Pf+xjlgIGBUfYb+Oj1Y8hth/u77/3fbMjPHHPygSXu/QR+9v+5lppz/gU/5D9kWxx26GUzD9nGP7wNGvvwer7jYms8NnQKBw2duMF/t718Euv9/1NLzTnfQgMfvR0PLDzvpo++8+5+c/A8AwOD5x0YGDzfwMDg+T9pj/qf6RNd+aqqquoTac65ZhjynH2YDz0eGPH9x7X0uPCyN6d7cGBg8MLvPU8cvPz7zwWrqqqqqqqq6t+zOeeaYW54/j/mxz3/n/TMbcbq+X9VVVVVVVXV/50WnHOuGYY81//Q8//xP+75/7OPH33we3/7P8fM733X25/snaiqqqqqqqqqj22+BfH5/6Qf9/z/ipMmvbrn/1VVVVVVVVX/d1r0nXfe2fzvXmdv6MVTv389Pf8/+5G7l/3EBlxVVVVVVVVV/+3efuqMc/72mu8TD3zo9d7fbejvBQYdd961135iA/33aNA//z5ki096TP9fG+I84hGTDgysvcQnPZT6BPo/81r19f+X8neXv7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/cR9x/P+D1/8/+4QV338v+M9POcOtZ/ztO9997//BCy/41Jaf0NA/if5Tj/8PrD5oYGCo75irDwwMLDznootPPTAwcMatM0w5xcAH180y5LrZxh723TeIf/+ficw7Fi94i8neOx2yogyM88Eyjnt3+Qu+s/+wgz40iL9rrFMOPni1pV6Z8cOnU330/Rjmg69GO/nx9/8tyzAfutGIH/HN7y///fvyYeehY596yNin2WCtdadZf+NNvrL6WiusuvKqK6896/QzTTfjrLPONNM0q6y+5srTvvf5o+Zs0nc/z/2vzNmoH56zp+b8+zn78H37qDmb9OPn7N0l7nr5iN96f84G/zfnbO6Pn7NJVx/6g8aaY7iB5d+dm0EDA2PNM9zARkPOTDfCwMBY8w697fhDbvuNsYcZGNj5b3d0yFcjfLAODtpiyG2Wmm+xud7bTQ0M/O30b33E+9kPP3Tkcww9nXPo6Vzv/ZgxB/62Kg6e/aSThxkyF/8wHaOONPIwow4MjDz07NDlDMz63snIZ75/u494n/UPDfTdl1nZ4b2PdxttYGBglCFfTLzC2dsOmfr/hfdp/3/6//8/ec0y6IP1cdDQj6G3ec9rzvkX/NvPencahszdsEMvm3mIyf/wW9v/Q/803klHHJj0Y8b7Ma+L8260fq15xrhb/U+9Lg6Nd/yPGe/HvI7vR453yQf3eOy9Rf2PjfdD+7qF3v08x7+yrxv4+H3dsLSAla+a6MP7uu989BD/YXf5/hyN8KEbfdS+bvy9JtliyPLn+Ph93UJDxj7cP+zrhhkYGGvu9/d1Q3Z88w03sPOQM9MPOTP/cAOHDTkzw7tnRho4b8iZr664zporDblggX9eD6Ye9A9/oAnb2Xwf2s4G/d19H/Shv+8c/N7pKAe8/x5OH7HfHDT0bv2X+wpab8f8mPF+zPtP4TwPuWyl40cc93/q/adovCN+/Hg/6v2yP3K8O7189r3/w+P9YDsb7u+ma4F/ZTub9B+3syF3cdi/2zL+1cdhK8Ht3/t6/A+WtuFmj3/wmGK4Dy33v3pMscDHb2djrv6h79t+v4FBHzc38/8rczPhP+2Dtvz7uflXH29NPfl71w/7MXMzwqzLTfX+3Az/35yb+f+7czPHwLD/ODeDB+YdGBiYYuj+Yb5/ZW7G//i5+VfXm5Hh9u99vfIHF82z4xGXvD83H56L/2pu5vvvzs2kH6w3U7x73WTDDAw//MBGK2ywwXrTvff5/bPTv/f547fBef6VuRzzf2YuJxj8UXP5t1V11AevPuC/2Ab/aZ/+/vLn+e/O5cAHczmw+oc3lvp3rd//ucvfXf7u8neXv7v83eUv7iOO/3/w+v+7jznbLkN/uTHc1ZOMt90nPd5PuP/o4/9Dff/h+P92401y9TADH1z3scdn37vNv+Xx2ZnfOxnlkPdv9+HjgzzQjz4+u9+sM2/zv3R89v+p97fVf+H3cO3/3eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uI+4vj/tO//HcAj0y3y/NADocM9sfXSi3zS4/2E+48+/j/U9x+O/y+y9NZPDDPwwXUfe/z/vds4jv/f/8Z8O/07H/9/f1vt+H/9F+XvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y99d/uI+4vj/HO//HcDRR++xyft/D3DjWDuc8UmP9xPuP/X4f+//7639v7v83eXvLn93+bvL313+7vJ3l7+7/N3l7y5/d/m7y1/c0OP/Ax96e8vvt15gcPz//3Yf4b9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/j/IH/M4r9U/pjF/4f5Yxb/H+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6Yxf/H+WMW/+Xzxyz+K+SPWfx/kj9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+P80f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+P8sf8ziv17+mMV//fwxi/8G+WMW/5/nj1n8N8wfs/j/In/M4r9R/pjFf+P8MYv/JvljFv9f5o9Z/H+VP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/9f5Yxb/3+SPWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf+3+WMW/9/lj1n8f58/ZvHfOX/M4r9L/pjF/w/5Yxb/P+aPWfx3zR+z+P8pf8ziv1v+mMV/9/wxi/8e+WMW/z/nj1n8/5I/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvH/a/6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGL/1v5Yxb/t/PHLP7v5I9J/AcN5I9Z/Aflj1n8h8kfs/gPmz9m8R+cP2bxHy5/zOI/fP6YxX+E/DGL/4j5Yxb/kfLHLP4j549Z/EfJH7P4j5o/ZvEfLX/M4j96/pjFf4z8MYv/mPljFv+x8scs/mPnj1n8P5U/ZvEfJ3/M4j9u/pjF/9P5Yxb/8fLHLP7j549Z/D+TP2bxnyB/zOL/2fwxi/+E+WMW/4nyxyz+E+ePWfwnyR+z+E+aP2bx/1z+mMV/svf9R/yExvVvmsV/8rZ/zOI/Rf6YxX/K/DGL/1T5Yxb/z+ePWfynzh+z+H8hf8zi/8X8MYv/l/LHLP5fzh+z+H8lf8zi/9X8MYv/NPljFv9p88cs/tPlj1n8p88fs/jPkD9m8Z8xf8zi/7X8MYv/TPljFv+Z88cs/rPkj1n8Z80fs/h/PX/M4j9b/pjF/xv5Yxb/b+aPWfxnzx+z+H8rf8ziP0f+mMV/zvwxi/9c+WMW/7nzxyz+8+SPWfznzR+z+M+XP2bxnz9/zOK/QP6YxX/B/DGL/7fzxyz+38kfs/gvlD9m8f9u/pjFf+H8MYv/9/LHLP7fzx+z+C+SP2bxXzR/zOK/WP6YxX/x/DGL/xL5Yxb/JfPHLP4/yB+z+C+VP2bx/2H+mMX/R/ljFv+l88cs/svkj1n8l80fs/gvlz9m8f9x/pjFf/n8MYv/CvljFv+f5I9Z/FfMH7P4r5Q/ZvFfOX/M4r9K/pjFf9X8MYv/avljFv/V88cs/j/NH7P4r5E/ZvFfM3/M4r9W/pjFf+38MYv/OvljFv9188cs/j/LH7P4r5c/ZvFfP3/M4r9B/pjF/+f5Yxb/DfPHLP6/yB+z+G+UP2bx3zh/zOK/Sf6Yxf+X+WMW/1/lj1n8N80fs/hvlj9m8d88f8ziv0X+mMV/y/wxi/9W+WMW/63zxyz+2+SPWfy3zR+z+G+XP2bx/3X+mMX/N/ljFv/t88cs/jvkj1n8d8wfs/jvlD9m8f9t/pjF/3f5Yxb/3+ePWfx3zh+z+O+SP2bx/0P+mMX/j/ljFv9d88cs/n/KH7P475Y/ZvHfPX/M4r9H/pjF/8/5Yxb/v+SPWfz3zB+z+O+VP2bx3zt/zOK/T/6YxX/f/DGL/375Yxb//fPHLP4H5I9Z/A/MH7P4H5Q/ZvE/OH/M4n9I/pjF/9B/9H/4f31c/6ZZ/A9r+8cs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+T+L9b/v+cxH/QlfljFv+r8scs/lfnj1n8r8kfs/hfmz9m8b8uf8zif33+mMX/hvwxi/+N+WMW/5vyxyz+N+ePWfxvyR+z+N+aP2bxvy1/zOJ/e/6Yxf+O/DGL/535Yxb/u/LHLP53549Z/O/JH7P435s/ZvG/L3/M4n9//pjF/4H8MYv/g/ljFv+H8scs/g/nj1n8H8kfs/g/mj9m8X8sf8zi/3j+mMX/ifwxi/+T+WMW/6fyxyz+T+ePWfyfyR+z+D+bP2bxfy5/zOL/fP6Yxf+F/DGL/4v5Yxb/l/LHLP4v549Z/F/JH7P4v5o/ZvF/Lf/h6UKL/+v5Yxb/N/LHLP5v5o9Z/N/KH7P4v50/ZvF/J39M4v/ul/n/cxb/QfljFv9h8scs/sPmj1n8B+ePWfyHyx+z+A+fP2bxHyF/zOI/Yv6YxX+k/DGL/8j5Yxb/UfLHLP6j5o9Z/EfLH7P4j54/ZvEfI3/M4j9m/pjFf6z8MYv/2PljFv9P5Y9Z/MfJH7P4j5s/ZvH/dP6YxX+8/DGL//j5Yxb/z+SPWfwnyB+z+H82f8ziP2H+mMV/ovwxi//E+WMW/0nyxyz+k+aPWfw/lz9m8Z8sf8ziP3n+mMV/ivwxi/+U+WMW/6nyxyz+n88fs/hPnT9m8f9C/pjF/4v5Yxb/L+WPWfy/nD9m8f9K/pjF/6v5Yxb/afLHLP7T5o8Numi34QYGBv7j/afLH7Ns/9Pnj1n8Z8gfs/jPmD9m8f9a/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v54/ZvGfLX/M4v+N/DGL/zfzxyz+s+ePWfy/lT9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOK/YP6Yxf/b+WMW/+/kj1n8F8ofs/h/N3/M4r9w/pjF/3v5Yxb/7+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/H+SPWfyXyh+z+P8wf8zi/6P8MYv/0vljFv9l8scs/svmj1n8l8sfs/j/OH/M4r98/pjFf4X8MYv/T/LHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv+f5o9Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv+f5Y9Z/NfLH7P4r58/ZvHfIH/M4v/z/DGL/4b5Yxb/X+SPWfw3yh+z+G+cP2bx3yR/zOL/y/wxi/+v8scs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi//W+WMW/23yxyz+2+aPWfy3yx+z+P86f8zi/5v8MYv/9vljFv8d8scs/jvmj1n8d8ofs/j/Nn/M4v+7/DGL/+/zxyz+O+ePWfx3yR+z+P8hf8zi/8f8MYv/rvljFv8/5Y9Z/HfLH7P4754/ZvHfI3/M4v/n/DGL/1/yxyz+e+aPWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+f80fs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8zi/3b+mMX/nfwxif+wA/ljFv9B+WMW/2Hyxyz+w+aPWfwH549Z/IfLH7P4D58/ZvEfIX/M4j9i/pjFf6T8MYv/yPljFv9R8scs/qPmj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/0/lj1n8x8kfs/iPmz9m8f90/pjFf7z8MYv/+PljFv/P5I9Z/CfIH7P4fzZ/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP6T5o9Z/D+XP2bxnyx/zOI/ef6YxX+K/DGL/5T5Yxb/qfLHLP6fzx+z+E+dP2bx/0L+mMX/i/ljFv8v5Y9Z/L+cP2bx/0r+mMX/q/ljFv9p8scs/tPmj1n8p8sfs/hPnz9m8Z8hf8ziP2P+mMX/a/ljFv+Z8scs/jPnj1n8Z8kfs/jPmj9m8f96/pjFf7b8MYv/N/LHLP7fzB+z+M+eP2bx/1b+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/b+ePWfy/kz9m8V8of8zi/938MYv/wvljFv/v5Y9Z/L+fP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP5L5o9Z/H+QP2bxXyp/zOL/w/wxi/+P8scs/kvnj1n8l8kfs/gvmz9m8V8uf8zi/+P8MYv/8vljFv8V8scs/j/JH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/qvnj1n8f5o/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n8f5Y/ZvFfL3/M4r9+/pjFf4P8MYv/z/PHLP4b5o9Z/H+RP2bx3yh/zOK/cf6YxX+T/DGL/y/zxyz+v8ofs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx3y5/zOL/6/wxi/9v8scs/tvnj1n8d8gfs/jvmD9m8d8pf8zi/9v8MYv/7/LHLP6/zx+z+O+cP2bx3yV/zOL/h/wxi/8f88cs/rvmj1n8/5Q/ZvHfLX/M4r97/pjFf4/8MYv/n/PHLP5/yR+z+O+ZP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+P81f8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfs/i/nj9m8X8jf8zi/2b+mMX/rfwxi//b+WMW/3fyxyT+gwfyxyz+g/LHLP7D5I9Z/IfNH7P4D84fs/gPlz9m8R8+f8ziP0L+mMV/xPwxi/9I+WMW/5Hzxyz+o+SPWfxHzR+z+I+WP2bxHz1/zOI/Rv6YxX/M/DGL/1j5Yxb/sfPHLP6fyh+z+I+TP2bxHzd/zOL/6fwxi/94+WMW//Hzxyz+n8kfs/hPkD9m8f9s/pjFf8L8MYv/RPljFv+J88cs/pPkj1n8J80fs/h/Ln/M4j9Z/pjFf/L8MYv/FPljFv8p88cs/lPlj1n8P58/ZvGfOn/M4v+F/DGL/xfzxyz+X8ofs/h/OX/M4v+V/DGL/1fzxyz+0+SPWfynzR+z+E+XP2bxnz5/zOI/Q/6YxX/G/DGL/9fyxyz+M+WPWfxnzh+z+M+SP2bxnzV/zOL/9fwxi/9s+WMW/2/kj1n8v5k/ZvGfPX/M4v+t/DGL/xz5Yxb/OfPHLP5z5Y9Z/OfOH7P4z5M/ZvGfN3/M4j9f/pjFf/78MYv/AvljFv8F88cs/t/OH7P4fyd/zOK/UP6Yxf+7+WMW/4Xzxyz+38sfs/h/P3/M4r9I/pjFf9H8MYv/YvljFv/F88cs/kvkj1n8l8wfs/j/IH/M4r9U/pjF/4f5Yxb/H+WPWfyXzh+z+C+TP2bxXzZ/zOK/XP6Yxf/H+WMW/+Xzxyz+K+SPWfx/kj9m8V8xf8ziv1L+mMV/5fwxi/8q+WMW/1Xzxyz+q+WPWfxXzx+z+P80f8ziv0b+mMV/zfwxi/9a+WMW/7Xzxyz+6+SPWfzXzR+z+P8sf8ziv17+mMV//fwxi/8G+WMW/5/nj1n8N8wfs/j/In/M4r9R/pjFf+P8MYv/JvljFv9f5o9Z/H+VP2bx3zR/zOK/Wf6YxX/z/DGL/xb5Yxb/LfPHLP5b5Y9Z/LfOH7P4b5M/ZvHfNn/M4r9d/pjF/9f5Yxb/3+SPWfy3zx+z+O+QP2bx3zF/zOK/U/6Yxf+3+WMW/9/lj1n8f58/ZvHfOX/M4r9L/pjF/w/5Yxb/P+aPWfx3zR+z+P8pf8ziv1v+mMV/9/wxi/8e+WMW/z/nj1n8/5I/ZvHfM3/M4r9X/pjFf+/8MYv/PvljFv9988cs/vvlj1n8988fs/gfkD9m8T8wf8zif1D+mMX/4Pwxi/8h+WMW/0Pzxyz+h+WPWfwPzx+z+B+RP2bxPzJ/zOJ/VP6Yxf/o/DGL/zH5Yxb/Y/PHLP7H5Y9Z/I/PH7P4n5A/ZvE/MX/M4n9S/pjF/+T8MYv/KfljFv9T88cs/qflj1n8T88fs/ifkT9m8T8zf8zif1b+mMX/7Pwxi/85+WMW/3Pzxyz+5+WPWfzPzx+z+F+QP2bxvzB/zOJ/Uf6Yxf/i/DGL/yX5Yxb/S/PHLP6X5Y9Z/C/PH7P4X5E/ZvH/a/6Yxf/K/DGL/1X5Yxb/q/PHLP7X5I9Z/K/NH7P4X5c/ZvG/Pn/M4n9D/pjF/8b8MYv/TfljFv+b88cs/rfkj1n8b80fs/jflj9m8b89f8zif0f+mMX/zvwxi/9d+WMW/7vzxyz+9+SPWfzvzR+z+N+XP2bxvz9/zOL/QP6Yxf/B/DGL/0P5Yxb/h/PHLP6P5I9Z/B/NH7P4P5Y/ZvF/PH/M4v9E/pjF/8n8MYv/U/ljFv+n88cs/s/kj1n8n80fs/g/lz9m8X8+f8zi/0L+mMX/xfwxi/9L+WMW/5fzxyz+r+SPWfxfzR+z+L+WP2bxfz1/zOL/Rv6Yxf/N/DGL/1v5Yxb/t/PHLP7v5I9J/IcbyB+z+A/KH7P4D5M/ZvEfNn/M4j84f8ziP1z+mMV/+Pwxi/8I+WMW/xHzxyz+I+WPWfxHzh+z+I+SP2bxHzV/zOI/Wv6YxX/0/DGL/xj5Yxb/MfPHLP5j5Y9Z/MfOH7P4fyp/zOI/Tv6YxX/c/DGL/6fzxyz+4+WPWfzHzx+z+H8mf8ziP0H+mMX/s/ljFv8J88cs/hPlj1n8J84fs/hPkj9m8Z80f8zi/7n8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8f98/pjFf+r8MYv/F/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+E+TP2bxnzZ/zOI/Xf6YxX/6/DGL/wz5Yxb/GfPHLP5fyx+z+M+UP2bxnzl/zOI/S/6YxX/W/DGL/9fzxyz+s+WPWfy/kT9m8f9m/pjFf/b8MYv/t/LHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/h/O3/M4v+d/DGL/0L5Yxb/7+aPWfwXzh+z+H8vf8zi//38MYv/IvljFv9F88cs/ovlj1n8F88fs/gvkT9m8V8yf8zi/4P8MYv/UvljFv8f5o9Z/H+UP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/H+ePWfyXzx+z+K+QP2bx/0n+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOL/0/wxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOL/s/wxi/96+WMW//Xzxyz+G+SPWfx/nj9m8d8wf8zi/4v8MYv/RvljFv+N88cs/pvkj1n8f5k/ZvH/Vf6YxX/T/DGL/2b5Yxb/zfPHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjFf9v8MYv/dvljFv9f549Z/H+TP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/3+aPWfx/lz9m8f99/pjFf+f8MYv/LvljFv8/5I9Z/P+YP2bx3zV/zOL/p/wxi/9u+WMW/93zxyz+e+SPWfz/nD9m8f9L/pjFf8/8MYv/XvljFv+988cs/vvkj1n8980fs/jvlz9m8d8/f8zif0D+mMX/wPwxi/9B+WMW/4Pzxyz+h+SPWfwPzR+z+B+WP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/I/NH7P4H5c/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/6/5Yxb/K/PHLP5X5Y9Z/K/OH7P4X5M/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/jflj1n8b84fs/jfkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/B/OH7P4P5I/ZvF/NH/M4v9Y/pjF//H8MYv/E/ljFv8n88cs/k/lj1n8n84fs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzxyz+L+WPWfxfzh+z+L+SP2bxfzV/zOL/Wv6Yxf/1/DGL/xv5Yxb/N/PHLP5v5Y9Z/N/OH7P4v5M/JvEffiB/zOI/KH/M4j9M/pjFf9j8MYv/4Pwxi/9w+WMW/+Hzxyz+I+SPWfxHzB+z+I+UP2bxHzl/zOI/Sv6YxX/U/DGL/2j5Yxb/0fPHLP5j5I9Z/MfMH7P4j5U/ZvEfO3/M4v+p/DGL/zj5Yxb/cfPHLP6fzh+z+I+XP2bxHz9/zOL/mfwxi/8E+WMW/8/mj1n8J8wfs/hPlD9m8Z84f8ziP0n+mMV/0vwxi//n8scs/pPlj1n8J88fs/hPkT9m8Z8yf8ziP1X+mMX/8/ljFv+p88cs/l/IH7P4fzF/zOL/pfwxi/+X88cs/l/JH7P4fzV/zOI/Tf6YxX/a/DGL/3T5Yxb/6fPHLP4z5I9Z/GfMH7P4fy1/zOI/U/6YxX/m/DGL/yz5Yxb/WfPHLP5fzx+z+M+WP2bx/0b+mMX/m/ljFv/Z88cs/t/KH7P4z5E/ZvGfM3/M4j9X/pjFf+78MYv/PPljFv9588cs/vPlj1n8588fs/gvkD9m8V8wf8zi/+38MYv/d/LHLP4L5Y9Z/L+bP2bxXzh/zOL/vfwxi//388cs/ovkj1n8F80fs/gvlj9m8V88f8ziv0T+mMV/yfwxi/8P8scs/kvlj1n8f5g/ZvH/Uf6YxX/p/LH/UP9BH7Iefpn8sf9Q/3f7++1/2fwxi/9y+WMW/x/nj1n8l88fs/ivkD9m8f9J/pjFf8X8sUEXDRo6M//Z/ivlj1m2/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOL/0/wxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOL/s/wxi/96+WMW//Xzxyz+G+SPWfx/nj9m8d8wf8zi/4v8MYv/RvljFv+N88cs/pvkj1n8f5k/ZvH/Vf6YxX/T/DGL/2b5Yxb/zfPHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjFf9v8MYv/dvljFv9f549Z/H+TP2bx3z5/zOK/Q/6YxX/H/DGL/075Yxb/3+aPWfx/lz9m8f99/pjFf+f8MYv/LvljFv8/5I9Z/P+YP2bx3zV/zOL/p/wxi/9u+WMW/93zxyz+e+SPWfz/nD9m8f9L/pjFf8/8MYv/XvljFv+988cs/vvkj1n8980fs/jvlz9m8d8/f8zif0D+mMX/wPwxi/9B+WMW/4Pzxyz+h+SPWfwPzR+z+B+WP2bxPzx/zOJ/RP6Yxf/I/DGL/1H5Yxb/o/PHLP7H5I9Z/I/NH7P4H5c/ZvE/Pn/M4n9C/pjF/8T8MYv/SfljFv+T88cs/qfkj1n8T80fs/iflj9m8T89f8zif0b+mMX/zPwxi/9Z+WMW/7Pzxyz+5+SPWfzPzR+z+J+XP2bxPz9/zOJ/Qf6Yxf/C/DGL/0X5Yxb/i/PHLP6X5I9Z/C/NH7P4X5Y/ZvG/PH/M4n9F/pjF/6/5Yxb/K/PHLP5X5Y9Z/K/OH7P4X5M/ZvG/Nn/M4n9d/pjF//r8MYv/DfljFv8b88cs/jflj1n8b84fs/jfkj9m8b81f8zif1v+mMX/9vwxi/8d+WMW/zvzxyz+d+WPWfzvzh+z+N+TP2bxvzd/zOJ/X/6Yxf/+/DGL/wP5Yxb/B/PHLP4P5Y9Z/B/OH7P4P5I/ZvF/NH/M4v9Y/pjF//H8MYv/E/ljFv8n88cs/k/lj1n8n84fs/g/kz9m8X82f8zi/1z+mMX/+fwxi/8L+WMW/xfzHxgJLrP4v5Q/ZvF/OX/M4v9K/pjF/9X8MYv/a/ljFv/X88cs/m/kj1n838wfs/i/lT9m8X87f8zi/07+mMR/hIH8MYv/oPwxi/8w+WMW/2Hzxyz+g/PHLP7D5Y9Z/IfPH7P4j5A/ZvEfMX/M4j9S/pjFf+T8MYv/KPljFv9R88cs/qPlj1n8R88fs/iPkT9m8R8zf8ziP1b+QxvxH85Z/MfOH7P4fyp/zOI/Tv6YxX/c/DGL/6fzxyz+4+WPWfzHzx+z+H8mf8ziP0H+mMX/s/ljFv8J88cs/hPlj1n8J84fs/hPkj9m8Z80f8zi/7n8MYv/ZPljFv/J88cs/lPkj1n8p8wfs/hPlT9m8f98/pjFf+r8MYv/F/LHLP5fzB+z+H8pf8zi/+X8MYv/V/LHLP5fzR+z+E+TP2bxnzZ/zOI/Xf6YxX/6/DGL/wz5Yxb/GfPHLP5fyx+z+M+UP2bxnzl/zOI/S/6YxX/W/DGL/9fzxyz+s+WPWfy/kT9m8f9m/pjFf/b8MYv/t/LHLP5z5I9Z/OfMH7P4z5U/ZvGfO3/M4j9P/pjFf978MYv/fPljFv/588cs/gvkj1n8F8wfs/h/O3/M4v+d/DGL/0L5Yxb/7+aPWfwXzh+z+H8vf8zi//38MYv/IvljFv9F88cs/ovlj1n8F88fs/gvkT9m8V8yf8zi/4P8MYv/UvljFv8f5o9Z/H+UP2bxXzp/zOK/TP6YxX/Z/DGL/3L5Yxb/H+ePWfyXzx+z+K+QP2bx/0n+mMV/xfwxi/9K+WMW/5Xzxyz+q+SPWfxXzR+z+K+WP2bxXz1/zOL/0/wxi/8a+WMW/zXzxyz+a+WPWfzXzh+z+K+TP2bxXzd/zOL/s/wxi/96+WMW//Xzxyz+G+SPWfx/nj9m8d8wf8zi/4v8MYv/RvljFv+N88cs/pvkj1n8f5k/ZvH/Vf6YxX/T/DGL/2b5Yxb/zfPHLP5b5I9Z/LfMH7P4b5U/ZvHfOn/M4r9N/pjFf1v0b42w+G+XNmbx/3X+mMX/N/ljFv/t88cs/jvkj1n8d3zP/613Pqlx/Ztm8d+p7R+z+P82f8zi/7v8MYv/7/PHLP47549Z/HfJH7P4/yF/zOL/x/wxi/+u+WMW/z/lj1n8d8sfs/jvnj9m8d8jf8zi/+f8MYv/X/LHLP575o9Z/PfKH7P4750/ZvHfJ3/M4r9v/pjFf7/8MYv//vljFv8D8scs/gfmj1n8D8ofs/gfnD9m8T8kf8zif2j+mMX/sPwxi//h+WMW/yPyxyz+R+aPWfyPyh+z+B+dP2bxPyZ/zOJ/bP6Yxf+4/DGL//H5Yxb/E/LHLP4n5o9Z/E/KH7P4n5w/ZvE/JX/M4n9q/pjF/7T8MYv/6fljFv8z8scs/mfmj1n8z8ofs/ifnT9m8T8nf8zif27+mMX/vPwxi//5+WMW/wvyxyz+F+aPWfwvyh+z+F+cP2bxvyR/zOJ/af6Yxf+y/DGL/+X5Yxb/K/LHLP5/zR+z+F+ZP2bxvyp/zOJ/df6Yxf+a/DGL/7X5Yxb/6/LHLP7X549Z/G/IH7P435g/ZvG/KX/M4n9z/pjF/5b8MYv/rfljFv/b8scs/rfnj1n878gfs/jfmT9m8b8rf8zif3f+mMX/nvwxi/+9+WMW//vyxyz+9+ePWfwfyB+z+D+YP2bxfyh/zOL/cP6Yxf+R/DGL/6P5Yxb/x/LHLP6P549Z/J/IH7P4P5k/ZvF/Kn/M4v90/pjF/5n8MYv/s/ljFv/n8scs/s/nj1n8X8gfs/i/mD9m8X8pf8zi/3L+mMX/lfwxi/+r+WMW/9fyxyz+r+ePWfzfyB+z+L+ZP2bxfyt/zOL/dv6Yxf+d/DGJ/4gD+WMW/0H5Yxb/YfLHLP7D5o9Z/Afnj1n8h8sfs/gPnz9m8R8hf8ziP2L+mMV/pPwxi//I+WMW/1Hyxyz+o+aPWfxHyx+z+I+eP2bxHyN/zOI/Zv6YxX+s/DGL/9j5Yxb/T+WPWfzHyR+z+I+bP2bx/3T+mMV/vPwxi//4+WMW/8/kj1n8J8gfs/h/Nn/M4j9h/pjFf6L8MYv/xPljFv9J8scs/pPmj1n8P5c/ZvGfLH/M4j95/pjFf4r8MYv/lPljFv+p8scs/p/PH7P4T50/ZvH/Qv6Yxf+L+WMW/y/lj1n8v5w/ZvH/Sv6Yxf+r+WMW/2nyxyz+0+aPWfynyx+z+E+fP2bxnyF/zOI/Y/6Yxf9r+WMW/5nyxyz+M+ePWfxnyR+z+M+aP2bx/3r+mMV/tvwxi/838scs/t/MH7P4z54/ZvH/Vv6YxX+O/DGL/5z5Yxb/ufLHLP5z549Z/OfJH7P4z5s/ZvGfL3/M4j9//pjFf4H8MYv/gvljFv9v549Z/L+TP2bxXyh/zOL/3fwxi//C+WMW/+/lj1n8v58/ZvFfJH/M4r9o/pjFf7H8MYv/4vljFv8l8scs/kvmj1n8f5A/ZvFfKn/M4v/D/DGL/4/yxyz+S+ePWfyXyR+z+C+bP2bxXy5/zOL/4/wxi//y+WMW/xXyxyz+P8kfs/ivmD9m8V8pf8ziv3L+mMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfx/mj9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfx/lj9m8V8vf8ziv37+mMV/g/wxi//P88cs/hvmj1n8f5E/ZvHfKH/M4r9x/pjFf5P8MYv/L/PHLP6/yh+z+G+aP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4v/r/DGL/2/yxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOL/2/wxi//v8scs/r/PH7P475w/ZvHfJX/M4v+H/DGL/x/zxyz+u+aPWfz/lD9m8d8tf8ziv3v+mMV/j/wxi/+f88cs/n/JH7P475k/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4/zV/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYP/oMEDIz6dP2bwH7L9P5M/ZvF/Nn/M4v9c/pjF//n8MYv/C/ljFv8X88cs/i/lj1n8X84fs/i/kj9m8X81f8zi/1r+mMX/9fwxi/8b+WMW/zfzxyz+b+WPWfzfzh+z+L+TPybxH2kgf8ziPyh/zOI/TP6YxX/Y/DGL/+D8MYv/cPljFv/h88cs/iPkj1n8R8wfs/iPlD9m8R85f8ziP0r+mMV/1Pwxi/9o+WMW/9Hzxyz+Y+SPWfzHzB+z+I+VP2bxHzt/zOL/qfwxi/84+WMW/3Hzxyz+n84fs/iPlz9m8R8/f8zi/5n8MYv/BPljFv/P5o9Z/CfMH7P4T5Q/ZvGfOH/M4j9J/pjFf9L8MYv/5/LHLP6T5Y9Z/CfPH7P4T5E/ZvGfMn/M4j9V/pjF//P5Yxb/qfPHLP5fyB+z+H8xf8zi/6X8MYv/l/PHLP5fyR+z+H81f8ziP03+mMV/2oGBzT+pIf07Z/Gfru0fs/hPnz9m8Z8hf8ziP2P+mMX/a/ljFv+Z8scs/jPnj1n8Z8kfs/jPmj9m8f96/pjFf7b8MYv/N/LHLP7fzB+z+M+eP2bx/1b+mMV/jvwxi/+c+WMW/7nyxyz+c+ePWfznyR+z+M+bP2bxny9/zOI/f/6YxX+B/DGL/4L5Yxb/b+ePWfy/kz9m8V8of8zi/938MYv/wvljFv/v5Y9Z/L+fP2bxXyR/zOK/aP6YxX+x/DGL/+L5Yxb/JfLHLP5L5o9Z/H+QP2bxXyp/zOL/w/wxi/+P8scs/kvnj1n8l8kfs/gvmz9m8V8uf8zi/+P8MYv/8vljFv8V8scs/j/JH7P4r5g/ZvFfKX/M4r9y/pjFf5X8MYv/qvljFv/V8scs/qvnj1n8f5o/ZvFfI3/M4r9m/pjFf638MYv/2vljFv918scs/uvmj1n8f5Y/ZvFfL3/M4r9+/pjFf4P8MYv/z/PHLP4b5o9Z/H+RP2bx3yh/zOK/cf6YxX+T/DGL/y/zxyz+v8ofs/hvmj9m8d8sf8ziv3n+mMV/i/wxi/+W+WMW/63yxyz+W+ePWfy3yR+z+G+bP2bx3y5/zOL/6/wxi/9v8scs/tvnj1n8d8gfs/jvmD9m8d8pf8zi/9v8MYv/7/LHLP6/zx+z+O+cP2bx3yV/zOL/h/wxi/8f88cs/rvmj1n8/5Q/ZvHfLX/M4r97/pjFf4/8MYv/n/PHLP5/yR+z+O+ZP2bx3yt/zOK/d/6YxX+f/DGL/775Yxb//fLHLP77549Z/A/IH7P4H5g/ZvE/KH/M4n9w/pjF/5D8MYv/ofljFv/D8scs/ofnj1n8j8gfs/gfmT9m8T8qf8zif3T+mMX/mPwxi/+x+WMW/+Pyxyz+x+ePWfxPyB+z+J+YP2bxPyl/zOJ/cv6Yxf+U/DGL/6n5Yxb/0/LHLP6n549Z/M/IH7P4n5k/ZvE/K3/M4n92/pjF/5z8MYv/ufljFv/z8scs/ufnj1n8L8gfs/hfmD9m8b8of8zif3H+mMX/kvwxi/+l+WMW/8vyxyz+l+ePWfyvyB+z+P81f8zif2X+mMX/qvwxi//V+WMW/2vyxyz+1+aPWfyvyx+z+F+fP2bxvyF/zOJ/Y/6Yxf+m/DGL/835Yxb/W/LHLP635o9Z/G/LH7P4354/ZvG/I3/M4n9n/pjF/678MYv/3fljFv978scs/vfmj1n878sfs/jfnz9m8X8gf8zi/2D+mMX/ofwxi//D+WMW/0fyxyz+j+aPWfwfyx+z+D+eP2bxfyJ/zOL/ZP6Yxf+p/DGL/9P5Yxb/Z/LHLP7P5o9Z/J/LH7P4P58/ZvF/IX/M4v9i/pjF/6X8MYv/y/ljFv9X8scs/q/mj1n8X8sfs/i/nj9m8X8jf8zi/2b+mMX/rfwxi//b+WMW/3fyxyT+Iw/kj1n8B+WPWfyHyR+z+A+bP2bxH5w/ZvEfLn/M4j98/pjFf4T8MYv/iPljFv+R8scs/iPnj1n8R8kfs/iPmj9m8R8tf8ziP3r+mMV/jPwxi/+Y+WMW/7Hyxyz+Y+ePWfw/lT9m8R8nf8ziP27+mMX/0/ljFv/x8scs/uPnj1n8P5M/ZvGfIH/M4v/Z/DGL/4T5Yxb/ifLHLP4T549Z/CfJH7P4T5o/ZvH/XP6YxX+y/DGL/+T5Yxb/KfLHLP5T5o9Z/KfKH7P4fz5/zOI/df6Yxf8L+WMW/y/mj1n8v5Q/ZvH/cv6Yxf8r+WMW/6/mj1n8p8kfs/hPmz9m8Z8uf8ziP33+mMV/hvwxi/+M+WMW/6/lj1n8Z8ofs/jPnD9m8Z8lf8ziP2v+mMX/6/ljFv/Z8scs/t/IH7P4fzN/zOI/e/6Yxf9b+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/BfLHLP4L5o9Z/L+dP2bx/07+mMV/ofwxi/9388cs/gvnj1n8v5c/ZvH/fv6YxX+R/DGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvH/Qf6YxX+p/DGL/w/zxyz+P8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi/+P88cs/svnj1n8V8gfs/j/JH/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/ivnj9m8f9p/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8f9Z/pjFf738MYv/+vljFv8N8scs/j/PH7P4b5g/ZvH/Rf6YxX+j/DGL/8b5Yxb/TfLHLP6/zB+z+P8qf8ziv2n+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bx3yZ/zOK/bf6YxX+7/DGL/6/zxyz+v8kfs/hvnz9m8d8hf8ziv2P+mMV/p/wxi/9v88cs/r/LH7P4/z5/zOK/c/6YxX+X/DGL/x/yxyz+f8wfs/jvmj9m8f9T/pjFf7f8MYv/7vljFv898scs/n/OH7P4/yV/zOK/Z/6YxX+v/DGL/975Yxb/ffLHLP775o9Z/PfLH7P4758/ZvE/IH/M4n9g/pjF/6D8MYv/wfljFv9D8scs/ofmj1n8D8sfs/gfnj9m8T8if8zif2T+mMX/qPwxi//R+WMW/2Pyxyz+x+aPWfyPyx+z+B+fP2bxPyF/zOJ/Yv6Yxf+k/DGL/8n5Yxb/U/LHLP6n5o9Z/E/LH7P4n54/ZvE/I3/M4n9m/pjF/6z8MYv/2fljFv9z8scs/ufmj1n8z8sfs/ifnz9m8b8gf8zif2H+mMX/ovwxi//F+WMW/0vyxyz+l+aPWfwvyx+z+F+eP2bxvyJ/zOL/1/wxi/+V+WMW/6vyxyz+V+ePWfyvyR+z+F+bP2bxvy5/zOJ/ff6Yxf+G/DGL/435Yxb/m/LHLP43549Z/G/JH7P435o/ZvG/LX/M4n97/pjF/478MYv/nfljFv+78scs/nfnj1n878kfs/jfmz9m8b8vf8zif3/+mMX/gfwxi/+D+WMW/4fyxyz+D+ePWfwfyR+z+D+aP2bxfyx/zOL/eP6Yxf+J/DGL/5P5Yxb/p/LHLP5P549Z/J/JH7P4P5s/ZvF/Ln/M4v98/pjF/4X8MYv/i/ljFv+X8scs/i/nj1n8X8kfs/i/mj9m8X8tf8zi/3r+mMX/jfwxi/+b+WMW/7fyxyz+b+ePWfzfyR+T+I8ykD9m8R+UP2bxHyZ/zOI/bP6YxX9w/pjFf7j8MYv/8PljFv8R8scs/iPmj1n8R8ofs/iPnD9m8R8lf8ziP2r+mMV/tPwxi//o+WMW/zHyxyz+Y+aPWfzHyh+z+I+dP2bx/1T+mMV/nPwxi/+4+WMW/0/nj1n8x8sfs/iPnz9m8f9M/pjFf4L8MYv/Z/PHLP4T5o9Z/CfKH7P4T5w/ZvGfJH/M4j9p/pjF/3P5Yxb/yfLHLP6T549Z/KfIH7P4T5k/ZvGfKn/M4v/5/DGL/9T5Yxb/L+SPWfy/mD9m8f9S/pjF/8v5Yxb/r+SPWfy/mj9m8Z8mf8ziP23+mMV/uvwxi//0+WMW/xnyxyz+M+aPWfy/lj9m8Z8pf8ziP3P+mMV/lvwxi/+s+WMW/6/nj1n8Z8sfs/h/I3/M4v/N/DGL/+z5Yxb/b+WPWfznyB+z+M+ZP2bxnyt/zOI/d/6YxX+e/DGL/7z5Yxb/+fLHLP7z549Z/BfIH7P4L5g/ZvH/dv6Yxf87+WMW/4Xyxyz+380fs/gvnD9m8f9e/pjF//v5Yxb/RfLHLP6L5o9Z/BfLH7P4L54/ZvFfIn/M4r9k/pjF/wf5Yxb/pfLHLP4/zB+z+P8of8ziv3T+mMV/mfwxi/+y+WMW/+Xyxyz+P84fs/gvnz9m8V8hf8zi/5P8MYv/ivljFv+V8scs/ivnj1n8V8kfs/ivmj9m8V8tf8ziv3r+mMX/p/ljFv818scs/mvmj1n818ofs/ivnT9m8V8nf8ziv27+mMX/Z/ljFv/18scs/uvnj1n8N8gfs/j/PH/M4r9h/pjF/xf5Yxb/jfLHLP4b549Z/DfJH7P4/zJ/zOL/q/wxi/+m+WMW/83yxyz+m+ePWfy3yB+z+G+ZP2bx3yp/zOK/df6YxX+b/DGL/7b5Yxb/7fLHLP6/zh+z+P8mf8ziv33+mMV/h/wxi/+O+WMW/53yxyz+v80fs/j/Ln/M4v/7/DGL/875Yxb/XfLHLP5/yB+z+P8xf8ziv2v+mMX/T/ljFv/d8scs/rvnj1n898gfs/j/OX/M4v+X/DGL/575Yxb/vfLHLP57549Z/PfJH7P475s/ZvHfL3/M4r9//pjF/4D8MYv/gfljFv+D8scs/gfnj1n8D8kfs/gfmj9m8T8sf8zif3j+mMX/iPwxi/+R+WMW/6Pyxyz+R+ePWfyPyR+z+B+bP2bxPy5/zOJ/fP6Yxf+E/DGL/4n5Yxb/k/LHLP4n549Z/E/JH7P4n5o/ZvE/LX/M4n96/pjF/4z8MYv/mflj7/sPjDgw8J/sf1b+mGX7Pzt/zOJ/Tv6Yxf/c/DGL/3n5Yxb/8/PHLP4X5I9Z/C/MH7P4X5Q/ZvG/OH/M4n9J/pjF/9L8MYv/ZfljFv/L88cs/lfkj1n8/5o/ZvG/Mn/M4n9V/pjF/+r8MYv/NfljFv9r88cs/tflj1n8r88fs/jfkD9m8b8xf8zif1P+mMX/5vwxi/8t+WMW/1vzxyz+t+WPWfxvzx+z+N+RP2bxvzN/zOJ/V/6Yxf/u/DGL/z35Yxb/e/PHLP735Y9Z/O/PH7P4P5A/ZvF/MH/M4v9Q/pjF/+H8MYv/I/ljFv9H88cs/o/ljzn8k/+oHP4DozzRWoBZ/J/MH7P4P5U/ZvF/On/M4v9M/pjF/9n8MYv/c/ljFv/n88cs/i/kj1n8X8wfs/i/lD9m8X85f8zi/0r+mMX/1fwxi/9r+WMW/9fzxyz+b+SPWfzfzB+z+L+VP2bxfzt/zOL/Tv6YxH/Ugfwxi/+g/DGL/zD5Yxb/YfPHLP6D88cs/sPlj1n8h88fs/iPkD9m8R8xf8ziP1L+mMV/5Pwxi/8o+WMW/1Hzxyz+o+WPWfxHzx+z+I+RP2bxHzN/zOI/Vv6YxX/s/DGL/6fyxyz+4+SPWfzHzR+z+H86f8ziP17+mMV//Pwxi/9n8scs/hPkj1n8P5s/ZvGfMH/M4j9R/pjFf+L8MYv/JPljFv9J88cs/p/LH7P4T5Y/ZvGfPH/M4j9F/pjFf8r8MYv/VPljFv/P549Z/KfOH7P4fyF/zOL/xfwxi/+X8scs/l/OH7P4fyV/zOL/1fwxi/80+WMW/2nzxyz+0+WPWfynzx+z+M+QP2bxnzF/zOL/tfwxi/9M+WMW/5nzxyz+s+SPWfxnzR+z+H89f8ziP1v+mMX/G/ljFv9v5o9Z/GfPH7P4fyt/zOI/R/6YxX/O/DGL/1z5Yxb/ufPHLP7z5I9Z/OfNH7P4z5c/ZvGfP3/M4r9A/pjFf8H8MYv/t/PHLP7fyR+z+C+UP2bx/27+mMV/4fwxi//38scs/t/PH7P4L5I/ZvFfNH/M4r9Y/pjFf/H8MYv/EvljFv8l88cs/j/IH7P4L5U/ZvH/Yf6Yxf9H+WMW/6Xzxyz+y+SPWfyXzR+z+C+XP2bx/3H+mMV/+fwxi/8K+WMW/5/kj1n8V8wfs/ivZPT/F+6wxX9lo/+/kMV/lfwxi/+q+WMW/9Xyxyz+q+ePWfx/mj9m8V8jf8ziv2b+mMV/rfwxi//a+WMW/3Xyxyz+6+aPWfx/lj9m8V8vf8ziv37+mMV/g/wxi//P88cs/hvmj1n8f5E/ZvHfKH/M4r9x/pjFf5P8MYv/L/PHLP6/yh+z+G+aP2bx3yx/zOK/ef6YxX+L/DGL/5b5Yxb/rfLHLP5b549Z/LfJH7P4b5s/ZvHfLn/M4v/r/DGL/2/yxyz+2+ePWfx3yB+z+O+YP2bx3yl/zOL/2/wxi//v8scs/r/PH7P475w/ZvHfJX/M4v+H/DGL/x/zxyz+u+aPWfz/lD9m8d8tf8ziv3v+mMV/j/wxi/+f88cs/n/JH7P475k/ZvHfK3/M4r93/pjFf5/8MYv/vvljFv/98scs/vvnj1n8D8gfs/gfmD9m8T8of8zif3D+mMX/kPwxi/+h+WMW/8Pyxyz+h+ePWfyPyB+z+B+ZP2bxPyp/zOJ/dP6Yxf+Y/DGL/7H5Yxb/4/LHLP7H549Z/E/IH7P4n5g/ZvE/KX/M4n9y/pjF/5T8MYv/qfljFv/T8scs/qfnj1n8z8gfs/ifmT9m8T8rf8zif3b+mMX/nPwxi/+5+WMW//Pyxyz+5+ePWfwvyB+z+F+YP2bxvyh/zOJ/cf6Yxf+S/DGL/6X5Yxb/y/LHLP6X549Z/K/IH7P4/zV/zOJ/Zf6Yxf+q/DGL/9X5Yxb/a/LHLP7X5o9Z/K/LH7P4X58/ZvG/IX/M4n9j/pjF/6b8MYv/zfljFv9b8scs/rfmj1n8b8sfs/jfnj9m8b8jf8zif2f+mMX/rvwxi//d+WMW/3vyxyz+9+aPWfzvyx+z+N+fP2bxfyB/zOL/YP6Yxf+h/DGL/8P5Yxb/R/LHLP6P5o9Z/B/LH7P4P54/ZvF/In/M4v9k/pjF/6n8MYv/0/ljFv9n8scs/s/mj1n8n8sfs/g/nz9m8X8hf8zi/2L+mMX/pfwxi//L+WMW/1fyxyz+r+aPWfxfyx+z+L+eP2bxfyN/zOL/Zv6Yxf+t/DGL/9v5Yxb/d/LHJP6jDeSPWfwH5Y9Z/IfJH7P4D5s/ZvEfnD9m8R8uf8ziP3z+mMV/hPwxi/+I+WMW/5Hyxyz+I+ePWfxHyR+z+I+aP2bxHy1/zOI/ev6YxX+M/DGL/5j5Yxb/sfLHLP5j549Z/D+VP2bxHyd/zOI/bv6Yxf/T+WMW//Hyxyz+4+ePWfw/kz9m8Z8gf8zi/9n8MYv/hPljFv+J8scs/hPnj1n8J8kfs/hPmj9m8f9c/pjFf7L8MYv/5PljFv8p8scs/lPmj1n8p8ofs/h/Pn/M4j91/pjF/wv5Yxb/L+aPWfy/lD9m8f9y/pjF/yv5Yxb/r+aPWfynyR+z+E+bP2bxny5/zOI/ff6YxX+G/DGL/4z5Yxb/r+WPWfxnyh+z+M+cP2bxnyV/7B/8h1425ic8pv9PfYT/rPljlu3/6/ljFv/Z8scs/t/IH7P4fzN/zOI/e/6Yxf9b+WMW/znyxyz+c+aPWfznyh+z+M+dP2bxnyd/zOI/b/6YxX++/DGL//z5Yxb/BfLHLP4L5o9Z/L+dP2bx/07+mMV/ofwxi/9388cs/gvnj1n8v5c/ZvH/fv6YxX+R/DGL/6L5Yxb/xfLHLP6L549Z/JfIH7P4L5k/ZvH/Qf6YxX+p/DGL/w/zxyz+P8ofs/gvnT9m8V8mf8ziv2z+mMV/ufwxi/+P88cs/svnj1n8V8gfs/j/JH/M4r9i/pjFf6X8MYv/yvljFv9V8scs/qvmj1n8V8sfs/ivnj9m8f9p/pjFf438MYv/mvljFv+18scs/mvnj1n818kfs/ivmz9m8f9Z/pjFf738MYv/+vljFv8N8scs/j/PH7P4b5g/ZvH/Rf6YxX+j/DGL/8b5Yxb/TfLHLP6/zB+z+P8qf8ziv2n+mMV/s/wxi//m+WMW/y3yxyz+W+aPWfy3yh+z+G+dP2bx3yZ/zOK/bf6YxX+7/DGL/6/zxyz+v8kfs/hvnz9m8d8hf8ziv2P+mMV/p/wxi/9v88cs/r/LH7P4/z5/zOK/c/6YxX+X/LH/VP8RP+T/h/yx/1T/gQ/5/zF/zOK/a/6Yxf9P+WMW/93yxyz+u+ePWfz3yB+z+P85f8zi/5f8MYv/nvljFv+98scs/nvnj1n898kfs/jvmz9m8d8vf8ziv3/+mMX/gPwxi/+B+WMW/4Pyxyz+B+ePWfwPyR+z+B+aP2bxPyx/zOJ/eP6Yxf+I/DGL/5H5Yxb/o/LHLP5H549Z/I/JH7P4H5s/ZvE/Ln/M4n98/pjF/4T8MYv/ifljFv+T8scs/ifnj1n8T8kfs/ifmj9m8T8tf8zif3r+mMX/jPwxi/+Z+WMW/7Pyxyz+Z+ePWfzPyR+z+J+bP2bxPy9/zOJ/fv6Yxf+C/DGL/4X5Yxb/i/LHLP4X549Z/C/JH7P4X5o/ZvG/LH/M4n95/pjF/4r8MYv/X/PHLP5X5o9Z/K/KH7P4X50/ZvG/Jn/M4n9t/pjF/7r8MYv/9fljFv8b8scs/jfmj1n8b8ofs/jfnD9m8b8lf8zif2v+mMX/tvwxi//t+WMW/zvyxyz+d+aPWfzvyh+z+N+dP2bxvyd/zOJ/b/6Yxf++/DGL//35Yxb/B/LHLP4P5o9Z/B/KH7P4P5w/ZvF/5MP+W/wvj+vfNIv/o23/mMX/sfwxi//j+WMW/yfyxyz+T+aPWfyfyh+z+D+dP2bxfyZ/zOL/bP6Yxf+5/DGL//P5Yxb/F/LHLP4v5o9Z/F/KH7P4v5w/ZvF/JX/M4v9q/pjF/7X8MYv/6/ljFv838scs/m/mj1n838ofs/i/nT9m8X8nf0ziP/pA/pjFf1D+mMV/mPwxi/+w+WMW/8H5Yxb/4fLHLP7D549Z/EfIH7P4j5g/ZvEfKX/M4j9y/pjFf5T8MYv/qPljFv/R8scs/qPnj1n8x8gfs/iPmT9m8R8rf8ziP3b+mMX/U/ljFv9x8scs/uPmj1n8P50/ZvEfL3/M4j9+/pjF/zP5Yxb/CfLHLP6fzR+z+E+YP2bxnyh/zOI/cf6YxX+S/DGL/6T5Yxb/z+WPWfwnyx+z+E+eP2bxnyJ/zOI/Zf6YxX+q/DGL/+fzxyz+U+ePWfy/kD9m8f9i/pjF/0v5Yxb/L+ePWfy/kj9m8f9q/pjFf5r8MYv/tPljFv/p8scs/tPnj1n8Z8gfs/jPmD9m8f9a/pjFf6b8MYv/zPljFv9Z8scs/rPmj1n8v54/ZvGfLX/M4v+N/DGL/zfzxyz+s+ePWfy/lT9m8Z8jf8ziP2f+mMV/rvwxi//c+WMW/3nyxyz+8+aPWfznyx+z+M+fP2bxXyB/zOK/YP6Yxf/b+WMW/+/kj1n8F8ofs/h/N3/M4r9w/pjF/3v5Yxb/7+ePWfwXyR+z+C+aP2bxXyx/zOK/eP6YxX+J/DGL/5L5Yxb/H+SPWfyXyh+z+P8wf8zi/6P8MYv/0vljFv9l8scs/svmj1n8l8sfs/j/OH/M4r98/pjFf4X8MYv/T/LHLP4r5o9Z/FfKH7P4r5w/ZvFfJX/M4r9q/pjFf7X8MYv/6vljFv+f5o9Z/NfIH7P4r5k/ZvFfK3/M4r92/pjFf538MYv/uvljFv+f5Y9Z/NfLH7P4r58/ZvHfIH/M4v/z/DGL/4b5Yxb/X+SPWfw3yh+z+G+cP2bx3yR/zOL/y/wxi/+v8scs/pvmj1n8N8sfs/hvnj9m8d8if8ziv2X+mMV/q/wxi//W+WMW/23yxyz+2+aPWfy3yx+z+P86f8zi/5v8MYv/9vljFv8d8scs/jvmj1n8d8ofs/j/Nn/M4v+7/DGL/+/zxyz+O+ePWfx3yR+z+P8hf8zi/8f8MYv/rvljFv8/5Y9Z/HfLH7P4754/ZvHfI3/M4v/n/DGL/1/yxyz+e+aPWfz3yh+z+O+dP2bx3yd/zOK/b/6YxX+//DGL//75Yxb/A/LHLP4H5o9Z/A/KH7P4H5w/ZvE/JH/M4n9o/pjF/7D8MYv/4fljFv8j8scs/kfmj1n8j8ofs/gfnT9m8T8mf8zif2z+mMX/uPwxi//x+WMW/xPyxyz+J+aPWfxPyh+z+J+cP2bxPyV/zOJ/av6Yxf+0/DGL/+n5Yxb/M/LHLP5n5o9Z/M/KH7P4n50/ZvE/J3/M4n9u/pjF/7z8MYv/+fljFv8L8scs/hfmj1n8L8ofs/hfnD9m8b8kf8zif2n+mMX/svwxi//l+WMW/yvyxyz+f80fs/hfmT9m8b8qf8zif3X+mMX/mvwxi/+1+WMW/+vyxyz+1+ePWfxvyB+z+N+YP2bxvyl/zOJ/c/6Yxf+W/DGL/635Yxb/2/LHLP63549Z/O/IH7P435k/ZvG/K3/M4n93/pjF/578MYv/vfljFv/78scs/vfnj1n8H8gfs/g/mD9m8X8of8zi/3D+mMX/kfwxi/+j+WMW/8fyxyz+j+ePWfyfyB+z+D+ZP2bxfyp/zOL/dP6Yxf+Z/DGL/7P5Yxb/5/LHLP7P549Z/F/IH7P4v5g/ZvF/KX/M4v9y/pjF/5X8MYv/q/ljFv/X8scs/q/nj1n838gfs/i/mT9m8X8rf8zi/3b+mMX/nfwxif8YA/ljFv9B+WMW/2Hyxyz+w+aPWfwH549Z/IfLH7P4D58/ZvEfIX/M4j9i/pjFf6T8MYv/yPljFv9R8scs/qPmj1n8R8sfs/iPnj9m8R8jf8ziP2b+mMV/rPwxi//Y+WMW/0/lj1n8x8kfs/iPmz9m8f90/pjFf7z8MYv/+PljFv/P5I9Z/CfIH7P4fzZ/zOI/Yf6YxX+i/DGL/8T5Yxb/SfLHLP6T5o9Z/D+X//+PnbsP97qu7zj+454sZ592Xeo122UXGnNtRiKjUQtRUTzenDLRzHuEw01yIzcSYApstFLHpkvdLNjEwjFnq5Y43Fx3KxqWNVsjtlY5xbUwxhwsMmfsOnAOwdnbc+182ffr8v14/ME5v9/x/Ut5Xi9/Py+uq1CW/sP0D2Xpf5z+oSz9j9c/lKX/a/UPZek/XP9Qlv6/oH8oS/8T9A9l6f+L+oey9H+d/qEs/X9J/1CW/r+sfyhL/xP1D2Xp/3r9Q1n6j9A/lKX/G/QPZel/kv6hLP1H6h/K0v9k/UNZ+o/SP5Sl/6/oH8rSf7T+oSz936h/KEv/X9U/lKX/GP1DWfq/Sf9Qlv5v1j+Upf+v6R/K0v8t+oey9B+rfyhL/1P0D2XpP07/UJb+p+ofytL/NP1DWfqfrn8oS//x+oey9D9D/1CW/mfqH8rSf4L+oSz9z9I/lKV/m/6hLP3P1j+Upf85+oey9D9X/1CW/ufpH8rSv13/UJb+b9U/lKX/2/QPZel/vv6hLP3frn8oS/8L9A9l6T9R/1CW/hfqH8rS/yL9Q1n6v0P/UJb+F+sfytL/nfqHsvS/RP9Qlv6X6h/K0v8y/UNZ+l+ufyhL/yv0D2Xpf6X+oSz9r9I/lKX/JP1DWfpfrX8oS//J+oey9J+ifyhL/w79Q1n6T9U/lKX/NP1DWfpP1z+Upf8M/UNZ+r9L/1CW/tfoH8rSf6b+oSz9Z+kfytJ/tv6hLP3n6B/K0v9a/UNZ+s/VP5Sl/zz9Q1n6z9c/lKX/Av1DWfpfp38oS/+F+oey9H+3/qEs/RfpH8rSf7H+oSz9l+gfytL/ev1DWfq/R/9Qlv436B/K0v9G/UNZ+i/VP5Sl/zL9Q1n6L9c/lKX/r+sfytL/N/QPZem/Qv9Qlv7v1T+Upf9v6h/K0v99+oey9H+//qEs/W/SP5Sl/836h7L0v0X/UJb+v6V/KEv/lfqHsvT/bf1DWfr/jv6hLP1v1T+Upf9t+oey9P9d/UNZ+n9A/1CW/rfrH8rS/w79Q1n636l/KEv/39M/lKX/7+sfytL/Lv1DWfp/UP9Qlv4f0j+Upf8q/UNZ+q/WP5Sl/x/oH8rS/w/1D2Xpf7f+oSz91+gfytL/Hv1DWfp/WP9Qlv4f0T+Upf9a/UNZ+t+rfyhL/z/SP5Sl/zr9Q1n6/7H+oSz979M/lKX/n+gfytL/fv1DWfp/VP9Qlv5/qn8oS/+P6R/K0v/j+oey9P+E/qEs/f9M/1CW/p/UP5Sl/wP6h7L0X69/KEv/B/UPZen/5/qHsvTfoH8oS/+H9A9l6f8X+oey9P9L/UNZ+j+sfyhL/7/SP5Sl/6f0D2Xp/2n9Q1n6f0b/UJb+n9U/lKX/5/QPZen/1/qHsvT/vP6hLP2/oH8oS/+N+oey9P+i/qEs/f9G/1CW/pv0D2Xp/4j+oSz9v6R/KEv/L+sfytL/Uf1DWfp/Rf9Qlv5f1T+Upf/f6h/K0v8x/UNZ+n9N/1CW/n+nfyhL/6/rH8rS/+/1D2Xpv1n/UJb+39A/lKX/Fv1DWfr/g/6hLP3/Uf9Qlv7f1D+Upf8/6R/K0v9b+oey9P+2/qEs/b+jfyhL/8f1D2Xp/8/6h7L0f0L/UJb+T+ofytJ/q/6hLP2f0j+Upf+/6B/K0v+7+oey9P9X/UNZ+n9P/1CW/tv0D2Xp/7T+oSz9v69/KEv/7fqHsvT/N/1DWfrv0D+Upf+/6x/K0v8Z/UNZ+v+H/qEs/XfqH8rSf5f+oSz9/1P/UJb+P9A/lKX/bv1DWfr/UP9Qlv7P6h/K0v9H+oey9H9O/1CW/v+lfyhL/+f1D2Xp/2P9Q1n679E/lKT/K1v6h7L076d/KEv//vqHsvQfoH8oS/+B+oey9B+kfyhL/8H6h7L0H6J/KEv/ofqHsvR/mf6hLP0P0z+Upf/L9Q9l6f8K/UNZ+h+ufyhL/5/RP5Sl/xH6h15y/QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6/mb94yTWTZs7smOcb3/jGN/u/ebH/zQQAAPxf+8mH/hf77wQAAAAAAAAAAAAAAAAAAADyauL/TuzF/mcEAAAAAAAAAAAAAICfdm3tp24f0O+gpwYc+ODnH+3Y+3XU7ounr137YOn+2vXjc4KX7H/ggz179uxZ/czY8V0Ph7Rarc7/tVd2PR7a87jz9Zcdu+rofY/KuM/f+fgVEw8/d9762wZ+Y/Ut7U8P2vvsoNZVU2fM7HhD/1arnD6otajzwUn9Wq1y5qDWrZ0PRnY+mDCota7zwcl7H7ys9ZnOB6+fPGfmlM4nzqr8ewYvFW3ty1oDDlps66B/Gxy4/2XHPjG9+2svL9n9agNbXfsftv5LR/X4WbcX2H/365dTe+6/z/+AwAvq2/6f3dL9tZeX/B/v/x/etHtJ9LMX3n/365fT7B/qE3z+P2ijPT/39/j8/5rgJfffnzJ00+2d+2+78L5Xdz018H/z+f8nr19O77n//gd9/u/8HD+++/P/kFarnHGIvx2QSlv78u29vf/3vv+BP9fjpt+B+7/nK1tf0bn/e59rreh6alAf9z++t/f/m3r8vQJ909a+Zk+P9/8+7L81PHjJ/fvftv7wvZ//t94/+cgDftaX/Z/Rc/8jFsy6dsT8xUtOnDFr0rSOaR2zx4wcfdKoMWNGjx6x9xPBvl8P8TcFkji09//WYT1u+rVaHfvvN953y/jO/e94aMVHup4a2sf9n9nr+/9rvP9DaFj/1uDBrUWTFiyYd9K+X7sfjtz3676/LNh/H/77/7gTuv6y7j8z7NdqHb3/fvgVY4Z07v/6uWVD11OD+7j/Cb3uf9zBf1YJ9M0hvv9P6XFz0P5P2Xbjws79H/+DV23teqqv//1/Vq/7v9v7PxyKtvZWrW+infs/ecjys6tdlzZ//gf1aWL/x+68dVe163K2/UN9mtj/xJVvvrradTnH/qE+Tez/wVlXrqx2Xc61f6hPE/t//md3HVPtupxn/1CfJvb/2HefWlvturTbP9Snif1/8K72k6tdl7faP9Snif2feN0Px1a7Lm+zf6hPE/uf+vIL1lW7LufbP9Snif2fvee0I6tdl7fbP9Snif33W/69ZdWuywX2D/VpYv9PTlo5p9p1mWj/UJ8m9r/u2OHPVrsuF9o/1KeJ/a94+o0Tql2Xi+wf6tPE/r96x6rHql2Xd9g/1KeJ/X/isletqnZdLrZ/qE8T+//RsIcOq3Zd3mn/UJ8m9r9587oHql2XS+wf6tPE/levGzCs2nW51P6hPk3sf+lZ0x6tdl0us3+oTxP7HzX6y5dWuy6X2z/Up4n9H/25bz1V7bpcYf9Qnyb2f8HDC+dXuy5X2j/Up4n9Lzzm4z+udl2usn+oTxP7f0vHMdOrXZdJ9g/1aWL/5bbDNle7LlfbP9Snif1fsmPNuGrXZbL9Q32a2P+GI77wsWrXZYr9Q32a2P/OubPHVLsuHfYP9Wli/99579L3VbsuU+0f6tPE/m9/7uul2nWZZv9Qnyb2v23kJZdVuy7T7R/q08T+15z7zCPVrssM+4f6NLH/lRseX1DturzL/qE+Tex/48Zznqh2Xa6xf6hPE/s/fviIw6tdl5n2D/VpYv9zLl7xoWrXZZb9Q32a2P/p99/x2mrXZbb9Q32a2P/Qr439ZLXrMsf+oT5N7P/TY9//qWrX5Vr7h/o0sf9d4447odp1mWv/UJ8m9r/lgZF3Vrsu8+wf6tPE/j/wyF0Vr8t8+4f6NLH/ua97fke167LA/qE+Tez/TRMvWlztulxn/1CfJvZ/5N0Tvljtuiy0f6hPE/u//NvfP7/adXm3/UN9mtj/cUdd/epq12WR/UN9mtj/9Bmbbq52XRbbP9Snif2PX71lVLXrssT+oT5N7P+IJ+ffU+26XG//UJ8m9r99wFHnVbsu77F/qE8T+7/3hoe/We263GD/UJ8m9n/zTR/tqHZdbrR/qE8T+//s7sE7q12XpfYPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/zQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAPHAgAAAADC/K2D6N0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICjAAAA//8mu+jL") (async) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x101142, 0xeaff) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f00000000c0)={{r1}, 0x0, 0x4, 0x100000}) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x20, 0x20, 0xa, 0xc90}, {0x16, 0x0, 0x6}]}, 0x10) (async) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0x4000000, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x4f4}, @TCA_FQ_QUANTUM={0x8, 0x3, 0x9d}]}}]}, 0x40}}, 0x0) (async) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x9, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="400000002000010000000000000000000200000000000000000000001400110067656e65766531000000000000000000080010000000000008000a"], 0x40}, 0x1, 0x0, 0x0, 0x4010}, 0x0) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) (async) splice(r3, 0x0, r5, 0x0, 0x8001, 0xd) bind$inet(r2, &(0x7f0000000140)={0x2, 0x80, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10) (async) sendmmsg$inet(r2, &(0x7f0000000c00)=[{{&(0x7f0000000080)={0x2, 0x4e22, @multicast2}, 0x10, 0x0}}], 0x1, 0x2000c044) sendto$inet(r2, &(0x7f0000000c80)="e8", 0x6200, 0x0, 0x0, 0x0) (async) socket$packet(0x11, 0x3, 0x300) 7.760340408s ago: executing program 3 (id=206): unshare(0x6a040000) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x2a, 0x0, 0x190) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2, 0x0, 0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DATA={0x1c, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0x18, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_VERDICT_CODE={0x8, 0x1, 0x0, 0x1, 0xfffffffffffffffc}]}]}, @NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000002000000000f40600000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094) r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r4 = eventfd(0x8c66) ioctl$KVM_IOEVENTFD(r3, 0x4040ae79, &(0x7f0000000040)={0xe384, 0x0, 0x8, r4}) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x4}]}) ioctl$VIDIOC_G_CTRL(0xffffffffffffffff, 0xc008561b, 0x0) close_range(r5, 0xffffffffffffffff, 0x0) 7.558041304s ago: executing program 1 (id=207): prlimit64(0x0, 0x6, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4081, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x70}, [@ldst={0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000640)='syzkaller\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/181, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x24}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setaffinity(0x0, 0x0, 0x0) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 6.306290285s ago: executing program 1 (id=208): openat$ttynull(0xffffffffffffff9c, 0x0, 0x20a00, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x802, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r3, 0x2285, &(0x7f00000033c0)={0x0, 0xffffffffffffffff, 0x0, 0x2b, @scatter={0x0, 0x0, 0x0}, 0x0, 0x0, 0xfffffffe, 0x30520cf7f25f0c66, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000680)={0x5c, 0x0, &(0x7f0000000500)=[@increfs={0x40046304, 0x3}, @release={0x40046306, 0x1}, @decrefs, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000380)={@flat=@weak_handle={0x77682a85, 0x310a}, @fda={0x66646185, 0x8, 0x0, 0x24}, @ptr={0x70742a85, 0x0, &(0x7f0000000240)=""/127, 0x7f, 0x1, 0x2}}, &(0x7f0000000440)={0x0, 0x18, 0x38}}}], 0xc4, 0x0, &(0x7f0000000580)="2b652a0e682ada1899f586288a07ca546e33a24965d5f6675dacd895d7c37a1ff7e8d76d3bf92c36fb2325fb72c86e8ea88e0932c8558be60edda64317c9ef0398063d58ff08aa40b2cab771070fb67062ed87bdb886c9c7a9d1051637a17777649b4513be0d4f84a8dc2a7d045a0b85f20e303a1ceda2a79d212c21f0aba9c907d293866b3659beaa0092580c7eb87fa255bd102e8ff243ffe0c49fcc1a4e69c1923467b7b2598699f9215ce0851bf108ccb0897b8b91a78b753de716c1d1389c1f58d4"}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r5 = userfaultfd(0x801) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x79}) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000cea000/0x1000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000257000/0x3000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045) r6 = io_uring_setup(0x64a, &(0x7f0000000040)={0x0, 0x2008835c, 0xc000, 0x5, 0x33c}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000000)=0x6, 0x4) r7 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) io_uring_enter(r6, 0x2219, 0x7721, 0x16, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x1000}, @flat=@weak_binder={0x77622a85, 0x1000, 0x2}, @flat=@weak_binder={0x77622a85, 0x1, 0x6}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) 4.875964342s ago: executing program 2 (id=209): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000004c80)={@fallback, 0xffffffffffffffff, 0xe, 0x2002}, 0x20) syz_usb_connect(0x3, 0x52, &(0x7f0000000280)=ANY=[@ANYBLOB="12011001a192fa402104f501da5702000001090240000101007490090479ff000202ff000d240f0102000000faff040040052406000005240008000d240f01"], 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x1, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="18110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r4, 0x0, 0x8880) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f00000001c0)={0x2, &(0x7f0000000280)=[{0x28, 0x8, 0x0, 0xbfffdffe}, {0x80000006, 0x9, 0x9, 0x5}]}, 0x10) bind$bt_hci(r7, &(0x7f0000000340)={0x1f, 0xffff, 0x3}, 0x6) write(r7, &(0x7f0000000000)="09000300010000", 0x7) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r5) sendmsg$TIPC_NL_KEY_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000700)={&(0x7f00000004c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="0100000000000000000017000000540006803c00040067636d286165732900000000000000000000000000000000000000000000000014000000e3de3d7b4cd07ec3ee777de774fc7987cca41989140003"], 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4008014) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000080)=r1, 0x4) r8 = fsopen(&(0x7f0000000380)='hugetlbfs\x00', 0x1) fsconfig$FSCONFIG_SET_STRING(r8, 0x1, &(0x7f0000000540)='umd\xa0Z\xac\xfb\xe9\xb2\xb8FK\xa9\x1a\xaf\xb0\x95d\xdb@~\x93x\xa6\x19\xb1b\xd0\xf9\xf9\xc2 \x02\x00\x00\x00\x00\x00\x00\xa2\xab\x87\xa6s\t1`\x89\xa3$\xc6\xbb\x01\xcfbyX\n\xd3F\x17:%\xd3RI\xea\x92EN\xcf\x93]\x04\x8a\x8f\xab\xea\x8b\'\xba\x1fE\xff\xe2+ \xc7\xe7\xfe\xb7)z%\xbe\x1f\x13\xb3\xe29\x98\x88\xed_\x98\x94!*\x8e\xb0\x8d\x0f\x1fLf-L;\xd5X\xae\xd9\x85\xf8i7a\xf2\x03\x8e\xf2@\x06\xd6\x1f\xa0P\x16-\x1a\xa0\x19\xb8\xa1V4\xa9\xbc/\xf2\xf5\xad\xd7R\xaf}\xef\x93\x9d\xe2\x16Ghy\xd5\xe9U\xcfm\x10\x8aF\x1a\xf8\x01\x82ML\x80m\x8av]<\xf0\xfe\x1c\x1d\xf7~\xc1\x8e\xea1;h\xe7j\xcaE\xb2\xf5\xf6\xc4\xd5!Z\xda\xd2\xc3\xe3H\x99\x96j]\xe4\x82\xea\x15\xea\x89\r\xcf\xa8\x95t', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0) sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) 4.831224573s ago: executing program 3 (id=210): r0 = socket$inet6_udp(0xa, 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66643d0c79d3846101009049ca56f0a2f705fb78526dce", @ANYBLOB=',rootmode=00000000000000000040000,us', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) kexec_load(0x3, 0x2, &(0x7f00000005c0)=[{&(0x7f0000000100)="047715ac7141c111fab2fcda5de4dc8b278029bcb1bd17524f177856cac105f463c77e2d2ab44d875217dc82baa911f236f959fb9227524d4fe6b621a19823457d04c399283edbac755852623c82f7206d26e918a2981c8f68476969bf8c4bcd37ba24e4ba1683339879a11b854a7478f898805f327af12eaab8ac918c201b", 0x7f, 0x5, 0xffffffff}, {&(0x7f0000000340)="8c4e55be8948c65379def4df90ce301f71e7", 0x12, 0x100, 0x9}], 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000002840)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x20}, 0x1c, 0x0}}], 0x1, 0x14018891) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48001}, 0x4044050) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540), 0x82, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280), 0x80, 0x0) sendmmsg$alg(r3, &(0x7f0000007640)=[{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000740)="bd9c629b909dddebc0508bf412865663aded7919352b141faa7dc00680ce5a44ff1ed1c813c6c1e58e28c509cd269d0e79fff4d2ea4c1da69fa672c4f5eb15788aa929e9f5c94e443cf68a1759ee805958a7c76c8c7f11a39ea32c019c2f2c8cce48d92d659f623081974c0135dc1fe2a057f725a843c083e0620ffa607d3b9570a5b4094fca255491844b3d5cb63bab3d76ad07f9503d1450f1fb860b18ac983285f983e51262c539312073482f1538d9588323b836e6e2b7704dff3cbf89c2b828c7613310eafd664c946b1a6728154b1877257a8abe3d983344da083b86aee35e6b9b0d9307", 0xe7}], 0x1, &(0x7f00000008c0)=ANY=[@ANYBLOB="b800000000000000170100000252bc42e9735c24e919a432ebf20eb0a0ee39d005e869fe74b9842d9c92be0054aa20f9dbfeb8e59fa49c486a1a51c45c98c886185e506d1cf93255718fc79d6b6d1d434c678807c5ab4264c8ba94065d11d8ee27dd16f4a0342bed8a3c79acd4bb1f9f46ef28a63b329e09a86c62f907539c9af6f1b0bc00510c3b27f64245b6f4f80e00bca3d91538839a52c3c393aada6ed6155fa03c988b6658e106d043cc8652373dd8e2a700000000"], 0xb8, 0x40800}, {0x0, 0x0, &(0x7f0000003900)=[{&(0x7f00000009c0)="c2debd9e2d4617d17e01e704d3576f8b26b757ffa164a105efcaa28e5d52d4383258c148e95e4ee927dab4ba9cdbf4dbf6b0e19f8b7e9a95211ec6aedfd78a09200b7076afabdae9c87c6837e202845b6cf3ac6b728856d66eef286087e0154a40c153e5fe7505615fb53b33f629928c80aeea7fd091180968d44cd4544b6bb4c116f4d6c4c3d148eb273bd4fa76ad8f709ed07bd2a91564fc364f1b971b0e005fe1d24f1b0d7f157b695c625cc39aac2d6f07b11d926c80", 0xb8}, {&(0x7f0000000ac0)="3fe4c8a3288f097706", 0x9}, {&(0x7f0000000b40)="86545d2157646172b815818bfd0e1457556266898579380233e0e3853e4a118a5a2bcc52eeea6b2dc4fc32c3f81f9b1d06cd70", 0x33}, {&(0x7f0000000b80)="0d4842ef613cd072196eae2d74d31c309df1c61a888039b1a23acbea852fb54afae1761845284c6e484aa5154a2b418ffe2ac1d6363010c9d8f2d75a71eb55849202714884c6a0a760f5e028016a68fc07407f5671a5a4a8c91e9d056039df63390376a7359c6fc2059d1e3ffeec1ff0f4c09099e8e61c268324d0fc621f6dc2912e4bd5316ff808ac5126ade9b759e1489c04a517e992d7b56d9df469c0c906000e0f82c089ec12677e7ade15e68a", 0xaf}, {&(0x7f0000000c40)="176d6b3905505e2a41391bf6fd66d8ad4ebc86e07694005204b0151bfa8dc581a5be209d8850a950791f10f76de79651272a11f6d7267276ff1596a47826a90a0b74b425d8ff2bbea5c5732f69a908c45b4b348abc24d2cd2031a9508ef8e3594bd12ebc38c466f76d6ff3618471f4f6574e1043766375eb889750ca25429f976089462bf1b689280ebc67640f4534eef4b7ffd85963bc5d8b114670c00f76cbdd722662dce5fc58daf323bf987ef7d646a99794c02b62b30e189691c4be9094ea58e9df52d9dbd9e0fae7a4", 0xcc}, {&(0x7f0000000d40)="7edb39aa76e39c9fc185dd49e1d028ba5e90ec3bb54d3c486f189f406945a495fe7b4ad51446c162f581368e4d711db9add53f7917e1dc55ae9543ea21d63f85d9a5a996f6fa32ead42a9b7e97a7ae1b4a8f76ff9321b4ec76606f9709bb57eda4e8c45e797ff2cabc03a3d03ca57b5239833610ac4306ac2a443c768b9365de67f9f9be49fe7d6f4d71abedeb55ab91ddd31154758fcaa8f25a56126152b9ba46d9bd4cd0d67de6fda9f72a37319681c1750045b363a3b90faecc5b5cbc0a241152a62edc2d081937058931cfb823591b49c610995a895f214c473e", 0xdc}], 0x6, 0x0, 0x0, 0xc0}], 0x2, 0x48040) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000840)={0x1, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) close(r0) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x0, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000) 4.32164125s ago: executing program 3 (id=211): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, r3, 0x0) read$FUSE(r3, &(0x7f0000002600)={0x2020}, 0x2020) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000020000/0x18000)=nil, 0x0, 0x0, 0x69, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 4.111588927s ago: executing program 3 (id=212): prlimit64(0x0, 0x6, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x2, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x1, 0x0) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x4081, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x70}, [@ldst={0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000640)='syzkaller\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/181, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x24}, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8) sched_setaffinity(0x0, 0x0, 0x0) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000001700)=0x4) socketpair$unix(0x1, 0x2, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 2.537295368s ago: executing program 3 (id=213): sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, 0x0, 0x0) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020660b, &(0x7f0000000340)={0x0, 0xffffffff000, 0x0, 0x0, 0x3, 0x0, [{0x8009, 0x0, 0xc022, '\x00', 0xb08}, {0x4, 0x6, 0x5, '\x00', 0x85}, {0x2, 0x7, 0x8, '\x00', 0x3082}]}) mkdirat(0xffffffffffffffff, &(0x7f0000000300)='./file0\x00', 0x102) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$sock_int(r2, 0x1, 0x9, &(0x7f0000000080)=0x114c, 0x4) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8801}, 0x10) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000a00000012000300686173683a6e65742c706f72740000002bd6a02725aac575faa9412a1ecaf5db4f0a183e800885de2a4a20a6dcba483c94ca5ca568198a14d27e147ba7e4df8bec690827187347ba1dc4ffc0ceea2e34804f17a74f800705f8580a62cb760fc8f9fcf1980e82b1ad60cd9d17086459ec72b2fc6a512933b99524"], 0x4c}}, 0x6) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYBLOB="5c000000090601ffffffffffffffff00070000000900020073797a31000000000500010007000000340007801800018014000240fe8000000000000000000000000000bb060004400e1f00000500070088000000060005404e2200002f62557efd6ee1b0ebe837afc8fa6168aa0e4358050441304ed12ae2852e9168b0db8d5cd9d32f0ee758c0aabb2c2c7fb71acc1baf277104b7f5aa587406f6"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 2.456918801s ago: executing program 1 (id=214): prctl$PR_SET_VMA(0x23, 0x0, &(0x7f000098b000/0x2000)=nil, 0x2000, &(0x7f0000000040)='))$/^\x00') syz_mount_image$vfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x808410, &(0x7f0000000080)=ANY=[@ANYBLOB="666c7573682c757466383d312c6e6f6e756d7461696c3d302c726f6469722c757466383d312c6e6f6e756d7461696c3d302c73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c756e695f786c6174653d302c757466383d312c756e695f786c6174653d302c757466383d312c756e695f786c6174653d312c6e6f6e756d7461696c3d302c646f733178666c6f7070792c726f6469722c756e695f786c6174653d312c71756965742c00c8702cc583177e7c953d2b6c6e43b73645f2acb80cc28520c3cd61e54370886d9caa3a1ec165ec59309153922716cb0f95f435e2af"], 0x1, 0x2fc, &(0x7f0000000180)="$eJzs3c1rE00cwPFf3pP26ZMeHh5EFIYKokiXJuDNg0VaEANK2whWELZ2qyHbpGRDISK2B8GrZw89eBRBBG9eRLz24l/g262X3ixaXNnsbpoma5pW+v79HJrpzu+3M7sz2y7TZrNy6elsccbSftpRkR/S0C9hiXjlRTn/Yenz6fH3/7jfKzU6PJHJKhUWkdsPXw68q/befPPv24Qs999ZWc1+Wz41IfJr4r6EVcFSJdu2bTVVLldDTvJ0wSpqSt0wDd0yVKFkGZWq0uv1+pRpqBmzPDdXU3ppuq9nrmJYltJLNVU0aqpaVtVKTen39EJJaZqm+noE9cHyhdvqQp0S8y/WbFtWnQFKLIpt2wHRi34h5r0m/q6zOEhaxr9jbNvkiOxmz7AX1uxoY/zjW4w/jh73+v/yrJvrH0fP+K3Ja8O53MiYUkmR2Sfz+fm8++rWf+qVgphiyNLYhcl1ceaIR0LO19GruZEhVdcvZ2cXvPyF+bz7y2F4xsvPSNq5T2nKFz8/4+arzfkx6ann1283DMlKWv4Lzs/6+RJuyo/LuTNN7WuSlo93pSymTIuTu5H/KKPUleu5lvZT9TgAAAAAAAAAAA4jTTVsrN+HGn/qTWlaov4fH436lLPZiXMDGuvrQ5KW9eD1+aHA9f2onIzu44EDAAAAAHCMWLUHRd00jcruFCLPUx2aiImIUxB5POB0puMO//d63F3rcRFpr4p0bmJTIXXRbe/VmNcx2c0TtcNCWESat7hv1nAO3nztx6QkKD28rQkwGA8888k9PWTpJliSO5vYia6nVmshtO5vOREYY4e23o+tmzF3i39hbtX65W1dDn8sJFtP1OBXd79mhx8a3xtLfAAAAAAOkY27/9h+dwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGNrRw8P85/bv7lKvI+Ib38kW+vnxPPcfwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH0O8AAAD//yN5sFk=") syz_emit_ethernet(0x17b, &(0x7f0000000200)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaa0086dd60"], 0x0) r0 = socket$nl_rdma(0x10, 0x3, 0x14) r1 = syz_open_dev$tty1(0xc, 0x4, 0x2) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000a00)='./bus\x00', 0x200000, &(0x7f0000000540)={[{@dioread_nolock}, {@resuid}, {@journal_dev={'journal_dev', 0x3d, 0x2}}, {@noblock_validity}]}, 0x3, 0x480, &(0x7f0000000a40)="$eJzs3M9vFFUcAPDvTLsFBGxF/MEPtYrGBrWlgMrBgxpNPGBiogeMp6YtBCnU0JoIIQrG4MkYE+/Go/+CJ70YoxcTr3o3JMT0AnhxzezOtLtld8u2225lP59k4L2dmX3f78683TfzdhtAzxrO/kkidkTEHxExWK3WbzBc/e/mwqXJWwuXJpMol9/+O6lsd2Ph0mSxabHf9rwykkaknyWxr0G7cxcunpmYmZk+n9fH5s9+MDZ34eJzp89OnJo+NX3u8LFjR4+Mv/jC4ecbBz7QXp5ZTDf2fjy7f88b73715vEv6vJflkeHDLda+VS53OHmumtnTTnp72IgtKUvIrLDVar0/8Hoi6WDNxivf9rV4IB1VS6Xy9ubr75cBu5iSdTXdXnoFcUHfXb9WyzLBwEvr9/wo+uuv1K9AMryvpkv1TX9kebblJZd33bScEScuPzPN9kSbd+HaPMmCABARPyQjX+ebTT+S+PBmu3uzeeGhiLivojYFRH3R8TuiHggorLtQxHxcGXPWBw7rWT5JMnt45/02poSXEE2/nspn9uqH/8tZjDUl9d2VvIvJSdPz0wfyl+TkShtyerjLdr48bXfv2y2rnb8ly1Z+8VYMI/jWv+W+n2mJuYn1pJzretXIvb2F7nW5p8szgQkEbEnIvauso3TB7/b32zdyvm30IF5pvK3EU9Xj//lWKjPv5C0np8c2xoz04fGirPidr/8dvWtJs1XXvgTB1eZfwdkx/+ehuf/Yv5DSe187Vz7bVz98/Om1zSrPf8Hkncq5eIK6KOJ+fnz4xEDyfFq0LWPH17at6gX22f5jxxo3P93xdIrsS8ispP4kYh4NCIey2N/PCKeiIgDLfL/+dUn32+4Il3j+d8BWf5TbR3/pcJALH+kcaHvzE/f1zU6tFTM87/V+vgfrZRG8kfu5P3vTuJa3dkMAAAA/z9pROyIJB1dLKfp6Gj1+/K7I9KZ2bn5Z07OfnhuqvobgaEopcWdrsGa+6Hj+WV9tX4lIqpfLSjWH8nvG3/dt61SH52cnZnqdvLQ47Y36f+Zv/q6HR2w7vxeC3qX/g+9q1H/39qFOICN5/MfeleD/r+tG3EAG6/R5/8nrXf5d71iATbWsv5v2g96SPvX/7++ty6BABuuaf+/m//yD1Dh/j/0pLltsfKP5FsWimda5e6bpZBEREefMEqbIq+1F8pJw4MbaVYobYYIFdah0N33JQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgE75LwAA//8YzNth") socket$inet_mptcp(0x2, 0x1, 0x106) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_open_dev$video4linux(0x0, 0x0, 0x0) r5 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) write$dsp(r5, 0x0, 0x58) ioctl$VIDIOC_G_STD(r5, 0x80085617, &(0x7f0000000480)) bind$inet(0xffffffffffffffff, 0x0, 0x0) munmap(&(0x7f0000002000/0x4000)=nil, 0x4000) bpf$MAP_CREATE(0x0, 0x0, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r6, 0xc0c0583b, &(0x7f0000001f40)={0x0, 0x2904c, 0x29, 0x10003, '\x00', [{0x0, 0x5, 0x0, 0xffffffffffffffff}, {0xffffffff, 0x0, 0x9, 0xa}]}) ioctl$KDSETMODE(r1, 0x4b45, 0x3) sendmsg$RDMA_NLDEV_CMD_GET_CHARDEV(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000000f14"], 0x24}}, 0x20004840) 1.492073881s ago: executing program 1 (id=215): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r5, 0x0, 0xf3a, 0x0) read$FUSE(r4, &(0x7f0000000180)={0x2020}, 0x2020) write(r2, 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0xcf7a}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, 0x0, 0x0) 1.400081594s ago: executing program 0 (id=216): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r0 = getpgrp(0x0) sched_setaffinity(r0, 0x0, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 1.319824207s ago: executing program 2 (id=217): prlimit64(0x0, 0x6, 0x0, 0x0) r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, r0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8c}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpgrp(0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000040)=0x10000005) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x2, 0x0) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000000)=0x3) r3 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x1, 0x0) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x14, 0x70}, [@ldst={0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000640)='syzkaller\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/181, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x24}, 0x48) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mlock2(&(0x7f000000e000/0x1000)=nil, 0x1000, 0x0) 47.549668ms ago: executing program 2 (id=218): syz_mount_image$reiserfs(&(0x7f0000000100), &(0x7f0000000a00)='./file1\x00', 0x1000098, &(0x7f00000002c0), 0xfe, 0x10fd, &(0x7f0000006200)="$eJzs2LFqFFEUBuD/zmyEVCs3/RDQQkGCYX2BFArbWFgLFouVnVsp+zg+jqSyD3mAFAF7ZWYcs4UgYZcEwvfBMJyfuffMLc8NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9GbJoyRHTVKnrElSkq47X14m6ab88fe2Scm7j8v168+LN+vxs/RZk9KvGup6+qTURV3U0/rq6OxpXX/5+qndalnS5eJ6szp8e7XXo/S9273uCAAAAA/Dr53Nbzb7cB/9AQAAgP/Z62UCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwA4OktSpaJKUpOvOl5dJuvv9NQAAAGBHJU3ez/+Vj9cAN17kx7wM+eTnULzMt3H989t3P7j9EgAAAHigytY8/iyzv3N5nx1nlpOTsf7zytVZ0g6TeXK4tc/F9WY1PMebVbnrQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBvduBYAAAAAECYv3UaHRsAAAAAAAAAAAAAAAAAwFABAAD//9Of0YA=") syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_int(r0, 0x0, 0x2, 0x0) syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x86, 0x0, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) removexattr(0x0, &(0x7f00000000c0)=@known='security.apparmor\x00') 0s ago: executing program 1 (id=219): timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r3 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x103001, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r3, 0xc0184800, &(0x7f0000000100)={0x4, r2}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) ioctl$DMA_BUF_SET_NAME_A(r4, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') ioctl$DMA_BUF_IOCTL_SYNC(r4, 0x40086200, &(0x7f0000000540)=0x1) fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x8000, 0xcf7a}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x0, 0x3938700}}, 0x0) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.0.183' (ED25519) to the list of known hosts. [ 73.276169][ T5758] cgroup: Unknown subsys name 'net' [ 73.384336][ T5758] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 74.708306][ T5758] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 76.792570][ T5786] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 76.801669][ T5786] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 76.806694][ T5782] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 76.809564][ T5786] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 76.824336][ T5786] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 76.832222][ T5786] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 76.840118][ T5786] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 76.843336][ T5785] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 76.849376][ T5778] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 76.856904][ T5783] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 76.862712][ T5778] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 76.876983][ T5778] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 76.877706][ T5785] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 76.892311][ T5783] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 76.894322][ T5786] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 76.908191][ T5785] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 76.908570][ T5786] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 76.923445][ T5785] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 76.923989][ T5786] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 76.938657][ T5783] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 76.947116][ T5786] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 76.955064][ T5786] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 76.955129][ T5783] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 76.971858][ T5086] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 77.365351][ T5773] chnl_net:caif_netlink_parms(): no params data found [ 77.441848][ T5772] chnl_net:caif_netlink_parms(): no params data found [ 77.477244][ T5770] chnl_net:caif_netlink_parms(): no params data found [ 77.514603][ T5771] chnl_net:caif_netlink_parms(): no params data found [ 77.550051][ T5773] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.557237][ T5773] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.566560][ T5773] bridge_slave_0: entered allmulticast mode [ 77.573744][ T5773] bridge_slave_0: entered promiscuous mode [ 77.617362][ T5773] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.624803][ T5773] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.632072][ T5773] bridge_slave_1: entered allmulticast mode [ 77.638868][ T5773] bridge_slave_1: entered promiscuous mode [ 77.688188][ T5773] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.716799][ T5773] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 77.726184][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.733794][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.741385][ T5772] bridge_slave_0: entered allmulticast mode [ 77.751033][ T5772] bridge_slave_0: entered promiscuous mode [ 77.777324][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.784565][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.792186][ T5772] bridge_slave_1: entered allmulticast mode [ 77.798976][ T5772] bridge_slave_1: entered promiscuous mode [ 77.867256][ T5770] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.874625][ T5770] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.884239][ T5770] bridge_slave_0: entered allmulticast mode [ 77.891114][ T5770] bridge_slave_0: entered promiscuous mode [ 77.900798][ T5770] bridge0: port 2(bridge_slave_1) entered blocking state [ 77.908023][ T5770] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.915216][ T5770] bridge_slave_1: entered allmulticast mode [ 77.922475][ T5770] bridge_slave_1: entered promiscuous mode [ 77.938874][ T5773] team0: Port device team_slave_0 added [ 77.945172][ T5771] bridge0: port 1(bridge_slave_0) entered blocking state [ 77.952805][ T5771] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.960703][ T5771] bridge_slave_0: entered allmulticast mode [ 77.967411][ T5771] bridge_slave_0: entered promiscuous mode [ 77.986260][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 77.999519][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.012624][ T5773] team0: Port device team_slave_1 added [ 78.030189][ T5771] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.037378][ T5771] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.045862][ T5771] bridge_slave_1: entered allmulticast mode [ 78.053253][ T5771] bridge_slave_1: entered promiscuous mode [ 78.103083][ T5770] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.115473][ T5770] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.133626][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.141081][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.167333][ T5773] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.200846][ T5772] team0: Port device team_slave_0 added [ 78.216907][ T5773] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.223950][ T5773] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.250866][ T5773] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.271322][ T5771] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.284087][ T5771] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.294542][ T5772] team0: Port device team_slave_1 added [ 78.303838][ T5770] team0: Port device team_slave_0 added [ 78.313256][ T5770] team0: Port device team_slave_1 added [ 78.394231][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.401467][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.428151][ T5770] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.442590][ T5771] team0: Port device team_slave_0 added [ 78.449870][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.456858][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.483317][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.496363][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.504076][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.529995][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.548059][ T5770] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.555040][ T5770] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.581923][ T5770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.595451][ T5771] team0: Port device team_slave_1 added [ 78.613593][ T5773] hsr_slave_0: entered promiscuous mode [ 78.621023][ T5773] hsr_slave_1: entered promiscuous mode [ 78.688055][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.695025][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.721258][ T5771] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.771768][ T5770] hsr_slave_0: entered promiscuous mode [ 78.778780][ T5770] hsr_slave_1: entered promiscuous mode [ 78.784988][ T5770] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.795700][ T5770] Cannot create hsr debugfs directory [ 78.802052][ T5771] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.809301][ T5771] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.835324][ T5771] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.858162][ T5772] hsr_slave_0: entered promiscuous mode [ 78.864699][ T5772] hsr_slave_1: entered promiscuous mode [ 78.871213][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 78.879207][ T5772] Cannot create hsr debugfs directory [ 78.968436][ T5786] Bluetooth: hci3: command tx timeout [ 78.974130][ T5786] Bluetooth: hci2: command tx timeout [ 78.984084][ T5771] hsr_slave_0: entered promiscuous mode [ 78.991843][ T5771] hsr_slave_1: entered promiscuous mode [ 78.998195][ T5771] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 79.005803][ T5771] Cannot create hsr debugfs directory [ 79.048052][ T5786] Bluetooth: hci0: command tx timeout [ 79.060113][ T5786] Bluetooth: hci1: command tx timeout [ 79.322096][ T5770] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 79.334973][ T5770] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 79.347503][ T5770] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 79.362309][ T5770] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 79.431893][ T5773] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 79.450441][ T5773] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 79.462907][ T5773] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 79.486549][ T5773] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 79.538578][ T5772] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 79.548897][ T5772] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 79.585626][ T5772] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 79.595140][ T5772] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 79.728357][ T5771] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 79.745738][ T5770] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.755600][ T5771] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 79.767069][ T5771] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 79.776505][ T5771] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 79.813630][ T5770] 8021q: adding VLAN 0 to HW filter on device team0 [ 79.832609][ T4282] bridge0: port 1(bridge_slave_0) entered blocking state [ 79.839925][ T4282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 79.868227][ T4282] bridge0: port 2(bridge_slave_1) entered blocking state [ 79.875413][ T4282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 79.919232][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.950101][ T5773] 8021q: adding VLAN 0 to HW filter on device bond0 [ 79.976298][ T5772] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.018494][ T5773] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.034560][ T4282] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.041725][ T4282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.053062][ T4282] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.060316][ T4282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.077347][ T4274] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.084558][ T4274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.111782][ T4274] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.118994][ T4274] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.282479][ T5771] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.363346][ T5771] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.435992][ T4282] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.443210][ T4282] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.480323][ T4282] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.487581][ T4282] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.625021][ T5770] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.710711][ T5773] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.759269][ T5770] veth0_vlan: entered promiscuous mode [ 80.774134][ T5770] veth1_vlan: entered promiscuous mode [ 80.862129][ T5770] veth0_macvtap: entered promiscuous mode [ 80.892083][ T5773] veth0_vlan: entered promiscuous mode [ 80.901786][ T5770] veth1_macvtap: entered promiscuous mode [ 80.921295][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.946379][ T5773] veth1_vlan: entered promiscuous mode [ 80.988640][ T5771] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 81.016929][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.047833][ T5781] Bluetooth: hci3: command tx timeout [ 81.053398][ T5786] Bluetooth: hci2: command tx timeout [ 81.064933][ T5770] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.076027][ T5773] veth0_macvtap: entered promiscuous mode [ 81.092931][ T5770] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.102550][ T5770] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.111787][ T5770] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.122200][ T5770] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.131146][ T5781] Bluetooth: hci0: command tx timeout [ 81.136679][ T5786] Bluetooth: hci1: command tx timeout [ 81.186842][ T5772] veth0_vlan: entered promiscuous mode [ 81.195345][ T5773] veth1_macvtap: entered promiscuous mode [ 81.259671][ T4274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.270180][ T4274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.282523][ T5772] veth1_vlan: entered promiscuous mode [ 81.306233][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.317581][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.329992][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.345741][ T5773] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.358787][ T5773] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.371976][ T5773] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.393817][ T4282] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.406319][ T4282] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.411082][ T5771] veth0_vlan: entered promiscuous mode [ 81.425112][ T5773] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.434699][ T5773] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.444801][ T5773] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.454238][ T5773] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 81.481065][ T5772] veth0_macvtap: entered promiscuous mode [ 81.496067][ T5771] veth1_vlan: entered promiscuous mode [ 81.524098][ T5772] veth1_macvtap: entered promiscuous mode [ 81.638455][ T4274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.646332][ T4274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.686569][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.707965][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.719024][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 81.730370][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.742371][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 81.770659][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 81.773832][ T5771] veth0_macvtap: entered promiscuous mode [ 81.784824][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 81.820534][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.831925][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.845750][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 81.862397][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 81.874847][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 81.896641][ T5771] veth1_macvtap: entered promiscuous mode [ 81.967925][ T5772] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.015275][ T5772] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.051391][ T5772] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.076522][ T5772] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 82.352829][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.385273][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.403044][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.506369][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.612183][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 82.637620][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.679803][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 82.690943][ T5843] syz.2.3[5843]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.724036][ T5843] loop2: detected capacity change from 0 to 128 [ 82.791425][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.822657][ T5774] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 82.839327][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.867611][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.867653][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 82.867663][ T5771] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 82.867674][ T5771] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 84.147587][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 84.274672][ T5786] Bluetooth: hci2: command tx timeout [ 84.274719][ T5786] Bluetooth: hci3: command tx timeout [ 84.274747][ T5786] Bluetooth: hci1: command tx timeout [ 84.274775][ T5786] Bluetooth: hci0: command tx timeout [ 84.291894][ T5771] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.301015][ T5771] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.301083][ T5771] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.301110][ T5771] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.301136][ T5771] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.304849][ T5850] loop2: detected capacity change from 0 to 512 [ 84.329769][ T5850] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 84.346392][ T5850] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 84.548302][ T4274] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.556163][ T4274] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.571019][ T5850] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 84.606413][ T5850] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:478: comm syz.2.3: Invalid block bitmap block 0 in block_group 0 [ 84.633747][ T5850] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 84.666391][ T5850] EXT4-fs error (device loop2): ext4_clear_blocks:883: inode #11: comm syz.2.3: attempt to clear invalid blocks 983261 len 1 [ 84.693812][ T5850] EXT4-fs error (device loop2): __ext4_get_inode_loc:4496: comm syz.2.3: Invalid inode table block 0 in block_group 0 [ 84.723165][ T1131] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.740016][ T5850] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 84.768008][ T5850] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 84.769475][ T1131] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.798282][ T5850] EXT4-fs error (device loop2): __ext4_get_inode_loc:4496: comm syz.2.3: Invalid inode table block 0 in block_group 0 [ 84.829106][ T5850] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 84.852732][ T5850] EXT4-fs error (device loop2): ext4_truncate:4301: inode #11: comm syz.2.3: mark_inode_dirty error [ 84.906489][ T5850] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 84.926999][ T5850] EXT4-fs error (device loop2): __ext4_get_inode_loc:4496: comm syz.2.3: Invalid inode table block 0 in block_group 0 [ 84.943469][ T1131] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.960869][ T1131] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.982706][ T5850] EXT4-fs (loop2): 1 truncate cleaned up [ 84.993984][ T5850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.081781][ T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.133350][ T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.183382][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 87.575794][ T786] cfg80211: failed to load regulatory.db [ 87.576702][ T5781] Bluetooth: hci0: command tx timeout [ 87.587626][ T5786] Bluetooth: hci1: command tx timeout [ 87.587643][ T51] Bluetooth: hci3: command tx timeout [ 87.593018][ T5786] Bluetooth: hci2: command tx timeout [ 90.912835][ T5876] loop3: detected capacity change from 0 to 1024 [ 91.103488][ T5876] VFS: Lookup of 'file0' in hfsplus loop3 would have caused loop [ 91.128557][ T5876] VFS: Lookup of 'file0' in hfsplus loop3 would have caused loop [ 91.204557][ T42] hfsplus: b-tree write err: -5, ino 3 [ 92.721858][ T5882] loop2: detected capacity change from 0 to 256 [ 94.387570][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 94.610566][ T5890] loop0: detected capacity change from 0 to 128 [ 94.785115][ T5890] loop0: detected capacity change from 0 to 512 [ 94.819610][ T5890] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 94.857068][ T5890] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 94.891193][ T5890] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:478: comm syz.0.11: Invalid block bitmap block 0 in block_group 0 [ 94.927103][ T5890] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6655: Corrupt filesystem [ 94.964144][ T5890] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #11: comm syz.0.11: attempt to clear invalid blocks 983261 len 1 [ 95.007783][ T5890] EXT4-fs error (device loop0): __ext4_get_inode_loc:4496: comm syz.0.11: Invalid inode table block 0 in block_group 0 [ 95.031280][ T5890] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 95.056259][ T5890] EXT4-fs error (device loop0) in ext4_orphan_del:303: Corrupt filesystem [ 95.069751][ T5890] EXT4-fs error (device loop0): __ext4_get_inode_loc:4496: comm syz.0.11: Invalid inode table block 0 in block_group 0 [ 95.096402][ T5890] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5939: Corrupt filesystem [ 95.136493][ T5890] EXT4-fs error (device loop0): ext4_truncate:4301: inode #11: comm syz.0.11: mark_inode_dirty error [ 95.160124][ T5890] EXT4-fs error (device loop0) in ext4_process_orphan:345: Corrupt filesystem [ 95.177991][ T5890] EXT4-fs error (device loop0): __ext4_get_inode_loc:4496: comm syz.0.11: Invalid inode table block 0 in block_group 0 [ 95.201847][ T5890] EXT4-fs (loop0): 1 truncate cleaned up [ 95.218854][ T5890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 96.032634][ T5904] process 'syz.2.18' launched './file1' with NULL argv: empty string added [ 96.244254][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 98.272784][ T5915] FAULT_INJECTION: forcing a failure. [ 98.272784][ T5915] name failslab, interval 1, probability 0, space 0, times 1 [ 98.311257][ T5915] CPU: 0 PID: 5915 Comm: syz.0.19 Not tainted syzkaller #0 [ 98.318522][ T5915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 98.328613][ T5915] Call Trace: [ 98.331919][ T5915] [ 98.334867][ T5915] dump_stack_lvl+0x18c/0x250 [ 98.339591][ T5915] ? show_regs_print_info+0x20/0x20 [ 98.344915][ T5915] ? load_image+0x420/0x420 [ 98.349456][ T5915] ? __might_sleep+0xe0/0xe0 [ 98.354070][ T5915] ? __lock_acquire+0x7d80/0x7d80 [ 98.359119][ T5915] should_fail_ex+0x394/0x4c0 [ 98.363981][ T5915] should_failslab+0x9/0x20 [ 98.368481][ T5915] slab_pre_alloc_hook+0x59/0x300 [ 98.373511][ T5915] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 98.379228][ T5915] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 98.384983][ T5915] __kmem_cache_alloc_node+0x53/0x250 [ 98.390360][ T5915] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 98.396077][ T5915] __kmalloc+0xa7/0x240 [ 98.400254][ T5915] tomoyo_realpath_from_path+0xe6/0x5c0 [ 98.405832][ T5915] ? tomoyo_domain+0xd6/0x120 [ 98.410523][ T5915] tomoyo_path_number_perm+0x248/0x5e0 [ 98.415981][ T5915] ? tomoyo_path_number_perm+0x217/0x5e0 [ 98.421609][ T5915] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 98.427064][ T5915] ? ksys_write+0x1d2/0x260 [ 98.431859][ T5915] ? __fget_files+0x28/0x460 [ 98.436457][ T5915] security_file_ioctl+0x70/0xa0 [ 98.441402][ T5915] __se_sys_ioctl+0x48/0x170 [ 98.446077][ T5915] do_syscall_64+0x55/0xb0 [ 98.450513][ T5915] ? clear_bhb_loop+0x40/0x90 [ 98.455184][ T5915] ? clear_bhb_loop+0x40/0x90 [ 98.459878][ T5915] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 98.465789][ T5915] RIP: 0033:0x7f58cbb9ce59 [ 98.470202][ T5915] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 98.489903][ T5915] RSP: 002b:00007f58cca6d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 98.498332][ T5915] RAX: ffffffffffffffda RBX: 00007f58cbe15fa0 RCX: 00007f58cbb9ce59 [ 98.506310][ T5915] RDX: 0000200000000340 RSI: 00000000c1105517 RDI: 0000000000000003 [ 98.514296][ T5915] RBP: 00007f58cca6d090 R08: 0000000000000000 R09: 0000000000000000 [ 98.522266][ T5915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 98.530231][ T5915] R13: 00007f58cbe16038 R14: 00007f58cbe15fa0 R15: 00007ffe3b6fd9b8 [ 98.538212][ T5915] [ 98.612934][ T5915] ERROR: Out of memory at tomoyo_realpath_from_path. [ 133.133186][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.139777][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 164.823022][ T5934] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 164.952911][ T5941] netlink: 'syz.1.22': attribute type 7 has an invalid length. [ 164.966283][ T5941] netlink: 'syz.1.22': attribute type 5 has an invalid length. [ 164.977080][ T5941] netlink: 17 bytes leftover after parsing attributes in process `syz.1.22'. [ 165.168712][ T5777] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 165.267747][ T5844] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 165.421856][ T5777] usb 3-1: config 1 has an invalid interface number: 121 but max is 0 [ 165.432009][ T5777] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 165.442847][ T5777] usb 3-1: config 1 has no interface number 0 [ 165.449421][ T5777] usb 3-1: config 1 interface 121 has no altsetting 0 [ 165.466440][ T5777] usb 3-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 165.476014][ T5777] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 165.484138][ T5777] usb 3-1: Manufacturer: syz [ 165.550124][ T5844] usb 1-1: Using ep0 maxpacket: 32 [ 165.553910][ T5777] usb 3-1: bad CDC descriptors [ 165.579423][ T5777] usb 3-1: bad CDC descriptors [ 165.768121][ T5844] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 165.795640][ T5844] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 165.812494][ T5844] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 165.832197][ T5844] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 165.842911][ T5844] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 165.864562][ T5844] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 165.881666][ T5844] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 165.891791][ T5844] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.895667][ T5950] Bluetooth: MGMT ver 1.22 [ 165.909125][ T5844] usb 1-1: config 0 descriptor?? [ 166.141483][ T5844] usblp 1-1:0.0: usblp0: USB Bidirectional printer dev 2 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 166.141807][ T5935] loop0: detected capacity change from 0 to 512 [ 166.234937][ T5935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 166.403590][ T5949] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 166.497385][ T28] audit: type=1326 audit(1782009999.059:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5948 comm="syz.3.27" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f609ef9ce59 code=0x0 [ 166.511143][ T5960] loop1: detected capacity change from 0 to 1024 [ 167.037423][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 167.267421][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 167.287438][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 167.327428][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 167.507435][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 167.980104][ T5777] usb 3-1: USB disconnect, device number 2 [ 168.068835][ T23] usb 1-1: USB disconnect, device number 2 [ 168.108150][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 168.109812][ T23] usblp0: removed [ 168.360557][ T5975] loop0: detected capacity change from 0 to 1024 [ 169.070474][ T5975] hfsplus: xattr searching failed [ 169.263639][ T5983] loop2: detected capacity change from 0 to 1024 [ 169.363734][ T5985] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 169.491753][ T5986] netlink: 'syz.0.37': attribute type 7 has an invalid length. [ 169.505000][ T5986] netlink: 'syz.0.37': attribute type 5 has an invalid length. [ 169.518275][ T5986] netlink: 17 bytes leftover after parsing attributes in process `syz.0.37'. [ 170.706154][ T5997] ======================================================= [ 170.706154][ T5997] WARNING: The mand mount option has been deprecated and [ 170.706154][ T5997] and is ignored by this kernel. Remove the mand [ 170.706154][ T5997] option from the mount to silence this warning. [ 170.706154][ T5997] ======================================================= [ 170.804118][ T6000] loop1: detected capacity change from 0 to 512 [ 170.821832][ T5817] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 170.933316][ T6000] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 171.017893][ T5817] usb 4-1: config 1 has an invalid interface number: 121 but max is 0 [ 171.026117][ T5817] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 171.081489][ T5817] usb 4-1: config 1 has no interface number 0 [ 171.099322][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 171.110857][ T5817] usb 4-1: config 1 interface 121 has no altsetting 0 [ 171.129660][ T5817] usb 4-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 171.139340][ T5817] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 171.147380][ T5817] usb 4-1: Manufacturer: syz [ 171.177808][ T5817] usb 4-1: bad CDC descriptors [ 171.190510][ T5817] usb 4-1: bad CDC descriptors [ 172.142160][ T6011] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 172.226165][ T6022] loop0: detected capacity change from 0 to 1024 [ 172.311814][ T6022] hfsplus: xattr searching failed [ 172.468146][ T6027] loop0: detected capacity change from 0 to 1024 [ 173.000014][ T28] audit: type=1326 audit(1782010005.569:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6023 comm="syz.2.46" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3c699ce59 code=0x0 [ 173.945951][ T5777] usb 4-1: USB disconnect, device number 2 [ 174.154848][ T6043] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 174.287918][ T6045] netlink: 'syz.3.52': attribute type 7 has an invalid length. [ 174.295551][ T6045] netlink: 'syz.3.52': attribute type 5 has an invalid length. [ 174.351805][ T6045] netlink: 17 bytes leftover after parsing attributes in process `syz.3.52'. [ 175.736962][ T6058] loop0: detected capacity change from 0 to 1024 [ 176.718041][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 176.848341][ T8] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 177.096514][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.140884][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.173975][ T8] usb 2-1: config 1 interface 1 has no altsetting 1 [ 177.202920][ T8] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 177.217803][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.225942][ T8] usb 2-1: Product: syz [ 177.240682][ T8] usb 2-1: Manufacturer: syz [ 177.245339][ T8] usb 2-1: SerialNumber: syz [ 177.282372][ T8] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 177.306435][ T8] cdc_ncm 2-1:1.0: bind() failure [ 177.320600][ T8] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 177.332993][ T8] cdc_ncm 2-1:1.1: bind() failure [ 177.359509][ T6071] loop2: detected capacity change from 0 to 1024 [ 177.433330][ T6071] hfsplus: xattr searching failed [ 177.516903][ T5817] usb 2-1: USB disconnect, device number 2 [ 177.727648][ T6077] loop2: detected capacity change from 0 to 512 [ 177.783848][ T6077] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.825822][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.867485][ T8] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 178.059415][ T8] usb 4-1: config 1 has an invalid interface number: 121 but max is 0 [ 178.077524][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 178.089433][ T8] usb 4-1: config 1 has no interface number 0 [ 178.095652][ T8] usb 4-1: config 1 interface 121 has no altsetting 0 [ 178.104526][ T8] usb 4-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 178.114006][ T8] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 178.122533][ T8] usb 4-1: Manufacturer: syz [ 178.143948][ T8] usb 4-1: bad CDC descriptors [ 178.154732][ T8] usb 4-1: bad CDC descriptors [ 178.283937][ T28] audit: type=1326 audit(1782010010.849:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6085 comm="syz.2.62" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3c699ce59 code=0x0 [ 178.325102][ T6095] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 178.336054][ T6095] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 178.376196][ T6095] FAULT_INJECTION: forcing a failure. [ 178.376196][ T6095] name failslab, interval 1, probability 0, space 0, times 0 [ 178.389316][ T6095] CPU: 0 PID: 6095 Comm: syz.1.63 Not tainted syzkaller #0 [ 178.396532][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 178.406599][ T6095] Call Trace: [ 178.409928][ T6095] [ 178.412865][ T6095] dump_stack_lvl+0x18c/0x250 [ 178.417581][ T6095] ? show_regs_print_info+0x20/0x20 [ 178.422803][ T6095] ? load_image+0x420/0x420 [ 178.427325][ T6095] ? __might_sleep+0xe0/0xe0 [ 178.432025][ T6095] ? __lock_acquire+0x7d80/0x7d80 [ 178.437170][ T6095] should_fail_ex+0x394/0x4c0 [ 178.441860][ T6095] should_failslab+0x9/0x20 [ 178.446470][ T6095] slab_pre_alloc_hook+0x59/0x300 [ 178.451499][ T6095] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 178.457212][ T6095] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 178.462943][ T6095] __kmem_cache_alloc_node+0x53/0x250 [ 178.468367][ T6095] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 178.474100][ T6095] __kmalloc+0xa7/0x240 [ 178.478257][ T6095] tomoyo_realpath_from_path+0xe6/0x5c0 [ 178.483805][ T6095] ? tomoyo_domain+0xd6/0x120 [ 178.488484][ T6095] tomoyo_path_number_perm+0x248/0x5e0 [ 178.493946][ T6095] ? tomoyo_path_number_perm+0x217/0x5e0 [ 178.499578][ T6095] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 178.505059][ T6095] ? __fget_files+0x28/0x460 [ 178.509656][ T6095] security_file_ioctl+0x70/0xa0 [ 178.514592][ T6095] __se_sys_ioctl+0x48/0x170 [ 178.519185][ T6095] do_syscall_64+0x55/0xb0 [ 178.523605][ T6095] ? clear_bhb_loop+0x40/0x90 [ 178.528276][ T6095] ? clear_bhb_loop+0x40/0x90 [ 178.532949][ T6095] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 178.538845][ T6095] RIP: 0033:0x7f4eb739ce59 [ 178.543267][ T6095] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 178.562876][ T6095] RSP: 002b:00007f4eb82bf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 178.571294][ T6095] RAX: ffffffffffffffda RBX: 00007f4eb7616090 RCX: 00007f4eb739ce59 [ 178.579265][ T6095] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 178.587235][ T6095] RBP: 00007f4eb82bf090 R08: 0000000000000000 R09: 0000000000000000 [ 178.595207][ T6095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 178.603173][ T6095] R13: 00007f4eb7616128 R14: 00007f4eb7616090 R15: 00007ffe3c76a068 [ 178.611161][ T6095] [ 178.635174][ T6095] ERROR: Out of memory at tomoyo_realpath_from_path. [ 180.075004][ T6102] loop2: detected capacity change from 0 to 1024 [ 180.669129][ T5817] usb 4-1: USB disconnect, device number 3 [ 183.024512][ T6116] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 183.102260][ T6116] netlink: 'syz.1.69': attribute type 7 has an invalid length. [ 183.122844][ T6116] netlink: 'syz.1.69': attribute type 5 has an invalid length. [ 183.131291][ T6116] netlink: 17 bytes leftover after parsing attributes in process `syz.1.69'. [ 184.279073][ T6128] loop2: detected capacity change from 0 to 1024 [ 186.347497][ T2132] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 187.223353][ T2132] usb 3-1: config 1 has an invalid interface number: 121 but max is 0 [ 187.242261][ T2132] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 187.268541][ T2132] usb 3-1: config 1 has no interface number 0 [ 187.284998][ T2132] usb 3-1: config 1 interface 121 has no altsetting 0 [ 187.296515][ T2132] usb 3-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 187.317193][ T2132] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 187.341680][ T2132] usb 3-1: Manufacturer: syz [ 187.356522][ T28] audit: type=1326 audit(1782010019.889:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6135 comm="syz.1.74" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4eb739ce59 code=0x0 [ 187.381143][ T2132] usb 3-1: bad CDC descriptors [ 187.420449][ T2132] usb 3-1: bad CDC descriptors [ 187.488328][ T6153] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.506877][ T6153] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.572530][ T6154] sctp: [Deprecated]: syz.0.75 (pid 6154) Use of struct sctp_assoc_value in delayed_ack socket option. [ 187.572530][ T6154] Use struct sctp_sack_info instead [ 187.767705][ T2132] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 189.044419][ T5844] usb 3-1: USB disconnect, device number 3 [ 189.067466][ T2132] usb 1-1: Using ep0 maxpacket: 16 [ 189.074660][ T2132] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 189.085082][ T2132] usb 1-1: config 0 has no interface number 0 [ 189.106232][ T2132] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.150957][ T2132] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.177715][ T2132] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 189.192602][ T2132] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.220597][ T2132] usb 1-1: config 0 descriptor?? [ 189.334814][ T6164] FAULT_INJECTION: forcing a failure. [ 189.334814][ T6164] name failslab, interval 1, probability 0, space 0, times 0 [ 189.348082][ T6164] CPU: 0 PID: 6164 Comm: syz.3.79 Not tainted syzkaller #0 [ 189.355561][ T6164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 189.365629][ T6164] Call Trace: [ 189.368937][ T6164] [ 189.371885][ T6164] dump_stack_lvl+0x18c/0x250 [ 189.376588][ T6164] ? show_regs_print_info+0x20/0x20 [ 189.381807][ T6164] ? load_image+0x420/0x420 [ 189.386328][ T6164] ? __might_sleep+0xe0/0xe0 [ 189.390941][ T6164] ? __lock_acquire+0x7d80/0x7d80 [ 189.395990][ T6164] should_fail_ex+0x394/0x4c0 [ 189.400697][ T6164] should_failslab+0x9/0x20 [ 189.405219][ T6164] slab_pre_alloc_hook+0x59/0x300 [ 189.410270][ T6164] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 189.416019][ T6164] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 189.421775][ T6164] __kmem_cache_alloc_node+0x53/0x250 [ 189.427191][ T6164] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 189.432934][ T6164] __kmalloc+0xa7/0x240 [ 189.437129][ T6164] tomoyo_realpath_from_path+0xe6/0x5c0 [ 189.442791][ T6164] ? tomoyo_domain+0xd6/0x120 [ 189.447511][ T6164] tomoyo_path_number_perm+0x248/0x5e0 [ 189.453002][ T6164] ? tomoyo_path_number_perm+0x217/0x5e0 [ 189.458665][ T6164] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 189.464163][ T6164] ? raw_spin_rq_unlock_irq+0x11/0x90 [ 189.469632][ T6164] ? lockdep_hardirqs_on+0x98/0x150 [ 189.474927][ T6164] ? raw_spin_rq_unlock_irq+0x11/0x90 [ 189.480325][ T6164] ? __fget_files+0x28/0x460 [ 189.484924][ T6164] security_file_ioctl+0x70/0xa0 [ 189.489861][ T6164] __se_sys_ioctl+0x48/0x170 [ 189.494563][ T6164] do_syscall_64+0x55/0xb0 [ 189.498980][ T6164] ? clear_bhb_loop+0x40/0x90 [ 189.503651][ T6164] ? clear_bhb_loop+0x40/0x90 [ 189.508505][ T6164] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 189.514490][ T6164] RIP: 0033:0x7f609ef9ce59 [ 189.518920][ T6164] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 189.538534][ T6164] RSP: 002b:00007f609fe1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 189.546948][ T6164] RAX: ffffffffffffffda RBX: 00007f609f216090 RCX: 00007f609ef9ce59 [ 189.554929][ T6164] RDX: 0000200000000040 RSI: 00000000c02064b2 RDI: 0000000000000003 [ 189.562904][ T6164] RBP: 00007f609fe1b090 R08: 0000000000000000 R09: 0000000000000000 [ 189.570872][ T6164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 189.578836][ T6164] R13: 00007f609f216128 R14: 00007f609f216090 R15: 00007ffe906eb438 [ 189.586995][ T6164] [ 189.595655][ T6164] ERROR: Out of memory at tomoyo_realpath_from_path. [ 189.787643][ T5844] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 190.012635][ T5844] usb 3-1: Using ep0 maxpacket: 16 [ 190.145720][ T5844] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 190.188125][ T6167] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 190.203041][ T5844] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 190.235889][ T5844] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 190.267427][ T6168] netlink: 'syz.3.83': attribute type 7 has an invalid length. [ 190.275075][ T5844] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 190.275138][ T6168] netlink: 'syz.3.83': attribute type 5 has an invalid length. [ 190.295422][ T5844] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.308631][ T5844] usb 3-1: config 0 descriptor?? [ 190.317849][ T6168] netlink: 17 bytes leftover after parsing attributes in process `syz.3.83'. [ 190.529014][ T2132] usbhid 1-1:0.1: can't add hid device: -71 [ 190.555274][ T2132] usbhid: probe of 1-1:0.1 failed with error -71 [ 190.617744][ T2132] usb 1-1: USB disconnect, device number 3 [ 190.767427][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 190.880267][ T5844] microsoft 0003:045E:07DA.0001: item fetching failed at offset 31/34 [ 190.916323][ T6173] loop1: detected capacity change from 0 to 512 [ 190.934361][ T5844] microsoft 0003:045E:07DA.0001: parse failed [ 190.947685][ T5844] microsoft: probe of 0003:045E:07DA.0001 failed with error -22 [ 191.068424][ T6161] capability: warning: `syz.2.82' uses 32-bit capabilities (legacy support in use) [ 191.238258][ T6180] program syz.2.82 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 191.469847][ T6173] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 191.602756][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 191.825891][ T6189] loop1: detected capacity change from 0 to 1024 [ 191.881628][ T6165] usb 3-1: USB disconnect, device number 4 [ 194.573014][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.579545][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.588183][ T5817] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 194.828675][ T5817] usb 4-1: config 1 has an invalid interface number: 121 but max is 0 [ 194.836932][ T5817] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 194.888621][ T5817] usb 4-1: config 1 has no interface number 0 [ 194.926270][ T5817] usb 4-1: config 1 interface 121 has no altsetting 0 [ 194.939609][ T5817] usb 4-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 194.961685][ T5817] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 194.982002][ T5817] usb 4-1: Manufacturer: syz [ 195.037615][ T5817] usb 4-1: bad CDC descriptors [ 195.050225][ T5817] usb 4-1: bad CDC descriptors [ 195.663783][ T28] audit: type=1326 audit(1782010028.219:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6194 comm="syz.0.88" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f58cbb9ce59 code=0x0 [ 196.746969][ T27] usb 4-1: USB disconnect, device number 4 [ 196.967703][ T6165] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 197.110961][ T6224] loop3: detected capacity change from 0 to 512 [ 197.160265][ T6165] usb 2-1: Using ep0 maxpacket: 32 [ 197.237050][ T6165] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 197.251881][ T6224] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 197.317642][ T6165] usb 2-1: config 0 has no interface number 0 [ 197.375736][ T6165] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 197.437260][ T6165] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.447818][ T6165] usb 2-1: Product: syz [ 197.475540][ T6165] usb 2-1: Manufacturer: syz [ 197.486869][ T6165] usb 2-1: SerialNumber: syz [ 197.517367][ T6231] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 197.542054][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.569198][ T6165] usb 2-1: config 0 descriptor?? [ 197.611565][ T6165] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 197.673093][ T6232] netlink: 'syz.0.95': attribute type 7 has an invalid length. [ 197.727089][ T6232] netlink: 'syz.0.95': attribute type 5 has an invalid length. [ 197.755242][ T6232] netlink: 17 bytes leftover after parsing attributes in process `syz.0.95'. [ 197.855154][ T6234] loop3: detected capacity change from 0 to 1024 [ 197.885035][ T6165] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 198.017217][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 9 [ 198.033184][ T6165] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 198.235124][ T6220] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 199.354035][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 199.399026][ T6165] usb 2-1: USB disconnect, device number 3 [ 199.451737][ T6165] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 199.548414][ T6165] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 199.572583][ T6165] quatech2 2-1:0.51: device disconnected [ 200.046294][ T6250] FAULT_INJECTION: forcing a failure. [ 200.046294][ T6250] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 200.068485][ T6250] CPU: 0 PID: 6250 Comm: syz.2.100 Not tainted syzkaller #0 [ 200.075817][ T6250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 200.085952][ T6250] Call Trace: [ 200.089235][ T6250] [ 200.092198][ T6250] dump_stack_lvl+0x18c/0x250 [ 200.096987][ T6250] ? show_regs_print_info+0x20/0x20 [ 200.102193][ T6250] ? load_image+0x420/0x420 [ 200.106857][ T6250] ? __might_fault+0xaa/0x120 [ 200.111586][ T6250] ? __lock_acquire+0x7d80/0x7d80 [ 200.116624][ T6250] ? mark_lock+0x94/0x320 [ 200.120962][ T6250] should_fail_ex+0x394/0x4c0 [ 200.125648][ T6250] _copy_from_user+0x2f/0xe0 [ 200.130241][ T6250] do_ipv6_setsockopt+0x2e6/0x3e50 [ 200.135379][ T6250] ? sk_dst_reset+0xa0/0xa0 [ 200.139899][ T6250] ? mark_lock+0x94/0x320 [ 200.144260][ T6250] ? __lock_acquire+0x1336/0x7d80 [ 200.149337][ T6250] ? verify_lock_unused+0x140/0x140 [ 200.154542][ T6250] ? verify_lock_unused+0x140/0x140 [ 200.159752][ T6250] ? verify_lock_unused+0x140/0x140 [ 200.164989][ T6250] ? mark_lock+0x94/0x320 [ 200.169329][ T6250] ? __lock_acquire+0x1262/0x7d80 [ 200.174395][ T6250] ? aa_label_sk_perm+0x4d4/0x660 [ 200.179458][ T6250] ? asm_sysvec_call_function_single+0x1a/0x20 [ 200.185629][ T6250] ? aa_sk_perm+0x970/0x970 [ 200.190239][ T6250] ? __might_sleep+0xe0/0xe0 [ 200.194848][ T6250] ? aa_sk_perm+0x83c/0x970 [ 200.199354][ T6250] ? __fget_files+0x28/0x460 [ 200.204046][ T6250] ipv6_setsockopt+0x59/0x190 [ 200.208754][ T6250] rawv6_setsockopt+0x276/0x5d0 [ 200.213717][ T6250] ? raw6_destroy+0x30/0x30 [ 200.218215][ T6250] ? __fget_files+0x28/0x460 [ 200.222888][ T6250] ? aa_sock_opt_perm+0x74/0x100 [ 200.227929][ T6250] ? sock_common_setsockopt+0x36/0xc0 [ 200.233301][ T6250] ? sock_common_recvmsg+0x190/0x190 [ 200.238676][ T6250] do_sock_setsockopt+0x175/0x1a0 [ 200.243698][ T6250] ? __fdget+0x180/0x210 [ 200.247942][ T6250] __x64_sys_setsockopt+0x182/0x200 [ 200.253143][ T6250] do_syscall_64+0x55/0xb0 [ 200.257648][ T6250] ? clear_bhb_loop+0x40/0x90 [ 200.262345][ T6250] ? clear_bhb_loop+0x40/0x90 [ 200.267047][ T6250] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 200.272961][ T6250] RIP: 0033:0x7fa3c699ce59 [ 200.277469][ T6250] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 200.297203][ T6250] RSP: 002b:00007fa3c4bd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 200.305623][ T6250] RAX: ffffffffffffffda RBX: 00007fa3c6c16090 RCX: 00007fa3c699ce59 [ 200.313626][ T6250] RDX: 0000000000000040 RSI: 0000000000000029 RDI: 0000000000000004 [ 200.321616][ T6250] RBP: 00007fa3c4bd5090 R08: 0000000000000590 R09: 0000000000000000 [ 200.329586][ T6250] R10: 0000200000000980 R11: 0000000000000246 R12: 0000000000000001 [ 200.337586][ T6250] R13: 00007fa3c6c16128 R14: 00007fa3c6c16090 R15: 00007ffe43a76d98 [ 200.345562][ T6250] [ 200.348750][ C0] vkms_vblank_simulate: vblank timer overrun [ 201.907592][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 202.055956][ T5785] Bluetooth: hci1: command 0x0406 tx timeout [ 202.077522][ T5785] Bluetooth: hci3: command 0x0406 tx timeout [ 202.083591][ T5785] Bluetooth: hci2: command 0x0406 tx timeout [ 202.087499][ T5783] Bluetooth: hci0: command 0x0406 tx timeout [ 202.455080][ T6258] syzkaller0: entered promiscuous mode [ 202.500931][ T6258] syzkaller0: entered allmulticast mode [ 203.178273][ T6261] sch_tbf: peakrate 112 is lower than or equals to rate 8832294779493133611 ! [ 203.325235][ T6268] loop2: detected capacity change from 0 to 512 [ 203.517441][ T6257] xt_hashlimit: size too large, truncated to 1048576 [ 203.560466][ T6261] loop0: detected capacity change from 0 to 512 [ 203.590742][ T6268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 203.654216][ T6261] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 203.817570][ T27] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 203.843563][ T6261] EXT4-fs error (device loop0): ext4_orphan_get:1404: inode #15: comm syz.0.104: iget: bad i_size value: 38620345925642 [ 203.917559][ T5773] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.994007][ T6261] EXT4-fs error (device loop0): ext4_orphan_get:1409: comm syz.0.104: couldn't read orphan inode 15 (err -117) [ 204.029095][ T27] usb 2-1: config 1 has an invalid interface number: 121 but max is 0 [ 204.063803][ T28] audit: type=1326 audit(1782010036.629:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6259 comm="syz.3.103" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f609ef9ce59 code=0x0 [ 204.075338][ T6261] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 204.104357][ T27] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 204.136504][ T27] usb 2-1: config 1 has no interface number 0 [ 204.151325][ T27] usb 2-1: config 1 interface 121 has no altsetting 0 [ 204.159648][ T27] usb 2-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 204.175446][ T27] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 204.183669][ T27] usb 2-1: Manufacturer: syz [ 204.203124][ T27] usb 2-1: bad CDC descriptors [ 204.219097][ T27] usb 2-1: bad CDC descriptors [ 204.330934][ T6261] EXT4-fs error (device loop0): __ext4_iget:5078: inode #16: block 50331678: comm syz.0.104: invalid block [ 204.440281][ T28] audit: type=1800 audit(1782010037.009:8): pid=6264 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.104" name="file1" dev="loop0" ino=18 res=0 errno=0 [ 205.296398][ T6292] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 205.305155][ T6292] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 206.167588][ T6276] EXT4-fs error (device loop0): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 206.588632][ T6165] usb 2-1: USB disconnect, device number 4 [ 207.899675][ T6303] FAULT_INJECTION: forcing a failure. [ 207.899675][ T6303] name failslab, interval 1, probability 0, space 0, times 0 [ 207.912657][ T6303] CPU: 0 PID: 6303 Comm: syz.2.110 Not tainted syzkaller #0 [ 207.919957][ T6303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 207.930005][ T6303] Call Trace: [ 207.933271][ T6303] [ 207.936186][ T6303] dump_stack_lvl+0x18c/0x250 [ 207.940868][ T6303] ? show_regs_print_info+0x20/0x20 [ 207.946088][ T6303] ? load_image+0x420/0x420 [ 207.950626][ T6303] ? __might_sleep+0xe0/0xe0 [ 207.955233][ T6303] ? __lock_acquire+0x7d80/0x7d80 [ 207.960277][ T6303] should_fail_ex+0x394/0x4c0 [ 207.964979][ T6303] should_failslab+0x9/0x20 [ 207.969516][ T6303] slab_pre_alloc_hook+0x59/0x300 [ 207.974588][ T6303] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 207.980330][ T6303] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 207.986173][ T6303] __kmem_cache_alloc_node+0x53/0x250 [ 207.991757][ T6303] ? tomoyo_realpath_from_path+0xe6/0x5c0 [ 207.997500][ T6303] __kmalloc+0xa7/0x240 [ 208.001685][ T6303] tomoyo_realpath_from_path+0xe6/0x5c0 [ 208.007233][ T6303] ? tomoyo_domain+0xd6/0x120 [ 208.011921][ T6303] tomoyo_path_number_perm+0x248/0x5e0 [ 208.017392][ T6303] ? tomoyo_path_number_perm+0x217/0x5e0 [ 208.023024][ T6303] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 208.028496][ T6303] ? asan.module_dtor+0x20/0x20 [ 208.033361][ T6303] ? __fget_files+0x28/0x460 [ 208.037953][ T6303] security_file_ioctl+0x70/0xa0 [ 208.042978][ T6303] __se_sys_ioctl+0x48/0x170 [ 208.047571][ T6303] do_syscall_64+0x55/0xb0 [ 208.051987][ T6303] ? clear_bhb_loop+0x40/0x90 [ 208.056654][ T6303] ? clear_bhb_loop+0x40/0x90 [ 208.061409][ T6303] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 208.067309][ T6303] RIP: 0033:0x7fa3c699ce59 [ 208.071719][ T6303] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 208.091497][ T6303] RSP: 002b:00007fa3c4bd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 208.099924][ T6303] RAX: ffffffffffffffda RBX: 00007fa3c6c16090 RCX: 00007fa3c699ce59 [ 208.107916][ T6303] RDX: 0000200000000880 RSI: 000000004400ae8f RDI: 0000000000000005 [ 208.115881][ T6303] RBP: 00007fa3c4bd5090 R08: 0000000000000000 R09: 0000000000000000 [ 208.123854][ T6303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.132083][ T6303] R13: 00007fa3c6c16128 R14: 00007fa3c6c16090 R15: 00007ffe43a76d98 [ 208.140087][ T6303] [ 208.299834][ T6303] ERROR: Out of memory at tomoyo_realpath_from_path. [ 208.692788][ T6303] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 208.745035][ T6303] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 208.848512][ T6306] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 208.992459][ T6307] netlink: 'syz.1.112': attribute type 7 has an invalid length. [ 209.009687][ T6307] netlink: 'syz.1.112': attribute type 5 has an invalid length. [ 209.036145][ T6307] netlink: 17 bytes leftover after parsing attributes in process `syz.1.112'. [ 210.718874][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.152376][ T6318] loop0: detected capacity change from 0 to 512 [ 211.267107][ T6318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 211.577492][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.127737][ T27] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 212.298119][ T28] audit: type=1326 audit(1782010044.859:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6327 comm="syz.1.116" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4eb739ce59 code=0x0 [ 212.385143][ T27] usb 1-1: config 1 has an invalid interface number: 121 but max is 0 [ 212.413603][ T27] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 212.428739][ T27] usb 1-1: config 1 has no interface number 0 [ 212.435157][ T27] usb 1-1: config 1 interface 121 has no altsetting 0 [ 212.499203][ T27] usb 1-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 212.527454][ T27] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 213.258235][ T27] usb 1-1: Manufacturer: syz [ 213.327656][ T27] usb 1-1: bad CDC descriptors [ 213.345518][ T27] usb 1-1: bad CDC descriptors [ 213.719891][ T6340] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 213.947619][ T5817] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 214.173634][ T5817] usb 2-1: unable to get BOS descriptor or descriptor too short [ 214.189159][ T5817] usb 2-1: config 12 has an invalid interface number: 117 but max is 0 [ 214.214718][ T5817] usb 2-1: config 12 has no interface number 0 [ 214.229306][ T5817] usb 2-1: config 12 interface 117 has no altsetting 0 [ 214.244629][ T5817] usb 2-1: New USB device found, idVendor=13d2, idProduct=0400, bcdDevice=3a.f3 [ 214.257465][ T5817] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.270201][ T5817] usb 2-1: Product: syz [ 214.278920][ T5817] usb 2-1: Manufacturer: syz [ 214.289637][ T5817] usb 2-1: SerialNumber: syz [ 215.945459][ T6165] usb 1-1: USB disconnect, device number 4 [ 216.155126][ T6362] netlink: 'syz.0.125': attribute type 7 has an invalid length. [ 216.181064][ T6362] netlink: 'syz.0.125': attribute type 5 has an invalid length. [ 216.219325][ T6362] netlink: 17 bytes leftover after parsing attributes in process `syz.0.125'. [ 216.274334][ T5817] kaweth 2-1:12.117: couldn't find required endpoints [ 216.309409][ T5817] usb 2-1: USB disconnect, device number 5 [ 216.584546][ T6367] loop1: detected capacity change from 0 to 512 [ 216.726775][ T6367] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 216.891814][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.417940][ T6389] FAULT_INJECTION: forcing a failure. [ 218.417940][ T6389] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 218.435066][ T6389] CPU: 1 PID: 6389 Comm: syz.3.124 Not tainted syzkaller #0 [ 218.442395][ T6389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 218.452478][ T6389] Call Trace: [ 218.455777][ T6389] [ 218.458726][ T6389] dump_stack_lvl+0x18c/0x250 [ 218.463447][ T6389] ? show_regs_print_info+0x20/0x20 [ 218.468676][ T6389] ? load_image+0x420/0x420 [ 218.473216][ T6389] ? __lock_acquire+0x7d80/0x7d80 [ 218.478372][ T6389] should_fail_ex+0x394/0x4c0 [ 218.483090][ T6389] prepare_alloc_pages+0x1e1/0x5b0 [ 218.488326][ T6389] __alloc_pages+0x134/0x460 [ 218.492957][ T6389] ? zone_statistics+0x170/0x170 [ 218.497935][ T6389] ? handle_mm_fault+0xe6/0x4a50 [ 218.502916][ T6389] ? __lock_acquire+0x7d80/0x7d80 [ 218.507983][ T6389] __folio_alloc+0x10/0x20 [ 218.512427][ T6389] vma_alloc_folio+0x474/0x8f0 [ 218.517206][ T6389] ? handle_mm_fault+0xe6/0x4a50 [ 218.522170][ T6389] handle_mm_fault+0x1ab6/0x4a50 [ 218.527130][ T6389] ? handle_mm_fault+0xe6/0x4a50 [ 218.532104][ T6389] ? lock_vma_under_rcu+0x52c/0x660 [ 218.537330][ T6389] ? numa_migrate_prep+0x350/0x350 [ 218.542464][ T6389] ? lock_vma_under_rcu+0xe5/0x660 [ 218.547611][ T6389] ? do_user_addr_fault+0x1cb/0x12d0 [ 218.552915][ T6389] do_user_addr_fault+0xad2/0x12d0 [ 218.558027][ T6389] ? rcu_is_watching+0x15/0xb0 [ 218.562787][ T6389] exc_page_fault+0x64/0x100 [ 218.567465][ T6389] ? clear_bhb_loop+0x40/0x90 [ 218.572263][ T6389] asm_exc_page_fault+0x26/0x30 [ 218.577297][ T6389] RIP: 0033:0x7f609ee64886 [ 218.581699][ T6389] Code: fc ff ff 90 41 57 31 c0 41 56 49 89 fe 48 8d 3d bc f0 1c 00 41 55 49 89 d5 41 54 49 89 f4 48 89 d6 55 53 48 81 ec 88 20 00 00 <48> 89 0c 24 4c 89 44 24 08 e8 2c cc fe ff 4d 85 ed 0f 84 2b 0a 00 [ 218.601303][ T6389] RSP: 002b:00007f609fe39f60 EFLAGS: 00010206 [ 218.607361][ T6389] RAX: 0000000000000000 RBX: 00007f609f215fa0 RCX: 0000200000001280 [ 218.615545][ T6389] RDX: 0000200000000c80 RSI: 0000200000000c80 RDI: 00007f609f03392c [ 218.623615][ T6389] RBP: 00007f609fe3c090 R08: 00007f609ee51850 R09: 0000000000000000 [ 218.631842][ T6389] R10: 0000000000000005 R11: 0000200000000c80 R12: 0000000000000024 [ 218.639822][ T6389] R13: 0000200000000c80 R14: 0000000000000005 R15: 00007ffe906eb438 [ 218.647835][ T6389] [ 218.672207][ T27] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 218.690096][ T6391] loop1: detected capacity change from 0 to 512 [ 218.753632][ T6389] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 218.790110][ T6391] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.870463][ T27] usb 1-1: unable to get BOS descriptor or descriptor too short [ 218.894741][ T27] usb 1-1: config 12 has an invalid interface number: 117 but max is 0 [ 218.906178][ T27] usb 1-1: config 12 has no interface number 0 [ 218.906839][ T28] audit: type=1326 audit(1782010051.459:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6381 comm="syz.2.129" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3c699ce59 code=0x0 [ 218.914733][ T27] usb 1-1: config 12 interface 117 has no altsetting 0 [ 218.949373][ T27] usb 1-1: New USB device found, idVendor=13d2, idProduct=0400, bcdDevice=3a.f3 [ 218.960033][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 218.971902][ T27] usb 1-1: Product: syz [ 218.976069][ T27] usb 1-1: Manufacturer: syz [ 219.001142][ T27] usb 1-1: SerialNumber: syz [ 219.079455][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.088678][ T6165] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 219.221910][ T6386] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 219.238856][ T6386] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 219.279237][ T6165] usb 4-1: unable to get BOS descriptor or descriptor too short [ 219.288959][ T6165] usb 4-1: config 12 has an invalid interface number: 117 but max is 0 [ 219.307611][ T6165] usb 4-1: config 12 has no interface number 0 [ 219.314050][ T6165] usb 4-1: config 12 interface 117 has no altsetting 0 [ 219.334321][ T6165] usb 4-1: New USB device found, idVendor=13d2, idProduct=0400, bcdDevice=3a.f3 [ 219.346282][ T6165] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.364619][ T6165] usb 4-1: Product: syz [ 219.387523][ T6165] usb 4-1: Manufacturer: syz [ 219.407973][ T6165] usb 4-1: SerialNumber: syz [ 219.801551][ T27] kaweth 1-1:12.117: couldn't find required endpoints [ 219.840812][ T27] usb 1-1: USB disconnect, device number 5 [ 219.907807][ T23] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 221.428028][ T6165] kaweth 4-1:12.117: couldn't find required endpoints [ 221.487803][ T6165] usb 4-1: USB disconnect, device number 5 [ 221.639066][ T23] usb 3-1: config 1 has an invalid interface number: 121 but max is 0 [ 221.671815][ T23] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 221.709756][ T23] usb 3-1: config 1 has no interface number 0 [ 221.726096][ T23] usb 3-1: config 1 interface 121 has no altsetting 0 [ 221.757160][ T23] usb 3-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 221.798550][ T23] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 221.820898][ T23] usb 3-1: Manufacturer: syz [ 221.840347][ T23] usb 3-1: bad CDC descriptors [ 221.894680][ T23] usb 3-1: bad CDC descriptors [ 223.697855][ T5760] usb 3-1: USB disconnect, device number 5 [ 223.920427][ T6420] netlink: 'syz.3.139': attribute type 7 has an invalid length. [ 224.719313][ T6420] netlink: 'syz.3.139': attribute type 5 has an invalid length. [ 224.727066][ T6420] netlink: 17 bytes leftover after parsing attributes in process `syz.3.139'. [ 225.346437][ T6426] FAULT_INJECTION: forcing a failure. [ 225.346437][ T6426] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 225.370205][ T6426] CPU: 1 PID: 6426 Comm: syz.0.136 Not tainted syzkaller #0 [ 225.377556][ T6426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 225.387811][ T6426] Call Trace: [ 225.391123][ T6426] [ 225.394070][ T6426] dump_stack_lvl+0x18c/0x250 [ 225.398784][ T6426] ? show_regs_print_info+0x20/0x20 [ 225.404011][ T6426] ? load_image+0x420/0x420 [ 225.408584][ T6426] ? __might_fault+0xaa/0x120 [ 225.413299][ T6426] ? __lock_acquire+0x7d80/0x7d80 [ 225.418355][ T6426] should_fail_ex+0x394/0x4c0 [ 225.423071][ T6426] _copy_from_user+0x2f/0xe0 [ 225.427695][ T6426] __se_sys_capset+0x23e/0x430 [ 225.432486][ T6426] ? __x64_sys_capset+0x60/0x60 [ 225.437368][ T6426] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 225.443379][ T6426] ? lock_chain_count+0x20/0x20 [ 225.448265][ T6426] ? syscall_user_dispatch+0x49/0x90 [ 225.453587][ T6426] do_syscall_64+0x55/0xb0 [ 225.458035][ T6426] ? clear_bhb_loop+0x40/0x90 [ 225.462746][ T6426] ? clear_bhb_loop+0x40/0x90 [ 225.467457][ T6426] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 225.473381][ T6426] RIP: 0033:0x7f58cbb9ce59 [ 225.477827][ T6426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 225.497458][ T6426] RSP: 002b:00007f58cca6d028 EFLAGS: 00000246 ORIG_RAX: 000000000000007e [ 225.505897][ T6426] RAX: ffffffffffffffda RBX: 00007f58cbe15fa0 RCX: 00007f58cbb9ce59 [ 225.513894][ T6426] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000200000000500 [ 225.521888][ T6426] RBP: 00007f58cca6d090 R08: 0000000000000000 R09: 0000000000000000 [ 225.529881][ T6426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 225.537876][ T6426] R13: 00007f58cbe16038 R14: 00007f58cbe15fa0 R15: 00007ffe3b6fd9b8 [ 225.545884][ T6426] [ 225.891684][ T6430] loop0: detected capacity change from 0 to 2048 [ 225.964926][ T6430] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 226.409456][ T6434] loop1: detected capacity change from 0 to 512 [ 226.495430][ T6434] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 226.813928][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 226.963679][ T6442] loop3: detected capacity change from 0 to 4096 [ 228.419253][ T6442] EXT4-fs: Ignoring removed nomblk_io_submit option [ 228.468557][ T6442] EXT4-fs (loop3): Test dummy encryption mode enabled [ 228.486497][ T6442] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 228.516828][ T6442] System zones: 0-5 [ 228.551779][ T6442] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 229.036867][ T6438] fscrypt: AES-256-XTS using implementation "xts-aes-aesni" [ 230.749576][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.917534][ T28] audit: type=1326 audit(1782010063.479:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz.2.141" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa3c699ce59 code=0x0 [ 231.237547][ T6165] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 231.421323][ T6165] usb 4-1: config 1 has an invalid interface number: 121 but max is 0 [ 231.442078][ T6165] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 231.455198][ T6165] usb 4-1: config 1 has no interface number 0 [ 231.461939][ T6165] usb 4-1: config 1 interface 121 has no altsetting 0 [ 231.475630][ T6165] usb 4-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 231.485424][ T6165] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 231.494998][ T6165] usb 4-1: Manufacturer: syz [ 232.687213][ T6165] usb 4-1: bad CDC descriptors [ 232.768840][ T6165] usb 4-1: bad CDC descriptors [ 233.032177][ T6484] FAULT_INJECTION: forcing a failure. [ 233.032177][ T6484] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 233.081070][ T6484] CPU: 0 PID: 6484 Comm: syz.2.152 Not tainted syzkaller #0 [ 233.088421][ T6484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 233.098482][ T6484] Call Trace: [ 233.101761][ T6484] [ 233.104704][ T6484] dump_stack_lvl+0x18c/0x250 [ 233.109381][ T6484] ? asm_sysvec_call_function_single+0x1a/0x20 [ 233.115672][ T6484] ? show_regs_print_info+0x20/0x20 [ 233.120893][ T6484] ? load_image+0x420/0x420 [ 233.125533][ T6484] should_fail_ex+0x394/0x4c0 [ 233.130405][ T6484] _copy_from_user+0x2f/0xe0 [ 233.135033][ T6484] ___sys_sendmsg+0x1c7/0x360 [ 233.139892][ T6484] ? get_pid_task+0x20/0x1e0 [ 233.144515][ T6484] ? __sys_sendmsg+0x2b0/0x2b0 [ 233.149295][ T6484] ? __lock_acquire+0x7d80/0x7d80 [ 233.154330][ T6484] __se_sys_sendmsg+0x1d0/0x2c0 [ 233.159182][ T6484] ? __x64_sys_sendmsg+0x80/0x80 [ 233.164127][ T6484] ? lockdep_hardirqs_on+0x98/0x150 [ 233.169433][ T6484] do_syscall_64+0x55/0xb0 [ 233.173862][ T6484] ? clear_bhb_loop+0x40/0x90 [ 233.178552][ T6484] ? clear_bhb_loop+0x40/0x90 [ 233.183239][ T6484] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 233.189138][ T6484] RIP: 0033:0x7fa3c699ce59 [ 233.193554][ T6484] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 233.213159][ T6484] RSP: 002b:00007fa3c4bd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 233.221573][ T6484] RAX: ffffffffffffffda RBX: 00007fa3c6c16090 RCX: 00007fa3c699ce59 [ 233.229542][ T6484] RDX: 0000000020004000 RSI: 0000200000000040 RDI: 0000000000000009 [ 233.237510][ T6484] RBP: 00007fa3c4bd5090 R08: 0000000000000000 R09: 0000000000000000 [ 233.245480][ T6484] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 233.253880][ T6484] R13: 00007fa3c6c16128 R14: 00007fa3c6c16090 R15: 00007ffe43a76d98 [ 233.261870][ T6484] [ 233.633989][ T6487] netlink: 'syz.0.151': attribute type 7 has an invalid length. [ 233.661750][ T6487] netlink: 'syz.0.151': attribute type 5 has an invalid length. [ 233.687446][ T6487] netlink: 17 bytes leftover after parsing attributes in process `syz.0.151'. [ 234.033854][ T5760] usb 4-1: USB disconnect, device number 6 [ 235.979716][ T6502] tmpfs: Bad value for 'mpol' [ 238.777591][ T27] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 238.829928][ T6516] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 238.920587][ T6517] netlink: 'syz.3.162': attribute type 7 has an invalid length. [ 238.940869][ T6517] netlink: 'syz.3.162': attribute type 5 has an invalid length. [ 238.957761][ T6517] netlink: 17 bytes leftover after parsing attributes in process `syz.3.162'. [ 238.977292][ T27] usb 1-1: Using ep0 maxpacket: 8 [ 238.995156][ T27] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 239.027446][ T27] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 239.036663][ T27] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 239.064175][ T27] usb 1-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40 [ 239.087439][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.095482][ T27] usb 1-1: Product: syz [ 239.118196][ T27] usb 1-1: Manufacturer: syz [ 239.122859][ T27] usb 1-1: SerialNumber: syz [ 239.525720][ T6525] netlink: 28 bytes leftover after parsing attributes in process `syz.0.155'. [ 239.727574][ T5760] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 239.934985][ T5760] usb 3-1: config 1 has an invalid interface number: 121 but max is 0 [ 239.950024][ T5760] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 239.987055][ T5760] usb 3-1: config 1 has no interface number 0 [ 240.008836][ T5760] usb 3-1: config 1 interface 121 has no altsetting 0 [ 240.042702][ T5760] usb 3-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 240.081282][ T5760] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 240.101696][ T5760] usb 3-1: Manufacturer: syz [ 240.131832][ T5760] usb 3-1: bad CDC descriptors [ 240.200498][ T5760] usb 3-1: bad CDC descriptors [ 240.712071][ T28] audit: type=1326 audit(1782010073.279:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6527 comm="syz.1.160" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4eb739ce59 code=0x0 [ 240.996441][ T27] usb 1-1: USB disconnect, device number 6 [ 241.193084][ T6540] loop0: detected capacity change from 0 to 512 [ 242.480316][ T6540] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 242.517854][ T6165] usb 3-1: USB disconnect, device number 6 [ 243.874383][ T6566] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 244.167382][ C0] sched: RT throttling activated [ 244.188801][ T5770] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.214277][ T6567] netlink: 'syz.3.171': attribute type 7 has an invalid length. [ 244.232049][ T6567] netlink: 'syz.3.171': attribute type 5 has an invalid length. [ 244.247686][ T6567] netlink: 17 bytes leftover after parsing attributes in process `syz.3.171'. [ 246.947472][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 248.260538][ T28] audit: type=1326 audit(1782010080.829:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6583 comm="syz.3.176" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f609ef9ce59 code=0x0 [ 248.306053][ T8] usb 1-1: config 1 has an invalid interface number: 121 but max is 0 [ 248.319262][ T8] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 248.352879][ T8] usb 1-1: config 1 has no interface number 0 [ 248.376422][ T8] usb 1-1: config 1 interface 121 has no altsetting 0 [ 248.394700][ T8] usb 1-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 248.410264][ T8] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 248.419668][ T8] usb 1-1: Manufacturer: syz [ 248.450773][ T8] usb 1-1: bad CDC descriptors [ 248.470196][ T8] usb 1-1: bad CDC descriptors [ 248.952807][ T6608] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 249.024494][ T6612] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 249.026639][ T6611] FAULT_INJECTION: forcing a failure. [ 249.026639][ T6611] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 249.048295][ T6611] CPU: 0 PID: 6611 Comm: syz.2.178 Not tainted syzkaller #0 [ 249.055728][ T6611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 249.065905][ T6611] Call Trace: [ 249.069190][ T6611] [ 249.072138][ T6611] dump_stack_lvl+0x18c/0x250 [ 249.076844][ T6611] ? show_regs_print_info+0x20/0x20 [ 249.082051][ T6611] ? load_image+0x420/0x420 [ 249.086556][ T6611] ? __might_fault+0xaa/0x120 [ 249.091229][ T6611] ? __lock_acquire+0x7d80/0x7d80 [ 249.096253][ T6611] should_fail_ex+0x394/0x4c0 [ 249.100939][ T6611] _copy_from_user+0x2f/0xe0 [ 249.105530][ T6611] ___sys_sendmsg+0x1c7/0x360 [ 249.110208][ T6611] ? get_pid_task+0x20/0x1e0 [ 249.114802][ T6611] ? __sys_sendmsg+0x2b0/0x2b0 [ 249.119585][ T6611] ? __lock_acquire+0x7d80/0x7d80 [ 249.124622][ T6611] __se_sys_sendmsg+0x1d0/0x2c0 [ 249.129471][ T6611] ? __x64_sys_sendmsg+0x80/0x80 [ 249.134417][ T6611] ? lockdep_hardirqs_on+0x98/0x150 [ 249.139628][ T6611] do_syscall_64+0x55/0xb0 [ 249.144086][ T6611] ? clear_bhb_loop+0x40/0x90 [ 249.148789][ T6611] ? clear_bhb_loop+0x40/0x90 [ 249.153471][ T6611] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.159427][ T6611] RIP: 0033:0x7fa3c699ce59 [ 249.163868][ T6611] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 249.183570][ T6611] RSP: 002b:00007fa3c4bf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 249.192005][ T6611] RAX: ffffffffffffffda RBX: 00007fa3c6c15fa0 RCX: 00007fa3c699ce59 [ 249.199997][ T6611] RDX: 000000002000c880 RSI: 0000200000000300 RDI: 0000000000000003 [ 249.207969][ T6611] RBP: 00007fa3c4bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 249.215941][ T6611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.224010][ T6611] R13: 00007fa3c6c16038 R14: 00007fa3c6c15fa0 R15: 00007ffe43a76d98 [ 249.232006][ T6611] [ 249.259621][ T8] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 249.320091][ T6608] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 249.424036][ T6614] netlink: 'syz.2.181': attribute type 1 has an invalid length. [ 249.490299][ T6614] 8021q: adding VLAN 0 to HW filter on device bond1 [ 249.497774][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 249.499635][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 249.557682][ T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 249.596583][ T8] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 249.669457][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.702036][ T8] usb 4-1: Product: syz [ 249.708365][ T8] usb 4-1: Manufacturer: syz [ 249.727179][ T8] usb 4-1: SerialNumber: syz [ 249.755280][ T5760] usb 1-1: USB disconnect, device number 7 [ 250.983497][ T8] usb 4-1: 0:2 : does not exist [ 251.028650][ T8] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 251.124065][ T8] usb 4-1: USB disconnect, device number 7 [ 251.219067][ T6622] FAULT_INJECTION: forcing a failure. [ 251.219067][ T6622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 251.242830][ T6622] CPU: 1 PID: 6622 Comm: syz.1.183 Not tainted syzkaller #0 [ 251.250171][ T6622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 251.260249][ T6622] Call Trace: [ 251.263554][ T6622] [ 251.266509][ T6622] dump_stack_lvl+0x18c/0x250 [ 251.271220][ T6622] ? show_regs_print_info+0x20/0x20 [ 251.276442][ T6622] ? load_image+0x420/0x420 [ 251.280954][ T6622] ? __might_fault+0xaa/0x120 [ 251.285620][ T6622] ? __lock_acquire+0x7d80/0x7d80 [ 251.290635][ T6622] should_fail_ex+0x394/0x4c0 [ 251.295307][ T6622] _copy_from_user+0x2f/0xe0 [ 251.299931][ T6622] ___sys_sendmsg+0x1c7/0x360 [ 251.304642][ T6622] ? get_pid_task+0x20/0x1e0 [ 251.309249][ T6622] ? __sys_sendmsg+0x2b0/0x2b0 [ 251.314029][ T6622] ? __lock_acquire+0x7d80/0x7d80 [ 251.319072][ T6622] __se_sys_sendmsg+0x1d0/0x2c0 [ 251.324093][ T6622] ? __x64_sys_sendmsg+0x80/0x80 [ 251.329033][ T6622] ? lockdep_hardirqs_on+0x98/0x150 [ 251.334255][ T6622] do_syscall_64+0x55/0xb0 [ 251.338682][ T6622] ? clear_bhb_loop+0x40/0x90 [ 251.343373][ T6622] ? clear_bhb_loop+0x40/0x90 [ 251.348083][ T6622] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 251.354001][ T6622] RIP: 0033:0x7f4eb739ce59 [ 251.358411][ T6622] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 251.378022][ T6622] RSP: 002b:00007f4eb82e0028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 251.386528][ T6622] RAX: ffffffffffffffda RBX: 00007f4eb7615fa0 RCX: 00007f4eb739ce59 [ 251.394496][ T6622] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 251.402479][ T6622] RBP: 00007f4eb82e0090 R08: 0000000000000000 R09: 0000000000000000 [ 251.410463][ T6622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 251.418442][ T6622] R13: 00007f4eb7616038 R14: 00007f4eb7615fa0 R15: 00007ffe3c76a068 [ 251.426434][ T6622] [ 251.562829][ T6625] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 251.708864][ T6626] netlink: 'syz.2.185': attribute type 7 has an invalid length. [ 251.720719][ T6626] netlink: 'syz.2.185': attribute type 5 has an invalid length. [ 251.729327][ T6626] netlink: 17 bytes leftover after parsing attributes in process `syz.2.185'. [ 254.787609][ T6643] loop3: detected capacity change from 0 to 64 [ 256.034221][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.041009][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 258.075324][ T6662] netlink: 16 bytes leftover after parsing attributes in process `syz.3.196'. [ 258.415641][ T6665] loop3: detected capacity change from 0 to 32768 [ 258.493268][ T6665] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 258.503575][ T2132] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 258.589119][ T6665] XFS (loop3): Ending clean mount [ 258.614191][ T6665] XFS (loop3): Quotacheck needed: Please wait. [ 258.723590][ T2132] usb 1-1: config 1 has an invalid interface number: 121 but max is 0 [ 258.735656][ T2132] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 258.756995][ T2132] usb 1-1: config 1 has no interface number 0 [ 258.763289][ T6665] XFS (loop3): Quotacheck: Done. [ 258.777017][ T2132] usb 1-1: config 1 interface 121 has no altsetting 0 [ 258.973919][ T2132] usb 1-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 258.985984][ T2132] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 258.994472][ T2132] usb 1-1: Manufacturer: syz [ 259.001647][ T28] audit: type=1326 audit(1782010091.569:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6654 comm="syz.1.188" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4eb739ce59 code=0x0 [ 259.043292][ T2132] usb 1-1: bad CDC descriptors [ 259.119991][ T2132] usb 1-1: bad CDC descriptors [ 259.143246][ T5772] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 260.746322][ T6688] FAULT_INJECTION: forcing a failure. [ 260.746322][ T6688] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 260.759510][ T6688] CPU: 0 PID: 6688 Comm: syz.2.195 Not tainted syzkaller #0 [ 260.766877][ T6688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 260.776926][ T6688] Call Trace: [ 260.780200][ T6688] [ 260.783123][ T6688] dump_stack_lvl+0x18c/0x250 [ 260.787805][ T6688] ? show_regs_print_info+0x20/0x20 [ 260.792999][ T6688] ? load_image+0x420/0x420 [ 260.797506][ T6688] ? __might_fault+0xaa/0x120 [ 260.802189][ T6688] ? __lock_acquire+0x7d80/0x7d80 [ 260.807210][ T6688] should_fail_ex+0x394/0x4c0 [ 260.811886][ T6688] _copy_from_user+0x2f/0xe0 [ 260.816472][ T6688] do_sock_getsockopt+0x188/0x450 [ 260.821500][ T6688] ? __ia32_sys_setsockopt+0x200/0x200 [ 260.826962][ T6688] ? lockdep_hardirqs_on+0x90/0x150 [ 260.832179][ T6688] __x64_sys_getsockopt+0x1d6/0x280 [ 260.837384][ T6688] ? lockdep_hardirqs_on+0x90/0x150 [ 260.842592][ T6688] ? lockdep_hardirqs_on+0x90/0x150 [ 260.847800][ T6688] do_syscall_64+0x55/0xb0 [ 260.852254][ T6688] ? clear_bhb_loop+0x40/0x90 [ 260.856920][ T6688] ? clear_bhb_loop+0x40/0x90 [ 260.861594][ T6688] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 260.867485][ T6688] RIP: 0033:0x7fa3c699ce59 [ 260.871892][ T6688] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.891495][ T6688] RSP: 002b:00007fa3c4bd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 260.899905][ T6688] RAX: ffffffffffffffda RBX: 00007fa3c6c16090 RCX: 00007fa3c699ce59 [ 260.907881][ T6688] RDX: 0000000000000082 RSI: 000000000000010f RDI: 0000000000000007 [ 260.915885][ T6688] RBP: 00007fa3c4bd5090 R08: 00002000000000c0 R09: 0000000000000000 [ 260.923861][ T6688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 260.931825][ T6688] R13: 00007fa3c6c16128 R14: 00007fa3c6c16090 R15: 00007ffe43a76d98 [ 260.939804][ T6688] [ 261.141013][ T2132] usb 1-1: USB disconnect, device number 8 [ 261.187612][ T6690] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 261.310713][ T6694] netlink: 'syz.1.200': attribute type 7 has an invalid length. [ 261.355441][ T6694] netlink: 'syz.1.200': attribute type 5 has an invalid length. [ 261.396209][ T6694] netlink: 17 bytes leftover after parsing attributes in process `syz.1.200'. [ 263.576867][ T2132] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 263.767566][ T2132] usb 1-1: device descriptor read/64, error -71 [ 264.067723][ T2132] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 264.237777][ T2132] usb 1-1: device descriptor read/64, error -71 [ 264.380698][ T2132] usb usb1-port1: attempt power cycle [ 264.461771][ T6707] loop1: detected capacity change from 0 to 512 [ 264.557965][ T6707] EXT4-fs (loop1): orphan cleanup on readonly fs [ 264.605380][ T6707] EXT4-fs (loop1): 1 orphan inode deleted [ 264.630070][ T6707] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 264.823252][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 264.832455][ T2132] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 266.778872][ T28] audit: type=1326 audit(1782010099.349:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6713 comm="syz.3.206" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f609ef9ce59 code=0x0 [ 267.067869][ T6725] FAULT_INJECTION: forcing a failure. [ 267.067869][ T6725] name failslab, interval 1, probability 0, space 0, times 0 [ 267.127741][ T6725] CPU: 1 PID: 6725 Comm: syz.2.204 Not tainted syzkaller #0 [ 267.135083][ T6725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 267.145167][ T6725] Call Trace: [ 267.148445][ T6725] [ 267.151372][ T6725] dump_stack_lvl+0x18c/0x250 [ 267.156056][ T6725] ? show_regs_print_info+0x20/0x20 [ 267.161255][ T6725] ? load_image+0x420/0x420 [ 267.165756][ T6725] ? __might_sleep+0xe0/0xe0 [ 267.170343][ T6725] ? __lock_acquire+0x7d80/0x7d80 [ 267.175365][ T6725] should_fail_ex+0x394/0x4c0 [ 267.180057][ T6725] should_failslab+0x9/0x20 [ 267.184560][ T6725] slab_pre_alloc_hook+0x59/0x300 [ 267.189592][ T6725] kmem_cache_alloc+0x5a/0x2c0 [ 267.194351][ T6725] ? vm_area_dup+0x27/0x270 [ 267.198850][ T6725] vm_area_dup+0x27/0x270 [ 267.203171][ T6725] __split_vma+0x1a8/0xc20 [ 267.207582][ T6725] ? tomoyo_check_open_permission+0x384/0x460 [ 267.213647][ T6725] ? mmap_write_unlock+0x160/0x160 [ 267.218752][ T6725] ? mark_lock+0x94/0x320 [ 267.223099][ T6725] do_vmi_align_munmap+0x310/0x16a0 [ 267.228329][ T6725] ? __lock_acquire+0x1262/0x7d80 [ 267.233350][ T6725] ? do_vmi_munmap+0x2d0/0x2d0 [ 267.238111][ T6725] ? mtree_range_walk+0x68c/0x7b0 [ 267.243140][ T6725] ? mas_find_setup+0x47f/0x590 [ 267.247994][ T6725] do_vmi_munmap+0x252/0x2d0 [ 267.252589][ T6725] mmap_region+0x8d9/0x2090 [ 267.257187][ T6725] ? file_mmap_ok+0x170/0x170 [ 267.261864][ T6725] ? cap_mmap_addr+0x157/0x2b0 [ 267.266728][ T6725] ? file_mmap_ok+0x11c/0x170 [ 267.271403][ T6725] do_mmap+0x98f/0x10a0 [ 267.275562][ T6725] ? mlock_future_ok+0xf0/0xf0 [ 267.280322][ T6725] ? down_write+0x200/0x200 [ 267.284822][ T6725] ? bpf_lsm_mmap_addr+0x10/0x10 [ 267.289756][ T6725] vm_mmap_pgoff+0x1c4/0x3f0 [ 267.294346][ T6725] ? account_locked_vm+0x200/0x200 [ 267.299459][ T6725] ksys_mmap_pgoff+0x4c9/0x720 [ 267.304218][ T6725] ? __x64_sys_mmap+0x7a/0x130 [ 267.308977][ T6725] do_syscall_64+0x55/0xb0 [ 267.313397][ T6725] ? clear_bhb_loop+0x40/0x90 [ 267.318064][ T6725] ? clear_bhb_loop+0x40/0x90 [ 267.322731][ T6725] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 267.328625][ T6725] RIP: 0033:0x7fa3c699ce59 [ 267.333039][ T6725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 267.352740][ T6725] RSP: 002b:00007fa3c4bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 267.361159][ T6725] RAX: ffffffffffffffda RBX: 00007fa3c6c15fa0 RCX: 00007fa3c699ce59 [ 267.369129][ T6725] RDX: 000000000300000a RSI: 0000000000002000 RDI: 0000200000001000 [ 267.377189][ T6725] RBP: 00007fa3c4bf6090 R08: 0000000000000003 R09: 00000000852ac000 [ 267.385245][ T6725] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000001 [ 267.393208][ T6725] R13: 00007fa3c6c16038 R14: 00007fa3c6c15fa0 R15: 00007ffe43a76d98 [ 267.401187][ T6725] [ 267.809324][ T5817] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 268.024712][ T5817] usb 3-1: config 1 has an invalid interface number: 121 but max is 0 [ 268.033105][ T5817] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 268.043757][ T5817] usb 3-1: config 1 has no interface number 0 [ 268.050208][ T5817] usb 3-1: config 1 interface 121 has no altsetting 0 [ 268.062958][ T5817] usb 3-1: New USB device found, idVendor=0421, idProduct=01f5, bcdDevice=57.da [ 268.076692][ T5817] usb 3-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 268.107831][ T5817] usb 3-1: Manufacturer: syz [ 268.123274][ T5817] usb 3-1: bad CDC descriptors [ 268.130709][ T5817] usb 3-1: bad CDC descriptors [ 269.928036][ T2132] usb 1-1: device descriptor read/8, error -110 [ 269.982429][ T6749] loop1: detected capacity change from 0 to 128 [ 270.657455][ T2132] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 270.689182][ T2132] usb 1-1: device descriptor read/8, error -32 [ 270.807692][ T2132] usb usb1-port1: unable to enumerate USB device [ 271.038184][ T5820] usb 3-1: USB disconnect, device number 7 [ 377.687369][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 377.694455][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5773/2:b..l [ 377.703136][ C0] rcu: (detected by 0, t=10502 jiffies, g=20149, q=329 ncpus=2) [ 377.711077][ C0] task:syz-executor state:R running task stack:21672 pid:5773 ppid:5768 flags:0x00004002 [ 377.723032][ C0] Call Trace: [ 377.726329][ C0] [ 377.729279][ C0] __schedule+0x15ae/0x4660 [ 377.734027][ C0] ? asan.module_dtor+0x20/0x20 [ 377.738963][ C0] ? mark_lock+0x94/0x320 [ 377.743374][ C0] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 377.749386][ C0] ? preempt_schedule_irq+0xb4/0x150 [ 377.754701][ C0] preempt_schedule_irq+0xbf/0x150 [ 377.759922][ C0] ? preempt_schedule_notrace+0x110/0x110 [ 377.765674][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 377.771661][ C0] irqentry_exit+0x67/0x70 [ 377.776144][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 377.782302][ C0] RIP: 0010:lock_acquire+0x208/0x420 [ 377.787609][ C0] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3c 04 f8 0f 85 f0 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 04 3c 00 00 00 00 43 c7 44 3c 08 00 00 00 00 65 48 8b 04 25 [ 377.807240][ C0] RSP: 0018:ffffc9000473f280 EFLAGS: 00000206 [ 377.813388][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: c6cc38468c8fd300 [ 377.821385][ C0] RDX: 0000000000000000 RSI: ffffffff8acadce0 RDI: ffffffff8b1c7be0 [ 377.829615][ C0] RBP: ffffc9000473f390 R08: dffffc0000000000 R09: 1ffffffff22378a0 [ 377.837620][ C0] R10: dffffc0000000000 R11: fffffbfff22378a1 R12: 1ffff920008e7e5c [ 377.845617][ C0] R13: ffffffff8d131da0 R14: 0000000000000246 R15: dffffc0000000000 [ 377.853636][ C0] ? deref_stack_reg+0x1ab/0x230 [ 377.858645][ C0] ? read_lock_is_recursive+0x20/0x20 [ 377.864032][ C0] ? __read_once_word_nocheck+0x9/0x10 [ 377.869520][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 377.875616][ C0] is_bpf_text_address+0x47/0x2a0 [ 377.880742][ C0] ? is_bpf_text_address+0x26/0x2a0 [ 377.885960][ C0] ? is_bpf_text_address+0x26/0x2a0 [ 377.891262][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 377.897354][ C0] kernel_text_address+0xa0/0xd0 [ 377.902413][ C0] __kernel_text_address+0xd/0x30 [ 377.907460][ C0] unwind_get_return_address+0x5d/0xc0 [ 377.912936][ C0] ? stack_trace_save+0x100/0x100 [ 377.918175][ C0] arch_stack_walk+0x11d/0x190 [ 377.922988][ C0] stack_trace_save+0xaa/0x100 [ 377.927772][ C0] ? stack_trace_snprint+0xf0/0xf0 [ 377.932903][ C0] save_stack+0x125/0x230 [ 377.937367][ C0] ? __reset_page_owner+0x190/0x190 [ 377.942589][ C0] ? free_unref_page_prepare+0x7d7/0x8f0 [ 377.948340][ C0] ? free_unref_page_list+0xbe/0x860 [ 377.953649][ C0] ? release_pages+0x208a/0x2300 [ 377.958782][ C0] ? __folio_batch_release+0x71/0xe0 [ 377.964083][ C0] ? shmem_undo_range+0x5ff/0x1a80 [ 377.969278][ C0] ? shmem_evict_inode+0x285/0xa70 [ 377.974410][ C0] ? evict+0x4b7/0x8a0 [ 377.978996][ C0] ? do_unlinkat+0x38c/0x590 [ 377.983809][ C0] ? __x64_sys_unlink+0x49/0x50 [ 377.988687][ C0] ? do_syscall_64+0x55/0xb0 [ 377.993300][ C0] ? entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 377.999412][ C0] ? page_ext_get+0x22/0x2b0 [ 378.004041][ C0] ? page_ext_get+0x1e2/0x2b0 [ 378.008844][ C0] __reset_page_owner+0x4e/0x190 [ 378.013895][ C0] ? rcu_is_watching+0x15/0xb0 [ 378.018684][ C0] free_unref_page_prepare+0x7d7/0x8f0 [ 378.024173][ C0] free_unref_page_list+0xbe/0x860 [ 378.029316][ C0] ? __folio_memcg+0x63/0x170 [ 378.034022][ C0] ? folio_memcg+0x127/0x4a0 [ 378.038646][ C0] release_pages+0x208a/0x2300 [ 378.043443][ C0] ? lru_cache_disable+0x30/0x30 [ 378.048406][ C0] ? do_raw_spin_unlock+0x121/0x230 [ 378.053674][ C0] __folio_batch_release+0x71/0xe0 [ 378.058808][ C0] shmem_undo_range+0x5ff/0x1a80 [ 378.063765][ C0] ? verify_lock_unused+0x140/0x140 [ 378.068985][ C0] ? shmem_truncate_range+0xa0/0xa0 [ 378.074229][ C0] ? inode_wait_for_writeback+0x1e3/0x230 [ 378.080062][ C0] ? __lock_acquire+0x7d80/0x7d80 [ 378.085114][ C0] ? do_raw_spin_lock+0x11f/0x2b0 [ 378.090175][ C0] shmem_evict_inode+0x285/0xa70 [ 378.095142][ C0] ? inode_wait_for_writeback+0x1e3/0x230 [ 378.100892][ C0] ? shmem_free_in_core_inode+0xb0/0xb0 [ 378.106466][ C0] ? sb_clear_inode_writeback+0x330/0x330 [ 378.112209][ C0] ? do_raw_spin_lock+0x11f/0x2b0 [ 378.117261][ C0] ? bit_waitqueue+0x30/0x30 [ 378.121962][ C0] ? do_raw_spin_unlock+0x121/0x230 [ 378.127188][ C0] ? shmem_free_in_core_inode+0xb0/0xb0 [ 378.132929][ C0] evict+0x4b7/0x8a0 [ 378.136856][ C0] ? __lock_acquire+0x7d80/0x7d80 [ 378.141904][ C0] ? proc_nr_inodes+0x230/0x230 [ 378.146783][ C0] ? do_raw_spin_unlock+0x121/0x230 [ 378.152009][ C0] ? _raw_spin_unlock+0x28/0x40 [ 378.157064][ C0] do_unlinkat+0x38c/0x590 [ 378.161506][ C0] ? fsnotify_link_count+0xf0/0xf0 [ 378.166640][ C0] ? getname_flags+0x20a/0x500 [ 378.171432][ C0] __x64_sys_unlink+0x49/0x50 [ 378.176128][ C0] do_syscall_64+0x55/0xb0 [ 378.180565][ C0] ? clear_bhb_loop+0x40/0x90 [ 378.185259][ C0] ? clear_bhb_loop+0x40/0x90 [ 378.189958][ C0] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 378.195870][ C0] RIP: 0033:0x7fa3c699bf47 [ 378.200311][ C0] RSP: 002b:00007ffe43a76008 EFLAGS: 00000206 ORIG_RAX: 0000000000000057 [ 378.208747][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa3c699bf47 [ 378.216731][ C0] RDX: 00007ffe43a76030 RSI: 00007ffe43a760c0 RDI: 00007ffe43a760c0 [ 378.224715][ C0] RBP: 00007ffe43a760c0 R08: 00007ffe43a770c0 R09: 00000000ffffffff [ 378.232706][ C0] R10: 0000000000000100 R11: 0000000000000206 R12: 00007ffe43a77150 [ 378.240700][ C0] R13: 00007fa3c6a322ca R14: 00000000000426e4 R15: 00007ffe43a77190 [ 378.248792][ C0] [ 378.251824][ C0] rcu: rcu_preempt kthread starved for 10364 jiffies! g20149 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 378.263040][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 378.273022][ C0] rcu: RCU grace-period kthread stack dump: [ 378.278916][ C0] task:rcu_preempt state:R running task stack:26664 pid:17 ppid:2 flags:0x00004000 [ 378.289721][ C0] Call Trace: [ 378.293017][ C0] [ 378.295959][ C0] __schedule+0x15ae/0x4660 [ 378.300503][ C0] ? asan.module_dtor+0x20/0x20 [ 378.305371][ C0] ? rcu_is_watching+0x15/0xb0 [ 378.310174][ C0] schedule+0xbd/0x170 [ 378.314257][ C0] schedule_timeout+0x188/0x2d0 [ 378.319133][ C0] ? console_conditional_schedule+0x40/0x40 [ 378.325047][ C0] ? _raw_spin_unlock_irqrestore+0x86/0x120 [ 378.331056][ C0] ? update_process_times+0x1b0/0x1b0 [ 378.336455][ C0] ? prepare_to_swait_event+0x344/0x360 [ 378.342025][ C0] rcu_gp_fqs_loop+0x30d/0x1590 [ 378.346907][ C0] ? dyntick_save_progress_counter+0x2b0/0x2b0 [ 378.353091][ C0] ? lockdep_hardirqs_on_prepare+0x44c/0x7d0 [ 378.359096][ C0] ? __lock_acquire+0x7d80/0x7d80 [ 378.364144][ C0] ? rcu_gp_init+0x1530/0x1530 [ 378.368932][ C0] ? rcu_gp_cleanup+0xade/0xc30 [ 378.373804][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 378.379027][ C0] ? lockdep_hardirqs_on+0x98/0x150 [ 378.384248][ C0] rcu_gp_kthread+0x9d/0x3b0 [ 378.388863][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 378.393997][ C0] ? __kthread_parkme+0x71/0x1c0 [ 378.398949][ C0] ? __kthread_parkme+0x15b/0x1c0 [ 378.404078][ C0] kthread+0x2fa/0x390 [ 378.408505][ C0] ? rcu_report_qs_rsp+0x1a0/0x1a0 [ 378.413652][ C0] ? kthread_blkcg+0xd0/0xd0 [ 378.418260][ C0] ret_from_fork+0x48/0x80 [ 378.422778][ C0] ? kthread_blkcg+0xd0/0xd0 [ 378.427382][ C0] ret_from_fork_asm+0x11/0x20 [ 378.432201][ C0] [ 378.435228][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 378.441620][ C0] CPU: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 [ 378.448664][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/09/2026 [ 378.458737][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x10 [ 378.464568][ C0] Code: dc 23 02 c3 cc cc cc cc cc cc cc f3 0f 1e fa 0f 0b 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 66 90 0f 00 2d 43 67 44 00 fb f4 66 0f 1f 00 55 41 57 41 56 41 54 53 50 8b 2f eb 2c 89 cb 80 f9 [ 378.484288][ C0] RSP: 0018:ffffffff8ce07d80 EFLAGS: 000002c6 [ 378.490377][ C0] RAX: 04f3b7d8857ac400 RBX: ffffffff81628b01 RCX: 04f3b7d8857ac400 [ 378.498370][ C0] RDX: 0000000000000001 RSI: ffffffff8acacb60 RDI: ffffffff8b1c7be0 [ 378.506327][ C0] RBP: ffffffff8ce07eb8 R08: ffff8880b8e36bab R09: 1ffff110171c6d75 [ 378.514285][ C0] R10: dffffc0000000000 R11: ffffed10171c6d76 R12: 1ffffffff19c0fbc [ 378.522242][ C0] R13: dffffc0000000000 R14: 1ffffffff19d2688 R15: 0000000000000000 [ 378.530194][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 378.539107][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 378.545671][ C0] CR2: 0000563061712a38 CR3: 0000000078120000 CR4: 00000000003506f0 [ 378.553652][ C0] Call Trace: [ 378.556946][ C0] [ 378.559904][ C0] default_idle+0x13/0x20 [ 378.564268][ C0] default_idle_call+0x6c/0xa0 [ 378.569064][ C0] do_idle+0x221/0x5c0 [ 378.573160][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 378.578834][ C0] ? idle_inject_timer_fn+0x60/0x60 [ 378.584072][ C0] ? do_idle+0x5/0x5c0 [ 378.588169][ C0] cpu_startup_entry+0x43/0x60 [ 378.593224][ C0] rest_init+0x2e2/0x300 [ 378.597672][ C0] ? time_init+0x40/0x40 [ 378.602015][ C0] arch_call_rest_init+0xe/0x10 [ 378.606933][ C0] start_kernel+0x459/0x4e0 [ 378.611476][ C0] x86_64_start_reservations+0x2a/0x30 [ 378.616968][ C0] x86_64_start_kernel+0x60/0x60 [ 378.621940][ C0] secondary_startup_64_no_verify+0x179/0x17b [ 378.628057][ C0] [ 378.898368][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.904720][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.040407][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.110538][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.970906][ T6779] loop2: detected capacity change from 0 to 8192 [ 380.060993][ T6779] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 380.078054][ T6779] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 380.125837][ T6779] REISERFS (device loop2): using ordered data mode [ 380.177042][ T6779] reiserfs: using flush barriers [ 380.216406][ T6779] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 380.268812][ T6779] REISERFS (device loop2): checking transaction log (loop2) [ 380.464381][ T6779] REISERFS (device loop2): Using tea hash to sort names [ 380.491082][ T6779] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 4) not found (pos 2) [ 380.519370][ T6779] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 380.624510][ T6779] REISERFS error (device loop2): vs-7000 search_by_entry_key: search_by_key returned item position == 0 [ 380.647932][ T6779] REISERFS (device loop2): Remounting filesystem read-only