last executing test programs:

10m31.752224916s ago: executing program 2 (id=353):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="0100000000dfffffffff3e00000008000300", @ANYRES32=r1], 0x1c}, 0x1, 0x0, 0x0, 0x400}, 0x84)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
syz_emit_ethernet(0x3e, &(0x7f00000003c0)={@local, @random="a15cc14e96b3", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x27, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}}}}}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x106}}, 0x20)
chdir(0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r7, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)
syz_mount_image$squashfs(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c00f7a98a6f3da4519f4b38d9450092aac2c7cefa"], 0x1, 0x1cf, &(0x7f00000002c0)="$eJzKKC4s5mdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUXFlVXZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT89LykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE4YjdbYNriAnpjQwpCmEMSapsYm1bTkzJ4SZn81tgUJL8gmm0KMcS2dKWBwQqjr501LzrUOi24xtTx3YzvAcPs6zpqBP0Oi4BIPTQsH/MiBjEhoayjTWMi21XfClSOOvhNdqY6cMBnd7pmWwAGVpAJEroTxZsJ6E5BUeOpqaRinJCQ2bJBKS3AoMlRm27uFcLdDAgBRtKgwMDNsZYXELAddgjFEwCkbBKBgFo2AUjIJRMApGwSgYBSMCAAIAAP//wHCY0w==")
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r8, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
bind$inet6(r8, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendmmsg$inet6(r8, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x1, @loopback, 0x1}, 0x70, &(0x7f0000000580)=[{&(0x7f0000001680)='\t', 0x1}], 0x1}}], 0x1, 0x0)
syz_mount_image$ext4(&(0x7f0000000b80)='ext4\x00', &(0x7f0000000bc0)='./file0\x00', 0x200000, &(0x7f0000000040)={[{@grpquota}]}, 0x1, 0xbaf, &(0x7f0000002f00)="$eJzs3M1rXOUaAPDnnEy+c5v0crn3tggGpCqK07QpFbpqXYsKunDZmExKyPTDJIIJXaR1ry5EXBSkf4Lg3m5cCS7qQutfUMQiRTdtFyNnPtKxk5mm6cwcE38/eHPe97wn8zxPTmfOe2BOA/jHms5+pBGHIuJsEjFZ359GxFC1NxKxWTvu/t3L81lLolJ5+7ckkoi4d/fyfOO1kvp2vD4YiYibryXx749a466ubyzPlcullfr46Nr5S0dX1zdeWTo/d650rnThxOyrJ2ZPzs52sdbbl9774pkf3nj+6vWPZ978/MB3SZyOifpccx3dMh3TW3+TZoWImOt2sJwM1OtprjMp5JgQAAAdpU1ruP/GZAzEw8XbZHz7Y67JAQAAAF1RGYioAAAAAPtc4v4fAAAA9rnG9wDu3b0832j5fiOhv+6ciYipWv2N55trM4XYrG5HYjAixn5Povmx1qT2a09tOov09felrEWPnkPuZPNKRPx/u/OfVOufqj7F3Vp/GhEzXYg//ch4L9V/ugvxn6z+4S5EBICIG2dqF7LW61+6tf6Jba5/hW2uXbuR9/W/sf6737L+e1j/QJv131s7jHH4wUs32801r//e/eTnhSx+tn2qop7AnSsRhwvb1Z9s1Z+0qf/sDmOMz9++1m4uqz+rt9H6XX/lesSR6mqutf6GpNP/T3R0calcmqn93Ob11092jt98/rOWxW/cC/RDdv7HYnfn/9IOY0z979dD7eYeX3/6y1DyTrU3VN/z4dza2sqxiKHk9db9xzvn0jim8RpZ/S8+1/n9v1392WfCZv3vkP3ruVLfZuOrj8QcP3L8q93X31tZ/Qu7PP+f7jDGl99ce7/dXN71AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA3pBExEUla3OqnabEYMR4R/4mxtHxxde3lxYsfXFjI5iKmYjBdXCqXZiJisjZOsvGxav/h+Pgj49mIOBgRn02OVsfF+YvlhbyLBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYMt4RExEkhYjIo2IPybTtFjMOysAAACg66byTgAAAADoOff/AAAAsP+13P8X/jIa6WcuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7EsHn71xK4mIzVOj1ZYZqs8N5poZ0Gvpzg4b63UeQP8N5J0AkJtCU79SqVRyTAXoM/f4QPKY+ZG2M8NdzwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAv68XDt24lUTE5qnRassM1ecGc80M6LU07wSA3Ax0mkweuwPYwwp5JwDkxj0+UFvZP6jUtM6PtP3N4aeOCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDeMVFtSVqMiLTaT9NiMeJfETEVg8niUrk0ExEHIuKnycHhbHws76QBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoutX1jeW5crm0oqOj08XOaPQt1mj9zdzmmOH2Ux06OX8wAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQi9X1jeW5crm0spp3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeVtc3lufK5dJKDzt51wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQH7+DAAA///6CAm5")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x0)
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)

10m29.981536545s ago: executing program 2 (id=357):
socket$inet_sctp(0x2, 0x5, 0x84)
mkdirat(0xffffffffffffff9c, &(0x7f0000002000)='./file0\x00', 0x0)
socket$nl_route(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x8000000000002)
sched_setscheduler(r0, 0x2, &(0x7f0000000240)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
pipe2$9p(&(0x7f0000000280), 0x840)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000002c0)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
dup(0xffffffffffffffff)
mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x81c0, 0x105)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020662a, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000010c0), 0x35c, 0x0)
preadv(r4, &(0x7f00000013c0)=[{0x0}, {&(0x7f0000001400)=""/4078, 0xfee}], 0x2, 0x5, 0x45)

10m27.377957494s ago: executing program 2 (id=364):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x22c01)
setreuid(0x0, 0xee00)
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000800)="390000fa461a668300111200cc0800000000000000001700000000e0da8979d21cd95c7a6ee4ca508c4752fc6ca9e48270faf047145bc79e0b9971bcbed2db", 0x3f}], 0x1)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f00000000c0)=ANY=[@ANYRES64=r1])
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=ANY=[@ANYBLOB="5000000010004b04e5f2c64d615630c4d7ed8900800000000000007a000000", @ANYRES32=0x0, @ANYBLOB="0000000080480500300012800b000100627269646765000020000280080008a97be682190081000000060027000800f3000c0023000200000100d1e484"], 0x50}}, 0x4)
ioctl$EXT4_IOC_SETFSUUID(r0, 0x4008662c, &(0x7f0000000200)={0x0, 0x0, "7325bdfdc6e636056b274d8a7a2fe787"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x6f4, 0x0)
read$msr(r2, &(0x7f0000032680)=""/102392, 0x18ff8)
r3 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r3, &(0x7f0000000100)={0xa, 0x4e20, 0xfffffffd, @remote, 0x12}, 0x1c)
setsockopt$inet6_udp_int(r3, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000240)=@sack_info={0x0, 0x9, 0x7ff}, 0xc)
r5 = socket$inet6(0xa, 0x2, 0xfffffffc)
recvmmsg(r3, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}, 0xfbd5a02}], 0x1, 0x40010122, 0x0)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, 0x0, 0x800)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_IPV6_PKTINFO(r6, 0x29, 0x32, &(0x7f0000000040)={@loopback}, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r7, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty, 0x2}, 0x1c)
socket$pppl2tp(0x18, 0x1, 0x1)

10m25.291765857s ago: executing program 2 (id=370):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = dup(r0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}})
write$tun(0xffffffffffffffff, &(0x7f0000000f40)=ANY=[@ANYBLOB="bbbbbbbbbbbb0000000000008100000008004509001400680000091190780a010101e0171d0000016f475136cb41cc79a440d56573565c08a4ad8e450ff62918b2451f0c1bc638d4183f1bde02e8dc311d9c14205a"], 0x26)
syz_mount_image$udf(&(0x7f0000000100), &(0x7f0000000f00)='./file0\x00', 0x14444, &(0x7f0000001d80)=ANY=[@ANYBLOB="696f636861727365743d61736369692c6e6f6164696e696362000064696e6963622c6769643d69676e6f72652c7569643d666f726765742c756d61736b3d30303030303030303030303030303030303030303030322c076f6e6761642c6769643d771d0f4d30dc61469a581342d98a7a4c3534a971c3e26de72edc9ec3db403d8b2e970b9dcea448ddbb5a116ce6f67d99a77aa50bce7fc5451bcf5b13e9698d80385c54fff77d38aa9703314cd19a075893a1648dd8ef78a118122ee7a0e400"/203, @ANYRESDEC=0x0, @ANYBLOB=',nostrict,\x00'], 0xfe, 0xc22, &(0x7f00000002c0)="$eJzs3UFsHNd9B+D/Gy1FSm4rJk5Uu43bTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI22YXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkFPAYGbfikuKsmhTpCj7+2zqNzvz3sx7M+sZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+/fOnMc+lhtwIAOEhXxr985qznPwB8rFz1//8AAAAAAAAAAAAAAHDYpSji8Ugxf2U9TVafOwYut2dv3Z4YGd252rFU1TxSlS9/Bp47e+78F54fvtDN96//oD0Zr45fvVR/ae7m/EJrcbE1XZ+YbU/NTbd2vYe91t9uqDoB9Zuv3Zq+fn2xfvbZc1s23x58r/+xk4MXh58+/VS37MTI6Oh4T5la34c++l3uNcLjaBRxOlI8890fp2ZEFLH3c3Gf785+O1Z1YqjqxMTIaNWRmXZzdqncONY9EUVEvadSo3uODuBa7EkjYrlsftngobJ74/PNhea1mVZ9rLmw1F5qz82OpU5ry/7Uo4gLKWIlItb6795dXxRRixTfPrGerkXEke55+Hw1MPje7Sj2sY+7ULaz3hexUjwC1+wQ648iXokUP3m7iKnynOWf+FzEK2V+P+LNMl+MSOUX43zEuzt8j3g01aKIvyiv/8X1NB0RGyc660frl79S/9Ls9bmest37yiP/fDhIh/zeNBBFNKs7/nr68L/ZAQAAAAAAAAAAAAAAAOBBOxZFPBkpXv6PP67GFUc1Lv3ExeE/GPzF3jHjT9xnP2XZZyNiudjdmNyjeQjxWBpL6SGPJf44G4gi/iSP//vmw24MAAAAAAAAAAAAAAAAAADAx1oRP4oUL7xzKq1E75zi7dkb9avNazOdWWG7c/9250zf2NjYqKdONnJO5lzOuZJzNedazihy/ZyNnJM5l3Ou5FzNuZYzjuT6ORs5J3Mu51zJuZpzLWfUcv2cjZyTOZdzruRczbmWMw7J3L0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8lRRTxs0jxra+tp0gR0YiYjE6u9nfLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPU38q4nuRov6HjTvrahGRqn87TpW/nI/G0TI/GY3hMl+MxqWczSprjW/e92hpX/rAh9eXivhhpOgfeOvO1cnXv6/zafOavfn1zU+/Uuvkke7Gwff6Hzt54uLw6K89ca/lHa/+0OX27K3b9YmR0dHxntW1fPRP9qwbzMctHkzXiYjF1994rTkz01qw8PFYqHUWanFI2nNQC/l+FYelPdsXGoejGZsLD/nGxIEon//vRorfeec/uw/87vP/Fzqf7jzh46d/uvn8f2H7jvbp+f94z7oX8u9G+moRA0s35/tORgwsvv7G6fbN5o3Wjdbs+TNnvjg8/MVzZ/qORgxcb8+0epb2fKoAAAAAAAAAAAAAAAAADlYq4vciRfOH66keEber8VqDF4efPv3UkThSjbfaMm7r1fGrl+ovzd2cX2gtLram6xOz7am56dZuDzdQDfeaGBndl87c17F9bv+xgZfm5l9faN/4o6Udtx8fuHRtcWmhObXz5jgWRUSjd81Q1eCJkdGq0TPt5mxVdewBvUqhLxXxX5Fi6nw9fTavy+P/to/w3zL+f3n7jvZp/N8netaVx0ypiJ9Git/+yyfis1U7j8dd5yyX+9tIMXThM7lcHC3LddvQea9AZ2RgWfb/IsU//mxr2e54yMc3yz636xP7iCiv/4lI8b0//078Rl639f0PO1//49t3tE/X/1M9645veV/BnrtOvv6nI8WLj78Vv5nXvd/7P4rY2Nj4RsSpXPjO+zn26fp/umfdYHSO+1sPrvsAAAAAAAAAAACPrL5UxN9FiqdGa+n5vG43f/9vevuO9unvf/1yz7rpA5qvaM8nFQAAAAAOib5UxI8ixY2lt+6Mod46/rtn/Ofvbs69PpK2ba3+nO+XqvcGPMg//+s1mI87ufduAwAAAAAAAAAAAAAAAAAAwKGSUhHP5/nUJ+8zn/pqpHj5f57J5dLJslx3HvjB6teBK3Ozpy/NzMxNNZea12Za9fH55lSrrPupSLH+N5/JdYtqfvXufPOdOd4HNrpzsS9EitG/75btzMXenZu8Mx94Zy72suwnIsV//8PWst15rD+9WfZsWfavI8VX/3nnsic3y54ry34nUvzgq/Vu2eNl2e77UTvvJB2oxUzr2am5mbtehQoAAAAAAAAAAAAAAAAAAAAfVF8q4s8ixf/eXInlPOw/z//fnYG/1i375td75vvf5nY1z/9gNf//vZY/zPz/gw+spwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OhIUcQbkWL+ynpa7S8/dwxcbs/euj0xMrpztWOpqnmkKl/+DDx39tz5Lzw/fKGb71//QXsyXh2/eqn+0tzN+YXW4mJruj4x256am27teg97rb956jqGqhNQv/narenr1xfrZ589t2Xz7cH3+h87OXhx+OnTT3XLToyMjo73lKn1fYCjf6DGbToaRfxVpHjmuz9O/9IfUcTez8V9vjv77VjViaGqExMjo1VHZtrN2aVy41j3RBQR9Z5Kje45OoBrsSeNiOWy+WWDh8rujc83F5rXZlr1sebCUnupPTc7ljqtLftTjyIupIiViFjrv3t3fVHEa5Hi2yfW07/2RxzpnofPXxn/8pmz925HsY993IWynfW+iJXiEbhmh1h/FPFPkeInb5+Kf+uPqEXnJz4X8UqZ3494s8wXI1KK2PhGxLs7fI94NNWiiP8vr//F9fR2f3k/6N5XLn+l/qXZ63M9Zbv3lV09H3793sd86M+Hg3TI700DUcQPqjv+evp3/10DAAAAAAAAAAAAAAAAHCJF/GqkeOGdU6kaH3xnTHF79kb9avPaTGdYX3fsX3fM9MbGxkY9dbKRczLncs6VnKs513JGkevnbOSczLmccyXnas61nHEk18/ZyDmZcznnSs7VnGs5o5br52zknMy5nHMl52rOtZxxSMbuAQAAAAAAAAAAAAAAAAAAHy1F9U+Kb31tPW30d+aXnoxOrpoP9CPv5wEAAP//N4D+uw==")
symlinkat(&(0x7f00000000c0)='.\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00')
creat(&(0x7f0000000000)='./bus\x00', 0x0)
mount(&(0x7f0000000440)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r2 = open(&(0x7f00000001c0)='mnt\x00', 0x40403, 0x0)
ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x400, 0x0, 0x0, 0x1, 0x0, "ef35af413bb901527fe4d0ce5d29c3ee5e5c3676345a41499db7aac63a01000000000000004faa2ae2c084a0ea0000000000000000000c00002000", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c208220000000b9000000000000000000f0fffffffff2ff00", [0x4]})
truncate(&(0x7f00000000c0)='./file0\x00', 0x7f)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
r3 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r3)
ptrace$poke(0x4, r3, &(0x7f0000000200), 0x0)
prlimit64(r3, 0xd, &(0x7f0000000040)={0x3, 0x50e}, &(0x7f0000001000))
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x4000000, 0x2)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, 0x0)
r4 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='mnt\x00', 0x1800005, &(0x7f0000000000), 0x0, 0x24c, &(0x7f0000001240)="$eJzs3TFoJGUYBuB3ZnfvzN0ipzaCoIKIaCCcnWBzNgoHchwiggonIjZKIsQEu8TKxkJrlVQ2QeyMlpIm2CiCVdQUsRE0WBgstBjZnSREs5Lgrjty8zwwk5nJzH7fsPP+s83sBmitS0muJOkkmU3SS1Ic3+Heerp0sLo2s3UjqaqnfimG+9XrtcPjLiZZTfJIks2yyCvdZHnjud3ftp944O2l3v0fbjw7M9WTPLC3u/Pk/gfX3vrk6sPLX33z07UiV9L/y3lNXjFiW7dIbv8viv1PFN2mO+Asrr/x8beD3N+R5L5h/nspU7957yye2+zloff/6dh3f/76rmn2CkxeVfUG98DVCmidMkk/RTmXpF4uy7m5+jP8d50L5asLi6/PvrywNP9S0yMVMCn9ZOfxz85/evFv+f+xU+cfuHkN8v/09fXvB8v7naa7AaZpkP/ZF1YejPxD65yW/3MN9ARMh/s/tNfY+a+qamXybQFT4P4P7SX/0Ea94Vz+ob3kH9pL/qG95B/a63j+AYB2qc43/QQy0JSmxx8AAAAAAAAAAAAAAAAAAOCktZmtG4fTtGp+8V6y91iS7qj6neHvESe3DOcXfi0Gux0p6sPG8vw9Y77AmD5q+OnrW39otv6Xdzdbf2U+WX0zyeVu9+T1Vxxcf//ebaf8v/fimAXG9Ogzzdb/Y73Z+le3k88H48/lUeNPmTuHf0ePP/2jb1I/g2L05td+H6d7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAApunPAAAA//911XCx")
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r4, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x107)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @aes256, 0x0, '\x00', @a})
chdir(&(0x7f0000000e40)='mnt/encrypted_dir\x00')
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000fc0)='mnt/encrypted_dir/file0\x00', 0x20002, 0x0, 0x0, 0x0, &(0x7f0000000140))

10m23.9223258s ago: executing program 2 (id=378):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$ax25(0x3, 0x2, 0xcc)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newtaction={0x7c, 0x30, 0x1, 0x0, 0x0, {}, [{0x68, 0x1, [@m_mpls={0x64, 0x1, 0x0, 0x0, {{0x9}, {0x38, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x4, 0x3, 0x6, 0x1f7c, 0x8}, 0x2}}, @TCA_MPLS_LABEL={0x8}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8847}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c89425, 0x0)
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x8, 0x128f, &(0x7f0000003700)="$eJzs3c9rI1UcAPBv2vTn2qbquroL4kMvihC3PXjyUmQXxIJS7YJ6mrWphqY/aEKhIm49eRL8M0Q9ehPEf6AXL54FQaQXj3sQR9Ika9Ok3a5tWpDP55LHe+/7vm8yj4EZ5jH7r321trpSL69kjRgqFKK4ORLF+ylSDMVwtOzGS3d++fXZd957/835hYVbiyndnn939tWU0vRzP37w6XfP/9S4cuf76R/GYm9maP/Pud/2ru1d3//726jWU7We1jcaKUt3NzYa2d1aJS1X66vllN6uVbJ6JVXX65WtRspqD9pXahubmzspW1+emtzcqtTrKVvfSauVndQopMbWTso+yqrrqVwup6nJ4CyWvrmf53lEno/EaOR5nk/EZFyJx2IqpqMUM/F4PBFPxtV4Kq7F0/FMXD/oddnzBgAAAAAAAAAAAAAAAAAAgP+Xh+z/L9j/DwAAAAAAAAAAAAAAAAAAAIN3dP9/McL3/wEAAAAAAAAAAAAAAAAAAOCCPeT7/0f2/79s/z8AAAAAAAAAAAAAAAAAAAAMwnjrZzGl8Yi1L7aXtpdav636+ZWoRi0qcTNK8Vcc7P5vaZVvv7Fw62Y6MBOvrN1rx9/bXhrujp8dKcVMYbidtSt+diIiUkrd8WMxeTh+LkpxtX/+uVb+FKOH48fjxRea8Z+34stRip8/jI2oxXJEoTOPZvxnsym9/tbCRHf+G81+xxoe4CkBAACA81ZOD/Tev++2O/VtbzW1789Tu2fhhOcDR+7vi3GjeFlHTUd955PVrFarbP3HwmjfcToPWM4yck+hOWQWh2umJ39fbKY55Tid5XbG+eS9TcPncoCnLYyc3OcM5zSKp/4zB1SI3aM1eSniUcf54+tDNePHhk+d9xI9KAy1l1lW2+232Mb7JY3dPB/o3zvar2nspKjjrxmFgV6RuEj/nvTLngkAAAAAAAAAAACPou/bfxMR0fM+4Mc9NZ3Xw7vDe0c+PvuXF3CEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA/7MCxAAAAAIAwf+s0OjYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KsAAAD//zIyvvc=")
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, 0x0)
syz_mount_image$vfat(&(0x7f00000006c0), &(0x7f0000000280)='./bus\x00', 0xdb9303c4987113b7, 0x0, 0x1, 0x0, &(0x7f0000000080))
r3 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x0)
mkdirat(r3, &(0x7f0000000080)='./bus\x00', 0x1d5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000580)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r5}, &(0x7f00000006c0), &(0x7f0000000700)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r5, &(0x7f00000007c0)}, 0x20)
chdir(&(0x7f0000001180)='./bus\x00')
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x1618c2, 0x85)
r6 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000140)=@req={0x2, 0x1, 0x200ed8, 0x8}, 0x10)
r7 = socket(0x1e, 0x4, 0x0)
r8 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r8, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[<r9=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r8, 0xc01864c6, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, <r10=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r10, 0xc06864a2, &(0x7f00000005c0)={0x0, 0x0, r9, 0x0, 0xf8, 0x8, 0x7ff, 0x6, {0x8, 0x8, 0x0, 0x5, 0x0, 0x2, 0x1, 0x1, 0x0, 0xffff, 0x8, 0x7c0, 0xffffffff, 0x77, "ba9a42184edc4097e01b52f22e2cbb318719fb31f6699332292cc81f89f07580"}})
setsockopt$packet_tx_ring(r7, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x1, 0x81, 0x1ff, 0x801, 0x1}, 0x1c)
sendmmsg(r7, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
bind$tipc(r7, 0x0, 0x0)
recvmmsg$unix(r6, &(0x7f0000004400)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000000300)=""/41, 0x29}], 0x1}}], 0x1, 0x0, 0x0)

10m20.727363231s ago: executing program 2 (id=388):
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x3032}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x3)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000280)='./bus\x00', 0x2000898, &(0x7f0000000440), 0x1, 0x55ae, &(0x7f0000005600)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
mkdir(0x0, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, 0x0, 0x2, {0x0, 0xf0, 0x1}}, 0x18)
openat(0xffffffffffffffff, 0x0, 0x43800, 0x0)
ptrace$setopts(0x4206, 0x0, 0x9, 0x200050)
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r3)
setresgid(0x0, r3, 0xee00)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x38, r4, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0xffffffffffffff93}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}]}, 0x38}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22, 0x5ccc6e75, @rand_addr, 0x3}, 0x1c)
listen(r5, 0x3)
mount$9p_tcp(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e22'])

10m18.497562256s ago: executing program 32 (id=388):
openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x1c0002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x3032}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x3)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000280)='./bus\x00', 0x2000898, &(0x7f0000000440), 0x1, 0x55ae, &(0x7f0000005600)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_open_dev$vim2m(&(0x7f0000000040), 0x5, 0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000032680)=""/102392, 0x18ff8)
mkdir(0x0, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000040)={0x1d, 0x0, 0x2, {0x0, 0xf0, 0x1}}, 0x18)
openat(0xffffffffffffffff, 0x0, 0x43800, 0x0)
ptrace$setopts(0x4206, 0x0, 0x9, 0x200050)
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
creat(&(0x7f00000000c0)='./file0\x00', 0x10a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x3, 0x0)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r3=>0x0}, &(0x7f0000cab000)=0xc)
setregid(0xffffffffffffffff, r3)
setresgid(0x0, r3, 0xee00)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000180)={0x38, r4, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x24, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_REF={0xffffffffffffff93}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}]}]}, 0x38}}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22, 0x5ccc6e75, @rand_addr, 0x3}, 0x1c)
listen(r5, 0x3)
mount$9p_tcp(&(0x7f0000000100), &(0x7f0000000140)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=tcp,port=0x0000000000004e22'])

18.492020631s ago: executing program 4 (id=2073):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_ep_read(r0, 0xf, 0x0, 0x0)

16.327904139s ago: executing program 1 (id=2084):
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e25}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$cont(0x1f, r1, 0x7fffffff, 0xb3e6)
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x82180, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0xc000)
setsockopt$sock_int(r0, 0x1, 0x1d, 0x0, 0x0)

14.403331767s ago: executing program 1 (id=2086):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@remote, 0x2, 0x2b}, 0xa, @in6=@empty, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000300)='batadv_slave_1\x00', 0x10)
sendmsg$inet(r1, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, &(0x7f0000000400)=[{&(0x7f00000000c0)="08001eb3b0335d00", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x4008810)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000d80)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000ea28a8f398a5711472"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$vbi(0x0, 0x1, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010400000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)

13.834812587s ago: executing program 4 (id=2088):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0xf}]}}]}, 0x38}}, 0x0)

13.091780808s ago: executing program 4 (id=2090):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
add_key$user(&(0x7f0000000000), 0x0, &(0x7f0000000440), 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r0, 0x4004550c, &(0x7f0000000200))

12.059493757s ago: executing program 6 (id=2095):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[], 0x28}}, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")
r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x1b5)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40186e8d, &(0x7f0000000040)={0x0, 0x42c0000000003f, 0x400, 0x200000003, 0x6, 0x3, 0x2401})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x4000000)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100"], 0x64}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
shmat(r1, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)

10.63971985s ago: executing program 5 (id=2098):
r0 = syz_open_dev$rtc(&(0x7f0000000140), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x0, 0x0, {0x12, 0x3a, 0xe, 0xa, 0x7, 0x5, 0x1, 0x8010000, 0xe755a3d832dace16}})
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000280)='./file0\x00', 0x88a, &(0x7f0000000000)={[{@errors_remount}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@grpjquota, 0x22}, {@grpquota}, {@jqfmt_vfsold}, {@noblock_validity}]}, 0xfe, 0x45a, &(0x7f0000000d80)="$eJzs3L1vG2UYAPDHduz0k4RSPlpaCBRExUfSpB90YCkCiQEkJBiKmEKSVqVug5og0aqCwhBGVIkdMSLxF7BQFgRMSKywI6QIZaEwIKOz71InsZM4duJQ/37S1e/re6/v+9zdaz++sxNAzxpK/slF7ImIXyNioFZd2mCo9nB74frE3wvXJ3JRqbzxZ67a7q+F6xNZ02y73bVKpbJKv3NvR4yXy1NX0vrI7KX3RmauXnvuwqXx81Pnpy6PnT594vjh0qmxk+0F2F972JuM9eCH04cOvPLWzdcmzt5858evk/HuSZvVx9EpQ7W929CTne6sy/bWlXN9XRwILSlERHK4itX5PxCF2Lm4biBe/qSrgwM2VaWSr/zbfPWNCnAXSxL1tZWqrxXA3SR7o08+/2bLFqUe28L8mVi8jnE7XWpr+iKftimmn5E2w1BEnL3xzxfJEpt0HQIAoN6tMxHxbKP8Lx8P1LW7J703NBgR90bEvoi4LyL2R8T9EdW2D0bEQy32v/wOycr8pzKwocDWKcn/XkjvbS3N/7LsLwYLaW1vNf5i7tyF8tSxdJ8cjWJ/Uh9dpY/vXvrls2br6vO/ZEn6z3LBdBx/9PUv3WZyfHa8nZjrzX8ccbCvUfy5xZw3yY8PRMTBDfZx4emvDjVbt3b8q+hAUl75MuKp2vG/Ecviz+Sa3p8cff7U2MmRHVGeOjaSnRUr/fTz3OvN+m8r/g6Yv1WJXQ3P/8X4B3M7ImauXrtYvV8703ofc7992vQzzUbP/1LuzWq5lD73wfjs7JXRiFLu1ZXPj93ZNqtn7ZPz/+iRxvN/X9zZEw9HRHISH46IRyLi0XTsj0XE4xFxZJX4f3jxiXdbj79/lf+xc5L4J9c6/lF//FsvFC5+/03r8WeS43+iWjqaPrOe17/1DrCdfQcAAAD/F/nqd+Bz+eHFcj4/PFz7Dv/+2JUvT8/MPnNu+v3Lk7Xvyg9GMZ9d6Rqoux46ml4bzupjy+rH0+vGnxd2VuvDE9PlyW4HDz1ud5P5n/i90O3RAZvO77Wgd5n/0LvMf+hd5j/0LvMfelej+f9RF8YBbL013v93btU4gK0n/4feZf5D7zL/oSc1/W18vq2f/Ct0qfBtqb2/1bD+QuQ3uvmO9NzbHnts+xSK0XBV32bvqP6Gq7r8wgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANAh/wUAAP//hQ/crg==")

10.494486531s ago: executing program 1 (id=2099):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff)
syz_open_dev$sg(0x0, 0x0, 0x8002)
ioctl$sock_ipv6_tunnel_SIOCGETPRL(r0, 0x89f4, &(0x7f0000000180)={'sit0\x00', &(0x7f0000000200)={@empty, 0x1, 0x0, 0x60, 0x0, [{@multicast1}, {@loopback}, {}, {@initdev}, {}, {@multicast2}]}})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r3=>r0, {0x4}}, './file1\x00'})
ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x9}}, './file1\x00'})
r4 = socket(0x200000000000011, 0x2, 0x0)
getsockname$packet(r4, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$usbfs(&(0x7f0000000380), 0x75, 0x341)
ioctl$USBDEVFS_CONTROL(r5, 0xc0105500, &(0x7f0000000000)={0x80, 0x6, 0x321, 0xffff, 0x4c, 0x101, 0x0})
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/diskstats\x00', 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000100)='./bus\x00', 0x20008c0, &(0x7f0000000bc0)={[{@fat=@allow_utime={'allow_utime', 0x3d, 0xff}}, {@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'koi8-u'}}, {@shortname_lower}, {@fat=@check_strict}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'cp950'}}, {@fat=@codepage={'codepage', 0x3d, '864'}}, {@utf8no}, {@shortname_winnt}, {@numtail}, {@shortname_mixed}, {@utf8}, {@uni_xlate}]}, 0x82, 0x350, &(0x7f0000000580)="$eJzs3U9oW3UcAPBv9tKkHcz2IAwF4elN0LJWPOipZXQwzEUl+OcgBtepNHXQYLA7NKsX8Sh41JM3D3rwsLMIinjz4NUJMhUPutvA4ZMkL81Lk3adkM3i53MI331/329+v7c8mtfX5tdXV2LjwkxcvHHjeszOlqK8cnYlbpZiIZIYuBLjKhNyAMDxcDPL4s+s74gtpSkvCQCYst77/+unCpl3vz6sPvPuDwDHXv79/9xhNbMHDVyaypIAgCkbu///yMhwZfRH/eXCbwUAAMfV8y+9/MxqLeK5NJ2N2HyvXW/X4+nh+OrFeDOasR5nYj5uRfQvFLoPpd7jufO1tTNpmnbil4Wodzva9YjNTrvev1JYTXr91ViK+VjI+/OrjSzLknNf1NaW0p6IuNLpzR+bpXZ9Jk7m8/94MtZjOdK4f6w/4nxtbTnNn6C+OejvROwO71t0178Y8/H9a3EpmnEhur2Dy5ra2s5Smp7NaiP97Xq1V9d34B0QAAAAAAAAAAAAAAAAAAAAAAD4VxbTPQt7+99kw/17FhcnjPf2x+n35/sD7fb3B8qqWWTZH+88Xn8/iZH9gfbvz9Oul+PEvT10AAAAAAAAAAAAAAAAAAAA+M9obVei0Wyub7W2L28Ug85Wa/tERHQzb3372VdzMV5zm6Ccz1EYSvPU5Y1GlgyKs2SkJg+S7uSDzKdX91ZcrKnuHcXEZVQPHmo2Tz3880fDzEPJ4Jn/HtYkMfkAk33LKAab9/WXdCf/UXvB8m1qrmVZdlD7zivjXVGKKN/5C3d4kHWDb66/8cATrdNP9jJfZn2PPjb/wrUPP/lto9Hszhy9V7Cy1bqVbTTyf08+2Q4OksL5U4p+UCqeCeXD2ndHM43kh99ffPCD7442e1bMvD2hJukfzuf7hyr9oLvMfUNzk+aamXDyTyE4/fFK4+rOT78etavwRcJGHQAAAAAAAAAAAAAAAAAAcFcUPiueyz/sO3NY11PPTn9lAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHD3DP/+fyHYHcscJfirE+ND1fWtVkTlXh8mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/c/8EAAD//9HQbnk=")
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r7 = syz_io_uring_setup(0x49a, &(0x7f0000000380)={0x0, 0x79ad, 0x80, 0x3, 0x26c, 0x0, r6}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000040)=<r9=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r8, r9, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r6, 0xffffffffffffffff, &(0x7f0000000400)=""/210, 0xd2, 0x10, 0x1})
io_uring_enter(r7, 0x627, 0x4c1, 0x43, 0x0, 0x30)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r10 = syz_usb_connect(0x0, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="120100009e173610ef171e7206de0102030109021200010000000009040000000206"], 0x0)
syz_usb_control_io(r10, 0x0, &(0x7f0000000b00)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="0000040000000b0f0667"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r11 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYRESOCT, @ANYRES64=r0], 0x0)
syz_usb_control_io(r11, 0x0, &(0x7f00000010c0)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="00000100000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r11, 0x0, &(0x7f0000000900)={0x84, &(0x7f0000000400)=ANY=[@ANYBLOB="0a0e0000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

10.412377364s ago: executing program 6 (id=2101):
r0 = socket$inet(0x2, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f0000000040)=@framed={{}, [@alu={0x4, 0x0, 0xd, 0x0, 0x0, 0x0, 0x10}, @jmp={0x5, 0x0, 0x3}]}, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b40)='source', 0x0, 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000300)={0x0, @dev, @initdev}, &(0x7f0000000540)=0xc)

9.129548778s ago: executing program 6 (id=2102):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000340)={[{@nobarrier}, {@gid}, {}, {@nls={'nls', 0x3d, 'iso8859-2'}}, {@nodecompose}, {@umask={'umask', 0x3d, 0x7f8}}, {@uid}, {@nodecompose}]}, 0x3, 0x6a4, &(0x7f0000001b40)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") (async)
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000340)={[{@nobarrier}, {@gid}, {}, {@nls={'nls', 0x3d, 'iso8859-2'}}, {@nodecompose}, {@umask={'umask', 0x3d, 0x7f8}}, {@uid}, {@nodecompose}]}, 0x3, 0x6a4, &(0x7f0000001b40)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=")
chdir(&(0x7f0000000140)='./bus\x00')
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_io_uring_setup(0x4f5, &(0x7f0000000200)={0x0, 0xde85, 0x2, 0x0, 0xd7}, &(0x7f00000006c0)=<r2=>0x0, &(0x7f0000000680)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0xffffffff, @my=0x1}, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0xf5, 0x0, 0x0, 0x0) (async)
io_uring_enter(r1, 0x47bc, 0xf5, 0x0, 0x0, 0x0)
r4 = mq_open(&(0x7f00000004c0)=' \x01 \x00\x00\x00\x00\x0f\x00\x00\x00\x00\xd0\xe3\xac\x88\xc1s\xc5\xec\xa5O\xa2\xf3\"\x88p\"k/K\x99\x147~H\x0f,\x86\xad\xa3\xc0J\v\x1a&\xf0\\\xb8\xcf\xad\xae\x93J\xe7\xcd,\xeb\xef\xee\x93\a\xc51\xd6\x98\x13\xf2\xe8\xe8hY\xd7\x03.\xac\x16H\xcb[,0\x8b\xa0\x83\x84\xb66\xff\xdc\xfe\xb9%\xf7\xdeQ\v\xbe$\xa1\xc8\x97\x9b\xba\n\xd1\x14*\xac\x84\t\xe93qE\x8f_\xcb\xeap\x0f\\;\xb7\x1c\x03\x03\xbc\xa3\xcc\xbe\x03\xb3$\x95\xb4\xd9\xca$%_\x1b{\xfa~y\xba\xf5I\xbar)\n\x93\xbe\a6\xf8&\xbe-\xb2\xf2\xa5|Jh\x15,\\(=t\xa8\xe3\xe3\xf8!B[\xa8\x1bz\x83i\xa2\x1e\xb4V\xc7\xc0\x00P,\x81x\x7f\xc6\x05~\x9e\xa9\x97<2C\x13\xc9\x01N\xfa\x97\\<\xbc\xb6<\xb5\xc4.\xcaX4%fn|\x00'/237, 0x40, 0x0, 0x0)
mmap(&(0x7f000074f000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x12, r4, 0x5ad11000) (async)
mmap(&(0x7f000074f000/0x1000)=nil, 0x1000, 0xb635773f06ebbeee, 0x12, r4, 0x5ad11000)
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
open(&(0x7f0000000000)='./file1\x00', 0x280, 0x0)

8.847793304s ago: executing program 5 (id=2103):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0xf}]}}]}, 0x38}}, 0x0)

8.185830079s ago: executing program 5 (id=2104):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha224\x00'}, 0x58)
r1 = accept$alg(r0, 0x0, 0x0)
sendmsg$alg(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000000c0)='|', 0x1}], 0x1, 0x0, 0x0, 0x4040011}, 0x20048000)

7.941038573s ago: executing program 3 (id=2105):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x11, 0x0, &(0x7f0000000280))
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
close_range(0xffffffffffffffff, r2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
mount$afs(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x4, &(0x7f0000000080)={[{@dyn}, {@flock_openafs}]})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xad}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = syz_io_uring_setup(0xef9, &(0x7f0000000580)={0x0, 0xd730, 0x80, 0x3, 0xbffffff6}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000340)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80, 0x6000})
r9 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000500)='io_uring_defer\x00', 0xffffffffffffffff, 0x0, 0x10000}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000500)='io_uring_defer\x00', r9, 0x0, 0x10000}, 0x18)
io_uring_enter(r6, 0x1c3a, 0xe176, 0x22, 0x0, 0x0)

7.847665491s ago: executing program 6 (id=2106):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0)
accept$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000340)='./binderfs/custom1\x00', 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xb}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xa0000, {0x0, 0x0, 0x0, r8, {0x0, 0x9}, {0x10, 0xb}, {0x5, 0xa858712265c6c23}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xa0, 0x2, 0x5, 0x5274, 0x3, 0x6}, {0xc6, 0x1, 0x2, 0x4, 0x3, 0x1ff}, 0xbdb0, 0x2, 0x8a3}}, @TCA_TBF_RATE64={0xc, 0x4, 0x255549c306b87a6c}, @TCA_TBF_PRATE64={0xc, 0x5, 0xe1831c0564c1f2c6}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

7.026175112s ago: executing program 5 (id=2107):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0xd31, 0x0, 0x4, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0xfc}}, 0x40011)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000002540)={[{@grpquota}, {@nogrpid}, {@quota}, {@nobh}]}, 0x1, 0x518, &(0x7f0000006c40)="$eJzs3c9vG1kdAPDvOHHipNlNdlkkkGC37C4UVNVJ3N1otQdYTgihlRB7BKkbEjeKYsdR7CxN6KE9c0WiEic48gdw7ok7FwQ3LuWA+BWBmkocjGY8bt3UbqKmiUP8+UjTmTfP9fe9WvNe55t4XgAj63JE3ImIiYj4NCJm8/NJvsVHnS193cP92ysH+7dXkmi3P/lnktWn56Ln76Qu5e9ZiogffCfix8mzcZu7exvLtVp1Oy/Pt+pb883dvWvr9eW16lp1s1JZWlxa+OD6+5WX1te36hP50Zcf/P7ON36aNmsmP9PbjxeRdLrc73xEFB/HSY1HxPdOEuwcGcv7MzHshvBCChHxekS8nV3/szGWfZoAwEXWbs9Ge7a3DABcdIUsB5YUynkuYCYKhXK5k8N7I6YLtUazdfVmY2dztZMrm4ti4eZ6rbqQ5wrnopik5cXs+Em50ilPdsvXI+K1iPj55FRWLq80aqvD/I8PAIywS4fm//9MduZ/AOCCKw27AQDAmTP/A8DoMf8DwOgx/wPA6OnM/1PDbgYAcIaee//veUAAcCHJ/wPASPn+xx+nW/sgf/716me7OxuNz66tVpsb5frOSnmlsb1VXms01rJn9tSPer9ao7G1+F7s3Jr75lazNd/c3btRb+xstm5kz/W+US1mr+r7qGwA4Iy89tb9PyXpjPzhVLZFz1oOxaG2DDhthWE3ABiasWE3ABgav90Do+sE9/jSA3BB9Fmi9ymlfl8Qarfb7dNrEnDKrnxR/h9GVU/+328Bw4iR/4fRJf8Po6vdTo675n8c94UAwPkmxw8M+Pn/6/n+N/kPB360evgV906zVQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHC+ddf/Ledrgc9EoVAuR7wSEXNRTG6u16oLEfFqRPxxsjiZlheH3GYA4KQKf03y9b+uzL4781TVm5eSR3/7fHY4ERE/+eUnv7i13Gpt/yFiIvnXZPd8615+vjKcHgAAg6X3+t15Otv33Mg/3L+90t3Osk1//3ZElDrxD/Yn4uBx/PEYz/alKEbE9L+TvNyR9OQuTuLO3Yj4Qr/+JzGT5UA6K58ejp/GfuVM4xeeil/I6jr79N/icy+hLTBq7qfjz0f9rr9CXM72/a//UjZCnVw+/qVvtXKQjYFP4nfHv7EB49/l48Z473ff7RxNPVt3N6I0HtGNfdAz/nTjJwPiv3vM+H/+0ptvD6pr/yriSvSP3xtrvlXfmm/u7l1bry+vVdeqm5XK0uLSwgfX36/MZznq+cGzwT8+vPrqoLq0/9MD4peO6P9Xj9n/X//30x9+5Tnxv/5Ov/iFeOM58dM58WvHjL88/dvSoLo0/uqA/h/1+V89MvJs9ueDv+w9s2w4ADA8zd29jeVarbr9/34wU+x06Ly0x8FpHKSf8DloRt+Db51VrInoX/WzdzqXwKGqdvuFYg0aMV5G1g04Dx5f9BHxaNiNAQAAAAAAAAAAAAAA+jqLbywNu48AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcXP8LAAD///vOzlM=")
lchown(&(0x7f0000000080)='./file1\x00', 0xee01, 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'})
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x8, &(0x7f0000000080)={[{@nodioread_nolock}, {@sb={'sb', 0x3d, 0x1}}]}, 0x4, 0x523, &(0x7f00000018c0)="$eJzs3cFvG1kZAPBvnLhJs+mmC3sABGxZFgqq6iTubrTqhfYCQlUlRMWJQxsSN4pi11Hsiib0kB65V6ISJ+A/4MYBqScO3LjBjUs5IBWoQA0SB6MZT1I3sZNAnbiJfz9pMvPeTP29F/e953mR5wUwtC5ExGZEnImIOxExlecn+RbX2lt63csXDxe2XjxcSKLVuvX3JDuf5kXHv0m9k7/meER8/zsRP0r2xm2sb6zMV6uVtTw93aytTjfWNy4vF/Kc8tzs3MynVz4p962uH9R+/fzbyzd+8NvffOnZHza/+ZO0WJM/PZed66xHP7WrXozJjrzRiLhxFMEGZDT//8PJk7a2z0TEh1n7n4qR7N0EAE6zVmsqWlOdaQDgtEvv/ycjKZTyuYDJKBRKpfYc3vsxUajWG81LU/X79xYjm8M6H8XC3eVqZSafKzwfxSRNz2bHr9Ll19KPK1ci4r2IeDx2NjtfWqhXFwf5wQcAhtg7u8b/f421x/9OxUEVDgA4OuODLgAAcOyM/wAwfIz/ADB8/ofx37cDAeCUcP8PAMPH+A8Aw+fA8f/R8ZQDADgW37t5M91aW+3nX28/qfvyYqWxUqrdXygt1NdWS0v1+lK1UlpotQ56vWq9vjr78U6ysb5xu1a/f695e7k2v1S5XfEsAQAYvPc+ePqndNDfvHo226JjLQdjNZxuhUEXABiYkUEXABgY3+eB4XWIe3zTAHDKdVmity2fIEh6XfDE4q9wUl38vPl/GFZvMv9v7gBOtv9v/v9bfS8HcPyM4TC8Wq3Emv8AMGTM8QM9//6f6/mIkCf9LwsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcFJPZlhRK2Vrgm+nPQqkUcS4izkcxubtcrcxExLsR8cex4lianh10oQGAN1T4a5Kv/3Vx6qPJ3WfPJP8ey/YR8eOf3/rZg/lmc202zf/HTn7zSZp/trlWPjOICgAAna7tzcrG73K+77iRf/ni4cL2dpxFfH69vbhoGncr39pnRmM0249HMSIm/pnk6bb088pIH+JvPoqIz23XfzwedESYzOZA2iuf7o6fxj7X9/idv//d8Quv1beQnUv3xex38dnYVTjgQE+vt/vJvO2lTTxvf4W4kO27t//xrId6c2n/lzbXrT39X2Gn/xvZEz/J2vyFnfT+JXn+8e++uyezNdU+9yjiC6Pd4ic78ZPu/W/xo0PW8c9f/PKHvc61fhFxsWv9t1ekrmXd7HSztjrdWN+4vFybX6osVe6Vy3OzczOfXvmkPJ3NUbd//r5bjL9dvfRur/hp/Sd6xB/fv/7xtUPW/5f/ufPDr+wT/xtf7f7+v79P/HRM/Poh489PXOu5fHcaf7FH/Q94/+PSIeM/+8vG4iEvBQCOQWN9Y2W+Wq2sHXCQftY86BoHhz9I7+3fgmJkB7EZ0a8XzCYlIqLrNekn6rejykd1kAws+q/6/YKD7pmAo/aq0Q+6JAAAAAAAAAAAAAAAQC+N9Y2Vse7f1urbwaDrCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOn13wAAAP//KHnENg==")
syz_mount_image$exfat(&(0x7f0000000240), &(0x7f00000005c0)='./file2\x00', 0x3000cd0, &(0x7f0000000440)=ANY=[], 0x1, 0x150f, &(0x7f0000000e80)="$eJzs3Au0TlX3MPA511qbQy5Pkvuea26e5LJIklCSXJIkCck9IUmSJEkccktCEnI9Se4h93TScb9fck86eSVJEhIS1jeO9Hl737fRe/t/+v5n/sbY46x59p7zmfvM8Zxn7z3GOd92GVqtYfXK9ZgZ/h361wX+8iURABIAYAAAZAeAAADK5CiTI21/Jo2J/9aLiP8h9adf7Q7E1STzT99k/umbzD99k/mnbzL/9E3mn77J/NM3mb8Q6drMvNfKln43ef7//zn1nyTL53+6gL+3Q+b/v43+l46W+advMv/0Teafvsn8058rt2DBVe1DXH3y/k/fZP5CpGv/9WfK689e7Wfasv0LmxBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEII8f/AWX+FAYBf11e7LyGEEEIIIYQQQvz3+PevdgdCCCGEEEIIIYT4n4egQIOBADJARkiATJAZroEskBWyQXaIwbWQA66DnHA95ILckAfyQj7IDwUgBAILDBEUhEIQhxugMNwIRaAoFIPi4KAElISboBTcDKXhFigDt0JZuA3KQflLr5nmTqgEd0FluBuqQFWoBtXhHqgB90JNuA9qwf1QGx6AOvAg1IWHoB7UhwbwMDSER6ARNIYm0BSaQXNo8Qf5Sdn/Uf6L0B1egh7QExKhF/SGl6EP9IV+0B8GwCswEF6FQfAaDIYhMBReh2HwBgyHN2EEjIRR8BaMhjEwFsbBeJgASfA2TIR3YBK8+0hWmAJTYRpMhxkwE96DWTAb5sD7MBfmwXxIyrQQFsFi+ACWwIeQDB/BUvgYUmAZLIcVsBJWwWpYA2thHayHDbARNsFm2AJb4RPYBtthB+yEXbAb9sCnsBc+g33wOaTiF/9i/pnf5kNXBARUqNCgwQyYARMwATNjZsyCWTAbZsMYxjAH5sCcmBNzYS7Mg3kwEfNhASyAhISMjAWxIMYxjoWxMBbBIlgMi6FDhyWxJJbCC9770lgGy2BZLIvlsDyWx9vxdqyIFbESVsLKWBmrYBWshtXwHrwH78WaWBNrYS2sjbWxDtbBulgX62E9bIANsCE2xEbYCJtgE2yGzbAFtsCW2BJbYStsg22wLbbFdtgO22N77IAdsCN2xE7YCTtjZ+yCXbArvoAv4Iv4Ir6EL2FPrKJ6YW/sjX2wD/bD/tgfX8GB+Cq+iq/hYByCQ/F1fB3fwOF4GkfgSByFo7CiGoNjcRyymoBJmIQZYSJOwkk4GafgFJyG03EGzsSZOAtn42x8H+fiPJyHC3ABLsLFuBiX4IeYjMm4FM9gCi7D5bgCV+IqXIlrcC2uwfW4AdfjJtyEW3ALfoKf4HbcjjtxJ+7G3fgpfoqf4Wc4GFMxFffjfjyAB/AgHsRDeAgP42E8gkfwKB7FY3gMj+MJPIkn8BSewtN4Bs8CwDk8h+fxPF7Ei2lvfpXGKKMyqAwqQSWozCqzyqKyqGwqm4qpmMqhcqicKqfKpXKpPCqPyqfyqQKqgCJFilWkCqqCKq7iqrAqrIqoIqqYKqaccqqkKqlKqVKqtCqtyqhbVVl1myqnyqvW7nZ1u6qo2rhK6i5VWVVWVVRVVU1VV9VVDVVD1VQ1VS1VS9VWtVUd9aCqq3phP6yv0ibTUA3BRmooNlFNVTPVXL2Bj6qWaji2Uq1VG/W4GokjsJ1q6dqrp1QHNRY7qmfUOHxWdVYTsIt6XnVVL6hu6kXVXbVyPVRPNRl7qd5qGvZRfVU/1V/NwqoqbWLV1GvqxYxD1FD1ulqEb6jh6k01Qo1Uo9RbarQao8aqcWq8mqCS1NtqonpHTVLvqslqipqqpqnpaoaaqd5Ts9RsNUe9r+aqeRrUArVQLVKL1QdqifpQJauP1FL1sUpRy9RytUKtVKvUarVGrVXr1Hq1QW1Um9RmtUVtVZ+obWq72qF2ql1qt9qjPlV71Wdqn/pcpaov1H71F3VAfakOqq/UIfW1Oqy+UUfUt+qo+k4dU9+r4+qEOql+UKfUj+q0OqPOqp/UOfWzOq8uqIvKK9Coldba6EBn0Bl1gs6kM+trdBadVWfT2XVMX6tz6Ot0Tn29zqVz6zwmr86n8+sCOtSkrWYd6YK6kI7rG3RhfaMuoovqYrq4drqELqlv0qX0zbq0vkWX0bfqsvo2XU6X1xU86Dt0RX2nrqTv0pX13bqKrqqr6er6Hl1D36tr6vt0LX2/rq0f0HX0g7qufkjX0/V1A/2wbqgf0Y10Y91EN9XNdHPdQj+qW+rHdCvdWrfRj+u2+gndTj+p2+undAf9tO6on9Gd9LO6s35Od9HP6676Bd1NX9AXtdc9dE+dqHvp3vpl3Uf31f10fz1Av6IH6lf1IP2aHqyH6KH6dT1Mv6GH6zf1CD1Sj9Jv6dF6jB6rx+nxeoJO0m/rifodPUm/qyfrKXqqnqan6xm63+VKc/6J/Hf+Qf6gS6++RW/Vn+hterveoXfqXXq33qP36L16r96n9+lUnar36/36gD6gD+qD+pA+pA/rw/qIPqKP6qP6mD6mj+sT+if9gz6lf9Sn9Rl9Rv+kz+lz+vzlnwEYNMpoY0xgMpiMJsFkMpnNNSaLyWqymewmZq41Ocx1Jqe53uQyuU0ek9fkM/lNARMaMtawiUxBU8jEzQ2msLnRFDFFTTFT3DhTwpQ0N/3H+X/UXwvTwrQ0LU0r08q0MW1MW9PWtDPtTHvT3nQwHUxH09F0Mp1MZ9PZdDFdTFfT1XQz3Ux30930MD1Mokk0vc3Lpo/pa/qZ/maAecUMNAPNIDPIDDaDzVAz1Awzw8xwM9yMMCPMKDPKjDajzVgz1ow3402Sz24mmolmkplkJpvJZuqA7Ga6mW5mmplmlpll5pg5Zq6Za+ab+WahWWgWm8VmiVlikk2yWWqWmhSzzCwzK8wKs8qsMmvMGrPOrDMbzAazyWwyKWar2Wq2mW1mh9lhdpldZo/ZY/aavWaf2WdSTarZb/abA+aAOWgOmkPmkDlsDpsj5og5ao6aY+aYOW6Om5PmpDllTpnT5rQ5a86ac+acOW/Om4vmYtplX6ACFZjABBmCDEFCkBBkDjIHWYIsQbYgWxALYkGOIEeQM7g+yBXkDvIEeYN8Qf6gQBAGFNiAgygoGBQK4sENQeHgxqBIUDQoFhQPXFAiKBncFJQKbg5KB7cEZYJbg7LBbUG5oHxQIbg9uCOoGNwZVAruCioHdwdVgqpBtaB6cE9QI7g3qBncF9QK7g9qBw8EdYIHg7rBQ0G9oH7QIHg4aBg8EjQKGgdNgqZBs6B50OK/Wt/707kfcz3CnmFi2CvsHb4c9gn7hv3C/uGA8JVwYPhqOCh8LRwcDgmHhq+Hw8I3wuHhm+GIcGQ4KnwrHB2OCceG48Lx4YQwKXw7nBi+E04K3w0nh1PCqcG0cHo4I5wZvhfOCmeHc8L3w7nhvHB+uCBcGC4K8ZdLYkgOPwqXhh+HKeGycHm4IlwZrgpXh2vCteG6cH24IdwYbioz8JdDw23h9nBHuDPcFe4O94SfhnvDz8J94edhavhFuD/8S3gg/DI8GH4VHgq/Dg+H34RHwm/Do+F34bHw+/B4eCI8Gf4Qngp/DE+HZ8Kz4U/hufDn8Hx4IbwY+rSL+7SPdzJkKANloARKoMyUmbJQFspG2ShGMcpBOSgn5aRclIvyUB7KR/moQMYClIaJqSAVpDjFqTAVpiJUhIpRMXLkqCSVpFJUikpTaSpDZagslaVyVI4qUAW6g+6gO+lOuovuorvpbqpKVak6VacaVINqUk2qRbWoNtWmOlSH6lJdqkf1qAE1oIbUkBpRI2pCTagZNaMW1IJaUktqRa2oDbWhttSW2lE7ak/tqQN1oI7UkTpRJ+pMnakLdaGu1JW6UTfqTt2pB/WgREqk3tSb+lAf6kf9aAANoIE0kAbRIBpMg2koDaVhNIyG03AaQSNpFL1Fo2kMjaVxNJ4mUBIl0USaSJNoEk2myTSVptJ0mk4zaSbNolk0h+bQXJpL82k+LaSFtJgW0xJaQsmUTEtpKaVQCi2n5bSSVtJqWk1raS2tp/W0kTbSZtpMW2krbaNttIN20C7aRXtoD+2lvbSP9lEqpdJ+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Gc6TxfoInlKsJlsZnuNzWKz2mw2u/3bOI/Na/PZ/LaADW0um/s3MVlri9iitpgtbp0tYUvam/4uLmfL2wr2dnuHrWjvtJVsOZsJ/jquYe+1Ne19tpa931a39/wmrm0fsHXsI7aubWzr2aa2gW1uG9pHbCPb2DaxTW0z29y2tU/YdvZJ294+ldDBPv3XsU2Ll9gP7Vq7zq63G+xe+5k9a3+yR+y39pz92fawPe0A+4odaF+1g+xrdrAd8tsYwI6yb9nRdowda8fZ8XbC38VT7TQ73c6wM+17dpad/XfxYvuBnWuT7Xy7wC60iy7FaT0l24/sUvuxTbHL7HK7wq60q+xqu+b/9rrCbrKb7Ra7x35qt9ntdofdaXfZ3ZfitPPYZz+3qfYLe9h+Yw/YL+1Be9Qesl9fitPO76j9zh6z39vj9kQvsD/YU/ZHe9qeuXT+aef+g71gL1pvgZEVazYccAbOyAmciTPzNZyFs3I2zs4xvpZz8HWck6/nXJyb83Bezsf5uQCHTGyZOeKCXIjjfAMX5hu5CBflYlycHZfgknwTl+KbuTTfwmX4Vi7Lt3E5Ls8V+Ha+gyvynVyJ7+LKfDdX4apcjavzPVyD7+WafB/X4vu5Nj/AdfhBrssPcT2uzw34YW7Ij3AjbsxNuCk34+bcgh/llvwYt+LW3IYf57b8BLfjJ7k9P8Ud+GnuyM9wJ36WO/Nz3IWf5678AnfjF7k7v8Q9uCcnci/uzS9zH+7L/bg/D+BXeCC/yoP4NR7MQ3gov87D+A0ezm/yCB7Jo/gtHs1jeCyP4/E8gZP4bZ7I7/Akfpcn8xSeytN4Os/gmfwez+LZPIff57k8j+fzAl7Ii3gxf8BL+ENO5o94KX/MKbyMl/MKXsmreDWv4bW8jtfzBt7Im3gzb+Gt/Alv4+28g3fyLt7Ne/hT3suf8T7+nFP5C97Pf+ED/CUf5K/4EH/Nh/kbPsLf8lH+jo/x93ycT/BJ/oFP8Y98ms/wWf6Jz/HPfJ4v8EX2DBFGKtKRiYIoQ5QxSogyRZmja6IsUdYoW5Q9ikXXRjmi66Kc0fVRrih3lCfKG+WL8kcFojCiyEYcRVHBqFAUj26ICkc3RkWiolGxqHjkohJRyeimqFR0c1Q6uiUqE90alY1ui8pF5aMK0e3RHVHF6M6oUnRXVDm6O6oSVY2qRdWje6Ia0b1Rzei+qFZ0f1Q6eiCqEz0Y1Y0eiupF9aMG0cNRw+iRqFHUOGoSNY2aRc2jFtGjUcvosahV1DpqEz0etY2eiNpFT0bto6eiDtHTV/YXDX75NP2b/YlRr0hffkJ2n14YXxRfHP8gviT+YTw5/lF8afzjeEp8WXx5fEV8ZXxVfHV8TXxtfF18fXxDfGN8U3xzfEvc++oZwWHajTAYF7gMLqNLcJlcZneNy+Kyumwuu4u5a10Od53L6a53uVxul8fldflcflfAhY6cdewiV9AVcnF3gyvsbnRFXFFXzBV3zpVwJV1z18K1cC3dY66Va+3auMfd4+4J94R7MuFy466je8Z1cs+6zu4595x73nV1L7hu7kXX3b3kerieLtElut6ut+vj+rh+rp8b4Aa4gW6gG+QGucFusBvqhrphbpgb7oa7EW6EG+VGudFutBvrxrrxbrxLckluopvoJrlJbrKb7Ka6qW66m+5muplulpvl5rg5bq6b6+a7+W6hW+gWu8VuiVvikl2yW+qWuhSX4pa75W6lW+lWu9VurVvr1rv1bqPb6Da7zW6r2+q2uW1uh9vhdrldbo/b4/a6vW6f2+dSXarb7/a7A+6AO+i+cofc1+6w+8Ydcd+6o+47d8x97467E+6k8/qU+9GddmfcWfeTO+d+dufdBXfReZcUezs2MfZObFLs3djk2JTY1Ni02PTYjNjM2HuxWbHZsTmx92NzY/Ni82MLYgtji2KLYx/ElsQ+jCXHPootjX0cS4ktiy2PrYitjK2KeZ9/W+QL+kI+7m/whf2Nvogv6ov54t75Er6kv8mX8jf70v4WX8bf6sv623w5X95X8I19E9/UN/PNfQv/qG/pH/OtfGvfxj/u2/onfDv/pG/vn/Id/NO+o3/Gd/LP+s7+Od/FPz/v8pR9d/+S7+F7+kTfy/f2L/s+vq/v5/v7Af4VP9C/6gf51/xgP8QP9a/7Yf4NP9y/6Uf4kX6Uf8uP9mP8WD/Oj/cTfJJ/20/07/hJ/l0/2U/xU/00P93P8DP9e36Wn+3n+Pf9XD/Pz/cL/EK/yC/2H/gl/kOf7D/yS/3HPsUv88v9Cr/Sr/Kr/Rq/1q/z6/0Gv9Fv8pv9Fr/Vf+K3+e1+h9/pd/ndfo//1O/1n/l9/nOf6r/w+/1f/AH/pT/ov/KH/Nf+sP/GH/Hf+qP+O3/Mf++P+xP+pP/Bn/I/+tP+jD/rf/Ln/M/+vL/gL8rfrAkhhBBC/FP0H+zv9Q++py5vaXoDQNbteQ/9bc2NuX5Z91V7O8QA4KmeXepf3jJA/cTExMvHpmgICi0AgNiV/AxwJV4GbeAJaA+todQ/7K+vqnDpuu+v6tev/zf147cCZAbI9GtO2u3Rr/GV+jf/Tv3GH/Dv1l8GKRohvgCgSKErOWmFf42v1C/9O/V3t/39+pf6z/RlEkCrv8rJAlfiK/VLwmPwNLT/zZFCCCGEEEIIIcQv+qpzXf/g/vPS/Xk+89u8X+M/uj//A5X+0/6FEEIIIYQQQgjxx559oduTj7Zv37rT/+ZFxj9HG3+CBQLAn6ANWfz5F1f7N5MQQgghhBDiv+3KRf/V7kQIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhEi//v3/EKb+6YOv9jkKIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQV9v/CQAA///tMlSc")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x41, 0x2)
setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x10, &(0x7f00000004c0)={[{@i_version}, {@nodiscard}, {@min_batch_time={'min_batch_time', 0x3d, 0x3ff}}]}, 0x1, 0x3f7, &(0x7f0000003080)="$eJzs3U1vG0UfAPD/bt7atE+TSs+Bl4sFSERCJE3aApVAIuLCoT3RA0es2C1RnQYlRqJVxItA3EAC8QHgAHwEjnDgO8AZOEClCOVAys1o7V3HxHbapA6ukt9PGnlmZ+2Z9XjW68nsJIBjqxQRL0fESESci4ipfHuah3i/FbL9trc2lv7e2lhKotF47c8kknxb8VpJ/ngqf4GZNCL9KInHe5S7fuv2jXKtVl3L03P1lbfm1m/dfnZ5pXy9er16c+G58xcuXnzh0sLzAzvWzZXkk6e+ufzbZx9XPv/pj++ns/qezvM6j2NQSlFqvye7XRp0YUN2oiOejA6xIgAA7CnNr/1Hm9f/UzESOxdvU/Hpj0OtHAAAADAQjUbxCAAAABxdid/+AAAAcMQV8wC2tzaWijDE6Qj8xzYXI2K61f5389DKGW3f0zu26/7eQSpFxKsnrixkIQ7pPmwAAACA4+yHxdbCf93jf2k80rHfyYiYLNb2G6DSrnT3+E96Z8BF0mFzMeLFiLjbNf6XFrtMj+Sp/zWHCseSa8u16rmIOBMRMzE2kaXn9yjj3SdufNsvr3P878tfX5/Pys8ed/ZI74xO/Ps5lXK9/CDHzI7NDyIeG+3V/kl7zLdzncyDeGN5+6V+eVn7Z+1dhO725zA1vop4umf/31m5NNl7fda55vlgLj8rTHSX8cvprz/sV35n/89CVn7xtwAOX9b/J/du/+Y6ue31etf3X8Z3f135uV/evdu/9/l/PLnarOB4vu2dcr2+Nh8xnlzu3u7T1Fa8H8X7lbX/zJO9v/+L678k/+4/07E+9H688t7Zq/3y9P/hytq/sq/+v//Im5OPzvQr//76/4VmZYoXcf13b/fbQMOuJwAAAAAAAACDkTbn9iXpbDueprOzrXm+/4/JtLa6Xn/m2urbNyutOYDTMZYW8z+nOuaDzrduI2+nF3alz0fE2Yj4YupkMz27tFqrDPvgAQAA4Jg41ef3f+b3g9zsAQAAADycpoddAQAAAODQ+f0PAAAAR9qDrOtfq64V/yLogE8XETlYZCT/4D0s9Tl6kSGelAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIfwIAAP//keS8Nw==")
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r1, r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x3, 0x11, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000008500000018000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r2, 0x0, 0xcc0, 0x0, &(0x7f0000000040)="f4b84de4115d64244a0e839e86dd", 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_GET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="3c02422184a8f512e3e0b811b75d000000a42abaf8f2b0043f78a8967e41b6cf5ed24359de00efd8984abc4f14536491a6cf57b482bcb762b77f18e810", @ANYRES16=r4, @ANYBLOB="030528bd7000fedbdf25050000000e0001006e657464657673696d0000000f0002006e657464657673696db74d3b66aafb0ca9db74fc"], 0x3c}, 0x1, 0x0, 0x0, 0x40040}, 0x4000800)

6.300859194s ago: executing program 0 (id=2108):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x2009cb9, 0x0, 0xf6, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always,huge=wit'])
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r0, 0x8008976)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x0, 0x32, 0x0, 0x2000)

6.156593289s ago: executing program 3 (id=2109):
add_key(&(0x7f0000000040)='asymmetric\x00', 0x0, &(0x7f0000000300)="303e3002a0001f14000000d190c937dc6914243b0402d6dcb70ad80851956fe6727ae888746b02cee670a5882a0ad79716584e6b04b7f62edac751478af9c62f", 0x40, 0xfffffffffffffffc)

5.93935408s ago: executing program 0 (id=2110):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000440)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYBLOB], 0xc4}}, 0x4c050)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000180), 0x3ff, 0x28081)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f00000003c0)={0x9e0000, 0x3, 0xfffffff6, r3, 0x0, &(0x7f0000000240)={0x990964, 0x5, '\x00', @ptr=0x2}})
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x2000000}, 0x1c)
fchdir(0xffffffffffffffff)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x900, 0x12)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
accept4$llc(0xffffffffffffffff, 0x0, &(0x7f0000000340), 0x80000)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0xa01, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r5, 0xc0045009, &(0x7f0000000040)=0x2)
pipe2$watch_queue(&(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
r8 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r8, r6, 0x39)
keyctl$KEYCTL_WATCH_KEY(0x20, r8, r7, 0xffffffffffffffff)

5.829595414s ago: executing program 6 (id=2111):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@remote, 0x2, 0x2b}, 0xa, @in6=@empty, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r1 = socket$inet(0x2, 0x2, 0x1)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000300)='batadv_slave_1\x00', 0x10)
sendmsg$inet(r1, &(0x7f0000000040)={&(0x7f0000000100)={0x2, 0x0, @rand_addr=0x64010102}, 0x10, &(0x7f0000000400)=[{&(0x7f00000000c0)="08001eb3b0335d00", 0x8}], 0x1, 0x0, 0x0, 0xe0000000}, 0x4008810)
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000280)={[{@noload}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x5}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x44d, &(0x7f0000000d80)="$eJzs3MtvG8UfAPDvrp30/Ut+UB4tLQQKouKRNOnzwKUIJA4gIcGhiFNI0qrUbaAJEq0qKBzKEVXijjgi8RdwggsCTkhc4Y4qVaiXFiQko13vpsa107hx6rb+fKRNZrzjzHx3d+zZGTsBDKyx7EcSsTkifouIkUb2vwXGGr+uXTk389eVczNJ1Otv/Jnk5a5eOTdTFi2ft6mRqdeL/Lo29V54O2K6Vps7XeQnFk++N7Fw5uzzx09OH5s7Nndq6tChfXt3Dh+Y2t+TOLO4rm7/aH7HtlfeuvjazJGL7/z0TdbezcX+5jh6ZaxxdNt6qteV9dmWpnRS7WND6EolIrLTNZT3/5GoxIalfSPx8qd9bRywpur1er3d+3PhfB24hyXR7xYA/VG+0Wf3v+V2m4Yed4TLhyPeP9iI/1qxNfZUIy3KDLXc3/bSWEQcOf/3l9kWazQPAQDQ7LvDEfFcu/FfGg82lftfsYYyGhH/j4j7IuL+iNgaEQ9E5GUfioiHu6y/dYXkxvFPeumWAluhbPz3QrG2tTT++6eex18YrRS5LXn8Q8nR47W5PcUx2R1D67L85DJ1fP/Sr5932tc8/su2rP5yLNiQXqq2TNDNTi9OrzLsJZc/idhebYk/l0S5jJNExLaI2N7VX75+h3H8ma93dCp18/iX0YN1pvpXEU83zv/5aIm/lHRcn5w8eGBq/8T6qM3tmSivihv9/MuF1zvVv6r4eyA7/xtbr//cUvyjyfqIhTNnT+TrtQvd13Hh98863tPc6vU/nLyZp4eLxz6cXlw8PRkxnLx64+NT159b5svyWfy7d7WLP81f48oj8UhEZBfxzoh4NCIeK9r+eEQ8ERG7lon/xxeffLf7+JeZle+hLP7Zm53/aD7/3ScqJ374tvv4S9n535endhePrOT1b6UNXM2xAwAAgLtFmn8GPknHl9JpOj7e+Az/1tiY1uYXFp89Ov/BqdnGZ+VHYygtZ7pGmuZDJ4u54TI/1ZLfW8wbf1HZkOfHZ+Zrs/0OHgbcpg79P/NHpd+tA9ac72vB4NL/YXDp/zC49H8YXPo/DK52/f/jPrQDuP28/8Pg0v9hcOn/MLj0fxhIHb8bn67qK/8S93wi0u6fVY07pPF3U6K64n9mcYuJdW139fuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDf+DQAA//9X4u4v")
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000480)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000ea28a8f398a5711472"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_open_dev$vbi(0x0, 0x1, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
sendmsg$NFT_BATCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a400000000c0a010400000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c000180060001"], 0x68}, 0x1, 0x0, 0x0, 0x24000840}, 0x40)

5.769320322s ago: executing program 3 (id=2112):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x110, 0xffffffffffffffff, 0x0) (async, rerun: 64)
r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2, 0x110, 0xffffffffffffffff, 0x10000000) (async, rerun: 64)
r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) (async, rerun: 32)
r4 = syz_mount_image$fuse(&(0x7f00000000c0), &(0x7f0000000140)='./file0\x00', 0x4, &(0x7f0000000180)={{}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {}, 0x2c, {'group_id', 0x3d, 0xee00}, 0x2c, {[{@blksize={'blksize', 0x3d, 0xc00}}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0xc053c9fa848814a0}}, {@blksize={'blksize', 0x3d, 0x1000}}, {@blksize}], [{@smackfsdef={'smackfsdef', 0x3d, '\x00'}}, {@subj_role}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@smackfsdef={'smackfsdef', 0x3d, '\x00'}}, {@euid_gt={'euid>', 0xee00}}, {@smackfsdef={'smackfsdef', 0x3d, '\\$'}}, {@obj_role={'obj_role', 0x3d, '\\\x93((/%/%/'}}]}}, 0x1, 0x0, &(0x7f0000000380)="aea8a7e685dc442c52b2698540b6b4ff5f3266c1d03ef003b13d69daa926d1329dd0ea01d678cc4489dbd025c0b69bb37e4725bf345937991d973148ef23157908d7c894c9842d73f74ffd3ee619ba65a6aa8ce657d9c1e84922942a0d8befdde6c27960811040088fd06e3fb8ba724494fb3f121349bbdf071d42d0b411748c35457a4c9f3cf4ed0daa51aefe990a47b38c84c4a241adc7907bec44cc6a1a96c2de2b19dc97ad155bdeaf2a9bb59ba3e072eac0cac0de25fb93094b751236bcba90c2c269e4d643f0d4807d3cedddd089ab8bda4a1d8843063ee11c2094994c792ed5792489f89c99f57d") (rerun: 32)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000004c0)={0x6, r0, 'id0\x00'}) (async)
syz_io_uring_submit(r1, r2, &(0x7f0000000080)=@IORING_OP_WRITE_FIXED={0x5, 0x0, 0x0, @fd=r4, 0x0, 0xfff, 0x9, 0x8, 0x1, {0x0, r3}})
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'syzkaller0\x00', 0x800})
ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000340)=ANY=[@ANYRES32])

5.019940023s ago: executing program 1 (id=2113):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[], 0x28}}, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")
r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x1b5)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40186e8d, &(0x7f0000000040)={0x0, 0x42c0000000003f, 0x400, 0x200000003, 0x6, 0x3, 0x2401})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x4000000)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00"], 0x64}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
r1 = shmget$private(0x0, 0x13000, 0x1, &(0x7f0000feb000/0x13000)=nil)
shmat(r1, &(0x7f0000ff7000/0x3000)=nil, 0x400c)
mremap(&(0x7f0000ff8000/0x3000)=nil, 0x3000, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil)

4.586900428s ago: executing program 0 (id=2114):
r0 = socket$inet(0x2, 0x1, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x5, &(0x7f0000000040)=@framed={{}, [@alu={0x4, 0x0, 0xd, 0x0, 0x0, 0x0, 0x10}, @jmp={0x5, 0x0, 0x3}]}, &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x67000000}, 0x80)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000b40)='source', 0x0, 0x0)
gettid()
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000300)={0x0, @dev, @initdev}, &(0x7f0000000540)=0xc)

4.526109381s ago: executing program 3 (id=2115):
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$apparmor_current(r1, &(0x7f00000002c0)=@hat={'permhat ', 0x3}, 0x1b)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x8, &(0x7f0000000b00)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r3}, 0xc)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket$inet6(0xa, 0x80003, 0x6)
setsockopt$inet6_IPV6_ADDRFORM(r5, 0x29, 0x1, &(0x7f00000001c0), 0x4)
r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
getsockopt(r6, 0x6, 0x0, 0x0, &(0x7f0000000000))
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
r8 = syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x8d2dc, 0x0, 0xffffffff}, &(0x7f00000003c0)=<r9=>0x0, &(0x7f0000000140)=<r10=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000080)=0xfbfffffc, 0x0, 0x4)
write$uinput_user_dev(r1, &(0x7f0000000540)={'syz1\x00', {0xfff, 0x6e4, 0xe, 0x4}, 0x44, [0x80000001, 0x6, 0xf, 0x4, 0x7, 0x1, 0x1, 0x9, 0x2c4, 0x4, 0x200, 0x2676, 0x3, 0x10, 0x6, 0x4, 0x401, 0x5, 0x3, 0xffff, 0x0, 0x6, 0xffffffff, 0x200000, 0x4, 0x7, 0x3, 0x0, 0x6, 0xfffffff1, 0x40, 0x0, 0x3, 0x1, 0x5, 0x40, 0x8c, 0x7, 0x7118d289, 0x5, 0x40, 0x8, 0x2, 0x8, 0x30a3, 0x6, 0x6, 0x3, 0x724000, 0xff, 0xdfe9, 0xc, 0x15b9, 0x3, 0x1, 0x200, 0x9, 0xa, 0x0, 0x5, 0x7, 0x2, 0x1ff, 0x3], [0xd, 0x3, 0x8000000, 0xfff, 0x5, 0xb, 0x0, 0x3, 0x9, 0x1, 0xfffffffd, 0x9, 0x3ff, 0x5, 0x3, 0x6, 0x400, 0xecd, 0x2, 0x734, 0x5, 0x1000, 0x8001, 0x3, 0x5f, 0x0, 0x4, 0x9, 0x1, 0x2, 0x6, 0xd5, 0x9, 0x381, 0x7, 0x7f, 0x5a, 0x2, 0xfffffff4, 0x7fffffff, 0xffff5e44, 0x80000001, 0x2, 0x7, 0x0, 0x3, 0x3, 0x4, 0x401, 0xfffffffb, 0xcab, 0x40, 0x0, 0x5c3, 0x100, 0x3, 0x9, 0x2, 0x0, 0x1, 0x417ef0cb, 0x8, 0xc9, 0xd], [0xd9e0, 0x94, 0x0, 0x3, 0xf, 0x34e5, 0x3, 0x3, 0x3, 0x9, 0x7, 0x2, 0x669e, 0x8001, 0x3, 0x7f, 0x1000, 0x63f94a31, 0x6, 0xe, 0x1, 0x9, 0x0, 0x5, 0x2, 0x5, 0xa0, 0x80000000, 0x7045d205, 0x8001, 0x83, 0x7, 0x8, 0x2, 0x6, 0x8f46, 0x6, 0x0, 0x3, 0x0, 0x6, 0x40, 0x8, 0x5, 0x7b5, 0xc1f, 0x40, 0x9, 0x6, 0x3, 0xfffffc01, 0x92, 0x2, 0x80000001, 0x3d, 0x57, 0x8, 0x9, 0x0, 0x5d, 0x9, 0x7, 0x8, 0x8], [0x6, 0x4, 0x114, 0x2, 0x7, 0x1, 0x1, 0x100000, 0xffff, 0x4, 0x1, 0x8, 0xffffffa3, 0x6, 0x6f, 0x8, 0x553, 0xda90, 0xc1, 0x3ff, 0x6, 0x7f, 0x2, 0x6, 0x5, 0x6, 0x80, 0x0, 0xfffffffc, 0x6, 0x2, 0x2, 0x100, 0x5, 0x0, 0x7, 0x5, 0x8001, 0x9, 0x9, 0xffffffff, 0x7, 0x80000000, 0xfffffffe, 0x3, 0x5, 0x8, 0x8, 0x18, 0x1, 0x8, 0x200, 0x9, 0x2, 0x8, 0x2, 0x6, 0x7, 0x100000, 0x1, 0x8, 0x0, 0xd, 0xfffffff9]}, 0x45c)
syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r7, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r8, 0x47f5, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x25dfdbfc, {0x0, 0x0, 0x74, 0x0, 0x1810, 0x55007}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_SNOOPING={0x5}, @IFLA_BR_MCAST_ROUTER={0x5, 0x16, 0x1}, @IFLA_BR_NF_CALL_ARPTABLES={0x5, 0x26, 0x1}]}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x4800)
vmsplice(r0, &(0x7f0000000480)=[{&(0x7f0000000380)="ee97d16c217bd38ba8aed730add2aca5cdcd", 0x12}, {0x0, 0x64}, {0x0}, {0x0}, {0x0}, {0x0, 0xff32}, {0x0}, {0x0}, {0x0}], 0x9, 0x8)

4.42380147s ago: executing program 4 (id=2116):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e00000004000000080000000b"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0xf}]}}]}, 0x38}}, 0x0)

3.449470649s ago: executing program 0 (id=2117):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000046, &(0x7f0000000280)={[{@resuid}, {@data_err_abort}, {@barrier_val={'barrier', 0x3d, 0x1}}, {@dioread_lock}, {@grpjquota}, {@usrquota}, {@data_err_ignore}, {@grpjquota}, {@nobh}, {@user_xattr}, {@bh}, {@journal_async_commit}]}, 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==")
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0)
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000000)={0x30, 0x5, 0x0, {0x0, 0x2, 0x2100000000000000, 0x6}}, 0x30)
ioctl$TCXONC(r0, 0x540a, 0x0)
r1 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r1, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, &(0x7f0000000440)={@local, 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007baaf8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x40000000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, &(0x7f0000000080)={@my=0x1})
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_DEL(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x3c, 0x2, 0x9, 0x301, 0x0, 0x0, {0xa}, [@NFCTH_TUPLE={0x4}, @NFCTH_TUPLE={0x24, 0x2, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010101}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000c895}, 0x40)
r4 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x58b900, 0x0)
ioctl$IOMMU_VFIO_SET_IOMMU(r4, 0x3b66, 0x1)

3.44788794s ago: executing program 5 (id=2118):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[], 0x28}}, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")
r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x1b5)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40186e8d, &(0x7f0000000040)={0x0, 0x42c0000000003f, 0x400, 0x200000003, 0x6, 0x3, 0x2401})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, 0x0, 0x4000000)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
syz_init_net_socket$netrom(0x6, 0x5, 0x0)
shmat(0x0, &(0x7f0000ff7000/0x3000)=nil, 0x400c)

3.437451733s ago: executing program 4 (id=2119):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x5, 0x1ff003, 0x81, 0x7f, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x50)
r1 = memfd_secret(0x80000)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x10, 0x1402, 0x1, 0x70bd2a, 0x25dfdc02}, 0x10}, 0x1, 0x0, 0x0, 0x4000801}, 0x40810)
bpf$OBJ_PIN_MAP(0x6, &(0x7f00000000c0)=@o_path={&(0x7f0000000080)='./file0\x00', r0, 0x4000, r2}, 0x18)
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0xa, &(0x7f0000000040)=0x4)
bpf$BPF_GET_PROG_INFO(0x3, &(0x7f0000000340)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x804e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x8, 0x0, 0x0}}, 0x10)

3.37760592s ago: executing program 4 (id=2120):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100004366b408c70b0800c84f0102030109022d00010000"], 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
syz_usb_ep_read(r0, 0xf, 0x0, 0x0)

3.231766802s ago: executing program 1 (id=2121):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r1, 0x107, 0x11, 0x0, &(0x7f0000000280))
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
close_range(0xffffffffffffffff, r2, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
mount$afs(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x4, &(0x7f0000000080)={[{@dyn}, {@flock_openafs}]})
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xad}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r6 = syz_io_uring_setup(0xef9, &(0x7f0000000580)={0x0, 0xd730, 0x80, 0x3, 0xbffffff6}, &(0x7f00000003c0)=<r7=>0x0, &(0x7f0000000340)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f00000002c0)=0x9, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f0000000180)=@IORING_OP_STATX={0x15, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x80, 0x6000})
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r6, 0x1c3a, 0xe176, 0x22, 0x0, 0x0)

2.93756603s ago: executing program 3 (id=2122):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[], 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
openat$apparmor_thread_current(0xffffffffffffff9c, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a00000709000100"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a44000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40000000010800034000000014480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c0003801800008008000340000000"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)

2.795699553s ago: executing program 0 (id=2123):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
prlimit64(0x0, 0xe, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYBLOB], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0500090079fc00008e1e0000c9a8828614fdd4f0", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6(0xa, 0x802, 0x0)
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r6=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r5, 0x3ba0, &(0x7f0000000480)={0x48, 0x2, r6, 0x0, 0x0, 0x0, <r7=>0x0})
ioctl$IOMMU_HWPT_ALLOC$NONE(r5, 0x3b89, &(0x7f0000000180)={0x28, 0x1, r7, r6, <r8=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$IOMMU_HWPT_ALLOC$TEST(r5, 0x3b89, &(0x7f0000000200)={0x28, 0x0, r7, r8, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000240)})
close(r5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r9}, 0x10)
connect$inet6(r4, &(0x7f0000000240)={0xa, 0x6e23, 0xfffffdff, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000001840), 0x3b, 0x0)

1.893912985s ago: executing program 1 (id=2124):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000120000002400000008000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000005c0)='sched_switch\x00', r0}, 0x18)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000300)='./cgroup.net/syz0\x00', 0x200002, 0x0)
accept$alg(r1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r3)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000080), r4)
sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x305200, 0x0)
close(r6)
r7 = socket$unix(0x1, 0x1, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=@newqdisc={0x58, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xb}, {0xffff, 0xffff}, {0xa}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xa, 0x7f61, 0x1, 0xc5, 0xe23, 0x1, 0x1, 0x7fff, 0x1}}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008001}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)=@newqdisc={0x70, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0xa0000, {0x0, 0x0, 0x0, r9, {0x0, 0x9}, {0x10, 0xb}, {0x5, 0xa858712265c6c23}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xa0, 0x2, 0x5, 0x5274, 0x3, 0x6}, {0xc6, 0x1, 0x2, 0x4, 0x3, 0x1ff}, 0xbdb0, 0x2, 0x8a3}}, @TCA_TBF_RATE64={0xc, 0x4, 0x255549c306b87a6c}, @TCA_TBF_PRATE64={0xc, 0x5, 0xe1831c0564c1f2c6}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x2000c061}, 0x4008000)
ioctl$SIOCSIFHWADDR(r6, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"})

680.671741ms ago: executing program 0 (id=2125):
syz_mount_image$hpfs(&(0x7f000000a000), &(0x7f0000009ec0)='./bus\x00', 0x3200041, &(0x7f00000002c0)={[{@check_strict}, {@umask={'umask', 0x3d, 0xa00}}, {@err_ro}, {@check_none}, {@check_none}]}, 0x1, 0x9e28, &(0x7f0000026280)="$eJwUk1MUnocSAFM3tW27ndq2bdv21P0/G6ltu0mbJrVtm6mNlPfcPWdf92F25u4BDh/giAHeM8B7BzhygPcNcNQARw/w/gE+MMAHB/jQAB8e4CMDfHSAjw3w8QE+McAnB/jUAJ8e4DMDfHaAzw3w+QG+MMAXB/jSAF8e4CsDfHWArw3w9QG+McA3B/jWAN8e4DsDfHeA7w3w/QF+MMAPB/jRAD8e4CcD/HSAnw3w8wF+McAxA/xygF8N8OsBfjPAbwf43QC/H+APA/xxgD8N8OcB/jLAXwf42wB/H+AfAxw7wD8H+NcA/x7gPwP8d4D/DXBIgOMEOG6A4wU4foATBDhhgBMFOHGAQwOcJMBJA5wswMkDnCLAKQOcKsCpA5wmwGkDnC7A6QOcIcAZA5wpwJkDnCXAWQOcLcDZA5wjwDkDnCvAuQOcJ8B5A5wvwPkDXCDABQNcKMCFA1wkwEUDXCzAxQNcIsAlA1wqQAJcOsBlAlw2wOUCXD7AFQJcMcCVAlw5wFUCXDXA1QJcPcA1AlwzwLUCXDvAdQJcN8D1Alw/wA0C3DDAjQLcOMBNAtw0wM0C3DzALQLcMsCtAtw6wG0C3DbA7QLcPsAdAtwxwJ0C3DnAXQLcNcDdAtw9wD0C3DPAvQLcO8B9Atw3wP0C3D/AAwI8MMCDAjw4wEMCPDTAwwI8PMAjAjwywKMCPDrAYwI8NsDjAjw+wBMCPDHAkwI8OUADPCXAUwM8LcDTAzwjwDMDPCvAswMcBBgEGAYYBRgHmASYBpgFmAdYBFgGWAVYB9gE2AbYBdgHOCzAcwI8N8DzAjw/wAsCvDDAiwK8OMBLArw0wMsCvDzAKwK8MsCrArw6wGsCvDbA6wK8PsAbArwxwJsCvDnAWwK8NcDbArw9wDsCvDPAuwK8O8DhAY4I8J4A7w1wZID3BTgqwNEB3h/gAwE+GOBDAT4c4CMBPhrgYwE+HuATAT4Z4FMBPh3gMwE+G+BzAT4f4AsBvhjgSwG+HOArAb4a4GsBvh7gGwG+GeBbAb4d4DsBvhvgewG+H+AHAX4Y4EcBfhzgJwF+GuBnAX4e4BcBjgnwywC/CvDrAL8J8NsAvwvw+wB/CPDHAH8K8OcAfwnw1wB/C/D3AP8IcGyAfwb4V4B/B/hPgP8G+F+AQ0IcJ8RxQxwvxPFDnCDECUOcKMSJQxwa4iQhThriZCFOHuIUIU4Z4lQhTh3iNCFOG+J0IU4f4gwhzhjiTCHOHOIsIc4a4mwhzh7iHCHOGeJcIc4d4jwhzhvifCHOH+ICIS4Y4kIhLhziIiEuGuJiIS4e4hIhLhniUiES4tIhLhPisiEuF+LyIa4Q4oohrhTiyiGuEuKqIa4W4uohrhHimiGuFeLaIa4T4rohrhfi+iFuEOKGIW4U4sYhbhLipiFuFuLmIW4R4pYhbhXi1iFuE+K2IW4X4vYh7hDijiHuFOLOIe4S4q4h7hbi7iHuEeKeIe4V4t4h7hPiviHuF+L+IR4Q4oEhHhTiwSEeEuKhIR4W4uEhHhHikSEeFeLRIR4T4rEhHhfi8SGeEOKJIZ4U4skhGuIpIZ4a4mkhnh7iGSGeGeJZIZ4d4iDEIMQwxCjEOMQkxDTELMQ8xCLEMsQqxDrEJsQ2xC7EPsRhIZ4T4rkhnhfi+SFeEOKFIV4U4sUhXhLipSFeFuLlIV4R4pUhXhXi1SFeE+K1IV4X4vUh3hDijSHeFOLNId4S4q0h3hbi7SHeEeKdId4V4t0hDg9xRIj3hHhviCNDvC/EUSGODvH+EB8I8cEQHwrx4RAfCfHREB8L8fEQnwjxyRCfCvHpEJ8J8dkQnwvx+RBfCPHFEF8K8eUQXwnx1RBfC/H1EN8I8c0Q3wrx7RDfCfHdEN8L8f0QPwjxwxA/CvHjED8J8dMQPwvx8xC/CHFMiF+G+FWIX4f4TYjfhvhdiN+H+EOIP4b4U4g/h/hLiL+G+FuIv4f4R4hjQ/wzxL9C/DvEf0L8N8T/QhwS4TgRjhvheBGOH+EEEU4Y4UQRThzh0AgniXDSCCeLcPIIp4hwygininDqCKeJcNoIp4tw+ghniHDGCGeKcOYIZ4lw1ghni3D2COeIcM4I54pw7gjniXDeCOeLcP4IF4hwwQgXinDhCBeJcNEIF4tw8QiXiHDJCJeKkAiXjnCZCJeNcLkIl49whQhXjHClCFeOcJUIV41wtQhXj3CNCNeMcK0I145wnQjXjXC9CNePcIMIN4xwowg3jnCTCDeNcLMIN49wiwi3jHCrCLeOcJsIt41wuwi3j3CHCHeMcKcId45wlwh3jXC3CHePcI8I94xwrwj3jnCfCPeNcL8I94/wgAgPjPCgCA+O8JAID43wsAgPj/CICI+M8KgIj47wmAiPjfC4CI+P8IQIT4zwpAhPjtAIT4nw1AhPi/D0CM+I8MwIz4rw7AgHEQYRhhFGEcYRJhGmEWYR5hEWEZYRVhHWETYRthF2EfYRDovwnAjPjfC8CM+P8IIIL4zwoggvjvCSCC+N8LIIL4/wigivjPCqCK+O8JoIr43wugivj/CGCG+M8KYIb47wlghvjfC2CG+P8I4I74zwrgjvjnB4hCMivCfCeyMcGeF9EY6KcHSE90f4QIQPRvhQhA9H+EiEj0b4WISPR/hEhE9G+FSET0f4TITPRvhchM9H+EKEL0b4UoQvR/hKhK9G+FqEr0f4RoRvRvhWhG9H+E6E70b4XoTvR/hBhB9G+FGEH0f4SYSfRvhZhJ9H+EWEYyL8MsKvIvw6wm8i/DbC7yL8PsIfIvwxwp8i/DnCXyL8NcLfIvw9wj8iHBvhnxH+FeHfEf4T4b8R/hfhkBjHiXHcGMeLcfwYJ4hxwhgninHiGIfGOEmMk8Y4WYyTxzhFjFPGOFWMU8c4TYzTxjhdjNPHOEOMM8Y4U4wzxzhLjLPGOFuMs8c4R4xzxjhXjHPHOE+M88Y4X4zzx7hAjAvGuFCMC8e4SIyLxrhYjIvHuESMS8a4VIzEuHSMy8S4bIzLxbh8jCvEuGKMK8W4coyrxLhqjKvFuHqMa8S4Zoxrxbh2jOvEuG6M68W4fowbxLhhjBvFuHGMm8S4aYybxbh5jFvEuGWMW8W4dYzbxLhtjNvFuH2MO4w/ZMj/+e4U484x7hLjrjHuFuPuMe4R454x7hXj3jHuE+O+Me4X4/4xHhDjgTEeFOPBMR4S46ExHhbj4TEeEeORMR4V49ExHhPjsTEeF+PxMZ4Q44kxnhTjyTEa4ykxnhrjaTGeHuMZMZ4Z41kxnh3jIMYgxjDGKMY4xiTGNMYsxjzGIsYyxirGOsYmxjbGLsY+xmExnhPjuTGeF+P5MV4Q44UxXhTjxTFeEuOlMV4W4+UxXhHjlTFeFePVMV4T47UxXhfj9THeEOONMd4U480x3hLjrTHeFuPtMd4R450x3hXj3TEOj3FEjPfEeG+MI2O8L8ZRMY6O8f4YH4jxwRgfivHhGB+J8dEYH4vx8RifiPHJGJ+K8ekYn4nx2Rifi/H5GF+I8cUYX4rx5RhfifHVGF+L8fUY34jxzRjfivHtGN+J8d0Y34vx/Rg/iPHDGD+K8eMYP4nx0xg/i/HzGL+IcUyMX8b4VYxfx/hNjN/G+F2M38f4Q4w/xvhTjD/H+EuMv8b4W4y/x/hHjGNj/DPGv2L8O8Z/Yvw3xv9iHJLgOAmOm+B4CY6f4AQJTpjgRAlOnODQBCdJcNIEJ0tw8gSnSHDKBKdKcOoEp0lw2gSnS3D6BGdIcMYEZ0pw5gRnSXDWBGdLcPYE50hwzgTnSnDuBOdJcN4E50tw/gQXSHDBBBdKcOEEF0lw0QQXS3DxBJdIcMkEl0qQBJdOcJkEl01wuQSXT3CFBFdMcKUEV05wlQRXTXC1BFdPcI0E10xwrQTXTnCdBNdNcL0E109wgwQ3THCjBDdOcJMEN01wswQ3T3CLBLdMcKsEt05wmwS3TXC7BLdPcIcEd0xwpwR3TnCXBHdNcLcEd09wjwT3THCvBPdOcJ8E901wvwT3T/CABA9M8KAED07wkAQPTfCwBA9P8IgEj0zwqASPTvCYBI9N8LgEj0/whARPTPCkBE9O0ARPSfDUBE9L8PQEz0jwzATPSvDsBAcJBgmGCUYJxgkmCaYJZgnmCRYJlglWCdYJNgm2CXYJ9gkOS/CcBM9N8LwEz0/wggQvTPCiBC9O8JIEL03wsgQvT/CKBK9M8KoEr07wmgSvTfC6BK9P8IYEb0zwpgRvTvCWBG9N8LYEb0/wjgTvTPCuBO9OcHiCIxK8J8F7ExyZ4H0JjkpwdIL3J/hAgg8m+FCCDyf4SIKPJvhYgo8n+ESCTyb4VIJPJ/hMgs8m+FyCzyf4QoIvJvhSgi8n+EqCryb4WoKvJ/hGgm8m+FaCbyf4ToLvJvhegu8n+EGCHyb4UYIfJ/hJgp8m+FmCnyf4RYJjEvwywa8S/DrBbxL8NsHvEvw+wR8S/DHBnxL8OcFfEvw1wd8S/D3BPxIcm+CfCf6V4N8J/pPgvwn+l+CQFMdJcdwUx0tx/BQnSHHCFCdKceIUh6Y4SYqTpjhZipOnOEWKU6Y4VYpTpzhNitOmOF2K06c4Q4ozpjhTijOnOEuKs6Y4W4qzpzhHinOmOFeKc6c4T4rzpjhfivOnuECKC6a4UIoLp7hIioumuFiKi6e4RIpLprhUiqS4dIrLpLhsisuluHyKK6S4YoorpbhyiqukuGqKq6W4eoprpLhmimuluHaK66S4borrpbh+ihukuGGKG6W4cYqbpLhpipuluHmKW6S4ZYpbpbh1itukuG2K26W4fYo7pLhjijuluHOKu6S4a4q7pbh7inukuGeKe6W4d4r7pLhvivuluH+KB6R4YIoHpXhwioekeGiKh6V4eIpHpHhkikeleHSKx6R4bIrHpXh8iiekeGKKJ6V4coqmeEqKp6Z4Woqnp3hGimemeFaKZ6c4SDFIMUwxSjFOMUkxTTFLMU+xSLFMsUqxTrFJsU2xS7FPcViK56R4bornpXh+ihekeGGKF6V4cYqXpHhpipeleHmKV6R4ZYpXpXh1itekeG2K16V4fYo3pHhjijeleHOKt6R4a4q3pXh7inekeGeKd6V4d4rDUxyR4j0p3pviyBTvS3FUiqNTvD/FB1J8MMWHUnw4xUdSfDTFx1J8PMUnUnwyxadSfDrFZ1KSZ1N8LsXnU3whxRdTfCnFl1N8JcVXU3wtxddTfCPFN1N8K8W3U3wnxXdTfC/F91P8IMUPU/woxY9T/CTFT1P8LMXPU/wixTEpfpniVyl+neI3KX6b4ncpfp/iDyn+mOJPKf6c4i8p/pribyn+nuIfKY5N8c8U/0rx7xT/SfHfFP9LcUiG42Q4bobjZTh+hhNkOGGGE2U4cYZDM5wkw0kznCzDyTOcIsMpM5wqw6kznCbDaTOcLsPpM5whwxkznCnDmTOcJcNZM5wtw9kznCPDOTOcK8O5M5wnw3kznC/D+TNcIMMFM1wow4UzXCTDRTNcLMPFM1wiwyUzXCpDMlw6w2UyXDbD5TJcPsMVMlwxw5UyXDnDVTJcNcPVMlw9wzUyXDPDtTJcO8N1Mlw3w/UyXD/DDTLcMMONMtw4w00y3DTDzTLcPMMtMtwyw60y3DrDbTLcNsPtMtw+wx0y3DHDnTLcOcNdMtw1w90y3D3DPTLcM8O9Mtw7w30y3DfD/TLcP8MDMjwww4MyPDjDQzI8NMPDMjw8wyMyPDLDozI8OsNjMjw2w+MyPD7DEzI8McOTMjw5QzM8JcNTMzwtw9MzPCPDMzM8K8OzMxxkGGQYZhhlGGeYZJhmmGWYZ1hkWGZYZVhn2GTYZthl2Gc4LMNzMjw3w/MyPD/DCzK8MMOLMrw4w0syvDTDyzK8PMMrMrwyw6syvDrDazK8NsPrMrw+wxsyvDHDmzK8OcNbMrw1w9syvD3DOzK8M8O7Mrw7w+EZjsjwngzvzXBkhvdlOCrD0Rnen+EDGT6Y4UMZPpzhIxk+muFjGT6e4RMZPpnhUxk+neEzGT6b4XMZPp/hCxm+mOFLGb6c4SsZvprhaxm+nuEbGb6Z4VsZvp3hOxm+m+F7Gb6f4QcZfpjhRxl+nOEnGX6a4WcZfp7hFxmOyfDLDL/K8OsMv8nw2wy/y/D7DH/I8McMf8rw5wx/yfDXDH/L8PcM/8hwbIZ/ZvhXhn9n+E+G/2b4X4ZDchwnx3FzHC/H8XOcIMcJc5wox4lzHJrjJDlOmuNkOU6e4xQ5TpnjVDlOneM0OU6b43Q5Tp/jDDnOmONMOc6c4yw5zprjbDnOnuMcOc6Z41w5zp3jPDnOm+N8Oc6f4wI5LpjjQjkunOMiOS6a42I5Lp7jEjkumeNSOZLj0jkuk+OyOS6X4/I5rpDjijmulOPKOa6S46o5rpbj6jmukeOaOa6V49oTDxnyfxbr5rhejuvnuEGOG+a4UY4b57hJjpvmuFmOm+e4RY5b5rhVjlvnuE2O2+a4XY7b57hDjjvmuFOOO+e4S4675rhbjrvnuEeOe+a4V45757hPjvvmuF+O++d4QI4H5nhQjgfneEiOh+Z4WI6H53hEjkfmeFSOR+d4TI7H5nhcjsfneEKOJ+Z4Uo4n52iOp+R4ao6n5Xh6jmfkeGaOZ+V4do6DHIMcwxyjHOMckxzTHLMc8xyLHMscqxzrHJsc2xy7HPsch+V4To7n5nhejufneEGOF+Z4UY4X53hJjpfmeFmOl+d4RY5X5nhVjlfneE2O1+Z4XY7X53hDjjfmeFOON+d4S4635nhbjrfneEeOd+Z41///NWbY2OE5jvi/y0OGDPn/jsxxyJAhQ0blODrH+3N8IMcH/+/+kCFDHs7xkRwfzfGxHB/P8Ykcn8zxqRyfzvGZHJ/N8bkcn8/xhRxfzPGlHF/O8ZUcX83xtRxfz/GNHN/M8a0c387xnRzfzfG9HN/P8YMcP8zxoxw/zvGTHD/N8bMcP8/xixzH5Phljl/l+HWO3+T4bY7f5fh9jj/k+GOOP+X4c46/5Phrjr/l+HuOf+Q4Nsc/c/wrx79z/CfHf3P87/9MChynwHELHK/A8QucoMAJC5yowIkLHFrgJAVOWuBkBU5e4BQFTlngVAVOXeA0BU5b4HQFTl/gDAXOWOBMBc5c4CwFzlrgbAXOXuAcBc5Z4FwFzl3gPAXOW+B8Bc5f4AIFLljgQgUuXOAiBS5a4GIFLl7gEgUuWeBSBVLg0gUuU+CyBW40UzN2+QJXKHDFAlcqcOUCVylw1QJXK3D1AtcocM0C1ypw7QLXKXDdAtcrcP0CNyhww//fK3DjAjcpcNMCNytw8wK3KHDLArcqcOsCtylw2wK3K3D7AncocMcCdypw5wJ3KXDXAncrcPcC9yhwzwL3KnDvAvcpcN8C9ytw/wIPKPDAAg8q8OACDynw0AIPK/DwAo8o8MgCjyrw6AKPKfDYAo8r8PgCTyjwxAJPKvDkAi3wlAJPLfC0Ak8v8IwCzyzwrALPLnBQYFBgWGBUYFxgUmBaYFZgXmBRYFlgVWBdYFNgW2BXYF/gsALPKfDcAs8r8PwCLyjwwgIvKvDiAi8p8NICLyvw8gKvKPDKAq8q8OoCrynw2gKvK/D6Am8o8MYCbyrw5gJvKfh/1v8fby/wjgLvLPCuAu8ucHiBIwq8p8B7CxxZ4H0FjipwdIH3F/hAgQ8W+FCBDxf4SIGPFvhYgY8X+ESBTxb4VIFPF/hMgc8W+FyBzxf4QoEvFvhSMXTIywW+UuCrBb5W4OsFvlHgmwW+VeDbBb5T4LsFvlfg+wV+UOCHBX5U4McFflLgpwV+VuDnBX5R4JgCvyzwqwK/LvCbAr8t8LsCvy/whwJ/LPCnAn8u8JcCfy3wtwJ/L/CPAscW+GeBfxX4d4H/FPhvgf8VOKTEcUoct8TxShy/xAlKnLDEiUqcuMShJU5S4qQlTlbi5CVOUeKUJU5V4tQlTlPitCVOV+L0Jc5Q4owlzlTizCXOUuKsJc5W4uwlzlHinCXOVeLcJc5T4rwlzlfi/CUuUOKCJS5U4sIlLlLioiUuVuLiJS5R4pIlLlUiJS5d4jIlLlviciUuX+IKJa5Y4kolrlziKiWuWuJqJa5e4holrlniWiWuXeI6Ja5b4nolrl/iBiVuWOJGJW5c4iYlblriZiVuXuIWJW5Z4lYlbl3iNiVuW+J2JW5f4g4l7ljiTiXuXOIuJe5a4m4l7l7iHiXuWeJeJe5d4j4l7lvifiXuX+IBJR5Y4kElHlziISUeWuJhJR5e4hElHlniUSUeXeIxJR5b4nElHl/iCSWeWOJJJZ5coiWeUuKpJZ5W4uklnlHimSWeVeLZJQ5KDEoMS4xKjEtMSkxLzErMSyxKLEusSqxLbEpsS+xK7EscVuI5JZ5b4nklnl/iBSVeWOJFJV5c4iUlXlriZSVeXuIVJV5Z4lUlXl3iNSVeW+J1JV5f4g0l3ljiTSXeXOItJd5a4m0l3l7iHSXeWeJdJd5d4vASR5R4T4n3ljiyxPtKHFXi6BLvL/GBEh8s8aESHy7xkRIfLfGxEh8v8YkSnyzxqRKfLvGZEp8t8bkSny/xhRJfLPGlEl8u8ZUSXy3xtRJfL/GNEt8s8a0S3y7xnRLfLfG9Et8v8YMSPyzxoxI/LvGTEj8t8bMSPy/xixLHlPhliV+V+HWJ35T4bYnflfh9iT+U+GOJP5X4c4m/lPhrib+V+HuJf5Q4tsQ/S/yrxL9L/KfEf0v8r8QhFY5T4bgVjlfh+BVOUOGEFU5U4cQVDq1wkgonrXCyCievcIoKp6xwqgqnrnCaCqetcLoKp69whgpnrHCmCmeucJYKZ61wtgpnr3COCuescK4K565wngrnrXC+CuevcIEKF6xwoQoXrnCRChetcLEKF69wiQqXrHCpCqlw6QqXqXDZCpercPkKV6hwxQpXqnDlClepcNUKV6tw9QrXqHDNCteqcO0K16lw3QrXq3D9CjeocMMKN6pw4wo3qXDTCjercPMKt6hwywq3qnDrCrepcNsKt6tw+wp3qHDHCneqcOcKd6lw1wp3q3D3CveocM8K96pw7wr3qXDfCvercP8KD6jwwAoPqvDgCg+p8NAKD6vw8AqPqPDICo+q8OgKj6nw2AqPq/D4Ck+o8MQKT6rw5Aqt8JQKT63wtApPr/CMCs+s8KwKz65wUGFQYVhhVGFcYVJhWmFWYV5hUWFZYVVhXWFTYVthV2Ff4bAKz6nw3ArPq/D8Ci+o8MIKL6rw4govqfDSCi+r8PIKr6jwygqvqvDqCq+p8NoKr6vw+gpvqPDGCm+q8OYKb6nw1gpvq/D2Cu+o8M4K76rw7gqHVziiwnsqvLfCkRXeV+GoCkdXeH+FD1T4YIUPVfhwhY9U+GiFj1X4eIVPVPhkhU9V+HSFz1T4bIXPVfh8hS9U+GKFL1X4coWvVPhqha9V+HqFb1T4ZoVvVfh2he9U+G6F71X4foUfVPhhhR9V+HGFn1T4aYWfVfh5hV9UOKbCLyv8qsKvK/ymwm8r/K7C7yv8ocIfK/ypwp8r/KXCXyv8rcLfK/yjwrEV/lnhXxX+XeE/Ff5b4X8VDqlxnBrHrXG8GsevcYIaJ6xxohonrnFojZPUOGmNk9U4eY1T1DhljVPVOHWN09Q4bY3T1Th9jTPUOGONM9U4c42z1DhrjbPVOHuNc9Q4Z41z1Th3jfPUOG+N89U4f40L1LhgjQvVuHCNi9S4aI2L1bh4jUvUuGSNS9VIjUvXuEyNy9a4XI3L17hCjSvWuFKNK9e4So2r1rhajavXuEaNa9a4Vo1r17hOjevWuF6N69e4QY0b1rhRjRvXuEmNm9a4WY2b17hFjVvWuFWNW9e4TY3b1rhdjdvXuEONO9a4U40717hLjbvWuFuNu9e4R4171rhXjXvXuE+N+9a4X43713hAjQfWeFCNB9d4SI2H1nhYjYfXeESNR9Z4VI1H13hMjcfWeFyNx9d4Qo0n1nhSjSfXaI2n1HhqjafVeHqNZ9R4Zo1n1Xh2jYMagxrDGqMa4xqTGtMasxrzGosayxqrGusamxrbGrsa+xqH1XhOjefWeF6N59d4QY0X1nhRjRfXeEmNl9Z4WY2X13hFjVfWeFWNV9d4TY3X1nhdjdfXeEONN9Z4U40313hLjbfWeFuNt9d4R4131nhXjXfXOLzGETXeU+O9NY6s8b4aR9U4usb7a3ygxgdrfKjGh2t8pMZHa3ysxsdrfKLGJ2t8qsana3ymxmdrfK7G52t8ocYXa3ypxpdrfKXGV2t8rcbXa3yjxjdrfKvGt2t8p8Z3a3yvxvdr/KDGD2v8qMaPa/ykxk9r/KzGz2v8osYxNX5Z41c1fl3jNzV+W+N3NX5f4w81/ljjTzX+XOMvNf5a4281/l7jHzWOrfHPGv+q8e8a/6nx3xr/q3FIg+M0OG6D4zU4foMTNDhhgxM1OHGDQxucpMFJG5yswckbnKLBKRucqsGpG5ymwWkbnK7B6RucocEZG5ypwZkbnKXBWRucrcHZG5yjwTkbnKvBuRucp8F5G5yvwfkbXKDBBRtcqMGFG1ykwUUbXKzBxRtcosElG1yqQRpcusFlGly2weUaXL7BFRpcscGVGly5wVUaXLXB1RpcvcE1GlyzwbUaXLvBdRpct8H1Gly/wQ0a3LDBjRrcuMFNGty0wc0a3LzBLRrcssGtGty6wW0a3LbB7RrcvsEdGtyxwZ0a3LnBXRrctcHdGty9wT0a3LPBvRrcu8F9Gty3wf0a3L/BAxo8sMGDGjy4wUMaPLTBwxo8vMEjGjyywaMaPLrBYxo8tsHjGjy+wRMaPLHBkxo8uUEbPKXBUxs8rcHTGzyjwTMbPKvBsxscNBg0GDYYNRg3mDSYNpg1mDdYNFg2WDVYN9g02DbYNdg3OKzBcxo8t8HzGjy/wQsavLDBixq8uMFLGry0wcsavLzBKxq8ssGrGry6wWsavLbB6xq8vsEbGryxwZsavLnBWxq8tcHbGry9wTsavLPBuxq8u8HhDY5o8J4G721wZIP3NTiqwdEN3t/gAw0+2OBDDT7c4CMNPtrgYw0+3uATDT7Z4FMNPt3gMw0+2+BzDT7f4AsNvtjgSw2+3OArDb7a4GsNvt7gGw2+2eBbDb7d4DsNvtvgew2+3+AHDX7Y4EcNftzgJw1+2uBnDX7e4BcNjmnwywa/avDrBr9p8NsGv2vw+wZ/aPDHBn9q8OcGf2nw1wZ/a/D3Bv9ocGyDfzb4V4N/N/hPg/82+F+DQ1ocp8VxWxyvxfFbnKDFCVucqMWJWxza4iQtTtriZC1O3uIULU7Z4lQtTt3iNC1O2+J0LU7f4gwtztjiTC3O3OIsLc7a4mwtzt7iHC3O2eJcLc7d4jwtztvifC3O3+ICLS7Y4kItLtziIi0u2uJiLS7e4hItLtniUi3S4tItLtPisi0u1+LyLa7Q4ootrtTiyi2u0uKqLa7W4uotrtHimi2u1eLaLa7T4rotrtfi+i1u0OKGLW7U4sYtbtLipi1u1uLmLW7R4pYtbtXi1i1u0+K2LW7X4vYt7tDiji3u1OLOLe7S4q4t7tbi7i3u0eKeLe7V4t4t7tPivi3u1+L+LR7Q4oEtHtTiwS0e0uKhLR7W4uEtHtHikS0e1eLRLR7T4rEtHtfi8S2e0OKJLZ7U4skt2uIpLZ7a4mktnt7iGS2e2eJZLZ7d4qDFoMWwxajFuMWkxbTFrMW8xaLFssWqxbrFpsW2xa7FvsVhLZ7T4rktntfi+S1e0OKFLV7U4sUtXtLipS1e1uLlLV7R4pUtXtXi1S1e0+K1LV7X4vUt3tDijS3e1OLNLd7S4q0t3tbi7S3e0eKdLd7V4t0tDm9xRIv3tHhviyNbvK/FUS2ObvH+Fh9o8cEWH2rx4RYfafHRFh9r8fEWn2jxyRafavHpFp9p8dkWn2sZ+v9uXmjxxRZfavHlFl9p8dUWX2vx9RbfaPHNFt9q8e0W32nx3Rbfa/H9Fj9o8cMWP2rx4xY/afHTFj9r8fMWv2hxTItftvhVi1+3+E2L37b4XYvft/hDiz+2+FOLP7f4S4u/tvhbi7+3+EeLY1v8s8W/Wvy7xX9a/LfF/1oc0uE4HY7b4Xgdjt/hBB1O2OFEHU7c4dAOJ+lw0g4n63DyDqfocMoOp+pw6g6n6XDaDqfrcPoOZ+hwxg5n6nDmDmfpcNYOZ+tw9g7n6HDODufqcO4O5+lw3g7n63D+DhfocMEOF+pw4Q4X6XDRDhfrcPEOl+hwyQ6X6pAOl+5wmQ6X7XC5DpfvcIUOV+wYOmTIEFfucJUOV+1wtQ5X73CNDtfscK0O1+5wnQ7X7XC9DtfvcIMON+xwow437nCTDjftcLMON+9wiw637HCrDrfucJsOt+1wuw6373CHDnfscKcOd+5wlw537XC3DnfvcI8O9+xwrw737nCfDvftcL8O9+/wgA4P7PCgDg/u8JAOD+3wsA4P7/CIDo/s8KgOj+7wmA6P7fC4Do/v8IQOT+zwpA5P7tAOT+nw1A5P6/D0Ds/o8MwOz+rw7A4HHQYdhh1GHcYdJh2mHWYd5h0WHZYdVh3WHTYdth12HfYdDuvwnA7P7fC8Ds/v8IIOL+zwog4v7vCSDi/t8LIOL+/wig6v7PCqDq/u8JoOr+3wug6v7/CGDm/s8KYOb+7wlg5v7fC2Dm/v8I4O7+zwrg7v7nB4hyM6vKfDezsc2eF9HY7qcHSH93f4QIcPdvhQhw93+EiHj3b4WIePd/hEh092+FSHT3f4TIfPdvhch893+EKHL3b4Uocvd/hKh692+FqHr3f4RodvdvhWh293+E6H73b4Xofvd/hBhx92+FGHH3f4SYefdvhZh593+EWHYzr8ssOvOvy6w286/LbD7zr8vsMfOvyxw586/LnDXzr8tcPfOvy9wz86HNvhnx3+1eHfHf7T4b8d/tfhkB7H6XHcHsfrcfweJ+hxwh4n6nHiHof2OEmPk/Y4WY+T9zhFj1P2OFWPU/c4TY/T9jhdj9P3OEOPM/Y4U48z9zhLj7P2OFuPs/c4R49z9jhXj3P3OE+P8/Y4X4/z97hAjwv2uFCPC/e4SI+L9rhYj4v3uESPS/a4VI/0uHSPy/S4bI/L9bh8jyv0uGKPK/W4co+r9Lhqj6v1uHqPa/S4Zo9r9bh2j+v0uG6P6/W4fo8b9Lhhjxv1uHGPm/S4aY+b9bh5j1v0uGWPW/W4dY/b9Lhtj9v1uH2PO/S4Y4879bhzj7v0uGuPu/W4e4979Lhnj3v1uHeP+/S4b4/79bh/jwf0eGCPB/V4cI+H9Hhoj4f1eHiPR/R4ZI9H9Xh0j8f0eGyPx/V4fI8n9Hhijyf1eHKP9nhKj6f2eFqPp/d4Ro9n9nhWj2f3OOgx6DHsMeox7jHpMe0x6zHvseix7LHqse6x6bHtseux73FYj+f0eG6P5/V4fo8X9Hhhjxf1eHGPl/R4aY+X9Xh5j1f0eGWPV/V4dY/X9Hhtj9f1eH2PN/R4Y4839Xhzj7f0eGuPt/V4e4939Hhnj3f1eHePw3sc0eM9Pd7b48ge7+txVI+j/8fCOQTxfTAKMHWb2kptd2vbtm3bWyO1/z8btZkyaGrbtm2+eTPfeW87e94BjhzgqAGOHuCYAT40wLEDfHiAjwzw0QE+NsDHB/jEAJ8c4FMDfHqAzwzw2QE+N8DnB/jCAF8c4EsDfHmArwzw1QG+NsDXB/jGAN8c4FsDfHuA7wzw3QG+N8D3B/jBAD8c4EcD/HiAnwzw0wF+NsDPB/jFAL8c4FcD/HqA3wzw2wF+N8DvB/jDAH8c4E8D/HmAvwzw1wH+NsDfB/jHAP8c4F8D/HuA/wzw3wH+N8AhAY4T4LgBjhfg+AFOEOCEAU4U4MQBThLg0AAnDXCyACcPcIoApwxwqgCnDnCaAKcNcLoApw9whgBnDHCmAGcOcJYAZw1wWICzBTh7gHMEOGeAcwU4d4DzBDhvgPMFOH+ACwS4YIALBbhwgIsEuGiAiwW4eIBLBLhkgAS4VIBLB7hMgMsGuFyAywe4QoArBrhSgCsHuEqAqwa4WoCrB7hGgGsGuFaAawe4ToDrBrhegOsHuEGAGwa4UYAbB7hJgJsGuFmAmwe4RYBbBrhVgFsHuE2A2wa4XYDbB7hDgDsGuFOAOwe4S4C7BrhbgLsHuEeAewa4V4B7B7hPgPsGuF+A+wd4QIAHBnhQgAcHeEiAhwZ4WICHB3hEgEcGeFSARwd4TIDHBnhcgMcHeEKAJwZ4UoAGeHKApwR4aoCnBXh6gGcEeGaAZwV4doDnBDg8wHMDPC/A8wO8IMALA7wowIsDvCTASwO8LMDLA7wiwCsDHAQYBBgGGAUYB5gEmAaYBZgHWARYBlgFWAfYBNgG2AXYB3hVgFcHeE2A1wZ4XYDXB3hDgDcGeFOANwd4S4C3BnhbgLcHeEeAdwZ4V4B3BzgiwHsCvDfA+wK8P8AHAnwwwJEBjgpwdIBjAnwowLEBPhzgIwE+GuBjAT4e4BMBPhngUwE+HeAzAT4b4HMBPh/gCwG+GOBLAb4c4CsBvhrgawG+HuAbAb4Z4FsBvh3gOwG+G+B7Ab4f4AcBfhjgRwF+HOAnAX4a4GcBfh7gFwF+GeBXAX4d4DcBfhvgdwF+H+APAf4Y4E8B/hzgLwH+GuBvAf4e4B8B/hngXwH+HeA/Af4b4H8BDglxnBDHDXG8EMcPcYIQJwxxohAnDnGSEIeGOGmIk4U4eYhThDhliFOFOHWI04Q4bYjThTh9iDOEOGOIM4U4c4izhDhriMNCnC3E2UOcI8Q5Q5wrxLlDnCfEeUOcL8T5Q1wgxAVDXCjEhUNcJMRFQ1wsxMVDXCLEJUMkxKVCXDrEZUJcNsTlQlw+xBVCXDHElUJcOcRVQlw1xNVCXD3ENUJcM8S1Qlw7xHVCXDfE9UJcP8QNQtwwxI1C3DjETULcNMTNQtw8xC1C3DLErULcOsRtQtw2xO1C3D7EHULcMcSdQtw5xF1C3DXE3ULcPcQ9QtwzxL1C3DvEfULcN8T9Qtw/xANCPDDEg0I8OMRDQjw0xMNCPDzEI0I8MsSjQjw6xGNCPDbE40I8PsQTQjwxxJNCNMSTQzwlxFNDPC3E00M8I8QzQzwrxLNDPCfE4SGeG+J5IZ4f4gUhXhjiRSFeHOIlIV4a4mUhXh7iFSFeGeIgxCDEMMQoxDjEJMQ0xCzEPMQixDLEKsQ6xCbENsQuxD7Eq0K8OsRrQrw2xOtCvD7EG0K8McSbQrw5xFtCvDXE20K8PcQ7QrwzxLtCvDvEESHeE+K9Id4X4v0hPhDigyGODHFUiKNDHBPiQyGODfHhEB8J8dEQHwvx8RCfCPHJEJ8K8ekQnwnx2RCfC/H5EF8I8cUQXwrx5RBfCfHVEF8L8fUQ3wjxzRDfCvHtEN8J8d0Q3wvx/RA/CPHDED8K8eMQPwnx0xA/C/HzEL8I8csQvwrx6xC/CfHbEL8L8fsQfwjxxxB/CvHnEH8J8dcQfwvx9xD/CPHPEP8K8e8Q/wnx3xD/C3FIhONEOG6E40U4foQTRDhhhBNFOHGEk0Q4NMJJI5wswskjnCLCKSOcKsKpI5wmwmkjnC7C6SOcIcIZI5wpwpkjnCXCWSMcFuFsEc4e4RwRzhnhXBHOHeE8Ec4b4XwRzh/hAhEuGOFCES4c4SIRLhrhYhEuHuESES4ZIREuFeHSES4T4bIRLhfh8hGuEOGKEa4U4coRrhLhqhGuFuHqEa4R4ZoRrhXh2hGuE+G6Ea4X4foRbhDhhhFuFOHGEW4S4aYRbhbh5hFuEeGWEW4V4dYRbhPhthFuF+H2Ee4Q4Y4R7hThzhHuEuGuEe4W4e4R7hHhnhHuFeHeEe4T4b4R7hfh/hEeEOGBER4U4cERHhLhoREeFuHhER4R4ZERHhXh0REeE+GxER4X4fERnhDhiRGeFKERnhzhKRGeGuFpEZ4e4RkRnhnhWRGeHeE5EQ6P8NwIz4vw/AgviPDCCC+K8OIIL4nw0ggvi/DyCK+I8MoIBxEGEYYRRhHGESYRphFmEeYRFhGWEVYR1hE2EbYRdhH2EV4V4dURXhPhtRFeF+H1Ed4Q4Y0R3hThzRHeEuGtEd4W4e0R3hHhnRHeFeHdEY6I8J4I743wvgjvj/CBCB+McGSEoyIcHeGYCB+KcGyED0f4SISPRvhYhI9H+ESET0b4VIRPR/hMhM9G+FyEz0f4QoQvRvhShC9H+EqEr0b4WoSvR/hGhG9G+FaEb0f4ToTvRvhehO9H+EGEH0b4UYQfR/hJhJ9G+FmEn0f4RYRfRvhVhF9H+E2E30b4XYTfR/hDhD9G+FOEP0f4S4S/RvhbhL9H+EeEf0b4V4R/R/hPhP9G+F+EQ2IcJ8ZxYxwvxvFjnCDGCWOcKMaJY5wkxqExThrjZDFOHuMUMU4Z41QxTh3jNDFOG+N0MU4f4wwxzhjjTDHOHOMsMc4a47AYZ4tx9hjniHHOGOeKce4Y54lx3hjni3H+GBeIccEYF4px4RgXiXHRGBeLcfEYl4hxyRiJcakYl45xmRiXjXG5GJePcYUYV4xxpRhXjnGVGFeNcbUYV49xjRjXjHGtGNeOcZ0Y141xvRjXj3GDGDeMcaMYN45xkxg3jXGzGDePcYsYt4xxqxi3jnGbGLeNcbsYt49xhxh3jHGnGHeOcZcYd41xtxh3j3GPGPeMca8Y945xnxj3jXG/GPeP8YAYD4zxoBgPjvGQGA+N8bAYD4/xiBiPjPGoGI+O8ZgYj43xuBiPj/GEGE+M8aQYjfHkGE+J8dQYT4vx9BjPiPHMGM+K8ewYz4lxeIznxnhejOfHeEGMF8Z4UYwXx3hJjJfGeFmMl8d4RYxXxjiIMYgxjDGKMY4xiTGNMYsxj7GIsYyxirGOsYmxjbGLsY/xqhivjvGaGK+N8boYr4/xhhhvjPGmGG+O8ZYYb43xthhvj/GOGO+M8a4Y745xRIz3xHhvjPfFeH+MD8T4YIwjYxwV4+gYx8T4UIxjY3w4xkdifDTGx2J8PMYnYnwyxqdifDrGZ2J8NsbnYnw+xhdifDHGl2J8OcZXYnw1xtdifD3GN2J8M8a3Ynw7xndifDfG92J8P8YPYvwwxo9i/DjGT2L8NMbPYvw8xi9i/DLGr2L8OsZvYvw2xu9i/D7GH2L8McafYvw5xl9i/DXG32L8PcY/Yvwzxr9i/DvGf2L8N8b/YhyS4DgJjpvgeAmOn+AECU6Y4EQJTpzgJAkOTXDSBCdLcPIEp0hwygSnSnDqBKdJcNoEp0tw+gRnSHDGBGdKcOYEZ0lw1gSHJThbgrMnOEeCcyY4V4JzJzhPgvMmOF+C8ye4QIILJrhQggsnuEiCiya4WIKLJ7hEgksmSIJLJbh0gsskuGyCyyW4fIIrJLhigisluHKCqyS4aoKrJbh6gmskuGaCayW4doLrJLhugusluH6CGyS4YYIbJbhxgpskuGmCmyW4eYJbJLhlglsluHWC2yS4bYLbJbh9gjskuGOCOyW4c4K7JLhrgrsluHuCeyS4Z4J7Jbh3gvskuG+C+yW4f4IHJHhgggcleHCChyR4aIKHJXh4gkckeGSCRyV4dILHJHhsgscleHyCJyR4YoInJWiCJyd4SoKnJnhagqcneEaCZyZ4VoJnJ3hOgsMTPDfB8xI8P8ELErwwwYsSvDjBSxK8NMHLErw8wSsSvDLBQYJBgmGCUYJxgkmCaYJZgnmCRYJlglWCdYJNgm2CXYJ9glcleHWC1yR4bYLXJXh9gjckeGOCNyV4c4K3JHhrgrcleHuCdyR4Z4J3JXh3giMSvCfBexO8L8H7E3wgwQcTHJngqARHJzgmwYcSHJvgwwk+kuCjCT6W4OMJPpHgkwk+leDTCT6T4LMJPpfg8wm+kOCLCb6U4MsJvpLgqwm+luDrCb6R4JsJvpXg2wm+k+C7Cb6X4PsJfpDghwl+lODHCX6S4KcJfpbg5wl+keCXCX6V4NcJfpPgtwl+l+D3Cf6Q4I8J/pTgzwn+kuCvCf6W4O8J/pHgnwn+leDfCf6T4L8J/pfgkBTHSXHcFMdLcfwUJ0hxwhQnSnHiFCdJcWiKk6Y4WYqTpzhFilOmOFWKU6c4TYrTpjhditOnOEOKM6Y4U4ozpzhLirOmOCzF2VKcPcU5UpwzxblSnDvFeVKcN8X5Upw/xQVSXDDFhVJcOMVFUlw0xcVSXDzFJVJcMkVSXCrFpVNcJsVlU1wuxeVTXCHFFVNcKcWVU1wlxVVTXC3F1VNcI8U1U1wrxbVTXCfFdVNcL8X1U9wgxQ1T3CjFjVPcJMVNU9wsxc1T3CLFLVPcKsWtU9wmxW1T3C7F7VPcIcUdU9wpxZ1T3CXFXVPcLcXdU9wjxT1T3CvFvVPcJ8V9U9wvxf1TPCDFA1M8KMWDUzwkxUNTPCzFw1M8IsUjUzwqxaNTPCbFY1M8LsXjUzwhxRNTPClFUzw5xVNSPDXF01I8PcUzUjwzxbNSPDvFc1IcnuK5KZ6X4vkpXpDihSlelOLFKV6S4qUpXpbi5SlekeKVKQ5SDFIMU4xSjFNMUkxTzFLMUyxSLFOsUqxTbFJsU+xS7FO8KsWrU7wmxWtTvC7F61O8IcUbU7wpxZtTvCXFW1O8LcXbU7wjxTtTvCvFu1MckeI9Kd6b4n0p3p/iAyk+mOLIFEelODrFMSk+lOLYFB9O8ZEUH03xsRQfT/GJFJ9M8akUn07xmRSfTfG5FJ9P8YUUX0zxpRRfTvGVFF9N8bUUX0/xjRTfTPGtFN9O8Z0U303xvRTfT/GDFD9M8aMUP07xkxQ/TfGzFD9P8YsUv0zxqxS/TvGbFL9N8bsUv0/xhxR/TPGnFH9O8ZcUf03xtxR/T/GPFP9M8a8U/07xnxT/TfG/FIdkOE6G42Y4XobjZzhBhhNmOFGGE2c4SYZDM5w0w8kynDzDKTKcMsOpMpw6w2kynDbD6TKcPsMZMpwxw5kynDnDWTKcNcNhGc6W4ewZzpHhnBnOleHcGc6T4bwZzpfh/BkukOGCGS6U4VsZLpLhohkuluHiGS6R4ZIZkuFSGS6d4TIZLpvhchkun+EKGa6Y4UoZrpzhKhmumuFqGa6e4RoZrpnhWhmuneE6Ga6b4XoZrp/hBhlumOFGGW6c4SYZbprhZhlunuEWGW6Z4VYZbp3hNhlum+F2GW6f4Q4Z7pjhThnunOEuGe6a4W4Z7p7hHhnumeFeGe6d4T4Z7pvhfhnun+EBGR6Y4UEZHpzhIRkemuFhGR6e4REZHpnhURkeneExGR6b4XEZHp/hCRmemOFJGZrhyRmekuGpGZ6W4ekZnpHhmRmeleHZGZ6T4fAMz83wvAzPz/CCDC/M8KIML87wkgwvzfCyDC/P8IoMr8xwkGGQYZhhlGGcYZJhmmGWYZ5hkWGZYZVhnWGTYZthl2Gf4VUZXp3hNRlem+F1GV6f4Q0Z3pjhTRnenOEtGd6a4W0Z3p7hHRnemeFdGd6d4YgM78nw3gzvy/D+DB/I8MEMR2Y4KsPRGY7J8KEMx2b4cIaPZPhoho9l+HiGT2T4ZIZPZfh0hs9k+GyGz2X4fIYvZPhihi9l+HKGr2T4aoavZfh6hm9k+Ob/Gn47w3cyfDfD9zJ8P8MPMvwww48y/DjDTzL8NMPPMvw8wy8y/DLDrzL8OsNvMvw2w+8y/D7DHzL8McOfMvw5w18y/DXD3zL8PcM/Mvwzw78y/DvDfzL8N8P/MhyS4zg5jpvjeDmOn+MEOU6Y40Q5TpzjJDkOzXHSHCfLcfIcp8hxyhynynHqHKfJcdocp8tx+hxnyHHGHGfKceYcZ8lx1hyH5ThbjrPnOEeOc+Y4V45z5zhPjvPmOF+O8+e4QI4L5rhQjgvnuEiOi+a4WI6L57hEjkvmSI5L5bh0jsvkuGyOy+W4fI4r5LhijivluHKOq+S4ao6r5bh6jmvkuGaOa+W4do7r5LhujuvluH6OG+S4YY4b5bhxjpvkuGmOm+W4eY5b5LhljlvluHWO2+S4bY7b5bh9jjvkuGOOO+W4c4675LhrjrvluHuOe+S4Z4575bh3jvvkuG+O++W4f44H5HhgjgfleHCOh+R4aI6H5Xh4jkfkeGSOR+V4dI7H5HhsjsfleHyOJ+R4Yo4n5WiOJ+d4So6n5nhajqfneEaOZ+Z4Vo5n53hOjsNzPDfH83I8P8cLcrwwx4tyvDjHS3K8NMfLcrw8xytyvDLHQY5BjmGOUY5xjkmOaY5ZjnmORY5ljlWOdY5Njm2OXY59jlfleHWO1+R4bY7X5Xh9jjfkeGOON+V4c4635HhrjrfleHuOd+R4Z4535Xh3jiNyvCfHe3O8L8f7c3wgxwdzHJnjqBxH5zgmx4dyHJvjwzk+kuOjOT6W4+M5PpHjkzk+lePTOT6T47M5Ppfj8zm+kOOLOb6U48s5vpLjqzm+luPrOb6R45s5vpXj2zm+k+O7Ob6X4/s5fpDjhzl+lOPHOX6S46c5fpbj5zl+keOXOX6V49c5fpPjtzl+l+P3Of6Q4485/pTjzzn+kuOvOf6W4+85/pHjnzn+lePfOf6T4785/pfjkALHKXDcAscrcPwCJyhwwgInKnDiAicpcGiBkxY4WYGTFzhFgVMWOFWBUxc4TYHTFjhdgdMXOEOBMxY4U4EzFzhLgbMWOKzA2QqcvcA5CpyzwLkKnLvAeQqct8D5Cpy/wAUKXLDAhQpcuMBFCly0wMUKXLzAJQpcskAKXKrApQtcpsBlC1yuwOULXKHAFQtcqcCVC1ylwFULXK3A1Qtco8A1C1yrwLULXKfAdQtcr8D1C9ygwA0L3KjAjQvcpMBNC9yswM0L3KLALQvcqsCtC9ymwG0L3K7A7QvcocAdC9ypwJ0L3KXAXQvcrcDdC9yjwD0L3KvAvQvcp8B9C9yvwP0LPKDAAws8qMCDCzykwEMLPKzAwws8osAjCzyqwKMLPKbAYws8rsDjCzyhwBMLPKlACzy5wFMKPLXA0wo8vcAzCjyzwLMKPLvAcwocXuC5BZ5X4PkFXlDghQVeVODFBV5S4KUFXlbg5QVeUeCVBQ4KDAoMC4wKjAtMCkwLzArMCywKLAusCqwLbApsC+wK7Au8qsCrC7ymwGsLvK7A6wu8ocAbC7ypwJsLvKXAWwu8rcDbC7yjwDsLvKvAuwscUeA9Bd5b4H0F3l/gAwU+WODIAkcVOLrAMQU+VODYAh8u8JECHy3wsQIfL/CJAp8s8KkCny7wmQKfLfC5Ap8v8IUCXyzwpQJfLvCVAl8t8LUCXy/wjQLfLPCtAt8u8J0C3y3wvQLfL/CDAj8s8KMCPy7wkwI/LfCzAj8v8IsCvyzwqwK/LvCbAr8t8LsCvy/whwJ/LPCnAn/+fz9D8dcCfyvw9wL/KPDPAv8q8O8C/ynw3wL/K3BIieOUOG6J45U4fokTlDhhiROVOHGJk5Q4tMRJS5ysxMlLnKJkWPC//8LUJU5T4rQlTlfi9CXOUOKMJc5U4swlzlLirCUOK3G2EmcvcY4S5yxxrhLnLnGeEuctcb4S5y9xgRIXLHGhEhcucZESFy1xsRIXL3GJEpcskRKXKnHpEpcpcdkSlytx+RJXKHHFElcqceUSVylx1RJXK3H1Etcocc0S1ypx7RLXKXHdEtcrcf0SNyhxwxI3KnHjEjcpcdMSNytx8xK3KHHLErcqcesStylx2xK3K3H7EncocccSdypx5xJ3KXHXEncrcfcS9yhxzxL3KnHvEvcpcd8S9ytx/xIPKPHAEg8q8eASDynx0BIPK/HwEo8o8cgSjyrx6BKPKfHYEo8r8fgSTyjxxBJPKtESTy7xlBJPLfG0Ek8v8YwSzyzxrBLPLvGcEoeXeG6J55V4fokXlHhhiReVeHGJl5R4aYmXlXh5iVeUeGWJgxKDEsMSoxLjEpMS0xKzEvMSixLLEqsS6xKbEtsSuxL7Eq8q8eoSrynx2hKvK/H6Em8o8cYSbyrx5hJvKfHWEm8r8fYS7yjxzhLvKvHuEkeUeE+J95Z4X4n3l/hAiQ+WOLLEUSWOLnFMiQ+VOLbEh0t8pMRHS3ysxMdLfKLEJ0t8qsSnS3ymxGdLfK7E50t8ocQXS3ypxJdLfKXEV0t8rcTXS3yjxDdLfKvEt0t8p8R3S3yvxPdL/KDED0v8qMSPS/ykxE9L/KzEz0v8osQvS/yqxK9L/KbEb0v8rsTvS/yhxB9L/KnEn0v8pcRfS/ytxN9L/KPEP0v8q8S/S/ynxH9L/K/EIRWOU+G4FY5X4fgVTlDhhBVOVOHEFU5S4dAKJ61wsgonr3CKCqescKoKp65wmgqnrXC6CqevcIYKZ6xwpgpnrnCWCmetcFiFs1U4e4VzVDhnhXNVOHeF81Q4b4XzVTh/hQtUuGCFC1W4cIWLVLhohYtVuHiFS1S4ZIVUuFSFS1e4TIXLVrhchctXuEKFK1a4UoUrV7hKhatWuFqFq1e4RoVrVrhWhWtXuE6F61a4XoXrV7hBhRtWuFGFG1e4SYWbVrhZhZtXuEWFW1a4VYVbV7hNhdtWuF2F21e4Q4U7VrhThTtXuEuFu1a4W4W7V7hHhXtWuFeFe1e4T4X7VrhfhftXeECFB1Z4UIUHV3hIhYdWeFiFh1d4RIVHVnhUhUdXeEyFx1Z4XIXHV3hChSdWeFKFVnhyhadUeGqFp1V4eoVnVHhmhWdVeHaF51Q4vMJzKzyvwvMrvKDCCyu8qMKLK7ykwksrvKzCyyu8osIrKxxUGFQYVhhVGFeYVJhWmFWYV1hUWFZYVVhX2FTYVthV2Fd4VYVXV3hNhddWeF2F11d4Q4U3VnhThTdXeEuFt1Z4W4W3V3hHhXdWeFeFd1c4osJ7Kry3wvsqvL/CByp8sMKRFY6qcHSFYyp8qMKxFT5c4SMVPlrhYxU+XuETFT5Z4VMVPl3hMxU+W+FzFT5f4QsVvljhSxW+XOErFb5a4WsVvl7hGxW+WeFbFb5d4TsVvlvhexW+X+EHFX5Y4UcVflzhJxV+WuFnFX5e4RcVflnhVxV+XeE3FX5b4XcVfl/hDxX+WOFPFf5c4S8V/lrhbxX+XuEfFf5Z4V8j8O8K/6nw3wr/q3BIjePUOG6N49U4fo0T1DhhjRPVOHGNk9Q4tMZJa5ysxslrnOL/2RCcqsapa5ymxmlrnK7G6WucocYZa5ypxplrnKXGWWscVuNsNc5e4xw1zlnjXDXOXeM8Nc5b43w1zl/jAjUuWONCNS5c4yI1LlrjYjUuXuMSNS5ZIzUuVePSNS5T47I1Llfj8jWuUOOKNa5U48o1rlLjqjWuVuPqNa5R45o1rlXj2jWuU+O6Na5X4/o1blDjhjVuVOPGNW5S46Y1blbj5jVuUeOWNW5V49Y1blPjtjVuV+P2Ne5Q44417lTjzjXuUuOuNe5W4+417lHjnjXuVePeNe5T47417lfj/jUeUOOBNR5U48E1HlLjoTUeVuPhNR5R45E1HlXj0TUeU+OxNR5X4/E1nlDjiTWeVKM1nlzjKTWeWuNpNZ5e4xk1nlnjWTWeXeM5NQ6v8dwaz6vx/BovqPHCGi+q8eIaL6nx0hovq/HyGq+o8coaBzUGNYY1RjXGNSY1pjVmNeY1FjWWNVY11jU2NbY1djX2NV5V49U1XlPjtTVeV+P1Nd5Q44013lTjzTXeUuOtNd5W4+013lHjnTXeVePdNY6o8Z4a763xvhrvr/GBGh+scWSNo2ocXeOYGh+qcWyND9f4SI2P1vhYjY/X+ESNT9b4VI1P1/hMjc/W+FyNz9f4Qo0v1vhSjS/X+EqNr9b4Wo2v1/hGjW/W+FaNb9f4To3v1vheje/X+EGNH9b4UY0f1/hJjZ/W+FmNn9f4RY1f1vhVjV/X+E2N39b4XY3f1/hDjT/W+FONP9f4S42/1vhbjb/X+EeNf9b4V41/1/hPjf/W+F+NQxocp8FxGxyvwfEbnKDBCRucqMGJG5ykwaENTtrgZA1O3uAUDU7Z4FQNTt3gNA1O2+B0DU7f4AwNztjgTA3O3OAsDc7a4LAGZ2tw9gbnaHDOBudqcO4G52lw3gbna3D+BhdocMEGF2pw4QYXaXDRBhdrcPEGl2hwyQZpcKkGl25wmQaXbXC5BpdvcIUGV2xwpQZXbnCVBldtcLUGV29wjQbXbHCtBtducJ0G121wvQbXb3CDBjdscKMGN25wkwY3bXCzBjdvcIsGt2xwqwa3bnCbBrdtcLsGt29whwZ3bHCnBnducJcGd21wtwZ3b3CPBvdscK8G925wnwb3bXC/Bvdv8IAGD2zwoAYPbvCQBg9t8LAGD2/wiAaPbPCoBo9u8JgGj23wuAaPb/CEBk9s8KQGbfDkBk9p8NQGT2vw9AbPaPDMBs9q8OwGz2lweIPnNnheg+c3eEGDFzZ4UYMXN3hJg5c2eFmDlzd4RYNXNjhoMGgwbDBqMG4waTBtMGswb7BosGywarBusGmwbbBrsG/wqgavbvCaBq9t8LoGr2/whgZvbPCmBm9u8JYGb23wtgZvb/COBu9s8K4G725wRIP3NHhvg/c1eH+DDzT4YIMjGxzV4OgGxzT4UINjG3y4wUcafLTBxxp8vMEnGnyywacafLrBZxp8tsHnGny+wRcafLHBlxp8ucFXGny1wdcafL3BNxp8s8G3Gny7wXcafLfB9xp8v8EPGvywwY8a/LjBTxr8tMHPGvy8wS8a/LLBrxr8usFvGvy2we8a/L7BHxr8scGfGvy5wV8a/LXB3xr8vcE/Gvyzwb8a/LvBfxr8t8H/GhzS4jgtjtvieC2O3+IELU7Y4kQtTtziJC0ObXHSFidrcfIWp2hxyhananHqFqdpcdoWp2tx+hZnaHHGFmdqceYWZ2lx1haHtThbi7O3OEeLc7Y4V4tztzhPi/O2OF+L87e4QIsLtrhQiwu3uEiLi7a4WIuLt7hEi0u2SItLtbh0i8u0uGyLy7W4fIsrtLhiiyu1uHKLq7S4aourtbh6i2u0uGaLa7W4dovrtLhui+u1uH6LG7S4YYsbtbhxi5u0uGmLm7W4eYtbtLhli1u1uHWL27S4bYvbtbh9izu0uGOLO7W4c4u7tLhri7u1uHuLe7S4Z4t7tbh3i/u0uG+L+7W4f4sHtHhgiwe1eHCLh7R4aIuHtXh4i0e0eGSLR7V4dIvHtHhsi8e1eHyLJ7R4YosntWiLJ7d4Sountnhai6e3eEaLZ7Z4Votnt3hOi8NbPLfF81o8v8ULWrywxYtavLjFS1q8tMXLWry8xStavLLFQYtBi2GLUYtxi0mLaYtZi3mLRYtli1WLdYtNi22LXYt9i1e1eHWL17R4bYvXtXh9ize0eGOLN7V4c4u3tHhri7e1eHuLd7R4Z4t3tXh3iyNavKfFe1u8r8X7W3ygxQdbHNniqBZHtzimxYdaHNviwy0+0uKjLT7W4uMtPtHiky0+1eLTLT7T4rMtPtfi8y2+0OKLLb7U4sstvtLiqy2+1uLrLb7R4pstvtXi2y2+0+K7Lb7X4vstftDihy1+1OLHLX7S4qctftbi5y1+0eKXLX7V4tctftPity1+1+L3Lf7Q4o8t/tTizy3+0uKvLf7W4u8t/tHiny3+1eLfLf7T4r8t/tfikA7H6XDcDsfrcPwOJ+hwwg4n6nDiDifpcGiHk3Y4WYeTdzhFh1N2OFWHU3c4TYfTdjhdh9N3OEOHM3Y4U4czdzhLh7N2OKzD2TqcvcM5Opyzw7k6nLvDeTqct8P5Opy/wwU6XLDDhTpcuMNFOly0w8U6XLzDJTpcskM6XKrDpTtcpsNlO1yuw+U7XKHDFTtcqcOVO1ylw1U7XK3D1Ttco8M1O1yrw7U7XKfDdTtcr8P1O9ygww073KjDjTvcpMNNO9ysw8073KLDLTvcqsOtO9ymw2073K7D7TvcocMdO9ypw5073KXDXTvcrcPdO9yjwz073KvDvTvcp8N9O9yvw/07PKDDAzs8qMODOzykw0M7PKzDwzs8osMjOzyqw6M7PKbDYzs8rsPjOzyhwxM7PKlDOzy5w1M6PLXD0zo8vcMzOjyzw7M6PLvDczoc3uG5HZ7X4fkdXtDhhR1e1OHFHV7S4aUdXtbh5R1e0eGVHQ46DDoMO4w6jDtMOkw7zDrMOyw6LDusOqw7bDpsO+w67Du8qsOrO7ymw2s7vK7D6zu8ocMbO7ypw5s7vKXDWzu8rcPbO7yjwzs7vKvDuzsc0eE9Hd7b4X0d3t/hAx0+2OHIDkd1OLrDMR0+1OHYDh/u8JEOH+3wsQ4f7/CJDp/s8KkOn+7wmQ6f7fC5Dp/v8IUOX+zwpQ5f7vCVDl/t8LUOX+/wjQ7f7PCtDt/u8J0O3+3wvW7skPc7/KDDDzv8qMOPO/ykw087/KzDzzv8osMvO/yqw687/KbDbzv8rsPvO/yhwx87/KnDnzv8pcNfhw/xtw5/7/CPDv/s8K8O/+7wnw7/7fC/Dof0OE6P4/Y4Xo/j9zhBjxP2OFGPE/c4SY9De5y0x8l6nLzHKXqcssepepy6x2l6nLbH6XqcvscZepyxx5l6nLnHWXqctcdhPc7W4+w9ztHjnD3O1ePcPc7T47w9ztfj/D0u0OOCPS7U48I9LtLjoj0u1uPiPS7R45I90uNSPS7d4zI9Ltvjcj0u3+MKPa7Y40o9rtzjKj2u2uNqPa7e4xo9rtnjWj2u3eM6Pa7b43o9rt/jBj1u2ONGPW7c4yY9btrjZj1u3uMWPW7Z41Y9bt3jNj1u2+N2PW7f4w497tjjTj3u3OMuPe7a42497t7jHj3u2eNePe7d4z497tvjfj3u3+MBPR7Y40E9HtzjIT0e2uNhPR7e4xE9HtnjUT0e3eMxPR7b43E9Ht/jCT2e2ONJPdrjyT2e0uOpPZ7W4+k9ntHjmT2e1ePZPZ7T4/Aez+3xvB7P7/GCHi/s8aIeL+7xkh4v7fGyHi/v8Yoer+xx0GPQY9hj1GPcY9Jj2mPWY95j0WPZY9Vj3WPTY9tj12Pf41U9Xt3jNT1e2+N1PV7f4w093tjjTT3e3OMtPd7a42093t7jHT3e2eNdPd7d44ge7+nx3h7v6/H+Hh/o8cEeR/Y4qsfRPY7p+T+W7akJ04NhtvDEtm1zxbZt27ZXNNHEtvHcNmKPY9u27V1vffsndFddB33QDh/giAGOHOCoAY4e4JgBjh3gEwN8coBPDfDpAT4zwGcH+NwAnx/gCwN8cYAvDfDlAb4ywFcH+NoAXx/gGwN8c4BvDfDtAb4zwHcH+N4A3x/gBwP8cIAfDfDjAX4ywE8H+NkAPx/gFwP8coBfDfDrAX4zwG8H+N0Avx/gDwP8cYA/DfDnAf4ywF8H+NsAfx/gHwP8c4B/DfDvAf4zwH8H+N8AhwQ4ToDjBjhegOMHOEGAEwY4UYATBzhJgJMGOFmAkwc4RYBTBjhVgFMHOE2A0wY4XYDTBzhDgDMGOFOAMwc4S4CzBjhbgLMHOEeAcwY4V4BzBzhPgPMGOF+A8we4QIALBrhQgAsHuEiAiwa4WICLB7hEgEsGuFSASwdIgMsEuGyAywW4fIArBLhigCsFuHKAqwS4aoCrBbh6gGsEuGaAawW4doDrBLhugOsFuH6AGwS4YYAbBbhxgJsEuGmAmwW4eYBbBLhlgFsFuHWA2wS4bYDbBbh9gDsEuGOAOwW4c4C7BLhrgLsFuHuAewS4Z4B7Bbh3gPsEuG+A+wW4f4AHBHhggAcFeHCAhwR4aICHBXh4gEcEeGSARwV4dIDHBHhsgMcFeHyAJwR4YoAnBXhygKcEaICnBnhagKcHeEaAZwY4NMCzAjw7wHMCPDfA8wIcFuD5AV4Q4IUBXhTgxQFeEuClAV4W4OUBXhHglQFeFeDVAV4T4LUBXhfg9QHeEOCNAd4U4M0B3hLgrQHeFuDtAd4R4J0B3hXgIMAgwDDAKMA4wCTANMAswDzAIsAywCrAOsAmwDbALsA+wLsDvCfAewO8L8D7A3wgwAcDfCjAhwN8JMBHA3wswMcDHB7giABHBjgqwNEBjglwbIBPBPhkgE8F+HSAzwT4bIDPBfh8gC8E+GKALwX4coCvBPhqgK8F+HqAbwT4ZoBvBfh2gO8E+G6A7wX4foAfBPhhgB8F+HGAnwT4aYCfBfh5gF8E+GWAXwX4dYDfBPhtgN8F+H2APwT4Y4A/BfhzgL8E+GuAvwX4e4B/BPhngH8F+HeA/wT4b4D/BeM5JMRxQhw3xPFCHD/ECUKcMMSJQpw4xElCnDTEyUKcPMQpQpwyxKlCnDrEaUKcNsTpQpw+xBlCnDHEmUKcOcRZQpw1xNlCnD3EOUKcM8S5Qpw7xHlCnDfE+UKcP8QFQlwwxIVCXDjERUJcNMTFQlw8xCVCXDLEpUJcOkRCXCbEZUNcLsTlQ1whxBVDXCnElUNcJcRVQ1wtxNVDXCPENUNcK8S1Q1wnxHVDXC/E9UPcIMQNQ9woxI1D3CTETUPcLMTNQ9wixC1D3CrErUPcJsRtQ9wuxO1D3CHEHUPcKcSdQ9wlxF1D3C3E3UPcI8Q9Q9wrxL1D3CfEfUPcL8T9QzwgxANDPCjEg0M8JMRDQzwsxMNDPCLEI0M8KsSjQzwmxGNDPC7E40M8IcQTQzwpxJNDPCVEQzw1xNNCPD3EM0I8M8ShIZ4V4tkhnhPiuSGeF+KwEM8P8YIQLwzxohAvDvGSEC8N8bIQLw/xihCvDPGqEK8O8ZoQrw3xuhCvD/GGEG8M8aYQbw7xlhBvDfG2EG8P8Y4Q7wzxrhAHIQYhhiFGIcYhJiGmIWYh5iEWIZYhViHWITYhtiF2IfYh3h3iPSHeG+J9Id4f4gMhPhjiQyE+HOIjIT4a4mMhPh7i8BBHhDgyxFEhjg5xTIhjQ3wixCdDfCrEp0N8JsRnQ3wuxOdDfCHEF0N8KcSXQ3wlxFdDfC3E10N8I8Q3Q3wrxLdDfCfEd0N8L8T3Q/wgxA9D/CjEj0P8JMRPQ/wsxM9D/CLEL0P8KsSvQ/wmxG9D/C7E70P8IcQfQ/wpxJ9D/CXEX0P8LcTfQ/wjxD9D/CvEv0P8J8R/Q/wvxCERjhPhuBGOF+H4EU4Q4YQRThThxBFOEuGkEU4W4eQRThHhlBFOFeHUEU4T4bQRThfh9BHOEOGMEc4U4cwRzhLhrBHOFuHsEc4R4ZwRzhXh3BHOE+G8Ec4X4fwRLhDhghEuFOHCES4S4aIRLhbh4hEuEeGSES4V4dIREuEyES4b4XIRLh/hChGuGOFKEa4c4SoRrhrhahGuHuEaEa4Z4VoRrh3hOhGuG+F6Ea4f4QYRbhjhRhFuHOEmEW4a4WYRbh7hFhFuGeFWEW4d4TYRbhvhdhFuH+EOEe4Y4U4R7hzhLhHuGuFuEe4e4R4R7hnhXhHuHeE+Ee4b4X4R7h/hAREeGOFBER4c4SERHhrhYREeHuERER4Z4VERHh3hMREeG+FxER4f4QkRnhjhSRGeHOEpERrhqRGeFuHpEZ4R4ZkRDo3wrAjPjvCcCM+N8LwIh0V4foQXRHhhhBdFeHGEl0R4aYSXRXh5hFdEeGWEV0V4dYTXRHhthNdFeH2EN0R4Y4Q3RXhzhLdEeGuEt0V4e4R3RHhnhHdFOIgwiDCMMIowjjCJMI0wizCPsIiwjLCKsI6wibCNsIuwj/DuCO+J8N4I74vw/ggfiPDBCB+K8OEIH4nw0Qgfi/DxCIdHOCLCkRGOinB0hGMiHBvhExE+GeFTET4d4TMRPhvhcxE+H+ELEb4Y4UsRvhzhKxG+GuFrEb4e4RsRvhnhWxG+HeE7Eb4b4XsRvh/hBxF+GOFHEX4c4ScRfhrhZxF+HuEXEX4Z4VcRfh3hNxF+G+F3EX4f4Q8R/hjhTxH+HOEvEf4a4W8R/h7hHxH+GeFfEf4d4T8R/hvhfxEOiXGcGMeNcbwYx49xghgnjHGiGCeOcZIYJ41xshgnj3GKGKeMcaoYp45xmhinjXG6GKePcYYYZ4xxphhnjnGWGGeNcbYYZ49xjhjnjHGuGOeOcZ4Y541xvhjnj3GBGBeMcaEYF45xkRgXjXGxGBePcYkYl4xxqRiXjpEYl4lx2RiXi3H5GFeIccUYV4px5RhXiXHVGFeLcfUY14hxzRjXinHtGNeJcd0Y14tx/Rg3iHHDGDeKceMYN4lx0xg3i3HzcYcM+V9vW8a4VYxbx7hNjNvGuF2M28e4Q4w7xrhTjDvHuEuMu8a4W4y7x7hHjHvGuFeMe8e4T4z7xrhfjPvHeECMB8Z4UIwHx3hIjIfGeFiMh8d4RIxHxnhUjEfHeEyMx8Z4XIzHx3hCjCfGeFKMJ8d4SozGeGqMp8V4eoxnxHhmjENjPCvGs2M8J8ZzYzwvxmExnh/jBTFeGONFMV4c4yUxXhrjZTFeHuMVMV4Z41UxXh3jNTFeG+N1MV4f4w0x3hjjTTHeHOMtMd4a420x3h7jHTHeGeNdMQ5iDGIMY4xijGNMYkxjzGLMYyxiLGOsYqxjbGJsY+xi7GO8O8Z7Yrw3xvtivD/GB2J8MMaHYnw4xkdifDTGx2J8PMbhMY6IcWSMo2IcHeOYGMfG+ESMT8b4VIxPx/hMjM/G+FyMz8f4QowvxvhSjC/H+EqMr8b4Woyvx/hGjG/G+FaMb8f4TozvxvhejO/H+EGMH8b4UYwfx/hJjJ/G+FmMn8f4RYxfxvhVjF/H+E2M38b4XYzfx/hDjD/G+FOMP8f4S4y/xvhbjL/H+EeMf8b4V4x/x/hPjP/G+F+MQxIcJ8FxExwvwfETnCDBCROcKMGJE5wkwUkTnCzByROcIsEpE5wqwakTnCbBaROcLsHpE5whwRkTnCnBmROcJcFZE5wtwdkTnCPBOROcK8G5E5wnwXkTnC/B+RNcIMEFE1wowYUTXCTBRRNcLMHFE1wiwSUTXCrBpRMkwWUSXDbB5RJcPsEVElwxwZUSXDnBVRJcNcHVElw9wTUSXDPBtRJcO8F1Elw3wfUSXD/BDRLcMMGNEtw4wU0S3DTBzRLcPMEtEtwywa0S3DrBbRLcNsHtEtw+wR0S3DHBnRLcOcFdEtw1wd0S3D3BPRLcM8G9Etw7wX0S3DfB/RLcP8EDEjwwwYMSPDjBQxI8NMHDEjw8wSMSPDLBoxI8OsFjEjw2weMSPD7BExI8McGTEjw5wVMSNMFTEzxt2KSenuAZCZ6Z4NAEz0rw7ATPSfDcBM9LcFiC5yd4QYIXJnhRghcneEmClyZ4WYKXJ3hFglcmeFWCVyd4TYLXJnhdgtcneEOCNyZ4U4I3J3hLgrcmeFuCtyd4R4J3JnhXgoMEgwTDBKME4wSTBNMEswTzBIsEywSrBOsEmwTbBLsE+wTvTvCeBO9N8L4E70/wgQQfTPChBB9O8JEEH03wsQQfT3B4giMSHJngqARHJzgmwbEJPpHgkwk+leDTCT6T4LMJPpfg8wm+kOCLCb6U4MsJvpLgqwm+luDrCb6R4JsJvpXg2wm+k+C7Cb6X4PsJfpDghwl+lODHCX6S4KcJfpbg5wl+keCXCX6V4NcJfpPgtwl+l+D3Cf6Q4I8J/pTgzwn+kuCvCf6W4O8J/pHgnwn+leDfCf6T4L8J/pfgkBTHSXHcFMdLcfwUJ0hxwhQnSnHiFCdJcdIUJ0tx8hSnSHHKFKdKceoUp0lx2hSnS3H6FGdIccYUZ0px5hRnSXHWFGdLcfYU50hxzhTnSnHuFOdJcd4U50tx/hQXSHHBFBdKceEUF0lx0RQXS3HxFJdIcckUl0px6RRJcZkUl01xuRSXT3GFFFdMcaUUV05xlRRXTXG1FFdPcY0U10xxrRTXTnGdFNdNcb0U109xgxQ3THGjFDdOcZMUN01xsxQ3T3GLFLdMcasUt05xmxS3TXG7FLdPcYcUd0xxpxR3TnGXFHdNcbcUd09xjxT3THGvFPdOcZ8U901xvxT3T/GAFA9M8aAUD07xkBQPTfGwFA9P8YgUj0zxqBSPTvGYFI9N8bgUj0/xhBRPTPGkFE9O8ZQUTfHUFE9L8fQUz0jxzBSHpnhWimeneE6K56Z4XorDUjw/xQtSvDDFi1K8OMVLUrw0xctSvDzFK1K8MsWrUrw6xWtSvDbF61K8PsUbUrwxxZtSvDnFW1K8NcXbUrw9xTtSvDPFu1IcpBikGKYYpRinmKSYppilmKdYpFimWKVYp9ik2KbYpdineHeK96R4b4r3pXh/ig+k+GCKD6X4cIqPpPhoio+l+HiKw1MckeLIFEelODrFMSmOTfGJFJ9M8akUn07xmRSfTfG5FJ9P8YUUX0zxpRRfTvGVFF9N8bUUX0/xjRTfTPGtFN9O8Z0U303xvRTfT/GDFD9M8aMUP07xkxQ/TfGzFD9P8YsUv0zxqxS/TvGbFL9N8bsUv0/xhxR/TPGnFH9O8ZcUf03xtxR/T/GPFP9M8a8U/07xnxT/TfG/FIdkOE6G42Y4XobjZzhBhhNmOFGGE2c4SYaTZjhZhpNnOEWGU2Y4VYZTZzhNhtNmOF2G02c4Q4YzZjhThjNnOEuGs2Y4W4azZzhHhnNmOFeGc2c4T4bzZjhfhvNnuECGC2a4UIYLZ7hIhotmuFiGi2e4RIZLZrhUhktnSIbLZLhshstluHyGK2S4YoYrZbhyhqtkuGqGq2W4eoZrZLhmhmtluHaG62S4bobrZbh+hhtkuGGGG2W4cYabZLhphptluHmGW2S4ZYZbZbh1httkuG2G22W4fYY7ZLhjhjtluHOGu2S4a4a7Zbh7hntkuGeGe2W4d4b7ZLhvhvtluH/2v4GBB2Z4UIYHZ3hIhodmeFiGh2d4RIZHZnhUhkdneEyGx2Z4XIbHZ3hChidmeFKGJ2d4SoZmeGqGp2V4eoZnZHhmhkMzPCvDszM8J8NzMzwvw2EZnp/hBRlemOFFGV6c4SUZXprhZRlenuEVGV6Z4VUZXp3hNRlem+F1GV6f4Q0Z3pjhTRnenOEtGd6a4W0Z3p7hHRnemeFdGQ4yDDIMM4wyjDNMMkwzzDLMMywyLDOsMqwzbDJsM+wy7DO8O8N7Mrw3w/syvD/DBzJ8MMOHMnw4w0cyfDTDxzJ8PMPhGY7IcGSGozIcneGYDMdm+ESGT2b4VIZPZ/hMhs9m+FyGz2f4QoYvZvhShi9n+EqGr2b4WoavZ/hGhm9m+FaGb2f4TobvZvhehu9n+EGGH2b4UYYfZ/hJhp9m+FmGn2f4RYZfZvhVhl9n+E2G32b4XYbfZ/hDhj9m+FOGP2f4S4a/Zvhbhr9n+EeGf2b4V4Z/Z/hPhv9m+F+GQ3IcJ8dxcxwvx/FznCDHCXOcKMeJc5wkx0lznCzHyXOcIscpc5wqx6lznCbHaXOcLsfpc5whxxlznCnHmXOcJcdZc5wtx9lznCPHOXOcK8e5c5wnx3lznC/H+XNcIMcFc1wox4VzXCTHRXNcLMfFc1wixyVzXCrHpXMkx2VyXDbH5XJcPscVclwxx5VyXDnHVXJcNcfVclw9xzVyXDPHtXJcO8d1clw3x/VyXD/HDXLcMMeNctw4x01y3DTHzXLcPMctctwyx61y3DrHbXLcNsftctw+xx1y3DHHnXLcOcddctw1x91y3D3HPXLcM8e9ctw7x31y3DfH/XLcP8cDcjwwx4NyPDjHQ3I8NMfDcjw8xyNyPDLHo3I8Osdjcjw2x+NyPD7HE3I8MceTcjw5x1NyNMdTczwtx9NzPCPHM3McmuNZOZ6d4zk5npvjeTkOy/H8HC/I8cIcL8rx4hwvyfHSHC/L8fIcr8jxyhyvyvHqHK/J8docr8vx+hxvyPHGHG/K8eYcb8nx1hxvy/H2HO/I8c4c78pxkGOQY5hjlGOcY5JjmmOWY55jkWOZY5VjnWOTY5tjl2Of49053pPjvTnel+P9OT6Q44M5PpTjwzk+kuOjOT6W4+M5Ds9xRI4jcxyV4+gcx+Q4Nscncnwyx6dyfDrHZ3J8Nsfncnw+xxdyfDHHl3J8OcdXcnw1x9dyfD3HN3J8M8e3cnw7x3dyfDfH93J8P8cPcvwwx49y/DjHT3L8NMfPcvw8xy9y/DLHr3L8Osdvcvw2x+9y/D7HH3L8Mcefcvw5x19y/DXH33L8Pcc/cvwzx79y/DvHf3L8N8f/chxS4DgFjlvgeAWOX+AEBU5Y4EQFTlzgJAVOWuBkBU5e4BQFTlngVAVOXeA0BU5b4HQFTl/gDAXOWOBMBc5c4CwFzlrgbAXOXuAcBc5Z4FwFzl3gPAXOW+B8Bc5f4AIFLljgQgUuXOAiBS5a4GIFLl7gEgUuWeBSBS5dIAUuU+CyBS5X4PIFrlDgigWuVODKBa5S4KoFrlbg6gWuUeCaBa5V4NoFrlPgugWuV+D6BW5Q4IYFblTgxgVuUuCmBW5W4OYFblHglgVuVeDWBW5T4LYFblfg9gXuUOCOBe5U4M4F7lLgrgXuVuDuBe5R4J4F7lXg3gXuU+C+Be5X4P4FHlDggQUeVODBBR5S4KEFHlbg4QUeUeCRBR5V4NEFHlPgsQUeV+DxBZ5Q4IkFnlTgyQWeUqAFnlrgaQWeXuAZBZ5Z4NACzyrw7ALPKfDcAs8rcFiB5xd4QYEXFnhRgRcXeEmBlxZ4WYGXF3hFgVcWeFWBVxd4TYHXFnhdgdcXeEOBNxZ4U4E3F3hLgbcWeFuBtxd4R4F3FnhXgYMCgwLDAqMC4wKTAtMCswLzAosCy4KJhgwZYl1gU2BbYFdgX+DdBd5T4L0F3lfg/QU+UOCDBT5U4MMFPlLgowU+VuDjBQ4vcESBIwscVeDoAscUOLbAJwp8ssCnCny6wGcKfLbA5wp8vsAXCnyxwJcKfLnAVwp8tcDXCny9wDcKfLPAtwp8u8B3Cny3wPcKfL/AD8b/vyP9/yx+XOAnBX5a4GcFfl7gFwV+WeBXBX5d4DcFflvgdwV+X+APBf5Y4E8F/lzgLwX+WuBvBf5e4B8F/lngXwX+XeA/Bf5b4H8FDilxnBLHLXG8EscvcYISJyxxohInLnGSEictcbISJy9xihKnLHGqEqcucZoSpy1xuhKnL3GGEmcscaYSZy5xlhJnLXG2EmcvcY4S5yxxrhLnLnGeEuctcb4S5y9xgRIXLHGhEhcucZESFy1xsRIXL3GJEpcscakSly6REpcpcdkSlytx+RJXKHHFElcqceUSVylx1RJXK3H1Etcocc0S1ypx7RLXKXHdEtcrcf0SNyhxwxI3KnHjEjcpcdMSNytx8xK3KHHLErcqcesStylx2xK3K3H7EncocccSdypx5xJ3KXHXEncrcfcS9yhxzxL3KnHvEvcpcd8S9ytx/xIPKPHAEg8q8eASDynx0BIPK/HwEo8o8cgSjyrx6BKPKfHYEo8r8fgSTyjxxBJPKvHkEk8p0RJPLfG0Ek8v8YwSzyxxaIlnlXh2ieeUeG6J55U4rMTzS7ygxAtLvKjEi0u8pMRLS7ysxMtLvKLEK0u8qsSrS7ymxGtLvK7E60u8ocQbS7ypxJtLvKXEW0u8rcTbS7yjxDtLvKvEQYlBiWGJUYlxiUmJaYlZiXmJRYlliVWJdYlNiW2JXYl9iXeXeE+J95Z4X4n3l/hAiQ+W+FCJD5f4SImPlvhYiY+XOLzEESWOLHFUiaNLHFPi2BKfKPHJEp8q8ekSnynx2RKfK/H5El8o8cUSXyrx5RJfKfHVEl8r8fVJ/r/tEt8q8e0S3ynx3RLfK/H9Ej8o8cMSPyrx4xI/KfHTEj8r8fMSvyjxyxK/KvHrEr8p8dsSvyvx+xJ/KPHHEn8q8ecSfynx1xJ/K/H3kqF/lPhniX+V+HeJ/5T4b4n/lTikwnEqHLfC8Socv8IJKpywwokqnLjCSSqctMLJKpy8wikqnLLCqSqcusJpKpy2wukqnL7CGSqcscKZKpy5wlkqnLXC2SqcvcI5KpyzwrkqnLvCeSqct8L5Kpy/wgUqXLDChSpcuMJFKly0wsUqXLzCJSpcssKlKly6QipcpsJlK1yuwuUrXKHCFStcqcKVK1ylwlUrXK3C1Stco8I1K1yrwrUrXKfCdStcr8L1K9ygwg0r3KjCjSvcpMJNK9ysws0r3KLCLSvcqsKtK9ymwm0r3K7C7SvcocIdK9ypwp0r3KXCXSvcrcLdK9yjwj0r3KvCvSvcp8J9K9yvwv0rPKDCAys8qMKDKzykwkMrPKzCwys8osIjKzyqwqMrPKbCYys8rsLjKzyhwhMrPKnCkys8pUIrPLXC0yo8vcIzKjyzwqEVnlXh2RWeU+G5FZ5X4bAKz6/wggovrPCiCi+u8JIKL63wsgovr/CKCq+s8KoKr67wmgqvrfC6Cq+v8IYKb6zwpgpvrvCWCm+t8LYKb6/wjgrvrPCuCgcVBhWGFUYVxhUmFaYVZhXmFRYVlhVWFdYVNhW2FXYV9hXeXeE9Fd5b4X0V3l/hAxU+WOFDFT5c4SMVPlrhYxU+XuHwCkdUOLLCURWOrnBMhWMrfKLCJyt8qsKnK3ymwmcrfK7C5yt8ocIXK3ypwpcrfKXCVyt8rcLXK3yjwjcrfKvCtyt8p8J3K3yvwvcr/KDCDyv8qMKPK/ykwk8r/KzCzyv8osIvK/yqwq8r/KbCbyv8rsLvK/yhwh8r/KnCnyv8pcJfK/ytwt8r/KPCPyv8q8K/K/ynwn8r/K/CITWOU+O4NY5X4/g1TlDjhDVOVOPENU5S46Q1Tlbj5DVOUeOUNU5V49Q1TlPjtDVOV+P0Nc5Q44w1zlTjzDXOUuOsNc5W4+w1zlHjnDXOVePcNc5T47w1zlfj/DUuUOOCNS5U48I1LlLjojUuVuPiNS5R45I1LlXj0jVS4zI1LlvjcjUuX+MKNa5Y40o1rlzjKjWuWuNqNa5e4xo1rlnjWjWuXeM6Na5b43o1rl/jBjVuWONGNW5c4yY1blrjZjVuXuMWNW5Z41Y1bl3jNjVuW+N2NW5f4w417ljjTjXuXOMuNe5a42417l7jHjXuWeNeNe5d4z417lvjfjXuX+MBNR5Y40E1HlzjITUeWuNhNR5e4xE1HlnjUTUeXeMxNR5b43E1Hl/jCTWeWONJNZ5c4yk1WuOpNZ5W4+k1nlHjmTUOrfGsGs+u8Zwaz63xvBqH1Xh+jRfUeGGNF9V4cY2X1HhpjZfVeHmNV9R4ZY1X1Xh1jdfUeG2N19V4fY031HhjjTfVeHONt9R4a4231Xh7jXfUeGeNd9U4qDGoMawxqjGuMakxrTGrMa+xqLGssaqxrrGpsa2xq7Gv8e4a76nx3hrvq/H+Gh+o8cEaH6rx4RofqfHRGh+r8fEah9c4osaRNY6qcXSNY2ocW+MTNT5Z41M1Pl3jMzU+W+NzNT5f4ws1vljjSzW+XOMrNb5a42s1vl7jGzW+WeNbNb5d4zs1vlvjezW+X+MHNX5Y40c1flzjJzV+WuNnNX5e4xc1flnjVzV+XeM3NX5b43c1fl/jDzX+WONPNf5c4y81/lrjbzX+XuMfNf5Z4181/l3jPzX+W+N/NQ5pcJwGx21wvAbHb3CCBidscKIGJ25wkgYnbXCyBidvcIoGp2xwqganbnCaBqdtcLoGp29whgZnbHCmBmducJYGZ21wtgZnb3COBudscK4G525wngbnbXC+BudvcIEGF2xwoQYXbnCRBhdtcLEGF29wiQaXbHCpBpdukAaXaXDZBpdrcPkGV2hwxQZXanDlBldpcNUGV2tw9QbXaHDNBtdqcO0G12lw3QbXa3D9BjdocMMGN2pw4wY3aXDTBjdrcPMGt2hwywa3anDrBrdpcNsGt2tw+wZ3aHDHBndqcOcGd2lw1wZ3a3D3BvdocM8G92pw7wb3aXDfBvdrcP8GD2jwwAYPavDgBg9p8NAGD2vw8AaPaPDIBo9q8OgGj2nw2AaPa/D4Bk9o8MQGT2rw5AZPadAGT23wtAZPb/CMBs9scGiDZzV4doPnNHhug+c1OKzB8xu8oMELG7yowYsbvKTBSxu8rMHLG7yiwSsbvKrBqxu8psFrG7yuwesbvKHBGxu8qcGbG7ylwVsbvK3B2xu8o8E7G7yrwUGDQYNhg1GDcYNJg2mDWYN5g0WDZYNVg3WDTYNtg12DfYN3N3hPg/c2eF+D9zf4QIMPNvhQgw83+EiDjzb4WIOPNzi8wRENjmxwVIOjGxzT4NgGn2jwyQafavDpBp9p8NkGn2vw+QZfaPDFBl9q8OUGX2nw1QZfa/D1Bt9o8M0G32rw7QbfafDdBt9r8P0GP2jwwwY/avDjBj9p8NMGP2vw8wa/aPDLBr9q8OsGv2nw2wa/a/D7Bn9o8McGf2rw5wZ/afDXBn9r8PcG/2jwzwb/avDvBv9p8N8G/2twSIvjtDhui+O1OH6LE7Q4YYsTtThxi5O0OGmLk7U4eYtTtDhli1O1OHWL07Q4bYvTtTh9izO0OGOLM7U4c4uztDhri7O1OHuLc7Q4Z4tztTh3i/O0OG+L87U4f4sLtLhgiwu1uHCLi7S4aIuLtbh4i0u0uGSLS7W4dIu0uEyLy7a4XIvLt7hCiyu2uFKLK7e4Sourtrhai6u3uEaLa7a4Votrt7hOi+u2uF6L67e4QYsbtrhRixu3uEmLm7a4WYubt7hFi1u2uFWLW7e4TYvbtrhdi9u3uEOLO7a4U4s7t7hLi7u2uFuLu7e4R4t7trhXi3u3uE+L+7a4X4v7t3hAiwe2eFCLB7d4SIuHtnhYi4e3eESLR7Z4VItHt3hMi8e2eFyLx7d4QosntnhSiye3eEqLtnhqi6e1eHqLZ7R4ZotDWzyrxbNbPKfFc1s8r8VhLZ7f4gUtXtjiRS1e3OIlLV7a4mUtXt7iFS1e2eJVLV7d4jUtXtvidS1e3+INLd7Y4k0t3tziLS3e2uJtLd7e4h0t3tniXS0OWgxaDFuMWoxbTFpMW8xazFssWixbrFqsW2xabFvsWuxbvLvFe1q8t8X7Wry/xQdafLDFh1p8uMVHWny0xcdafLzF4S2OaHFki6NaHN3imBbHtvhEi0+2+FT7f16eafHZFp9r8fkWX2jxxRZfavHlFl9p8dUWX2vx9RbfaPHNFt9q8e0W32nx3Rbfa/H9Fj9o8cMWP2rx4xY/afHTFj9r8fMWv2jxyxa/avHrFr9p8dsWv2vx+xZ/aPHHFn9q8ecWf2nx1xZ/a/H3Fv9o8c8W/2rx7xb/afHfFv/7X54Ox+lw3A7H63D8DifocMIOJ+pw4g4n6XDSDifrcPIOp+hwyg6n6nDqDqfpcNoOp+tw+g5n6HDGDmfqcOYOZ+lw1g5n63D2DufocM4O5+pw7g7n6XDeDufrcP4OF+hwwQ4X6nDhDhfpcNEOF+tw8Q6X6HDJDpfqcOkO6XCZDpftcLkOl+9whQ5X7HClDlfucJUOV+1wtQ5X73CNDtfscK0O1+5wnQ7X7XC9DtfvcIMON+xwow437nCTDjftcLMON+9wiw637HCrDrfucJsOt+1wuw6373CHDnfscKcOd+5wlw537XC3DnfvcI8O9+xwrw737nCfDvftcL8O9+/wgA4P7PCgDg/u8JAOD+3wsA4P7/CIDo/s8KgOj+7wmA6P7fC4Do/v8IQOT+zwpA5P7vCUDu3w1A5P6/D0Ds/o8MwOh3Z4Vodnd3hOh+d2eF6Hwzo8v8MLOryww4s6vLjDSzq8tMPLOry8wys6vLLDqzq8usNrOry2w+s6vL7DGzq8scObOry5w1s6vLXD2zq8vcM7Oryzw7s6HHQYdBh2GHUYd5h0mHaYdZh3WHRYdlh1WHfYdNh22HXYd3h3h/d0eG+H93V4f4cPdPhghw91+HCHj3T4aIePdfh4h8M7HNHhyA5HdTi6wzEdju3wiQ6f7PCpDp/u8JkOn+3wuQ6f7/CFDl/s8KUOX+7wlQ5f7fC1Dl/v8I0O3+zwrQ7f7vCdDt/t8L0O3+/wgw4/7PCjDj/u8JMOP+3wsw4/7/CLDr/s8KsOv+7wmw6/7fC7Dr/v8IcOf+zwpw5/7vCXDn/t8LcOf+/wjw7/7PCvDv/u8J8O/+3wvw6H9DhOj+P2OF6P4/c4QY8T9jhRjxP3OEmPk/Y4WY+T9zhFj1P2OFWPU/c4TY/T9jhdj9P3OEOPM/Y4U48z9zhLj7P2OFuPs/c4R49z9jhXj3P3OE+P8/Y4X4/z97hAjwv2uFCPC/e4SI+L9rhYj4v3uESPS/a4VI9L90iPy/S4bI/L9bh8jyv0uGKPK/W4co+r9Lhqj6v1uHqPa/S4Zo9r9bh2j+v0uG6P6/W4fo8b9Lhhjxv1uHGPm/S4aY+b9bh5j1v0uGWPW/W4dY/b9Lhtj9v1uH2PO/S4Y4879bhzj7v0uGuPu/W4e4979Lhnj3v1uHeP+/S4b4/79bh/jwf0eGCPB/V4cI+H9Hhoj4f1eHiPR/R4ZI9H9Xh0j8f0eGyPx/V4fI8n9Hhijyf1eHKPp/Roj6f2eFqPp/d4Ro9n9ji0x7N6PLvHc3o8t8fzehzW4/k9XtDjhT1e1OPFPV7S46U9Xtbj5T1e0eOVPV7V49U9XtPjtT1e1+P1Pd7Q44093tTjzT3e0uOtPd7W4+093tHjnT3e1eOgx6DHsMeox7jHpMe0x6zHvMeix7LHqse6x6bHtseux77Hu3u8p8d7e7yvx/t7fKDHB3t8qMeHe3ykx0d7fKzHx3sc3uOIHkf2OKrH0T2O6XFsz/9j4R678D4YZounSNoUSW3b7a5t27Zt79q2bTvX30ZtG6ltpMxZ9zrPfIb5vZs1Pj3AZwb47ACfG+DzA3xhgC8O8KUBvjzAVwb46gBfG+DrA3xjgG8O8K0Bvj3Adwb47gDfG+D7A/xggB8O8KMBjh7gxwP8ZICfDvCzAX4+wC8G+OUAvxrg1wP8ZoDfDvC7AX4/wB8G+OMAfxrgzwP8ZYC/DvC3Af4+wD8GOGaAfw7wrwH+PcB/BvjvAP8b4NgBDglwnADHDXC8AMcPcGiAwwKcIMAJAxwe4EQBThzgJAFOGuCIAEcGOFmAkwc4RYBTBjhVgFMHOE2A0wY4XYDTBzhDgDMGOFOAMwc4S4CzBjhbgLMHOEeAcwY4V4BzBzhPgPMGOF+A8we4QIALBrhQgAsHuEiAiwa4WIAEuHiASwS4ZIBLBbh0gMsEuGyAywW4fIArBLhigCsFuHKAqwS4aoCrBbh6gGsEuGaAawW4doDrBLhugOsFuH6AGwS4YYAbBbhxgJsEuGmAmwW4eYBbBLhlgFsFuHWA2wS4bYDbBbh9gDsEuGOAOwW4c4C7BLhrgLsFuHuAewS4Z4B7Bbh3gPsEuG+A+wW4f4AHBHhggAcFeHCAhwR4aICHBXh4gEcEeGSARwV4dIDHBHhsgMcFeHyABnhCgCcGeFKAJwd4SoCnBnhagKcHeEaAZwZ4VoBnB3hOgOcGeF6A5wd4QYAXBnhRgBcHeEmAlwZ4WYCXB3hFgFcGeFWAVwd4TYDXBnhdgNcHeEOANwZ4U4A3B3hLgLcGeFuAtwd4R4B3BnhXgHcHeE+A9wZ4X4D3B/hAgA8G+FCADwf4SICPBvhYgKMCHAQYBBgGGAUYB5gEmAaYBZgHWARYBlgFWAfYBNgG2AXYB/h4gE8E+GSATwX4dIDPBPhsgM8F+HyALwT4YoAvBfhygK8E+GqArwX4eoBvBPhmgG8F+HaA7wT4boDvBfh+gB8E+GGAHwU4OsCPA/wkwE8D/CzAzwP8IsAvhw3xqwC/DvCbAL8N8LsAvw/whwB/DPCnAH8O8JcAfw3wtwB/D/CPAMcE+GeAfwX4d4D/BPhvgP8FODbAISGOE+K4IY4X4vghDg1xWIgThDhhiMNDnCjEiUOcJMRJQxwR4sgQJwtx8hCnCHHKEKcKceoQpwlx2hCnC3H6EGcIccYQZwpx5hBnCXHWEGcLcfYQ5whxzhDnCnHuEOcJcd4Q5wtx/hAXCHHBEBcKceEQFwlx0RAXC5EQFw9xiRCXDHGpEJcOcZkQlw1xuRCXD3GFEFcMcaUQVw5xlRBXDXG1EFcPcY0Q1wxxrRDXDnGdENcNcb0Q1w9xgxA3DHGjEDcOcZMQNw1xsxA3D3GLELcMcasQtw5xmxC3DXG7ELcPcYcQdwxxpxB3DnGXEHcNcbcQdw9xjxD3DHGvEPcOcZ8Q9w1xvxD3D/GAEA8M8aAQDw7xkBAPDfGwEA8P8YgQjwzxqBCPDvGYEI8N8bgQjw/REE8I8cQQTwrx5BBPCfHUEE8L8fQQzwjxzBDPCvHsEM8J8dwQzwvx/BAvCPHCEC8K8eIQLwnx0hAvC/HyEK8I8coQrwrx6hCvCfHaEK8L8foQbwjxxhBvCvHmEG8J8dYQbwvx9hDvCPHOEO8K8e4Q7wnx3hDvC/H+EB8I8cEQHwrx4RAfCfHREB8LcVSIgxCDEMMQoxDjEJMQ0xCzEPMQixDLEKsQ6xCbENsQuxD7EB8P8YkQnwzxqRCfDvGZEJ8N8bkQnw/xhRBfDPGlEF8O8ZUQXw3xtRBfD/GNEN8M8a0Q3w7xnRDfDfG9EN8P8YMQPwzxoxBHh/hxiJ+E+GmIn4X4eYhfhPhliF+F+HWI34T4bYjfhfh9iD+E+GOIP4X4c4i/hPhriL+F+HuIf4Q4JsQ/Q/wrxL9D/CfEf0P8L8SxIQ6JcJwIx41wvAjHj3BohMMinCDCCSMcHuFEEU4c4SQRThrhiAhHRjhZhJNHOEWEU0Y4VYRTRzhNhNNGOF2E00c4Q4QzRjhThDNHOEuEs0Y4W4SzRzhHhHNGOFeEc0c4T4TzRjhfhPNHuECEC0a4UIQLR7hIhItGuFiERLh4hEtEuGSES0W4dITLRLhshMtFuHyEK0S4YoQrRbhyhKtEuGqEq0W4eoRrRLhmhGsN/b/NRoTrRrhehOtHuEGEG0a4UYQbR7hJhJtGuFmEm0e4RYRbRrhVhFtHuE2E20a4XYTbR7hDhDtGuFOEO0e4S4S7RrhbhLtHuEeEe0a4V4R7R7hPhPtGuF+E+0d4QIQHRnhQhAdHeEiEh0Z4WISHR3hEhEdGeFSER0d4TITHRnhchMdHaIQnRHhihCdFeHKEp0R4aoSnRXh6hGdEeGaEZ0V4doTnRHhuhOdFeH6EF0R4YYQXRXhxhJdEeGmEl0V4eYRXRHhlhFdFeHWE10R4bYTXRXh9hDdEeGOEN0V4c4S3RHhrhLdFeHuEd0R4Z4R3RXh3hPdEeG+E90V4f4QPRPhghA9F+HCEj0T4aISPRTgqwkGEQYRhhFE0csSQIZhEmEaYRZhHWERYRlhFWEfYRNhG2EXYR/h4hE9E+GSET0X4dITPRPhshM9F+HyEL0T4YoQvRfhyhK9E+GqEr0X4eoRvRPhmhG9F+HaE70T4boTvRfh+hB9E+GGEH0U4OsKPI/wkwk8j/CzCzyP8IsIvI/wqwq8j/CbCbyP8LsLvI/whwh8j/CnCnyP8JcJfI/wtwt8j/CPCMRH+GeFf0f/9/0f4b4T/RTg2wiExjhPjuDGOF+P4MQ6NcVjMmLH/Pw6PcaIYJ45xkhgnjXFEjCNjnCzGyWOcIsYpY5wqxqljnCbGaWOcLsbpY5whxhljnCnGmWOcJcZZY5wtxtljnCPGOWOcK8a5Y5wnxnljnC/G+WNcIMYFY1woxoVjXCTGRWNcLEZiXDzGJWJcMsalYlw6xmViXDbG5WJcPsYVYlwxxpViXDnGVWJcNcbVYlw9xjViXDPGtWJcO8Z1Ylw3xvViXD/GDWLcMMaNYtw4xk1i3DTGzWLcPMYtYtwyxq1i3DrGbWLcNsbtYtw+xh1i3DHGnWLcOcZdYtw1xt1i3D3GPWLcM8a9Ytw7xn1i3DfG/WLcP8YDYjwwxoNiPDjGQ2I8NMbDYjw8xiNiPDLGo2I8OsZjYjw2xuNiPD5GYzwhxhNjPCnGk2M8JcZTYzwtxtNjPCPGM2M8K8azYzwnxnNjPC/G82O8IMYLY7woxotjvCTGS2O8LMbLY7wixitjvCrGq2O8JsZrY7wuxutjvCHGG2O8KcabY7wlxltjvC3G22O8I8Y7Y7wrxrtjvCfGe2O8L8b7Y3wgxgdjfCjGh2N8JMZHY3wsxlExDmIMYgxjjGKMY0xiTGPMYsxjLGIsY6xirGNsYmxj7GLsY3w8xidifDLGp2J8OsZnYnw2xudifD7GF2J8McaXYnw5xldifDXG12J8PcY3YnwzxrdifDvGd2J8N8b3Ynw/xg9i/DDGj2IcHePHMX4S46cxfhbj5zF+EeOXMX4V49cxfhPjtzF+F+P3Mf4Q448x/hTjzzH+EuOvMf4W4+8x/hHjmBj/jPGvGP+O8Z8Y/43xvxjHxjgkwXESHDfB8RIcP8GhCQ5LcIIEJ0xweIITJThxgpMkOGmCIxIcmeBkCU6e4BQJTpngVAlOneA0CU6b4HQJTp/gDAnOmOBMCc6c4CwJzprgbAnOnuAcCc6Z4FwJzp3gPAnOm+B8Cc6f4AIJLpjgQgkunOAiCS6a4GIJkuDiCS6R4JIJLpXg0gkuk+CyCS6X4PIJrpDgigmulODKCa6S4KoJrpbg6gmukeCaCa6V4NoJrpPgugmul+D6CW6Q4IYJbpTgxglukuCmCW6W4OYJbpHglgluleDWCW6T4LYJbpfg9gnukOCOCe6U4M4J7pLgrgnuluDuCe6R4J4J7pXg3gnuk+C+Ce6X4P4JHpDggQkelODBCR6S4KEJHpbg4QkekeCRCR6V4NEJHpPgsQkel+DxCZrgCQmemOBJCZ6c4CkJnprgaQmenuAZCZ6Z4FkJnp3gOQmem+B5CZ6f4AUJXpjgRQlenOAlCV6a4GUJXp7gFQlemeBVCV6d4DUJXpvgdQlen+ANCd6Y4E0J3pzgLQnemuBtCd6e4B0J3pngXQneneA9Cd6b4H0J3p/gAwk+mOBDCT6c4CMJPprgYwmOSnCQYJBgmGCUYJxgkmCaYJZgnmCRYJlglWCdYJNgm2CXYJ/g4wk+keCTCT6V4NMJPpPgswk+l+DzCb6Q4IsJvpTgywm+kuCrCb6W4OsJvpHgmwm+leDbCb6T4LsJvpfg+wl+kOCHCX6U4OgEP07wkwQ/TfCzBD9P8IsEv0zwqwS/TvCbBL9N8LsEv0/whwR/TPCnBH9O8JcEf03wtwR/T/CPBMck+GeCfyX4d4L/JPhvgv8lODbBISmOk+K4KY6X4vgpDk1xWIoTpDhhisNTnCjFiVOcJMVJUxyR4sgUJ0tx8hSnSHHKFKdKceoUp0lx2hSnS3H6FGdIccYUZ0px5hRnSXHWFGdLcfYU50hxzhTnSnHuFOdJcd4U50tx/hQXSHHBFBdKceEUF0lx0RQXS5EUF09xiRSXTHGpFJdOcZkUl01xuRSXT3GFFFdMcaUUV05xlRRXTXG1FFdPcY0U10xxrRTXTnGdFNdNcb0U109xgxQ3THGjFDdOcZMUN01xsxQ3T3GLFLdMcasUt05xmxS3TXG7FLdPcYcUd0xxpxR3TnGXFHdNcbcUd09xjxT3THGvFPdOcZ8U901xvxT3T/GAFA9M8aAUD07xkBQPTfGwFA9P8YgUj0zxqBSPTvGYFI9N8bgUj0/RFE9I8cQUT0rx5BRPSfHUFE9L8fQUz0jxzBTPSvHsFM9J8dwUz0vx/BQvSPHCFC9K8eIUL0nx0hQvS/HyFK9I8coUr0rx6hSvSfHaFK9L8foUb0jxxhRvSvHmFG9J8dYUb0vx9hTvSPHOFO9K8e4U70nx3hTvS/H+FB9I8cEUH0rx4RQfSfHRFB9LcVSKgxSDFMMUoxTjFJMU0xSzFPMUixTLFKsU6xSbFNsUuxT7FB9P8YkUn0zxqRSfTvGZFJ9N8bkUn0/xhRRfTPGlFF9O8ZUUX03xtRRfT/GNFN9M8a0U307xnRTfTfG9FN9P8YMUP0zxoxRHp/hxip+k+GmKn6X4eYpfpPhlil+l+HWK36T4bYrfpfh9ij+k+GOKP6X4c4q/pPhrir+l+HuKf6Q4JsU/U/wrxb9T/CfFf1P8L8WxKQ7JcJwMx81wvAzHz3BohsMynCDDCTMcnuFEGU6c4SQZTprhiAxHZjhZhpNnOEWGU2Y4VYZTZzhNhtNmOF2G02c4Q4YzZjhThjNnOEuGs2Y4W4azZzhHhnNmOFeGc2c4T4bzZjhfhvNnuECGC2a4UIYLZ7hIhotmuFiGZLh4hktkuGSGS2W4dIbLZLhshstluHyGK2S4YoYrZbhyhqtkuGqGq2W4eoZrZLhmhmtluHaG62S4bobrZbh+hhtkuGGGG2W4cYabZLhphptluHmGW2S4ZYZbZbh1httkuG2G22W4fYY7ZLhjhjtluHOGu2S4a4a7Zbh7hntkuGeGe2W4d4b7ZLhvhvtluH+GB2R4YIYHZXhwhodkeGiGh2V4eIZHZHhkhkdleHSGx2R4bIbHZXh8hmZ4QoYnZnhShidneEqGp2Z4WoanZ3hGhmdmeFaGZ2d4TobnZnhehudneEGGF2Z4UYYXZ3hJhpdmeFmGl2d4RYZXZnhVhldneE2G12Z4XYbXZ3hDhjdmeFOGN2d4S4a3ZnhbhrdneEeGd2Z4V4Z3Z3hPhvdmeF+G92f4QIYPZvhQhg9n+EiGj2b4WIajMhxkGGQYZhhlGGeYZJhmmGWYZ1hkWGZYZVhn2GTYZthl2Gf4eIZPZPhkhk9l+HSGz2T4bIbPZfh8hi9k+GKGL2X4coavZPhqhq9l+HqGb2T4ZoZvZfh2hu9k+G6G72X4foYfZPhhhh9lODrDjzP8JMNPM/wsw88z/CLDLzP8KsOvM/wmw28z/C7D7zP8IcMfM/wpw58z/CXDXzP8LcPfM/wjwzEZ/pnhXxn+neE/Gf6b4X8Zjs1wSI7j5DhujuPlOH6OQ3McluMEOU6Y4/AcJ8px4hwnyXHSHEfkODLHyXKcPMcpcpwyx6lynDrHaXKcNsfpcpw+xxlynDHHmXKcOcdZcpw1x9lynD3HOXKcM8e5cpw7x3lynDfH+XKcP8cFclwwx4VyXDjHRXJcNMfFciTHxXNcIsclc1wqx6VzXCbHZXNcLsflc1whxxVzXCnHlXNcJcdVc1wtx9VzXCPHNXNcK8e1c1wnx3VzXC/H9XPcIMcNc9wox41z3CTHTXPcLMfNc9wixy1z3CrHrXPcJsdtc9wux+1z3CHHHXPcKcedc9wlx11z3C3H3XPcI8c9c9wrx71z3CfHfXPcL8f9czwgxwNzPCjHg3M8JMdDczwsx8NzPCLHI3M8Ksejczwmx2NzPC7H43M0xxNyPDHHk3I8OcdTcjw1x9NyPD3HM3I8M8ezcjw7x3NyPDfH83I8P8cLcrwwx4tyvDjHS3K8NMfLcrw8xytyvDLHq3K8Osdrcrw2x+tyvD7HG3K8Mcebcrw5x1tyvDXH23K8Pcc7crwzx7tyvDvHe3K8N8f7crw/xwdyfDDHh3J8OMdHcnw0x8dyHJXjIMcgxzDHKMc4xyTHNMcsxzzHIscyxyrHOscmxzbHLsd++JAh/zPxRI5P5vhUjk/n+EyOz+b4XI7P5/hCji/m+FKOL+f4So6v5vhajq/n+EaOb+b4Vo5v5/hOju/m+F6O7+f4QY4f5vhRjqNz/DjHT3L8NMfPcvw8xy9y/DLHr3L8Osdvcvw2x+9y/D7HH3L8Mcefcvw5x19y/DXH33L8Pcc/chyT4585/pXj3zn+k+O/Of6X49gchxQ4ToHjFjhegeMXOLTAYQVOUOCEBQ4vcKICJy5wkgInLXBEgSMLnKzAyQucosApC5yqwKkLnKbAaQucrsDpC5yhwBkLnKnAmQucpcBZC5ytwNkLnKPAOQucq8C5C5ynwHkLnK/A+QtcoMAFC1yowIULXKTARQtcrEAKXLzAJQpcssClCly6wGUKXLbA5QpcvsAVClyxwJUKXLnAVQpctcDVCly9wDUKXLPAtQpcu8B1Cly3wPUKXL/ADQrcsMCNCty4wE0K3LTAzQrcvMAtCtyywK0K3LrAbQrctsDtCty+wB0K3LHAnQrcucBdCty1wN0K3L3APQrcs8C9Cty7wH0K3LfA/Qrcv8ADCjywwIMKPLjAQwo8tMDDCjy8wCMKPLLAowo8usBjCjy2wOMKPL5ACzyhwBMLPKnAkws8pcBTCzytwNMLPKPAMws8q8CzCzynwHMLPK/A8wu8oMALC7yowIsLvKTASwu8rMDLC7yiwCsLvKrAqwu8psBrC7yuwOsLvKHAGwu8qcCbC7ylwFsLvK3A2wu8o8A7C7yrwLsLvKfAewu8r8D7C3ygwAcLfKjAhwt8pMBHC3yswFEFDgoMCgwLjAqMC0wKTAvMCswLLAosC6wKrAtsCmwL7ArsC3y8wCcKfLLApwp8usBnCny2wOcKfL7AFwp8scCXCny5wFcKfLXA1wp8vcA3CnyzwLcKfLvAdwp8t8D3Cny/wA8K/LDAjwocXeDHBX5S4KcFflbg5wV+UeCXBX5V4NcFflPgtwV+V+D3Bf5Q4I8F/lTgzwX+UuCvBf5W4O8F/lHgmAL/LPCvAv8u8J8C/y3wvwLHFjikxHFKHLfE8Uocv8ShJQ4rcYISJyxxeIkTlThxiZOUOGmJI0ocWeJkJU5e4hQlTlniVCVOXeI0JU5b4nQlTl/iDCXOWOJMJc5c4iwlzlribCXOXuIcJc5Z4lwlzl3iPCXOW+J8Jc5f4gIlLljiQiUuXOIiJS5a4mIlUuLiJS5R4pIlLlXi0iUuU+KyJS5X4vIlrlDiiiWuVOLKJa5S4qolrlbi6iWuUeKaJa5V4tolrlPiuiWuV+L6JW5Q4oYlblTixiVuUuKmJW5W4uYlblHiliVuVeLWJW5T4rYlblfi9iXuUOKOJe5U4s4l7lLiriXuVuLuJe5R4p4l7lXi3iXuU+K+Je5X4v4lHlDigSUeVOLBJR5S4qElHlbi4SUeUeKRJR5V4tElHlPisSUeV+LxJVriCSWeWOJJJZ5c4iklnlriaSWeXuIZJZ5Z4lklnl3iOSWeW+J5JZ5f4gUlXljiRSVeXOIlJV5a4mUlXl7iFSVeWeJVJV5d4jUlXlvidSVeX+INJd5Y4k0l3lziLSXeWuJtJd5e4h0l3lniXSXeXeI9Jd5b4n0l3l/iAyU+WOJDJT5c4iMlPlriYyWOKnFQYlBiWGJUYlxiUmJaYlZiXmJRYlliVWJdYlNiW2JXYl/i4yU+UeKTJT5V4tMlPlPisyU+V+LzJb5Q4oslvlTiyyW+UuKrJb5W4uslvlHimyW+VeLbJb5T4rslvlfi+yV+UOKHJX5U4ugSPy7xkxI/LfGzEj8v8YsSvyzxqxK/LvGbEr8t8bsSvy/xhxJ/LPGnEn8u8ZcSfy3xtxJ/L/GPEseU+GeJf5X4d4n/lPhvif+VOLbEIRWOU+G4FY5X4fgVDq1wWIUTVDhhhcMrnKjCiSucpMJJKxxR4cgKJ6tw8gqnqHDKCqeqcOoKp6lw2gqnq3D6CmeocMYKZ6pw5gpnqXDWCmercPYK56hwzgrnqnDuCuepcN4K56tw/goXqHDBCheqcOEKF6lw0QoXq5AKF69wiQqXrHCpCpeucJkKl61wuQqXr3CFClescKUKV65wlQpXrXC1ClevcI0K16xwrQrXrnCdCtetcL0K169wgwo3rHCjCjeucJMKN61wswo3r3CLCrescKsKt65wmwq3rXC7CrevcIcKd6xwpwp3rnCXCnetcLcKd69wjwr3rHCvCveucJ8K961wvwr3r/CACg+s8KAKD67wkAoPrfCwCg+v8IiK0aOGDPGoCo+u8JgKj63wuAqPr9AKT6jwxApPqvDkCk+p8NQKT6vw9ArPqPDMCs+q8OwKz6nw3ArPq/D8Ci+o8MIKL6rw4govqfDSCi+r8PIKr6jwygqvqvDqCq+p8NoKr6vw+gpvqPDGCm+q8OYKb6nw1gpvq/D2Cu+o8M4K76rw7grvqfDeCu+r8P4KH6jwwQofqvDhCh+p8NEKH6twVIWDCoMKwwqjCuMKkwrTCrMK8//1e8iQIWWFVYV1hU2FbYVdhX2Fj1f4RIVPVvhUhU9X+EyFz1b4XIXPV/hChS9W+FKFL1f4SoWvVvhaha9X+EaFb1b4VoVvV/hOhe9W+F6F71f4QYUfVvhRhaMr/LjCTyr8tMLPKvy8wi8q/LLCryr8usJvKvy2wu8q/L7CHyr8scKfKvy5wl8q/LXC3yr8vcI/KhxT4Z8V/lXh3xX+U+G/Ff5X4dgKh9Q4To3j1jhejePXOLTGYTVOUOOENQ6vcaIaJ65xkhonrXFEjSNrnKzGyWucosYpa5yqxqlrnKbGaWucrsbpa5yhxhlrnKnGmWucpcZZa5ytxtlrnKPGOWucq8a5a5ynxnlrnK/G+WtcoMYFa1yoxoVrXKTGRWtcrEZqXLzGJWpcssalaly6xmVqXLbG5WpcvsYValyxxpVqXLnGVWpctcbValy9xjVqXLPGtWpcu8Z1aly3xvVqXL/GDWrcsMaNaty4xk1q3LTGzWrcvMYtatyyxq1q3LrGbWrctsbtaty+xh1q3LHGnWrcucZdaty1xt1q3L3GPWrcs8a9aty7xn1q3LfG/Wrcv8YDajywxoNqPLjGQ2o8tMbDajy8xiNqPLLGo2o8usZjajy2xuNqPL5GazyhxhNrPKnGk2s8pcZTazytxtNrPKPGM2s8q8azazynxnNrPK/G82u8oMYLa7yoxotrvKTGS2u8rMbLa7yixitrvKrGq2u8psZra7yuxutrvKHGG2u8qcaba7ylxltrvK3G22u8o8Y7a7yrxrtrvKfGe2u8r8b7a3ygxgdrfKjGh2t8pMZHa3ysxlE1DmoMagxrjGqMa0xqTGvMasxrLGosa6xqrGtsamxr7Grsa3y8xidqfLLGp2p8usZnany2xudqfL7GF2p8scaXany5xldqfLXG12p8vcY3anyzxrdqfLvGd2p8t8b3any/xg9q/LDGj2ocXePHNX5S46c1flbj5zV+UeOXNX5V49c1flPjtzV+V+P3Nf5Q4481/lTjzzX+UuOvNf5W4+81/lHjmBr/rPGvGv+u8Z8a/63xvxrH1jikwXEaHLfB8Rocv8GhDQ5rcIIGJ2xweIMTNThxg5M0OGmDIxoc2eBkDU7e4BQNTtngVA1O3eA0DU7b4HQNTt/gDA3O2OBMDc7c4CwNztrgbA3O3uAcDc7Z4FwNzt3gPA3O2+B8Dc7f4AINLtjgQg0u3OAiDS7a4GIN0uDiDS7R4JINLtXg0g0u0+CyDS7X4PINrtDgig2u1ODKDa7S4KoNrtbg6g2u0eCaDa7V4NoNrtPgug2u1+D6DW7Q4IYNbtTgxg1u0uCmDW7W4OYNbtHglg1u1eDWDW7T4LYNbtfg9g3u0OCODe7U4M4N7tLgrg3u1uDuDe7R4J4N7tXg3g3u0+C+De7X4P4NHtDggQ0e1ODBDR7S4KENHtbg4Q0e0eCRDR7V4NENHtPgsQ0e1+DxDdrgCQ2e2OBJDZ7c4CkNntrgaQ2e3uAZDZ7Z4FkNnt3gOQ2e2+B5DZ7f4AUNXtjgRQ1e3OAlDV7a4GUNXt7gFQ1e2eBVDV7d4DUNXtvgdQ1e3+ANDd7Y4E0N3tzgLQ3e2uBtDd7e4B0N3tngXQ3e3eA9Dd7b4H0N3t/gAw0+2OBDDT7c4CMNPtrgYw2OanDQYNBg2GDUYNxg0mDaYNZg3mDRYNlg1WDdYNNg22DXYN/g4w0+0eCTDT7V4NMNPtPgsw0+1+DzDb7Q4IsNvtTgyw2+0uCrDb7W4OsNvtHgmw2+1eDbDb7T4LsNvtfg+w1+MBQ/bPCjBkc3+HGDnzT4aYOfNfh5g180+GWDXzX4dYPfNPhtg981+H2DPzT4Y4M/Nfhzg780+GuDvzX4e4N/NDimwT8b/KvBvxv8p8F/G/yvwbENDmlxnBbHbXG8FsdvcWiLw1qcoMUJWxze4kQtTtziJC1O2uKIFke2OFmLk7c4RYtTtjhVi1O3OE2L07Y4XYvTtzhDizO2OFOLM7c4S4uztjhbi7O3OEeLc7Y4V4tztzhPi/O2OF+L87e4QIsLtrhQiwu3uEiLi7a4WIu0uHiLS/wzjku2uFSLS7e4TIvLtrhci8u3uEKLK7a4Uosrt7hKi6u2uFqLq7e4RotrtrhWi2u3uE6L67a4Xovrt7hBixu2uFGLG7e4SYubtrhZi5u3uEWLW7a4VYtbt7hNi9u2uF2L27e4Q4s7trhTizu3uEuLu7a4W4u7t7hHi3u2uFeLe7e4T4v7trhfi/u3eECLB7Z4UIsHt3hIi4e2eFiLh7d4RItHtnhUi0e3eEyLx7Z4XIvHt2iLJ7R4YosntXhyi6e0eGqLp7V4eotntHhmi2e1eHaL57R4bovntXh+ixe0eGGLF7V4cYuXtHhpi5e1eHmLV7R4ZYtXtXh1i9e0eG2L17V4fYs3tHhjize1eHOLt7R4a4u3tXh7i3e0eGeLd7V4d4v3tHhvi/e1eH+LD7T4YIsPtfhwi4+0+GiLj7U4qsVBi0GLYYtRi3GLSYtpi1mLeYtFi2WLVYt1i02LbYtdi32Lj7f4RItPtvhUi0+3+EyLz7b4XIvPt/hCiy+2+FKLL7f4Souvtvhai6+3+EaLb7b4Votvt/hOi++2+F6L77f4QYsftvhRi6Nb/LjFT1r8tMXPWvy8xS9a/LLFr1r8usVvWvy2xe9a/L7FH1r8scWfWvy5xV9a/LXF31r8vcU/WhzT4p8t/tXi3y3+0+K/Lf7X4tgWh3Q4Tofjdjheh+N3OLTDYR1O0OGEHQ7vcKIOJ+5wkg4n7XBEhyM7nKzDyTucosMpO5yqw6k7nKbDaTucrsPpO5yhwxk7nKnDmTucpcNZO5ytw9k7nKPDOTucq8O5O5ynw3k7nK/D+TtcoMMFO1yow4U7XKTDRTtcrEM6XLzDJTpcssOlOly6w2U6XLbD5TpcvsMVOlyxw5U6XLnDVTpctcPVOly9wzU6XLPDtTpcu8N1Oly3w/U6XL/DDTrcsMONOty4w0063LTDzTrcvMMtOtyyw6063LrDbTrctsPtOty+wx063LHDnTrcucNdOty1w9063L3DPTrcs8O9Oty7w3063LfD/Trcv8MDOjyww4M6PLjDQzo8tMPDOjy8wyM6PLLDozo8usNjOjy2w+M6PL5DOzyhwxM7PKnDkzs8pcNTOzytw9M7PKPDMzs8q8OzOzynw3M7PK/D8zu8oMMLO7yow4s7vKTDSzu8rMPLO7yiwys7vKrDqzu8psNrO7yuw+s7vKHDGzu8qcObO7ylw1s7vK3D2zu8o8M7O7yrw7s7vKfDezu8r8P7O3ygwwc7fKjDhzt8pMNHO3ysw1EdDjoMOgw7jDqMO0w6TDvMOsw7LDosO6w6rDtsOmw77DrsO3y8wyc6fLLDpzp8usNnOny2w+c6fL7DFzp8scOXOny5w1c6fLXD1zp8vcM3Onyzw7c6fLvDdzp8t8P3Ony/ww86/LDDjzoc3eHHHX7S4acdftbh5x1+0eGXHX7V4dcdftPhtx1+1+H3Hf7Q4Y8d/tThzx3+0uGvHf72P89D8I8Ox3T4Z4d/dfh3h/90+G+H/3U4tsMhPY7T47g9jtfj+D0O7XFYjxP0OGGPw3ucqMeJe5ykx0l7HNHjyB4n63HyHqfoccoep+px6h6n6XHaHqfrcfoeZ+hxxh5n6nHmHmfpcdYeZ+tx9h7n6HHOHufqce4e5+lx3h7n63H+HhfoccEeF+px4R4X6XHRHhfrkR4X73GJHpfscakel+5xmR6X7XG5HpfvcYUeV+xxpR5X7nGVHlftcbUeV+9xjR7X7HGtHtfucZ0e1+1xvR7X73GDHjfscaMeN+5xkx437XGzHjfvcYset+xxqx637nGbHrftcbset+9xhx537HGnHnfucZced+1xtx5373GPHvfsca8e9+5xnx737XG/Hvfv8YAeD+zxoB4P7vGQHg/t8bAeD+/xiB6P7PGoHo/u8Zgej+3xuB6P79EeT+jxxB5P6vHkHk/p8dQeT+vx9B7P6PHMHs/q8ewez+nx3B7P6/H8Hi/o8cIeL+rx4h4v6fHSHi/r8fIer+jxyh6v6vHqHq/p8doer+vx+h5v6PHGHm/q8eYeb+nx1h5v6/H2Hu/o8c4e7+rx7h7v6fHeHu/r8f4eH+jxwR4f6vHhHh/p8dEeH+txVI+DHv9fAAAA//8ao8kY")

627.226223ms ago: executing program 3 (id=2126):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000440)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB, @ANYBLOB], 0xc4}}, 0x4c050)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r3 = syz_open_dev$vcsn(&(0x7f0000000180), 0x3ff, 0x28081)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f00000003c0)={0x9e0000, 0x3, 0xfffffff6, r3, 0x0, &(0x7f0000000240)={0x990964, 0x5, '\x00', @ptr=0x2}})
connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}, 0x2000000}, 0x1c)
fchdir(0xffffffffffffffff)
r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x141a82, 0x0)
write$cgroup_int(r4, &(0x7f0000000040)=0x900, 0x12)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000000c0), 0x4)
accept4$llc(0xffffffffffffffff, 0x0, &(0x7f0000000340), 0x80000)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0xa01, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r5, 0xc0045009, &(0x7f0000000040)=0x2)
pipe2$watch_queue(&(0x7f00000000c0)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x80)
r8 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_WATCH_KEY(0x20, r8, r6, 0x39)
keyctl$KEYCTL_WATCH_KEY(0x20, r8, r7, 0xffffffffffffffff)

502.874892ms ago: executing program 5 (id=2127):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000380)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x4, 0xfff, 0xfffffe0080000001, 0xffffffe7, 0xffffffff}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SNDCTL_SEQ_OUTOFBAND(0xffffffffffffffff, 0x40085112, 0x0)
r2 = socket$kcm(0x2, 0x3, 0x2)
socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r2, 0x8916, &(0x7f0000000040)={'veth1_macvtap\x00', @random="0200ac7f7f00"})
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
r4 = memfd_create(&(0x7f0000000b00)='\x9d#\x00\xe6Z\x00\xafq%\xa5\x83\xa6\xb5\x01\x83y\xf3\xb2\xe6b$\a\x00\x00\x00\x00\x00\x01\x00\x00\xf7\xffg\xf5\x12oP\b\x00\x00\x00LR\xa1\x00\x00\x17\x1f$^\xe1\x00\x04\x00\x00\x00\x00\a\xff;\xeb\xf1\xd0\xce\xe5\x19\x12\b\x01\xd9\xae>/\x05\x00\xce\xd5O\xcc\b\x9e\x19\x19#\x00\x00\x15\x00\x00\x00\xa1\xa2\xe0g\x98\xbf*\xdcc\x12.\xb7\xbe`\'\xcb\xb6\xaf\xdc\xa0D\x93.\xf25\x957\xec\xfb\xe6|\\\xe4h\xfc\x14\x05\x00\xfd\xc7\x00\x00\x00\x00\x91\x98\x15\xec\xdb\xaa\t9\x11\xb4h$h\x0ew\x00&0\xdd\x19\x86\x90\xbe\xd7\xdc\n\xcbC\x15\xfcp\x11\xdai\f{a?\xd0\xe1{\x84\xb5\x82q\x19\xacS\x88|\x99\xfd\x9eS\x80\xcb\x14G\xfa\xff\xff\xff\xff\xff\xff\xff\xcd\xf0\xb1\xd2\x168\xbf`$\xbf\xca\xea\xa3\x83q\xb6Pr\xd4\xb5X\\\xdbD\n\x03G\x00\x04\x00\x01\xbc\xac\x18\xba\xce\xb3%QF\x03\b\x9dh\xcb)\xf4f\x12[\xf9\r\t\xff\x06\xe7j\x9fTJ;T\xf3\xfa\xef{h\xb0\xc0:\x8f|\x8f\x06\xf8T\x826`M\x11\x1c\xb0*8\v\x1e\xcf\x03\xd3\xe8,?P\xac\x86\x13b\xa8D\x0f\x93\xab\x1c\x11\x00\xc5\x8d\x82\x00\x00\x00\x00\x00\x00\x00\x0f\x81\xf3\x05\xa3{\x96\xf9\xba\x9em\xe9\"\x03\x933P\xbb\xd6\x9b\f\xa7\x8f9\x988\tgC\xbc\xe0\xc5\xf4\xe0E%\xd9\xd8w\x00k\x042Y\xd9\xc5\xe59\xa95\xd1m\xd8hCuZYi\x10\x00\xb9\xe6\xff\x04K%yH\xe5\xf4\x8b\x03Ca8\x1e\xe9\\#\xf8O\fw\xd9\xf5cF\xcc\x1a2ex\xb4\x0fi$\x97\x81.\x02\x04m\xfbT2\xd4\"\x1e\xf0\x16\x0f\x97\xe6j}J\xca\xb8)f\xd5\xfd>\x9bU\xb0\x03Zt0\xc0b\xad\xef@o\xc1\xd6\x17T\f\xc30\xe2\x89\xf6L\x131\x9c\t\xa7\x80\x1b:\xbb\x04\xd7\xd1\x06\xa0\xe9\xbah\xb6\xb2\xea/{Q\xca\x14\x13\x9ajWt\xc9\xecd\r\xd5)\x1d\xaf\n\xc0\xc1\x1d}DY\x95&\xe7\xf4U\xff\xcd&\a\x9f\x1bg\xe5|~\xc1\xc5n\x12%ur\xa1\x9e`\xc2\x01\b,\x18\xaf\xccD\xdeag\xc6\xf3\xd6\x94\x9d\xae\x8bl\xee\x7fu\xe5bu\x84\x04\xb3@\xa1\xf7\xc6\x13\xf9I\xfa\x12\xfc\x96\",aT\xfd\"\x01\x92\xb1\xbf\x8a\x15\x88\xfd\x8f\x88\x87\x82\x9c:L\xd2\xb8\xfa5\x066\x82\xf3_LUr\xfa\xd2\x99d \x97c9G\x99\xe3\xcc$\x96cu\x97\xe7\xc7a\tm\xe8F\xc7j\xf8\x98\x81\xe7\xf7\xab3F\xf4u\xdaav\xd21\v\x99HG\xdfx\x1cPl\t#\xc1\x8e\xddW\x00\x00\x00\x8fw\xa9A\xf7m\xeec\xb6\\\xa4T\xeej\xe2\xba\xb2V\xacc\xc6|\xae]\xdb\x10\xb3\x80z\xd5\n\xa3u\xfb\b\x03\xe5\xca;\xe5uH<\x9a\x12\x84(\x9f\xd2\xe1k\x955;J\xa4\x81Lm\x90\x1a\xfdI}\xb0\xa1\xfa9\x17\xd1\xa2\xc7\xca\x98\xaeS\x92Ew`\xd2\x02\xda\xc9\xd4\xea\x02\x1d\xd3\xd5\x81\xdb\xd9~\xd6-:\xee\xe8\t\xf7\xe6\xf1\x88\x86\xb0\x04\x9ep\xb1\x93\x16\xf9\xdb\x15\x8a\xa3h<\xaf\xa0\xb5\xb0\x05ir\xff\xff\xff\xff\x00\x00\x00\x00\x83\x91\xad\x11\xf4\xbcz\x9b\x8bp]o\au\x175I\x1d\xe2\x97\xb6\x06\xdc\x14\x9b>\xd7F\xdb?\xc7%0n/\xf5S\xb5\xe8\xa5\xd1\xddN\xf9ir\xd1r\xf4L\t3\xadDz\\\xf4`\x13\xf7)\x91w\a\xcc+E\xdd\xe9\xdbb\x9c\xff\x98\x03\xb7\x0e=\xba\xa3um\xde\xff$|\xb7\x86j+\x00\x00\x00\x00\x00\x00\x00Z\xef\xd6\xf4Zs\xfc\ro\x03\xabB\x18\xdc\a\xe3\r\x00\x00\x00\x00\x00\x00', 0x6)
fallocate(r4, 0xf4, 0x0, 0x400001)
fcntl$addseals(r4, 0x409, 0xc)
ioctl$FS_IOC_RESVSP(r4, 0x40305828, &(0x7f00000002c0)={0x0, 0x0, 0x2, 0x80})
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r3, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{0x0}], 0x1}, 0x4048043)

0s ago: executing program 6 (id=2128):
r0 = syz_open_dev$usbfs(&(0x7f0000000480), 0x76, 0x160341)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffc}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
add_key$user(&(0x7f0000000000), 0x0, &(0x7f0000000440), 0x0, 0x0)
ioctl$USBDEVFS_IOCTL(r0, 0x4004550c, &(0x7f0000000200))

kernel console output (not intermixed with test programs):

/0x10
[  708.607185][T12309]  ? __pfx__printk+0x10/0x10
[  708.607215][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.607257][T12309]  should_fail_ex+0x414/0x560
[  708.607302][T12309]  prepare_alloc_pages+0x213/0x610
[  708.607346][T12309]  __alloc_frozen_pages_noprof+0x123/0x370
[  708.607377][T12309]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  708.607412][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.607440][T12309]  ? policy_nodemask+0x27c/0x720
[  708.607463][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.607491][T12309]  ? rcu_is_watching+0x15/0xb0
[  708.607525][T12309]  alloc_pages_mpol+0x232/0x4a0
[  708.607557][T12309]  alloc_pages_noprof+0xa9/0x190
[  708.607584][T12309]  af_alg_sendmsg+0x1445/0x2440
[  708.607636][T12309]  ? aa_sk_perm+0x81e/0x950
[  708.607675][T12309]  ? __pfx_af_alg_sendmsg+0x10/0x10
[  708.607705][T12309]  ? __pfx_aa_sk_perm+0x10/0x10
[  708.607736][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.607765][T12309]  ? tomoyo_socket_sendmsg_permission+0x1e1/0x300
[  708.607812][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.607840][T12309]  ? aa_sock_msg_perm+0xf1/0x1d0
[  708.607879][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.607908][T12309]  ? skcipher_sendmsg+0x26/0xf0
[  708.607941][T12309]  ? __pfx_skcipher_sendmsg+0x10/0x10
[  708.607977][T12309]  __sock_sendmsg+0x21c/0x270
[  708.608017][T12309]  __sys_sendto+0x3bd/0x520
[  708.608044][T12309]  ? __pfx___sys_sendto+0x10/0x10
[  708.608065][T12309]  ? count_memcg_event_mm+0x21/0x260
[  708.608114][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.608156][T12309]  ? exc_page_fault+0x82/0x100
[  708.608193][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.608222][T12309]  ? do_user_addr_fault+0xc85/0x1380
[  708.608255][T12309]  __x64_sys_sendto+0xde/0x100
[  708.608284][T12309]  do_syscall_64+0xfa/0xfa0
[  708.608316][T12309]  ? lockdep_hardirqs_on+0x9c/0x150
[  708.608357][T12309]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.608381][T12309]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.608409][T12309]  ? exc_page_fault+0xab/0x100
[  708.608445][T12309]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.608469][T12309] RIP: 0033:0x7f8f6bb9155c
[  708.608490][T12309] Code: 2a 5f 02 00 44 8b 4c 24 2c 4c 8b 44 24 20 89 c5 44 8b 54 24 28 48 8b 54 24 18 b8 2c 00 00 00 48 8b 74 24 10 8b 7c 24 08 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 44 24 08 e8 70 5f 02 00 48 8b
[  708.608511][T12309] RSP: 002b:00007f8f69decec0 EFLAGS: 00000293 ORIG_RAX: 000000000000002c
[  708.608537][T12309] RAX: ffffffffffffffda RBX: 00007f8f69decfc0 RCX: 00007f8f6bb9155c
[  708.608556][T12309] RDX: 000000000000001c RSI: 00007f8f69ded010 RDI: 0000000000000004
[  708.608573][T12309] RBP: 0000000000000000 R08: 00007f8f69decf14 R09: 000000000000000c
[  708.608589][T12309] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000004
[  708.608604][T12309] R13: 00007f8f69decf68 R14: 00007f8f69ded010 R15: 0000000000000000
[  708.608645][T12309]  </TASK>
[  708.619485][T12312] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  708.648711][T12310] CPU: 0 UID: 0 PID: 12310 Comm: syz.6.1711 Not tainted syzkaller #0 PREEMPT(full) 
[  708.648744][T12310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  708.648762][T12310] Call Trace:
[  708.648773][T12310]  <TASK>
[  708.648783][T12310]  dump_stack_lvl+0x189/0x250
[  708.648823][T12310]  ? __pfx____ratelimit+0x10/0x10
[  708.648855][T12310]  ? __pfx_dump_stack_lvl+0x10/0x10
[  708.648890][T12310]  ? __pfx__printk+0x10/0x10
[  708.648917][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.648961][T12310]  should_fail_ex+0x414/0x560
[  708.649005][T12310]  _copy_from_iter+0x1de/0x1790
[  708.649041][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649068][T12310]  ? rcu_is_watching+0x15/0xb0
[  708.649097][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649129][T12310]  ? kmalloc_reserve+0xbd/0x290
[  708.649153][T12310]  ? __pfx__copy_from_iter+0x10/0x10
[  708.649183][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649211][T12310]  ? __build_skb_around+0x262/0x3f0
[  708.649254][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649281][T12310]  ? skb_put+0x11b/0x210
[  708.649310][T12310]  netlink_sendmsg+0x6b2/0xb30
[  708.649353][T12310]  ? __pfx_netlink_sendmsg+0x10/0x10
[  708.649381][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649409][T12310]  ? aa_sock_msg_perm+0xf1/0x1d0
[  708.649448][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649476][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649504][T12310]  ? __pfx_netlink_sendmsg+0x10/0x10
[  708.649530][T12310]  __sock_sendmsg+0x21c/0x270
[  708.649568][T12310]  ____sys_sendmsg+0x505/0x830
[  708.649601][T12310]  ? __pfx_____sys_sendmsg+0x10/0x10
[  708.649640][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649667][T12310]  ? import_iovec+0x74/0xa0
[  708.649704][T12310]  ___sys_sendmsg+0x21f/0x2a0
[  708.649734][T12310]  ? __pfx____sys_sendmsg+0x10/0x10
[  708.649770][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649832][T12310]  ? __fget_files+0x2a/0x420
[  708.649854][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.649882][T12310]  ? __fget_files+0x3a0/0x420
[  708.649919][T12310]  __x64_sys_sendmsg+0x19b/0x260
[  708.649950][T12310]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  708.649989][T12310]  ? __pfx_ksys_write+0x10/0x10
[  708.650029][T12310]  ? do_syscall_64+0xbe/0xfa0
[  708.650067][T12310]  do_syscall_64+0xfa/0xfa0
[  708.650099][T12310]  ? lockdep_hardirqs_on+0x9c/0x150
[  708.650132][T12310]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.650155][T12310]  ? srso_alias_return_thunk+0x5/0xfbef5
[  708.650182][T12310]  ? exc_page_fault+0xab/0x100
[  708.650217][T12310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  708.650241][T12310] RIP: 0033:0x7f7b2c78f6c9
[  708.650263][T12310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  708.650283][T12310] RSP: 002b:00007f7b2d621038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  708.650308][T12310] RAX: ffffffffffffffda RBX: 00007f7b2c9e5fa0 RCX: 00007f7b2c78f6c9
[  708.650333][T12310] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 0000000000000006
[  708.650349][T12310] RBP: 00007f7b2d621090 R08: 0000000000000000 R09: 0000000000000000
[  708.650365][T12310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  708.650380][T12310] R13: 00007f7b2c9e6038 R14: 00007f7b2c9e5fa0 R15: 00007ffdaa659e38
[  708.650421][T12310]  </TASK>
[  708.696546][T12293] vlan3: entered promiscuous mode
[  709.424822][T12318] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  709.498717][ T5973] usbhid 5-1:0.0: can't add hid device: -71
[  709.504861][ T5973] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  709.551451][ T5973] usb 5-1: USB disconnect, device number 19
[  709.713860][T12326] loop6: detected capacity change from 0 to 4096
[  709.742877][T12326] EXT4-fs (loop6): Test dummy encryption mode enabled
[  709.778658][T12326] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  709.797926][T12326] System zones: 0-5
[  709.839466][T12326] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  709.856750][ T5973] kernel write not supported for file /input/mouse0 (pid: 5973 comm: kworker/0:7)
[  709.899876][T12306] loop0: detected capacity change from 0 to 32768
[  709.911722][T12326] EXT4-fs (loop6): shut down requested (2)
[  709.922664][T12326] kAFS: No cell specified
[  709.933574][T12306] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  709.971358][T12342] loop3: detected capacity change from 0 to 128
[  710.055674][T12342] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[  710.084058][T12342] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  710.181817][T12306] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  710.198639][T12344] syzkaller0: entered promiscuous mode
[  710.274985][T12344] syzkaller0: entered allmulticast mode
[  710.673527][T12306] XFS (loop0): Starting recovery (logdev: internal)
[  711.201097][T12355] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1722'.
[  711.210514][T12355] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1722'.
[  711.223176][T12306] XFS (loop0): Ending recovery (logdev: internal)
[  711.320623][ T5821] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  711.511020][ T7537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  711.530745][T12357] loop3: detected capacity change from 0 to 512
[  711.550870][T12357] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  711.633340][T12357] EXT4-fs error (device loop3): ext4_get_journal_inode:5808: comm syz.3.1723: inode #1792: comm syz.3.1723: iget: illegal inode #
[  711.699906][T12357] EXT4-fs (loop3): Remounting filesystem read-only
[  711.724011][T12361] loop4: detected capacity change from 0 to 2048
[  711.735104][T12357] EXT4-fs (loop3): no journal found
[  711.740348][T12357] EXT4-fs (loop3): can't get journal size
[  711.767854][T12357] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  711.779596][T12361] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  711.813317][T12357] EXT4-fs (loop3): Errors on filesystem, clearing orphan list.
[  711.884978][  T978] usb 6-1: new low-speed USB device number 27 using dummy_hcd
[  711.895121][T12361] NILFS (loop4): mounting unchecked fs
[  711.921853][T12357] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  712.102550][  T978] usb 6-1: config 32 has 1 interface, different from the descriptor's value: 2
[  712.456852][  T978] usb 6-1: config 32 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  712.479450][T12370] loop6: detected capacity change from 0 to 8
[  712.606334][T12370] SQUASHFS error: lzo decompression failed, data probably corrupt
[  712.614282][T12370] SQUASHFS error: Failed to read block 0x91: -5
[  712.620578][T12370] SQUASHFS error: Unable to read metadata cache entry [8f]
[  712.627854][T12370] SQUASHFS error: Unable to read inode 0x11f
[  712.643018][T12370] loop6: detected capacity change from 0 to 128
[  712.816801][  T978] usb 6-1: config 32 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  712.826882][  T978] usb 6-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  712.836842][  T978] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.265119][  T978] usb 6-1: string descriptor 0 read error: -71
[  713.290937][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  713.315530][T12361] NILFS (loop4): recovery complete
[  713.326798][T12376] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  713.422225][  T978] usb 6-1: USB disconnect, device number 27
[  713.637320][T12381] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  714.238790][  T850] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  714.429608][  T850] usb 1-1: Using ep0 maxpacket: 32
[  714.449341][  T850] usb 1-1: config 0 has an invalid interface number: 89 but max is 0
[  714.494485][  T850] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  714.547995][  T850] usb 1-1: config 0 has no interface number 0
[  714.554343][  T850] usb 1-1: config 0 interface 89 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  714.642649][  T850] usb 1-1: New USB device found, idVendor=12d1, idProduct=7ef3, bcdDevice=54.68
[  714.704399][  T850] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.705895][T12391] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1734'.
[  714.727372][  T850] usb 1-1: Product: syz
[  714.731592][  T850] usb 1-1: Manufacturer: syz
[  714.751227][  T850] usb 1-1: SerialNumber: syz
[  714.768622][  T850] usb 1-1: config 0 descriptor??
[  714.786770][  T850] hub 1-1:0.89: bad descriptor, ignoring hub
[  714.806061][  T850] hub 1-1:0.89: probe with driver hub failed with error -5
[  714.815418][  T850] option 1-1:0.89: GSM modem (1-port) converter detected
[  715.029827][ T5973] usb 4-1: new full-speed USB device number 22 using dummy_hcd
[  715.812893][  T850] usb 1-1: USB disconnect, device number 18
[  715.853396][  T850] option 1-1:0.89: device disconnected
[  715.894733][ T5973] usb 4-1: unable to read config index 0 descriptor/start: -61
[  715.912018][ T5973] usb 4-1: can't read configurations, error -61
[  716.076823][T12408] syzkaller0: entered promiscuous mode
[  716.082381][T12408] syzkaller0: entered allmulticast mode
[  716.101559][ T5973] usb 4-1: new full-speed USB device number 23 using dummy_hcd
[  716.391476][T12412] loop6: detected capacity change from 0 to 512
[  716.425905][T12412] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  716.440516][ T5973] usb 4-1: unable to read config index 0 descriptor/start: -61
[  716.470809][ T5973] usb 4-1: can't read configurations, error -61
[  716.509277][T12412] EXT4-fs error (device loop6): ext4_get_journal_inode:5808: comm syz.6.1741: inode #1792: comm syz.6.1741: iget: illegal inode #
[  716.587893][ T5973] usb usb4-port1: attempt power cycle
[  716.736300][T12412] EXT4-fs (loop6): Remounting filesystem read-only
[  716.828002][T12412] EXT4-fs (loop6): no journal found
[  716.948007][T12412] EXT4-fs (loop6): can't get journal size
[  717.055291][ T5973] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  717.123906][T12412] EXT4-fs (loop6): warning: mounting fs with errors, running e2fsck is recommended
[  717.297435][ T5973] usb 4-1: unable to read config index 0 descriptor/start: -61
[  717.368994][T12412] EXT4-fs (loop6): Errors on filesystem, clearing orphan list.
[  717.423380][ T5973] usb 4-1: can't read configurations, error -61
[  717.437037][T12412] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  717.795631][ T5973] usb 4-1: new full-speed USB device number 25 using dummy_hcd
[  717.868176][ T7537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  718.029349][ T5973] usb 4-1: device descriptor read/8, error -71
[  718.165216][ T5973] usb usb4-port1: unable to enumerate USB device
[  718.644246][T12404] loop4: detected capacity change from 0 to 32768
[  718.741418][T12404] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  720.301406][T12404] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  720.367982][  T850] kernel write not supported for file /input/mouse0 (pid: 850 comm: kworker/0:2)
[  720.417089][T12404] XFS (loop4): Starting recovery (logdev: internal)
[  720.543710][T12404] XFS (loop4): Ending recovery (logdev: internal)
[  720.613083][T12459] FAULT_INJECTION: forcing a failure.
[  720.613083][T12459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  720.638470][T12459] CPU: 0 UID: 0 PID: 12459 Comm: syz.0.1752 Not tainted syzkaller #0 PREEMPT(full) 
[  720.638501][T12459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  720.638517][T12459] Call Trace:
[  720.638527][T12459]  <TASK>
[  720.638539][T12459]  dump_stack_lvl+0x189/0x250
[  720.638577][T12459]  ? __pfx____ratelimit+0x10/0x10
[  720.638609][T12459]  ? __pfx_dump_stack_lvl+0x10/0x10
[  720.638642][T12459]  ? __pfx__printk+0x10/0x10
[  720.638667][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.638716][T12459]  should_fail_ex+0x414/0x560
[  720.638760][T12459]  _copy_from_iter+0x1de/0x1790
[  720.638795][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.638823][T12459]  ? rcu_is_watching+0x15/0xb0
[  720.638853][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.638884][T12459]  ? kmalloc_reserve+0xbd/0x290
[  720.638908][T12459]  ? __pfx__copy_from_iter+0x10/0x10
[  720.638937][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.638964][T12459]  ? __build_skb_around+0x262/0x3f0
[  720.639008][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.639035][T12459]  ? skb_put+0x11b/0x210
[  720.639062][T12459]  netlink_sendmsg+0x6b2/0xb30
[  720.639098][T12459]  ? __pfx_netlink_sendmsg+0x10/0x10
[  720.639125][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.639153][T12459]  ? aa_sock_msg_perm+0xf1/0x1d0
[  720.639192][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.639219][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.639247][T12459]  ? __pfx_netlink_sendmsg+0x10/0x10
[  720.639272][T12459]  __sock_sendmsg+0x21c/0x270
[  720.639310][T12459]  ____sys_sendmsg+0x505/0x830
[  720.639352][T12459]  ? __pfx_____sys_sendmsg+0x10/0x10
[  720.639389][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.639417][T12459]  ? import_iovec+0x74/0xa0
[  720.639454][T12459]  ___sys_sendmsg+0x21f/0x2a0
[  720.639484][T12459]  ? __pfx____sys_sendmsg+0x10/0x10
[  720.639518][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.639580][T12459]  ? __fget_files+0x2a/0x420
[  720.639603][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.639633][T12459]  ? __fget_files+0x3a0/0x420
[  720.639668][T12459]  __x64_sys_sendmsg+0x19b/0x260
[  720.639699][T12459]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  720.639737][T12459]  ? __pfx_ksys_write+0x10/0x10
[  720.639779][T12459]  ? do_syscall_64+0xbe/0xfa0
[  720.639816][T12459]  do_syscall_64+0xfa/0xfa0
[  720.639848][T12459]  ? lockdep_hardirqs_on+0x9c/0x150
[  720.639880][T12459]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.639904][T12459]  ? srso_alias_return_thunk+0x5/0xfbef5
[  720.639932][T12459]  ? exc_page_fault+0xab/0x100
[  720.639967][T12459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  720.639991][T12459] RIP: 0033:0x7f9104f8f6c9
[  720.640013][T12459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  720.640035][T12459] RSP: 002b:00007f9105d83038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  720.640062][T12459] RAX: ffffffffffffffda RBX: 00007f91051e6090 RCX: 00007f9104f8f6c9
[  720.640081][T12459] RDX: 0000000000040004 RSI: 0000200000000280 RDI: 0000000000000007
[  720.640098][T12459] RBP: 00007f9105d83090 R08: 0000000000000000 R09: 0000000000000000
[  720.640114][T12459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  720.640130][T12459] R13: 00007f91051e6128 R14: 00007f91051e6090 R15: 00007fff7772a9c8
[  720.640171][T12459]  </TASK>
[  720.970948][    C0] vkms_vblank_simulate: vblank timer overrun
[  721.030996][ T5837] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  721.275500][T12466] loop3: detected capacity change from 0 to 4096
[  722.103005][T12477] syzkaller0: entered promiscuous mode
[  722.936607][T12477] syzkaller0: entered allmulticast mode
[  723.426918][T12489] loop1: detected capacity change from 0 to 32768
[  723.464290][T12489] syz.1.1763: attempt to access beyond end of device
[  723.464290][T12489] loop1: rw=2049, sector=2621792, nr_sectors = 8 limit=32768
[  723.526683][  T111] blkno = 5002c, nblocks = 1
[  723.565263][  T111] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[  723.565263][  T111] 
[  723.704122][  T111] ERROR: (device loop1): remounting filesystem as read-only
[  724.033050][T12496] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1767'.
[  724.043607][T12496] block nbd0: not configured, cannot reconfigure
[  724.113232][  T850] kernel write not supported for file /input/mouse0 (pid: 850 comm: kworker/0:2)
[  726.448249][T10020] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  726.557039][T12520] kthread_run failed with err -4
[  727.105052][T10020] usb 5-1: New USB device found, idVendor=0dba, idProduct=3000, bcdDevice=26.ea
[  727.114283][T10020] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  727.128375][T12524] loop5: detected capacity change from 0 to 512
[  727.156135][T12524] EXT4-fs (loop5): Test dummy encryption mode enabled
[  727.172249][T10020] usb 5-1: config 0 descriptor??
[  727.197062][T12524] EXT4-fs (loop5): warning: mounting unchecked fs, running e2fsck is recommended
[  727.206745][T10020] usb 5-1: Invalid firmware size=18.
[  727.240287][T12524] EXT4-fs (loop5): Errors on filesystem, clearing orphan list.
[  727.279207][T12524] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  727.311714][T12532] syzkaller0: entered promiscuous mode
[  727.317866][T12532] syzkaller0: entered allmulticast mode
[  727.419909][T10020] usb 5-1: USB disconnect, device number 20
[  727.431556][T12524] ext4: Unknown parameter '0xffffffffffffffff'
[  727.581624][ T5825] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  728.856886][T12540] netlink: 324 bytes leftover after parsing attributes in process `syz.6.1782'.
[  732.833958][T12582] FAULT_INJECTION: forcing a failure.
[  732.833958][T12582] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  732.872537][T12582] CPU: 0 UID: 0 PID: 12582 Comm: syz.6.1796 Not tainted syzkaller #0 PREEMPT(full) 
[  732.872583][T12582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  732.872599][T12582] Call Trace:
[  732.872609][T12582]  <TASK>
[  732.872620][T12582]  dump_stack_lvl+0x189/0x250
[  732.872660][T12582]  ? __pfx____ratelimit+0x10/0x10
[  732.872694][T12582]  ? __pfx_dump_stack_lvl+0x10/0x10
[  732.872728][T12582]  ? __pfx__printk+0x10/0x10
[  732.872758][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.872800][T12582]  should_fail_ex+0x414/0x560
[  732.872846][T12582]  prepare_alloc_pages+0x213/0x610
[  732.872881][T12582]  __alloc_frozen_pages_noprof+0x123/0x370
[  732.872912][T12582]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  732.872950][T12582]  ? policy_nodemask+0x27c/0x720
[  732.872974][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.873008][T12582]  alloc_pages_mpol+0x232/0x4a0
[  732.873039][T12582]  vma_alloc_folio_noprof+0xe4/0x200
[  732.873069][T12582]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  732.873102][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.873138][T12582]  folio_prealloc+0x30/0x180
[  732.873179][T12582]  do_wp_page+0x1231/0x5800
[  732.873210][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.873250][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.873293][T12582]  ? __pfx_do_wp_page+0x10/0x10
[  732.873321][T12582]  ? do_raw_spin_lock+0x121/0x290
[  732.873360][T12582]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  732.873391][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.873433][T12582]  __handle_mm_fault+0x1033/0x5400
[  732.873489][T12582]  ? __pfx___handle_mm_fault+0x10/0x10
[  732.873541][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.873569][T12582]  ? follow_page_pte+0xd03/0x13e0
[  732.873622][T12582]  handle_mm_fault+0x40a/0x8e0
[  732.873668][T12582]  __get_user_pages+0x165c/0x2a00
[  732.873743][T12582]  __gup_longterm_locked+0xde4/0x1660
[  732.873782][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.873818][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.873846][T12582]  ? sanity_check_pinned_pages+0x123a/0x1300
[  732.873889][T12582]  gup_fast_fallback+0x1d65/0x22d0
[  732.873921][T12582]  ? is_bpf_text_address+0x26/0x2b0
[  732.873988][T12584] netlink: 'syz.0.1794': attribute type 9 has an invalid length.
[  732.873990][T12582]  ? __pfx_gup_fast_fallback+0x10/0x10
[  732.874020][T12582]  ? stack_trace_save+0x9c/0xe0
[  732.874051][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.874077][T12582]  ? stack_depot_save_flags+0x40/0x860
[  732.874118][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.874153][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.874179][T12582]  ? pin_user_pages_fast+0x4d/0xb0
[  732.874215][T12582]  iov_iter_extract_pages+0x35f/0x5e0
[  732.874260][T12582]  extract_iter_to_sg+0xe46/0x24e0
[  732.874308][T12582]  ? __pfx_extract_iter_to_sg+0x10/0x10
[  732.874356][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.874384][T12582]  ? __asan_memset+0x22/0x50
[  732.874420][T12582]  af_alg_get_rsgl+0x436/0x810
[  732.874476][T12582]  skcipher_recvmsg+0x3d1/0x11d0
[  732.874516][T12582]  ? aa_sk_perm+0x81e/0x950
[  732.874566][T12582]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  732.874606][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.874639][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.874667][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.874694][T12582]  ? security_socket_recvmsg+0x7e/0x2e0
[  732.874722][T12582]  ? __pfx_skcipher_recvmsg+0x10/0x10
[  732.874757][T12582]  sock_recvmsg+0x22c/0x270
[  732.874797][T12582]  ____sys_recvmsg+0x1c9/0x460
[  732.874837][T12582]  ? __pfx_____sys_recvmsg+0x10/0x10
[  732.874887][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.874915][T12582]  ? import_iovec+0x74/0xa0
[  732.874951][T12582]  ___sys_recvmsg+0x1b5/0x510
[  732.874986][T12582]  ? __pfx____sys_recvmsg+0x10/0x10
[  732.875045][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.875073][T12582]  ? __fget_files+0x3a0/0x420
[  732.875110][T12582]  __x64_sys_recvmsg+0x198/0x260
[  732.875142][T12582]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[  732.875183][T12582]  ? __pfx_ksys_write+0x10/0x10
[  732.875242][T12582]  ? do_syscall_64+0xbe/0xfa0
[  732.875281][T12582]  do_syscall_64+0xfa/0xfa0
[  732.875313][T12582]  ? lockdep_hardirqs_on+0x9c/0x150
[  732.875346][T12582]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.875369][T12582]  ? srso_alias_return_thunk+0x5/0xfbef5
[  732.875397][T12582]  ? exc_page_fault+0xab/0x100
[  732.875432][T12582]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  732.875456][T12582] RIP: 0033:0x7f7b2c78f6c9
[  732.875479][T12582] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  732.875499][T12582] RSP: 002b:00007f7b2d621038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[  732.875525][T12582] RAX: ffffffffffffffda RBX: 00007f7b2c9e5fa0 RCX: 00007f7b2c78f6c9
[  732.875543][T12582] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000004
[  732.875559][T12582] RBP: 00007f7b2d621090 R08: 0000000000000000 R09: 0000000000000000
[  732.875581][T12582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  732.875596][T12582] R13: 00007f7b2c9e6038 R14: 00007f7b2c9e5fa0 R15: 00007ffdaa659e38
[  732.875638][T12582]  </TASK>
[  733.512979][T12588] netlink: 'syz.0.1794': attribute type 9 has an invalid length.
[  733.974788][T12592] loop4: detected capacity change from 0 to 32768
[  734.076440][T12563] loop3: detected capacity change from 0 to 32768
[  734.100888][T12592] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  734.109199][T12592] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  734.125253][T12594] IPVS: set_ctl: invalid protocol: 59 172.20.20.170:19998
[  734.358081][T12594] loop6: detected capacity change from 0 to 32768
[  734.369861][T12594] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1799 (12594)
[  734.391043][T12594] BTRFS info (device loop6): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  734.401669][T12594] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  734.415050][T12592] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  734.424723][  T979] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  734.463902][  T979] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  734.481779][T12563] workqueue: Failed to create a rescuer kthread for wq "xfs-conv/loop3": -EINTR
[  735.556703][  T979] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 1092ms
[  735.600149][T12594] BTRFS info (device loop6): enabling ssd optimizations
[  735.609079][T12594] BTRFS info (device loop6): turning on async discard
[  735.615973][T12594] BTRFS info (device loop6): enabling free space tree
[  735.647841][  T979] gfs2: fsid=syz:syz.0: jid=0: Done
[  735.653157][T12592] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  735.681946][T12626] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1803'.
[  735.728772][T12594] BTRFS error (device loop6): balance: invalid convert metadata profile raid0
[  735.902626][ T7537] BTRFS info (device loop6): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  736.111944][T12632] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1806'.
[  736.391218][T12632] loop1: detected capacity change from 0 to 512
[  736.504359][T12632] EXT4-fs warning (device loop1): ext4_xattr_inode_get:560: inode #11: comm syz.1.1806: EA inode hash validation failed
[  736.588051][T12632] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #15: comm syz.1.1806: corrupted inode contents
[  736.650382][T12632] EXT4-fs error (device loop1): ext4_dirty_inode:6517: inode #15: comm syz.1.1806: mark_inode_dirty error
[  736.709858][T12632] EXT4-fs error (device loop1): ext4_do_update_inode:5632: inode #15: comm syz.1.1806: corrupted inode contents
[  736.754050][T12632] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2996: inode #15: comm syz.1.1806: mark_inode_dirty error
[  736.802742][T12632] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2999: inode #15: comm syz.1.1806: mark inode dirty (error -117)
[  736.905232][T12632] EXT4-fs warning (device loop1): ext4_evict_inode:274: xattr delete (err -117)
[  737.036706][T12632] EXT4-fs (loop1): 1 orphan inode deleted
[  737.054581][T12632] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  737.169298][T12646] loop0: detected capacity change from 0 to 4096
[  737.185040][ T5973] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  737.370241][ T5973] usb 4-1: Using ep0 maxpacket: 8
[  737.474240][ T5973] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  737.515046][ T5973] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF9, changing to 0x89
[  737.596510][ T5973] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  737.645015][ T5973] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 59391, setting to 1024
[  737.701920][ T5973] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  737.764974][ T5973] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  737.826692][ T5973] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  737.849627][ T5973] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.874626][ T5973] usb 4-1: Product: syz
[  737.888404][ T5973] usb 4-1: Manufacturer: syz
[  737.908211][ T5973] usb 4-1: SerialNumber: syz
[  738.046822][T12660] netlink: 'syz.4.1812': attribute type 8 has an invalid length.
[  738.096192][ T5973] usb 4-1: config 0 descriptor??
[  738.102368][T12649] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  738.103594][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  738.239896][T12665] loop5: detected capacity change from 0 to 128
[  738.316447][T12665] EXT4-fs (loop5): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  738.344115][T12668] netlink: 'syz.1.1814': attribute type 33 has an invalid length.
[  738.353055][T12668] netlink: 152 bytes leftover after parsing attributes in process `syz.1.1814'.
[  738.402154][T12668] netlink: 'syz.1.1814': attribute type 1 has an invalid length.
[  738.458619][T12665] ext4 filesystem being mounted at /306/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  738.503814][T12671] loop4: detected capacity change from 0 to 1024
[  738.527019][T12671] EXT4-fs: Ignoring removed i_version option
[  738.545034][T12671] EXT4-fs: inline encryption not supported
[  738.640519][T12671] EXT4-fs (loop4): Test dummy encryption mode enabled
[  738.698341][T12671] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  738.740047][T12671] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  738.779877][T12671] fscrypt: AES-256-CBC-CTS using implementation "cts-cbc-aes-aesni"
[  738.799714][ T5825] EXT4-fs (loop5): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  738.826135][T12671] fscrypt: AES-256-XTS using implementation "xts-aes-vaes-avx2"
[  738.909538][T12674] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection.
[  739.069818][T12671] overlayfs: failed index dir cleanup (-512)
[  739.165130][T12671] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index.
[  739.280810][ T5837] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  739.901906][ T5973] rc_core: IR keymap rc-snapstream-firefly not found
[  739.936791][ T5973] Registered IR keymap rc-empty
[  739.965164][ T5973] rc rc0: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0
[  739.995149][ T5973] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input17
[  740.066026][T12664] loop6: detected capacity change from 0 to 40427
[  740.089780][ T5973] input: syz syz mouse as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input19
[  740.205252][T12664] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  740.215404][T12664] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  740.735035][T12701] loop4: detected capacity change from 0 to 32768
[  740.760313][T12664] F2FS-fs (loop6): invalid crc value
[  740.800269][T12701] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  740.808817][T12701] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  740.835842][T12701] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  740.849916][  T978] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  740.854733][ T5973] usb 4-1: USB disconnect, device number 26
[  740.856903][    C0] ati_remote 4-1:0.0: ati_remote_irq_in: usb_submit_urb()=-19
[  740.903410][  T978] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  740.954385][T12710] loop1: detected capacity change from 0 to 256
[  740.982256][T12710] exfat: Deprecated parameter 'namecase'
[  741.300059][T12710] exfat: Deprecated parameter 'namecase'
[  741.325611][T12710] exfat: Deprecated parameter 'utf8'
[  741.356239][T12710] exfat: Deprecated parameter 'utf8'
[  741.390339][T12710] exfat: Deprecated parameter 'namecase'
[  741.413446][T12710] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x1102abd0, checksum : 0x1119abd0)
[  741.434777][T12710] exFAT-fs (loop1): invalid boot region
[  741.458489][T12664] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  741.490548][T12710] exFAT-fs (loop1): failed to recognize exfat type
[  741.738473][  T978] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 835ms
[  741.793485][  T978] gfs2: fsid=syz:syz.0: jid=0: Done
[  741.840582][T12701] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  742.447803][T12720] loop1: detected capacity change from 0 to 4096
[  744.324012][T12739] loop0: detected capacity change from 0 to 2048
[  744.437343][T12739] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  746.300779][T12752] FAULT_INJECTION: forcing a failure.
[  746.300779][T12752] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  746.592195][T12752] CPU: 1 UID: 0 PID: 12752 Comm: syz.5.1842 Not tainted syzkaller #0 PREEMPT(full) 
[  746.592229][T12752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  746.592246][T12752] Call Trace:
[  746.592256][T12752]  <TASK>
[  746.592267][T12752]  dump_stack_lvl+0x189/0x250
[  746.592308][T12752]  ? __pfx____ratelimit+0x10/0x10
[  746.592349][T12752]  ? __pfx_dump_stack_lvl+0x10/0x10
[  746.592384][T12752]  ? __pfx__printk+0x10/0x10
[  746.592411][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.592456][T12752]  should_fail_ex+0x414/0x560
[  746.592501][T12752]  _copy_from_iter+0x1de/0x1790
[  746.592537][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.592565][T12752]  ? rcu_is_watching+0x15/0xb0
[  746.592594][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.592626][T12752]  ? kmalloc_reserve+0xbd/0x290
[  746.592651][T12752]  ? __pfx__copy_from_iter+0x10/0x10
[  746.592682][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.592709][T12752]  ? __build_skb_around+0x262/0x3f0
[  746.592752][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.592781][T12752]  ? skb_put+0x11b/0x210
[  746.592809][T12752]  netlink_sendmsg+0x6b2/0xb30
[  746.592847][T12752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  746.592875][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.592902][T12752]  ? aa_sock_msg_perm+0xf1/0x1d0
[  746.592941][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.592969][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.592998][T12752]  ? __pfx_netlink_sendmsg+0x10/0x10
[  746.593024][T12752]  __sock_sendmsg+0x21c/0x270
[  746.593062][T12752]  ____sys_sendmsg+0x505/0x830
[  746.593096][T12752]  ? __pfx_____sys_sendmsg+0x10/0x10
[  746.593138][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.593166][T12752]  ? import_iovec+0x74/0xa0
[  746.593202][T12752]  ___sys_sendmsg+0x21f/0x2a0
[  746.593232][T12752]  ? __pfx____sys_sendmsg+0x10/0x10
[  746.593268][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.593335][T12752]  ? __fget_files+0x2a/0x420
[  746.593358][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.593385][T12752]  ? __fget_files+0x3a0/0x420
[  746.593421][T12752]  __x64_sys_sendmsg+0x19b/0x260
[  746.593451][T12752]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  746.593497][T12752]  ? do_syscall_64+0xbe/0xfa0
[  746.593535][T12752]  do_syscall_64+0xfa/0xfa0
[  746.593567][T12752]  ? lockdep_hardirqs_on+0x9c/0x150
[  746.593600][T12752]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.593623][T12752]  ? srso_alias_return_thunk+0x5/0xfbef5
[  746.593650][T12752]  ? exc_page_fault+0xab/0x100
[  746.593685][T12752]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  746.593709][T12752] RIP: 0033:0x7f8f6bb8f6c9
[  746.593731][T12752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  746.593753][T12752] RSP: 002b:00007f8f69dee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  746.593778][T12752] RAX: ffffffffffffffda RBX: 00007f8f6bde5fa0 RCX: 00007f8f6bb8f6c9
[  746.593796][T12752] RDX: 0000000000000044 RSI: 00002000000007c0 RDI: 0000000000000003
[  746.593813][T12752] RBP: 00007f8f69dee090 R08: 0000000000000000 R09: 0000000000000000
[  746.593829][T12752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  746.593844][T12752] R13: 00007f8f6bde6038 R14: 00007f8f6bde5fa0 R15: 00007ffdb2410c78
[  746.593883][T12752]  </TASK>
[  747.431364][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  747.442540][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  748.392533][T10020] usb 5-1: new low-speed USB device number 21 using dummy_hcd
[  748.705384][T10020] usb 5-1: device descriptor read/64, error -71
[  748.792969][T12770] loop5: detected capacity change from 0 to 4096
[  748.800217][T12777] netlink: 36 bytes leftover after parsing attributes in process `syz.6.1849'.
[  749.195883][T12775] loop1: detected capacity change from 0 to 32768
[  749.335015][T12775] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  749.343220][T12775] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  749.350352][T10020] usb 5-1: new low-speed USB device number 22 using dummy_hcd
[  749.388107][T12775] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  749.398234][ T5973] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  749.405267][ T5973] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  750.510097][T10020] usb 5-1: device descriptor read/64, error -71
[  751.010031][T10020] usb usb5-port1: attempt power cycle
[  751.020543][T12790] loop3: detected capacity change from 0 to 2048
[  751.073557][T12794] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  751.795057][T12790] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #2: comm {/}\: pblk 0 bad header/extent: too large eh_depth - magic f30a, entries 1, max 4(4), depth 25349(25349)
[  751.827575][ T5973] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 2422ms
[  751.835401][ T5973] gfs2: fsid=syz:syz.0: jid=0: Done
[  751.840810][T12775] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  751.858940][T12775] gfs2: fsid=syz:syz.0: can't create logd thread: -4
[  751.964602][T12790] EXT4-fs (loop3): Remounting filesystem read-only
[  752.042482][T12790] EXT4-fs (loop3): get root inode failed
[  752.084466][T12805] netlink: 'syz.6.1859': attribute type 15 has an invalid length.
[  752.095324][T12790] EXT4-fs (loop3): mount failed
[  752.455144][  T978] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  754.312361][  T978] usb 6-1: config 16 interface 0 altsetting 75 endpoint 0x7 has invalid maxpacket 1032, setting to 1024
[  754.352864][  T978] usb 6-1: config 16 interface 0 altsetting 75 endpoint 0x6 has invalid maxpacket 12336, setting to 64
[  754.521596][T12821] FAULT_INJECTION: forcing a failure.
[  754.521596][T12821] name failslab, interval 1, probability 0, space 0, times 0
[  754.534639][T12821] CPU: 0 UID: 0 PID: 12821 Comm: syz.4.1862 Not tainted syzkaller #0 PREEMPT(full) 
[  754.534670][T12821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  754.534686][T12821] Call Trace:
[  754.534696][T12821]  <TASK>
[  754.534707][T12821]  dump_stack_lvl+0x189/0x250
[  754.534747][T12821]  ? __pfx____ratelimit+0x10/0x10
[  754.534780][T12821]  ? __pfx_dump_stack_lvl+0x10/0x10
[  754.534813][T12821]  ? __pfx__printk+0x10/0x10
[  754.534850][T12821]  ? __pfx___might_resched+0x10/0x10
[  754.534884][T12821]  should_fail_ex+0x414/0x560
[  754.534928][T12821]  should_failslab+0xa8/0x100
[  754.534955][T12821]  __kmalloc_noprof+0xcb/0x7f0
[  754.534991][T12821]  ? copy_splice_read+0x143/0xa50
[  754.535035][T12821]  copy_splice_read+0x143/0xa50
[  754.535087][T12821]  ? __pfx_copy_splice_read+0x10/0x10
[  754.535121][T12821]  ? look_up_lock_class+0x74/0x170
[  754.535157][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.535185][T12821]  ? register_lock_class+0x51/0x320
[  754.535214][T12821]  ? __pfx_pipe_lock_cmp_fn+0x10/0x10
[  754.535251][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.535285][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.535312][T12821]  ? alloc_pipe_info+0x374/0x4d0
[  754.535356][T12821]  ? __pfx_copy_splice_read+0x10/0x10
[  754.535392][T12821]  splice_direct_to_actor+0x4a9/0xcc0
[  754.535454][T12821]  ? __pfx_direct_splice_actor+0x10/0x10
[  754.535492][T12821]  ? __pfx_splice_direct_to_actor+0x10/0x10
[  754.535544][T12821]  do_splice_direct+0x181/0x270
[  754.535579][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.535611][T12821]  ? __pfx_do_splice_direct+0x10/0x10
[  754.535650][T12821]  ? __pfx_direct_file_splice_eof+0x10/0x10
[  754.535683][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.535710][T12821]  ? rw_verify_area+0x255/0x4d0
[  754.535742][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.535776][T12821]  do_sendfile+0x4da/0x7e0
[  754.535813][T12821]  ? __pfx_do_sendfile+0x10/0x10
[  754.535840][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.535883][T12821]  __se_sys_sendfile64+0xd9/0x190
[  754.535906][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.535939][T12821]  ? __pfx___se_sys_sendfile64+0x10/0x10
[  754.535970][T12821]  ? srso_alias_return_thunk+0x5/0xfbef5
[  754.536004][T12821]  do_syscall_64+0xfa/0xfa0
[  754.536039][T12821]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  754.536062][T12821]  ? asm_sysvec_call_function_single+0x1a/0x20
[  754.536094][T12821]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  754.536118][T12821] RIP: 0033:0x7fe968d8f6c9
[  754.536140][T12821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  754.536160][T12821] RSP: 002b:00007fe969cd8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[  754.536185][T12821] RAX: ffffffffffffffda RBX: 00007fe968fe6090 RCX: 00007fe968d8f6c9
[  754.536204][T12821] RDX: 0000200000002080 RSI: 0000000000000005 RDI: 0000000000000006
[  754.536220][T12821] RBP: 00007fe969cd8090 R08: 0000000000000000 R09: 0000000000000000
[  754.536236][T12821] R10: 000000000000021c R11: 0000000000000246 R12: 0000000000000001
[  754.536252][T12821] R13: 00007fe968fe6128 R14: 00007fe968fe6090 R15: 00007ffc03c7fb18
[  754.536292][T12821]  </TASK>
[  755.035049][  T978] usb 6-1: config 16 interface 0 has no altsetting 0
[  755.042358][  T978] usb 6-1: New USB device found, idVendor=15c2, idProduct=0036, bcdDevice=bb.7a
[  755.052744][  T978] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  755.604561][  T978] usb 6-1: can't set config #16, error -71
[  755.615143][  T978] usb 6-1: USB disconnect, device number 28
[  755.630493][T12827] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1865'.
[  756.898987][T10020] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  756.927089][T12840] loop4: detected capacity change from 0 to 4096
[  757.300507][T12846] loop6: detected capacity change from 0 to 32768
[  757.861920][T12849] loop0: detected capacity change from 0 to 2048
[  757.906428][T12849] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  757.953403][T12846] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  757.961736][T12846] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  757.963536][T12849] NILFS (loop0): mounting unchecked fs
[  758.003108][T12846] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  758.012998][ T5973] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  758.020589][ T5973] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  758.047722][T10020] usb 2-1: unable to get BOS descriptor or descriptor too short
[  758.062680][T10020] usb 2-1: not running at top speed; connect to a high speed hub
[  758.158987][T10020] usb 2-1: config 8 has an invalid interface number: 59 but max is 0
[  758.268004][T10020] usb 2-1: config 8 has no interface number 0
[  758.436307][T10020] usb 2-1: New USB device found, idVendor=102c, idProduct=6251, bcdDevice=a9.94
[  758.456011][T10020] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  758.559204][T10020] usb 2-1: Product: syz
[  758.685958][T10020] usb 2-1: Manufacturer: syz
[  758.694094][T10020] usb 2-1: SerialNumber: syz
[  758.699169][ T5844] udevd[5844]: incorrect nilfs2 checksum on /dev/loop0
[  758.703773][T12849] NILFS (loop0): recovery complete
[  758.718340][ T5973] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 697ms
[  758.745871][ T5973] gfs2: fsid=syz:syz.0: jid=0: Done
[  758.761381][T12846] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  758.784565][T12861] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  758.887555][T10020] gspca_main: etoms-2.14.0 probing 102c:6251
[  758.912349][T12859] loop5: detected capacity change from 0 to 2048
[  759.045970][T12859] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  759.144076][T12859] NILFS (loop5): mounting unchecked fs
[  759.159693][T10020] usb 2-1: USB disconnect, device number 26
[  759.422112][T12859] NILFS (loop5): recovery complete
[  760.148192][T12873] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  760.736137][T12871] loop4: detected capacity change from 0 to 1024
[  761.074977][T10020] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  761.245289][T12883] loop0: detected capacity change from 0 to 128
[  761.290054][T12883] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  761.320641][T12883] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  762.064947][ T5973] IPVS: starting estimator thread 0...
[  762.111192][T12882] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1881'.
[  762.143691][T10020] usb 2-1: Using ep0 maxpacket: 8
[  762.244997][T12884] IPVS: using max 33 ests per chain, 79200 per kthread
[  762.300786][T10020] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  762.370012][T10020] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  762.384026][ T6206] hfsplus: b-tree write err: -5, ino 3
[  762.398722][T10020] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  762.415025][T10020] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x7E, changing to 0xE
[  762.461445][ T5837] hfsplus: node 4:3 still has 1 user(s)!
[  762.499121][T10020] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0
[  762.535050][T10020] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0
[  762.591235][T10020] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  762.670199][T10020] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  762.790274][T10020] usb 2-1: config 0 descriptor??
[  763.884173][T12904] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  764.573641][T12908] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  765.000201][T12909] ptrace attach of "./syz-executor exec"[5822] was attempted by "./syz-executor exec"[12909]
[  765.097629][T10020] usb 2-1: can't set config #0, error -71
[  765.491188][ T5907] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  765.519195][T10020] usb 2-1: USB disconnect, device number 27
[  765.772908][T12912] syz.0.1889 (12912): drop_caches: 2
[  765.778841][T12912] syz.0.1889 (12912): drop_caches: 2
[  765.805185][ T5907] usb 5-1: Using ep0 maxpacket: 8
[  765.886077][T12914] loop6: detected capacity change from 0 to 2048
[  765.912668][T12914] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  765.951369][T12914] NILFS (loop6): mounting unchecked fs
[  766.042116][ T5907] usb 5-1: device descriptor read/all, error -71
[  766.121964][T12914] NILFS (loop6): recovery complete
[  766.170608][T12922] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  766.203309][T12921] comedi comedi3: pcl711: I/O port conflict (0x4f26,16)
[  766.401785][T12925] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  767.873219][T12933] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[  768.088495][T12939] syz.6.1897 (12939): drop_caches: 2
[  768.196919][T12944] loop4: detected capacity change from 0 to 512
[  768.257870][T12944] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  768.259782][T12939] syz.6.1897 (12939): drop_caches: 2
[  768.306143][T12944] EXT4-fs error (device loop4): ext4_get_journal_inode:5808: comm syz.4.1899: inode #1792: comm syz.4.1899: iget: illegal inode #
[  768.646526][T12944] EXT4-fs (loop4): Remounting filesystem read-only
[  768.653213][T12944] EXT4-fs (loop4): no journal found
[  768.671379][T12944] EXT4-fs (loop4): can't get journal size
[  768.759500][T12944] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  768.775346][T12916] loop3: detected capacity change from 0 to 32768
[  769.810420][T12944] EXT4-fs (loop4): Errors on filesystem, clearing orphan list.
[  769.935938][T12944] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  770.475964][ T5837] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  770.625524][  T978] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[  770.804972][  T978] usb 4-1: Using ep0 maxpacket: 16
[  771.820932][  T978] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11
[  771.912176][T12965] loop1: detected capacity change from 0 to 512
[  772.045939][  T978] usb 4-1: New USB device found, idVendor=5543, idProduct=0003, bcdDevice= 0.00
[  772.095376][T12965] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.1904: inode has both inline data and extents flags
[  772.115156][  T978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  772.180906][T12965] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.1904: couldn't read orphan inode 15 (err -117)
[  773.116468][  T978] usb 4-1: config 0 descriptor??
[  773.168150][  T978] usb 4-1: can't set config #0, error -71
[  773.587404][T12965] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  773.820233][  T978] usb 4-1: USB disconnect, device number 27
[  773.944836][T12978] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  774.347461][T12981] loop3: detected capacity change from 0 to 2048
[  774.425096][T12981] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  774.473579][T12981] NILFS (loop3): mounting unchecked fs
[  774.978562][T12988] FAULT_INJECTION: forcing a failure.
[  774.978562][T12988] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  775.015388][T11058] udevd[11058]: incorrect nilfs2 checksum on /dev/loop3
[  775.018406][T12981] NILFS (loop3): recovery complete
[  775.048584][T12988] CPU: 0 UID: 0 PID: 12988 Comm: syz.0.1911 Not tainted syzkaller #0 PREEMPT(full) 
[  775.048628][T12988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  775.048644][T12988] Call Trace:
[  775.048654][T12988]  <TASK>
[  775.048666][T12988]  dump_stack_lvl+0x189/0x250
[  775.048707][T12988]  ? __pfx____ratelimit+0x10/0x10
[  775.048741][T12988]  ? __pfx_dump_stack_lvl+0x10/0x10
[  775.048776][T12988]  ? __pfx__printk+0x10/0x10
[  775.048802][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.048848][T12988]  should_fail_ex+0x414/0x560
[  775.048894][T12988]  _copy_from_iter+0x1de/0x1790
[  775.048929][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.048958][T12988]  ? rcu_is_watching+0x15/0xb0
[  775.048988][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049020][T12988]  ? kmalloc_reserve+0xbd/0x290
[  775.049045][T12988]  ? __pfx__copy_from_iter+0x10/0x10
[  775.049075][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049108][T12988]  ? __build_skb_around+0x262/0x3f0
[  775.049151][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049179][T12988]  ? skb_put+0x11b/0x210
[  775.049208][T12988]  netlink_sendmsg+0x6b2/0xb30
[  775.049247][T12988]  ? __pfx_netlink_sendmsg+0x10/0x10
[  775.049275][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049303][T12988]  ? aa_sock_msg_perm+0xf1/0x1d0
[  775.049343][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049371][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049399][T12988]  ? __pfx_netlink_sendmsg+0x10/0x10
[  775.049425][T12988]  __sock_sendmsg+0x21c/0x270
[  775.049463][T12988]  ____sys_sendmsg+0x505/0x830
[  775.049497][T12988]  ? __pfx_____sys_sendmsg+0x10/0x10
[  775.049535][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049563][T12988]  ? import_iovec+0x74/0xa0
[  775.049604][T12988]  ___sys_sendmsg+0x21f/0x2a0
[  775.049641][T12988]  ? __pfx____sys_sendmsg+0x10/0x10
[  775.049677][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049737][T12988]  ? __fget_files+0x2a/0x420
[  775.049760][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.049788][T12988]  ? __fget_files+0x3a0/0x420
[  775.049825][T12988]  __x64_sys_sendmsg+0x19b/0x260
[  775.049856][T12988]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  775.049897][T12988]  ? __pfx_ksys_write+0x10/0x10
[  775.049938][T12988]  ? do_syscall_64+0xbe/0xfa0
[  775.049978][T12988]  do_syscall_64+0xfa/0xfa0
[  775.050011][T12988]  ? lockdep_hardirqs_on+0x9c/0x150
[  775.050049][T12988]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.050073][T12988]  ? srso_alias_return_thunk+0x5/0xfbef5
[  775.050105][T12988]  ? exc_page_fault+0xab/0x100
[  775.050146][T12988]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  775.050171][T12988] RIP: 0033:0x7f9104f8f6c9
[  775.050193][T12988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  775.050215][T12988] RSP: 002b:00007f9105da4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  775.050242][T12988] RAX: ffffffffffffffda RBX: 00007f91051e5fa0 RCX: 00007f9104f8f6c9
[  775.050262][T12988] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004
[  775.050279][T12988] RBP: 00007f9105da4090 R08: 0000000000000000 R09: 0000000000000000
[  775.050296][T12988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  775.050312][T12988] R13: 00007f91051e6038 R14: 00007f91051e5fa0 R15: 00007fff7772a9c8
[  775.050353][T12988]  </TASK>
[  775.381831][    C0] vkms_vblank_simulate: vblank timer overrun
[  775.561661][T12990] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  777.266638][T12996] syz.4.1914 (12996): drop_caches: 2
[  777.347448][T12996] syz.4.1914 (12996): drop_caches: 2
[  777.441254][T13006] loop6: detected capacity change from 0 to 512
[  777.444300][T13001] loop0: detected capacity change from 0 to 4096
[  777.479629][T13006] EXT4-fs: Ignoring removed i_version option
[  777.559898][T13006] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  777.587790][T13014] loop4: detected capacity change from 0 to 256
[  777.601094][T13011] loop5: detected capacity change from 0 to 128
[  777.655195][T13011] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  777.683718][T13013] tipc: Started in network mode
[  777.690276][T13013] tipc: Node identity 0a3d23d8913c, cluster identity 4711
[  777.702349][T13013] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  777.798983][T13011] hpfs: filesystem error: improperly stopped
[  777.802666][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  777.814966][T13011] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  777.829810][T13014] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d)
[  778.184791][T13013] syzkaller0: entered promiscuous mode
[  778.196621][T13011] hpfs: You really don't want any checks? You are crazy...
[  778.204172][T13011] hpfs: hpfs_map_sector(): read error
[  778.232772][T13014] exFAT-fs (loop4): start_clu is invalid cluster(0x0)
[  778.247343][T13013] syzkaller0: entered allmulticast mode
[  778.306944][   T30] audit: type=1800 audit(1762378665.538:156): pid=13014 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1919" name="file1" dev="loop4" ino=1048694 res=0 errno=0
[  778.366556][T13011] hpfs: code page support is disabled
[  778.403577][T13013] tipc: Resetting bearer <eth:syzkaller0>
[  778.416421][T13011] hpfs: hpfs_map_4sectors(): unaligned read
[  778.441287][T13011] hpfs: hpfs_map_4sectors(): unaligned read
[  778.452668][T13008] tipc: Resetting bearer <eth:syzkaller0>
[  778.482939][T13011] hpfs: filesystem error: unable to find root dir
[  778.540875][T13008] tipc: Disabling bearer <eth:syzkaller0>
[  778.655620][T13026] hpfs: hpfs_map_4sectors(): unaligned read
[  778.762014][T13027] vivid-007: disconnect
[  779.178728][T13007] vivid-007: reconnect
[  779.633237][ T7537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  780.020556][T13038] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  780.986701][T13046] FAULT_INJECTION: forcing a failure.
[  780.986701][T13046] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  781.861307][T13046] CPU: 0 UID: 0 PID: 13046 Comm: syz.5.1923 Not tainted syzkaller #0 PREEMPT(full) 
[  781.861337][T13046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  781.861352][T13046] Call Trace:
[  781.861362][T13046]  <TASK>
[  781.861372][T13046]  dump_stack_lvl+0x189/0x250
[  781.861411][T13046]  ? __pfx____ratelimit+0x10/0x10
[  781.861442][T13046]  ? __pfx_dump_stack_lvl+0x10/0x10
[  781.861474][T13046]  ? __pfx__printk+0x10/0x10
[  781.861499][T13046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  781.861542][T13046]  should_fail_ex+0x414/0x560
[  781.861584][T13046]  _copy_from_user+0x2d/0xb0
[  781.861615][T13046]  ___sys_recvmsg+0x12e/0x510
[  781.861655][T13046]  ? __pfx____sys_recvmsg+0x10/0x10
[  781.861714][T13046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  781.861744][T13046]  ? __might_fault+0xb0/0x130
[  781.861782][T13046]  do_recvmmsg+0x307/0x770
[  781.861819][T13046]  ? __pfx_do_recvmmsg+0x10/0x10
[  781.861843][T13046]  ? preempt_schedule_irq+0xde/0x150
[  781.861874][T13046]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  781.861919][T13046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  781.861956][T13046]  ? __x64_sys_recvmmsg+0x178/0x240
[  781.861989][T13046]  __x64_sys_recvmmsg+0x190/0x240
[  781.862020][T13046]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  781.862053][T13046]  ? do_syscall_64+0xbe/0xfa0
[  781.862089][T13046]  do_syscall_64+0xfa/0xfa0
[  781.862122][T13046]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.862144][T13046]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  781.862174][T13046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  781.862197][T13046] RIP: 0033:0x7f8f6bb8f6c9
[  781.862218][T13046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  781.862238][T13046] RSP: 002b:00007f8f69dac038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  781.862262][T13046] RAX: ffffffffffffffda RBX: 00007f8f6bde6180 RCX: 00007f8f6bb8f6c9
[  781.862280][T13046] RDX: 0000000000000700 RSI: 0000200000001140 RDI: 0000000000000004
[  781.862295][T13046] RBP: 00007f8f69dac090 R08: 0000000000000000 R09: 0000000000000000
[  781.862309][T13046] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[  781.862324][T13046] R13: 00007f8f6bde6218 R14: 00007f8f6bde6180 R15: 00007ffdb2410c78
[  781.862362][T13046]  </TASK>
[  782.088053][    C0] vkms_vblank_simulate: vblank timer overrun
[  782.226116][T13043] loop0: detected capacity change from 0 to 4096
[  782.632785][T13054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1930'.
[  782.665496][T13055] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1924'.
[  782.678349][T13058] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  782.718495][T13054] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1930'.
[  782.720677][T13055] netlink: 'syz.6.1924': attribute type 13 has an invalid length.
[  782.739667][T13057] loop1: detected capacity change from 0 to 128
[  782.811838][T13057] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  782.915731][T13055] vxlan0: entered promiscuous mode
[  782.938603][T13057] ext4 filesystem being mounted at /334/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  782.953641][ T1157] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  782.967288][T13063] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  782.979447][ T1157] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  782.992747][ T1157] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  783.020751][T10385] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  783.031170][T13063] Remounting filesystem read-only
[  783.902170][ T5831] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  784.024325][T13072] loop3: detected capacity change from 0 to 32768
[  784.035778][T13072] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1936 (13072)
[  784.070223][T13072] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  784.080457][T13072] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  784.432163][T13090] netlink: 64 bytes leftover after parsing attributes in process `syz.4.1939'.
[  784.476568][T13090] block nbd0: not configured, cannot reconfigure
[  784.484720][T13072] BTRFS info (device loop3): enabling ssd optimizations
[  784.492158][T13072] BTRFS info (device loop3): turning on async discard
[  784.499352][T13072] BTRFS info (device loop3): enabling free space tree
[  784.562776][T10020] kernel write not supported for file /input/mouse0 (pid: 10020 comm: kworker/0:4)
[  784.761979][   T30] audit: type=1800 audit(1762378671.988:157): pid=13072 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1936" name="file2" dev="loop3" ino=261 res=0 errno=0
[  786.460241][ T5822] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  786.574209][T13118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1944'.
[  786.621722][T13118] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1944'.
[  787.051820][T13130] netlink: 'syz.4.1949': attribute type 15 has an invalid length.
[  787.224826][T13129] loop1: detected capacity change from 0 to 32768
[  787.396804][T13129] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1948 (13129)
[  787.834497][T13129] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  787.844807][T13129] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  788.164922][T13129] BTRFS info (device loop1): enabling ssd optimizations
[  788.171976][T13129] BTRFS info (device loop1): turning on async discard
[  788.178856][T13129] BTRFS info (device loop1): enabling free space tree
[  788.735205][   T30] audit: type=1800 audit(1762378675.808:158): pid=13158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1948" name="file2" dev="loop1" ino=261 res=0 errno=0
[  790.299414][T13160] loop6: detected capacity change from 0 to 2048
[  790.340719][ T5831] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  790.463684][T13160] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  790.555232][T10020] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[  790.936569][T13173] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  790.981909][T13173] overlayfs: failed to verify upper root origin
[  791.230114][T10020] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  791.279002][T10020] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  791.314893][T10020] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  791.374932][T10020] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  791.384653][T10020] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  791.447091][ T7537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  791.486003][T10020] usb 6-1: config 0 descriptor??
[  792.652530][T10020] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  792.777128][T13184] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1960'.
[  792.847751][T13184] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1960'.
[  792.873655][T13167] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  792.899698][T13188] loop3: detected capacity change from 0 to 512
[  792.908073][T13167] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  792.918512][  T978] kernel write not supported for file /input/mouse0 (pid: 978 comm: kworker/1:2)
[  792.927989][T13185] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1959'.
[  792.939055][T13188] EXT4-fs: Ignoring removed nomblk_io_submit option
[  792.975480][T13167] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1956'.
[  792.985598][T13185] block nbd0: not configured, cannot reconfigure
[  793.003067][T13188] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  793.086779][T13188] EXT4-fs (loop3): 1 truncate cleaned up
[  793.108900][T13188] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  793.215862][T13198] loop6: detected capacity change from 0 to 64
[  793.287316][T13199] netlink: 'syz.1.1964': attribute type 15 has an invalid length.
[  793.401178][  T978] usb 6-1: USB disconnect, device number 29
[  794.467980][   T30] audit: type=1800 audit(1762378681.688:159): pid=13198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1966" name="file1" dev="loop6" ino=23 res=0 errno=0
[  794.845828][T13206] loop0: detected capacity change from 0 to 1024
[  794.902785][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  795.075313][T13206] hfsplus: invalid xattr key length: 0
[  795.089324][T13217] loop1: detected capacity change from 0 to 2048
[  795.456662][T13223] loop3: detected capacity change from 0 to 32768
[  795.488221][T13223] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1969 (13223)
[  795.519886][T13217] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  795.533357][T13224] loop4: detected capacity change from 0 to 40427
[  795.546869][T13224] F2FS-fs (loop4): build fault injection rate: 14
[  795.553433][T13224] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  795.562837][T13223] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  795.573158][T13223] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  795.584615][T13224] F2FS-fs (loop4): invalid crc value
[  795.623907][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  795.645972][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  795.729475][T13224] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  795.738598][T13224] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  795.792310][T13224] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  796.069847][T13241] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  796.111082][T13241] overlayfs: failed to verify upper root origin
[  796.257158][T13223] BTRFS info (device loop3): enabling ssd optimizations
[  796.264259][T13223] BTRFS info (device loop3): turning on async discard
[  796.271314][T13223] BTRFS info (device loop3): enabling free space tree
[  796.377509][T13224] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  796.666563][T13219] syz.0.1965 (13219): drop_caches: 2
[  797.372083][   T30] audit: type=1800 audit(1762378683.988:160): pid=13251 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1969" name="file2" dev="loop3" ino=261 res=0 errno=0
[  797.393032][    C0] vkms_vblank_simulate: vblank timer overrun
[  797.620844][T13253] loop5: detected capacity change from 0 to 256
[  800.714327][ T5837] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab4/0x1cf0
[  800.885271][ T5837] F2FS-fs (loop4): inconsistent node block, node_type:3, nid:13, node_footer[nid:13,ino:3,ofs:191623,cpver:0,blkaddr:0]
[  800.963618][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  800.966492][T13253] exFAT-fs (loop5): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  801.028760][ T5822] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  801.232670][    C0] F2FS-fs (loop4): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  801.243425][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  801.243459][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  801.243475][    C0] Call Trace:
[  801.243486][    C0]  <TASK>
[  801.243497][    C0]  dump_stack_lvl+0x189/0x250
[  801.243542][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  801.243578][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  801.243607][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  801.243640][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  801.243685][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  801.243732][    C0]  f2fs_write_end_io+0x886/0xb60
[  801.243779][    C0]  blk_update_request+0x57e/0xe60
[  801.243828][    C0]  blk_mq_end_request+0x3e/0x70
[  801.243862][    C0]  blk_done_softirq+0x10a/0x160
[  801.243895][    C0]  handle_softirqs+0x286/0x870
[  801.243929][    C0]  ? run_ksoftirqd+0x9b/0x100
[  801.243967][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  801.243998][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.244023][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.244057][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.244085][    C0]  run_ksoftirqd+0x9b/0x100
[  801.244116][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  801.244156][    C0]  smpboot_thread_fn+0x542/0xa60
[  801.244186][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.244223][    C0]  kthread+0x711/0x8a0
[  801.244261][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  801.244288][    C0]  ? __pfx_kthread+0x10/0x10
[  801.244319][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.244353][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  801.244383][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.244425][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.244457][    C0]  ? __pfx_kthread+0x10/0x10
[  801.244493][    C0]  ret_from_fork+0x4bc/0x870
[  801.244524][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  801.244560][    C0]  ? __switch_to_asm+0x39/0x70
[  801.244581][    C0]  ? __switch_to_asm+0x33/0x70
[  801.244602][    C0]  ? __pfx_kthread+0x10/0x10
[  801.244638][    C0]  ret_from_fork_asm+0x1a/0x30
[  801.244679][    C0]  </TASK>
[  801.244690][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  801.382309][T13257] loop0: detected capacity change from 0 to 4096
[  801.383438][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  801.383465][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  801.383480][    C0] Call Trace:
[  801.383491][    C0]  <TASK>
[  801.383502][    C0]  dump_stack_lvl+0x189/0x250
[  801.383546][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  801.383581][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  801.383608][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  801.383642][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  801.383687][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  801.383733][    C0]  f2fs_write_end_io+0x886/0xb60
[  801.383779][    C0]  blk_update_request+0x57e/0xe60
[  801.383828][    C0]  blk_mq_end_request+0x3e/0x70
[  801.383861][    C0]  blk_done_softirq+0x10a/0x160
[  801.383894][    C0]  handle_softirqs+0x286/0x870
[  801.383927][    C0]  ? run_ksoftirqd+0x9b/0x100
[  801.383964][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  801.383995][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.384021][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.384055][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.384081][    C0]  run_ksoftirqd+0x9b/0x100
[  801.384112][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  801.384152][    C0]  smpboot_thread_fn+0x542/0xa60
[  801.384182][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.384220][    C0]  kthread+0x711/0x8a0
[  801.384258][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  801.384286][    C0]  ? __pfx_kthread+0x10/0x10
[  801.384317][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.384349][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  801.384378][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.384412][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.384444][    C0]  ? __pfx_kthread+0x10/0x10
[  801.384479][    C0]  ret_from_fork+0x4bc/0x870
[  801.384509][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  801.384544][    C0]  ? __switch_to_asm+0x39/0x70
[  801.384565][    C0]  ? __switch_to_asm+0x33/0x70
[  801.384585][    C0]  ? __pfx_kthread+0x10/0x10
[  801.384621][    C0]  ret_from_fork_asm+0x1a/0x30
[  801.384663][    C0]  </TASK>
[  801.384674][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  801.668643][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  801.668672][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  801.668685][    C0] Call Trace:
[  801.668694][    C0]  <TASK>
[  801.668704][    C0]  dump_stack_lvl+0x189/0x250
[  801.668738][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  801.668766][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  801.668796][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  801.668827][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  801.668861][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  801.668896][    C0]  f2fs_write_end_io+0x886/0xb60
[  801.668930][    C0]  blk_update_request+0x57e/0xe60
[  801.668967][    C0]  blk_mq_end_request+0x3e/0x70
[  801.668992][    C0]  blk_done_softirq+0x10a/0x160
[  801.669016][    C0]  handle_softirqs+0x286/0x870
[  801.669041][    C0]  ? run_ksoftirqd+0x9b/0x100
[  801.669069][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  801.669092][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.669111][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.669136][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.669156][    C0]  run_ksoftirqd+0x9b/0x100
[  801.669179][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  801.669209][    C0]  smpboot_thread_fn+0x542/0xa60
[  801.669231][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.669260][    C0]  kthread+0x711/0x8a0
[  801.669288][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  801.669310][    C0]  ? __pfx_kthread+0x10/0x10
[  801.669332][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.669357][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  801.669400][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.669421][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.669444][    C0]  ? __pfx_kthread+0x10/0x10
[  801.669470][    C0]  ret_from_fork+0x4bc/0x870
[  801.669493][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  801.669519][    C0]  ? __switch_to_asm+0x39/0x70
[  801.669534][    C0]  ? __switch_to_asm+0x33/0x70
[  801.669548][    C0]  ? __pfx_kthread+0x10/0x10
[  801.669575][    C0]  ret_from_fork_asm+0x1a/0x30
[  801.669606][    C0]  </TASK>
[  801.669634][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  801.879170][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  801.879201][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  801.879213][    C0] Call Trace:
[  801.879224][    C0]  <TASK>
[  801.879234][    C0]  dump_stack_lvl+0x189/0x250
[  801.879268][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  801.879295][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  801.879315][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  801.879341][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  801.879379][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  801.879415][    C0]  f2fs_write_end_io+0x886/0xb60
[  801.879449][    C0]  blk_update_request+0x57e/0xe60
[  801.879486][    C0]  blk_mq_end_request+0x3e/0x70
[  801.879511][    C0]  blk_done_softirq+0x10a/0x160
[  801.879535][    C0]  handle_softirqs+0x286/0x870
[  801.879559][    C0]  ? run_ksoftirqd+0x9b/0x100
[  801.879587][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  801.879611][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.879632][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.879657][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.879677][    C0]  run_ksoftirqd+0x9b/0x100
[  801.879700][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  801.879729][    C0]  smpboot_thread_fn+0x542/0xa60
[  801.879752][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  801.879788][    C0]  kthread+0x711/0x8a0
[  801.879823][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  801.879844][    C0]  ? __pfx_kthread+0x10/0x10
[  801.879866][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.879891][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  801.879913][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  801.879934][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  801.879957][    C0]  ? __pfx_kthread+0x10/0x10
[  801.879983][    C0]  ret_from_fork+0x4bc/0x870
[  801.880006][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  801.880032][    C0]  ? __switch_to_asm+0x39/0x70
[  801.880047][    C0]  ? __switch_to_asm+0x33/0x70
[  801.880062][    C0]  ? __pfx_kthread+0x10/0x10
[  801.880089][    C0]  ret_from_fork_asm+0x1a/0x30
[  801.880121][    C0]  </TASK>
[  801.880144][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  802.089448][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted syzkaller #0 PREEMPT(full) 
[  802.089484][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  802.089499][    C0] Call Trace:
[  802.089509][    C0]  <TASK>
[  802.089519][    C0]  dump_stack_lvl+0x189/0x250
[  802.089553][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  802.089580][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  802.089602][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  802.089629][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  802.089662][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  802.089698][    C0]  f2fs_write_end_io+0x886/0xb60
[  802.089733][    C0]  blk_update_request+0x57e/0xe60
[  802.089772][    C0]  blk_mq_end_request+0x3e/0x70
[  802.089807][    C0]  blk_done_softirq+0x10a/0x160
[  802.089834][    C0]  handle_softirqs+0x286/0x870
[  802.089859][    C0]  ? run_ksoftirqd+0x9b/0x100
[  802.089886][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  802.089910][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  802.089929][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  802.089954][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  802.089974][    C0]  run_ksoftirqd+0x9b/0x100
[  802.089997][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  802.090026][    C0]  smpboot_thread_fn+0x542/0xa60
[  802.090049][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  802.090077][    C0]  kthread+0x711/0x8a0
[  802.090106][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  802.090127][    C0]  ? __pfx_kthread+0x10/0x10
[  802.090150][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  802.090174][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  802.090197][    C0]  ? srso_alias_return_thunk+0x5/0xfbef5
[  802.090217][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  802.090241][    C0]  ? __pfx_kthread+0x10/0x10
[  802.090267][    C0]  ret_from_fork+0x4bc/0x870
[  802.090290][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  802.090316][    C0]  ? __switch_to_asm+0x39/0x70
[  802.090332][    C0]  ? __switch_to_asm+0x33/0x70
[  802.090346][    C0]  ? __pfx_kthread+0x10/0x10
[  802.090378][    C0]  ret_from_fork_asm+0x1a/0x30
[  802.090410][    C0]  </TASK>
[  802.090434][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  802.340953][ T5837] F2FS-fs (loop4): do_checkpoint failed err:-5, stop checkpoint
[  804.138728][T13277] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1976'.
[  804.144672][T13264] loop6: detected capacity change from 0 to 4096
[  804.149902][T13277] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1976'.
[  804.244717][T13279] loop5: detected capacity change from 0 to 128
[  804.273198][T13279] ext4: Unknown parameter 'smackfshat'
[  804.887930][T13279] loop5: detected capacity change from 0 to 32768
[  804.895281][T13279] btrfs: Unknown parameter 'audit'
[  805.048767][T13281] loop5: detected capacity change from 0 to 512
[  805.072068][T13281] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  805.289464][T13281] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  805.302544][T13281] ext4 filesystem being mounted at /332/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  805.423779][T13281] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  806.456583][T13290] loop3: detected capacity change from 0 to 4096
[  808.138464][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  808.145199][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  808.295705][T13290] ntfs3(loop3): Failed to read $UpCase (-4).
[  808.665482][T13307] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1989'.
[  810.755133][  T978] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  811.213013][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  811.409620][  T978] usb 1-1: device descriptor read/64, error -32
[  811.587153][T13336] loop3: detected capacity change from 0 to 512
[  811.638763][T13336] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  811.684975][  T978] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  811.695917][T13336] EXT4-fs error (device loop3): ext4_get_journal_inode:5808: comm syz.3.1997: inode #1792: comm syz.3.1997: iget: illegal inode #
[  812.047912][T13341] loop1: detected capacity change from 0 to 256
[  812.263718][T13328] loop6: detected capacity change from 0 to 4096
[  813.047818][T13336] EXT4-fs (loop3): Remounting filesystem read-only
[  813.922716][T13341] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  813.955509][T13336] EXT4-fs (loop3): no journal found
[  814.010140][T13341] exFAT-fs (loop1): valid_size(150994954) is greater than size(10)
[  814.090249][T13336] EXT4-fs (loop3): can't get journal size
[  814.331825][T13336] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended
[  814.603556][T13340] loop4: detected capacity change from 0 to 32768
[  814.640830][T13340] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1999 (13340)
[  814.663597][T13340] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  814.673789][T13340] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  814.759294][T13336] EXT4-fs (loop3): Errors on filesystem, clearing orphan list.
[  814.893064][T13336] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  815.029429][T13340] BTRFS info (device loop4): enabling ssd optimizations
[  815.036452][T13340] BTRFS info (device loop4): turning on async discard
[  815.043232][T13340] BTRFS info (device loop4): enabling free space tree
[  815.091988][T13353] loop5: detected capacity change from 0 to 512
[  815.193583][T13353] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  815.299486][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  815.322945][ T5837] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  815.341735][T13367] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2002'.
[  815.353451][T13369] netlink: 'syz.1.2001': attribute type 14 has an invalid length.
[  815.361946][T13353] EXT4-fs error (device loop5): ext4_orphan_get:1418: comm syz.5.2000: bad orphan inode 11
[  815.465004][T13353] ext4_test_bit(bit=10, block=4) = 1
[  815.470349][T13353] is_bad_inode(inode)=0
[  815.474541][T13353] NEXT_ORPHAN(inode)=4294967295
[  815.575307][T13353] max_ino=32
[  815.605658][T13353] i_nlink=2
[  815.616953][T13353] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  815.812827][T13374] FAULT_INJECTION: forcing a failure.
[  815.812827][T13374] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  815.866495][T13374] CPU: 1 UID: 0 PID: 13374 Comm: syz.3.2003 Not tainted syzkaller #0 PREEMPT(full) 
[  815.866527][T13374] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  815.866543][T13374] Call Trace:
[  815.866554][T13374]  <TASK>
[  815.866566][T13374]  dump_stack_lvl+0x189/0x250
[  815.866618][T13374]  ? __pfx____ratelimit+0x10/0x10
[  815.866651][T13374]  ? __pfx_dump_stack_lvl+0x10/0x10
[  815.866685][T13374]  ? __pfx__printk+0x10/0x10
[  815.866712][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.866757][T13374]  should_fail_ex+0x414/0x560
[  815.866803][T13374]  _copy_from_iter+0x1de/0x1790
[  815.866839][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.866867][T13374]  ? rcu_is_watching+0x15/0xb0
[  815.866897][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.866929][T13374]  ? kmalloc_reserve+0xbd/0x290
[  815.866954][T13374]  ? __pfx__copy_from_iter+0x10/0x10
[  815.866984][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867011][T13374]  ? __build_skb_around+0x262/0x3f0
[  815.867055][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867083][T13374]  ? skb_put+0x11b/0x210
[  815.867112][T13374]  netlink_sendmsg+0x6b2/0xb30
[  815.867149][T13374]  ? __pfx_netlink_sendmsg+0x10/0x10
[  815.867178][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867206][T13374]  ? aa_sock_msg_perm+0xf1/0x1d0
[  815.867245][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867273][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867302][T13374]  ? __pfx_netlink_sendmsg+0x10/0x10
[  815.867328][T13374]  __sock_sendmsg+0x21c/0x270
[  815.867366][T13374]  ____sys_sendmsg+0x505/0x830
[  815.867401][T13374]  ? __pfx_____sys_sendmsg+0x10/0x10
[  815.867438][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867466][T13374]  ? import_iovec+0x74/0xa0
[  815.867502][T13374]  ___sys_sendmsg+0x21f/0x2a0
[  815.867533][T13374]  ? __pfx____sys_sendmsg+0x10/0x10
[  815.867569][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867637][T13374]  ? __fget_files+0x2a/0x420
[  815.867661][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867689][T13374]  ? __fget_files+0x3a0/0x420
[  815.867726][T13374]  __x64_sys_sendmsg+0x19b/0x260
[  815.867757][T13374]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  815.867796][T13374]  ? __pfx_ksys_write+0x10/0x10
[  815.867837][T13374]  ? do_syscall_64+0xbe/0xfa0
[  815.867877][T13374]  do_syscall_64+0xfa/0xfa0
[  815.867909][T13374]  ? lockdep_hardirqs_on+0x9c/0x150
[  815.867943][T13374]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.867967][T13374]  ? srso_alias_return_thunk+0x5/0xfbef5
[  815.867995][T13374]  ? exc_page_fault+0xab/0x100
[  815.868030][T13374]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  815.868055][T13374] RIP: 0033:0x7fd35758f6c9
[  815.868076][T13374] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  815.868098][T13374] RSP: 002b:00007fd3557ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  815.868124][T13374] RAX: ffffffffffffffda RBX: 00007fd3577e5fa0 RCX: 00007fd35758f6c9
[  815.868143][T13374] RDX: 0000000020004804 RSI: 0000200000006040 RDI: 0000000000000006
[  815.868160][T13374] RBP: 00007fd3557ee090 R08: 0000000000000000 R09: 0000000000000000
[  815.868177][T13374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  815.868192][T13374] R13: 00007fd3577e6038 R14: 00007fd3577e5fa0 R15: 00007ffe81ff53c8
[  815.868232][T13374]  </TASK>
[  816.895005][  T978] usb 1-1: device descriptor read/64, error -110
[  817.292017][T13387] loop6: detected capacity change from 0 to 256
[  818.663089][  T978] usb usb1-port1: attempt power cycle
[  818.818969][ T5825] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  818.954473][T13387] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  819.104918][  T978] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  819.145470][  T978] usb 1-1: device descriptor read/8, error -32
[  819.395107][T13385] exFAT-fs (loop6): valid_size(150994954) is greater than size(10)
[  820.227191][  T978] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  820.488758][  T978] usb 1-1: device descriptor read/8, error -32
[  821.139907][  T978] usb usb1-port1: unable to enumerate USB device
[  822.383559][T13410] loop6: detected capacity change from 0 to 2048
[  822.688938][T13414] netlink: 'syz.4.2015': attribute type 15 has an invalid length.
[  822.857453][T13410] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  822.901478][T13409] loop3: detected capacity change from 0 to 4096
[  823.072211][T13421] loop1: detected capacity change from 0 to 2048
[  823.828115][T13428] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  824.068662][T13426] netlink: 'syz.4.2018': attribute type 14 has an invalid length.
[  824.282780][T13421] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  824.351679][T13433] loop0: detected capacity change from 0 to 512
[  824.608582][T13435] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  824.658141][T13435] overlayfs: failed to set uuid (/file0, err=-28); falling back to uuid=null.
[  824.990627][T13428] overlayfs: failed to set uuid (/file0, err=-28); falling back to uuid=null.
[  825.101941][T13433] EXT4-fs error (device loop0): ext4_orphan_get:1392: inode #15: comm syz.0.2020: inode has both inline data and extents flags
[  825.230519][T13433] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.2020: couldn't read orphan inode 15 (err -117)
[  825.304814][T13433] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  826.976563][T13438] loop5: detected capacity change from 0 to 4096
[  827.027423][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  827.084974][T13450] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  827.131755][ T7537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  828.059651][T13460] loop3: detected capacity change from 0 to 2048
[  828.087240][T13460] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  828.127745][T13460] NILFS (loop3): mounting unchecked fs
[  828.153248][ T6644] udevd[6644]: incorrect nilfs2 checksum on /dev/loop3
[  828.216066][T13460] NILFS (loop3): recovery complete
[  828.234926][T10020] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  828.257043][T13465] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  828.405136][T10020] usb 7-1: device descriptor read/64, error -71
[  828.694993][T10020] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  829.045006][T10020] usb 7-1: device descriptor read/64, error -71
[  829.168230][T10020] usb usb7-port1: attempt power cycle
[  829.347862][T13475] netlink: 'syz.3.2031': attribute type 15 has an invalid length.
[  829.425970][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  829.632308][T10020] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  829.715358][T10020] usb 7-1: device descriptor read/8, error -71
[  829.789471][T13478] FAULT_INJECTION: forcing a failure.
[  829.789471][T13478] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  829.802794][T13478] CPU: 0 UID: 0 PID: 13478 Comm: syz.3.2034 Not tainted syzkaller #0 PREEMPT(full) 
[  829.802830][T13478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  829.802842][T13478] Call Trace:
[  829.802853][T13478]  <TASK>
[  829.802863][T13478]  dump_stack_lvl+0x189/0x250
[  829.802896][T13478]  ? __pfx____ratelimit+0x10/0x10
[  829.802922][T13478]  ? __pfx_dump_stack_lvl+0x10/0x10
[  829.802947][T13478]  ? __pfx__printk+0x10/0x10
[  829.802978][T13478]  should_fail_ex+0x414/0x560
[  829.803011][T13478]  _copy_to_user+0x31/0xb0
[  829.803038][T13478]  simple_read_from_buffer+0xe1/0x170
[  829.803073][T13478]  proc_fail_nth_read+0x1b3/0x220
[  829.803100][T13478]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  829.803128][T13478]  ? srso_alias_return_thunk+0x5/0xfbef5
[  829.803150][T13478]  ? rw_verify_area+0x2a6/0x4d0
[  829.803176][T13478]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  829.803201][T13478]  vfs_read+0x200/0xa30
[  829.803227][T13478]  ? fdget_pos+0x247/0x320
[  829.803249][T13478]  ? __pfx___mutex_lock+0x10/0x10
[  829.803277][T13478]  ? __pfx_vfs_read+0x10/0x10
[  829.803305][T13478]  ? srso_alias_return_thunk+0x5/0xfbef5
[  829.803326][T13478]  ? __rcu_read_unlock+0x84/0xe0
[  829.803355][T13478]  ? srso_alias_return_thunk+0x5/0xfbef5
[  829.803376][T13478]  ? __fget_files+0x3a0/0x420
[  829.803394][T13478]  ? __fget_files+0x2a/0x420
[  829.803415][T13478]  ? srso_alias_return_thunk+0x5/0xfbef5
[  829.803440][T13478]  ksys_read+0x145/0x250
[  829.803469][T13478]  ? __pfx_ksys_read+0x10/0x10
[  829.803504][T13478]  do_syscall_64+0xfa/0xfa0
[  829.803531][T13478]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  829.803549][T13478]  ? asm_sysvec_call_function_single+0x1a/0x20
[  829.803573][T13478]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  829.803592][T13478] RIP: 0033:0x7fd35758e0dc
[  829.803608][T13478] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  829.803625][T13478] RSP: 002b:00007fd3557cd030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  829.803650][T13478] RAX: ffffffffffffffda RBX: 00007fd3577e6090 RCX: 00007fd35758e0dc
[  829.803664][T13478] RDX: 000000000000000f RSI: 00007fd3557cd0a0 RDI: 0000000000000006
[  829.803676][T13478] RBP: 00007fd3557cd090 R08: 0000000000000000 R09: 000000000000001c
[  829.803688][T13478] R10: 0000000020000090 R11: 0000000000000246 R12: 0000000000000001
[  829.803700][T13478] R13: 00007fd3577e6128 R14: 00007fd3577e6090 R15: 00007ffe81ff53c8
[  829.803730][T13478]  </TASK>
[  830.056449][    C0] vkms_vblank_simulate: vblank timer overrun
[  831.331854][T10020] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  831.400968][T13483] macvlan2: entered allmulticast mode
[  831.406821][T13483] veth1_vlan: entered allmulticast mode
[  831.425933][T10020] usb 7-1: device descriptor read/8, error -71
[  831.526338][T13491] loop0: detected capacity change from 0 to 256
[  831.555251][T10020] usb usb7-port1: unable to enumerate USB device
[  831.639473][T13491] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  831.767206][T13491] exFAT-fs (loop0): valid_size(150994954) is greater than size(10)
[  837.342532][T13507] loop4: detected capacity change from 0 to 2048
[  837.362352][T13507] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  837.372490][T13507] NILFS (loop4): mounting unchecked fs
[  837.468670][T13507] NILFS (loop4): recovery complete
[  837.512974][T13520] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  837.701250][T13512] loop5: detected capacity change from 0 to 4096
[  837.808980][T13511] loop0: detected capacity change from 0 to 4096
[  841.321552][T13544] loop0: detected capacity change from 0 to 2048
[  841.395570][T10020] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  841.464770][T13544] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  841.565709][T10020] usb 4-1: device descriptor read/64, error -71
[  841.790476][T13552] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  841.829661][T13552] overlayfs: failed to verify upper root origin
[  842.145358][T10020] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  842.146123][T13553] loop5: detected capacity change from 0 to 4096
[  842.251028][T13546] loop4: detected capacity change from 0 to 4096
[  842.324984][T10020] usb 4-1: device descriptor read/64, error -71
[  842.515492][T10020] usb usb4-port1: attempt power cycle
[  842.911322][ T5821] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  843.245423][T10020] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  843.503750][T10020] usb 4-1: device descriptor read/8, error -71
[  843.745003][T10020] usb 4-1: new high-speed USB device number 31 using dummy_hcd
[  844.590736][T10020] usb 4-1: device descriptor read/8, error -71
[  844.619235][T13566] loop5: detected capacity change from 0 to 2048
[  844.690892][T13566] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  844.721539][T10020] usb usb4-port1: unable to enumerate USB device
[  844.780762][T13566] NILFS (loop5): mounting unchecked fs
[  844.883834][T11058] udevd[11058]: incorrect nilfs2 checksum on /dev/loop5
[  844.902609][T13573] loop6: detected capacity change from 0 to 1024
[  844.921329][T13566] NILFS (loop5): recovery complete
[  844.940781][T13573] hfsplus: Unknown parameter 'no'
[  844.950876][T13574] loop3: detected capacity change from 0 to 2048
[  844.961397][T13576] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  845.063720][T13574] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  845.137879][T13574] NILFS (loop3): mounting unchecked fs
[  845.188487][T13579] loop4: detected capacity change from 0 to 2048
[  845.232910][T13574] NILFS (loop3): recovery complete
[  845.335119][  T978] usb 7-1: new high-speed USB device number 23 using dummy_hcd
[  845.415222][T13586] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  845.418119][T13579] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  845.700292][T10020] usb 2-1: new full-speed USB device number 28 using dummy_hcd
[  845.823407][T13588] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  845.858574][T13588] overlayfs: failed to set uuid (/file0, err=-28); falling back to uuid=null.
[  845.908669][  T978] usb 7-1: Using ep0 maxpacket: 8
[  846.106391][  T978] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  846.141811][T10020] usb 2-1: config 232 has an invalid interface number: 157 but max is 1
[  846.152553][T10020] usb 2-1: config 232 has an invalid interface number: 204 but max is 1
[  846.161431][T10020] usb 2-1: config 232 has no interface number 0
[  846.163164][  T978] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  846.180123][T10020] usb 2-1: config 232 has no interface number 1
[  846.186578][T10020] usb 2-1: config 232 interface 157 has no altsetting 0
[  846.193701][T10020] usb 2-1: config 232 interface 204 has no altsetting 0
[  846.254689][  T978] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  846.266241][T10020] usb 2-1: New USB device found, idVendor=0f88, idProduct=3012, bcdDevice=c8.fd
[  846.344029][  T978] usb 7-1: config 0 descriptor??
[  846.349288][T10020] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  846.367108][T10020] usb 2-1: Product: syz
[  846.371785][T10020] usb 2-1: Manufacturer: syz
[  846.386274][T10020] usb 2-1: SerialNumber: syz
[  847.328997][ T5837] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  847.812171][T13599] loop6: detected capacity change from 0 to 512
[  848.095351][  T978] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  848.153591][T10020] usb 2-1: USB disconnect, device number 28
[  848.213453][T13599] EXT4-fs error (device loop6): ext4_get_branch:178: inode #11: block 4294967295: comm syz.6.2060: invalid block
[  848.259847][T13599] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.2060: invalid indirect mapped block 4294967295 (level 1)
[  848.322666][T13599] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #11: comm syz.6.2060: invalid indirect mapped block 4294967295 (level 1)
[  848.397251][T13599] EXT4-fs (loop6): 2 truncates cleaned up
[  848.436808][T13599] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  849.052674][T13619] FAULT_INJECTION: forcing a failure.
[  849.052674][T13619] name failslab, interval 1, probability 0, space 0, times 0
[  849.080674][T13619] CPU: 0 UID: 0 PID: 13619 Comm: syz.0.2071 Not tainted syzkaller #0 PREEMPT(full) 
[  849.080709][T13619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  849.080726][T13619] Call Trace:
[  849.080736][T13619]  <TASK>
[  849.080747][T13619]  dump_stack_lvl+0x189/0x250
[  849.080795][T13619]  ? __pfx____ratelimit+0x10/0x10
[  849.080829][T13619]  ? __pfx_dump_stack_lvl+0x10/0x10
[  849.080865][T13619]  ? __pfx__printk+0x10/0x10
[  849.080899][T13619]  ? __pfx___might_resched+0x10/0x10
[  849.080935][T13619]  should_fail_ex+0x414/0x560
[  849.080982][T13619]  should_failslab+0xa8/0x100
[  849.081012][T13619]  kmem_cache_alloc_noprof+0x74/0x6e0
[  849.081049][T13619]  ? security_inode_alloc+0x39/0x330
[  849.081096][T13619]  security_inode_alloc+0x39/0x330
[  849.081140][T13619]  inode_init_always_gfp+0x9ed/0xdc0
[  849.081214][T13619]  ? __pfx_shmem_alloc_inode+0x10/0x10
[  849.081238][T13619]  alloc_inode+0x82/0x1b0
[  849.081279][T13619]  new_inode+0x22/0x170
[  849.081310][T13619]  shmem_get_inode+0x346/0xe90
[  849.081349][T13619]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.081391][T13619]  __shmem_file_setup+0x163/0x300
[  849.081433][T13619]  __se_sys_memfd_create+0x308/0x780
[  849.081470][T13619]  do_syscall_64+0xfa/0xfa0
[  849.081504][T13619]  ? lockdep_hardirqs_on+0x9c/0x150
[  849.081539][T13619]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.081563][T13619]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.081592][T13619]  ? exc_page_fault+0xab/0x100
[  849.081629][T13619]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.081661][T13619] RIP: 0033:0x7f9104f8f6c9
[  849.081683][T13619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  849.081704][T13619] RSP: 002b:00007f9105da3e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  849.081730][T13619] RAX: ffffffffffffffda RBX: 000000000000045a RCX: 00007f9104f8f6c9
[  849.081749][T13619] RDX: 00007f9105da3ef0 RSI: 0000000000000000 RDI: 00007f9105012960
[  849.081767][T13619] RBP: 0000200000000d80 R08: 00007f9105da3bb7 R09: 00007f9105da3e40
[  849.081786][T13619] R10: 000000000000000a R11: 0000000000000202 R12: 0000200000000280
[  849.081803][T13619] R13: 00007f9105da3ef0 R14: 00007f9105da3eb0 R15: 0000200000000000
[  849.081845][T13619]  </TASK>
[  849.308508][    C0] vkms_vblank_simulate: vblank timer overrun
[  849.470309][T13625] FAULT_INJECTION: forcing a failure.
[  849.470309][T13625] name failslab, interval 1, probability 0, space 0, times 0
[  849.530818][T13625] CPU: 1 UID: 0 PID: 13625 Comm: syz.5.2072 Not tainted syzkaller #0 PREEMPT(full) 
[  849.530851][T13625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  849.530868][T13625] Call Trace:
[  849.530878][T13625]  <TASK>
[  849.530889][T13625]  dump_stack_lvl+0x189/0x250
[  849.530929][T13625]  ? __pfx____ratelimit+0x10/0x10
[  849.530963][T13625]  ? __pfx_dump_stack_lvl+0x10/0x10
[  849.530998][T13625]  ? __pfx__printk+0x10/0x10
[  849.531031][T13625]  ? __pfx___might_resched+0x10/0x10
[  849.531057][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531092][T13625]  should_fail_ex+0x414/0x560
[  849.531135][T13625]  should_failslab+0xa8/0x100
[  849.531162][T13625]  __kvmalloc_node_noprof+0x158/0x910
[  849.531196][T13625]  ? do_ipt_set_ctl+0x881/0xcd0
[  849.531223][T13625]  ? nf_setsockopt+0x26f/0x290
[  849.531259][T13625]  ? translate_table+0x198/0x2000
[  849.531285][T13625]  ? do_syscall_64+0xfa/0xfa0
[  849.531329][T13625]  translate_table+0x198/0x2000
[  849.531372][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531399][T13625]  ? __lock_acquire+0xab9/0xd20
[  849.531429][T13625]  ? __pfx_translate_table+0x10/0x10
[  849.531459][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531500][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531540][T13625]  ? _copy_from_user+0x94/0xb0
[  849.531573][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531607][T13625]  do_ipt_set_ctl+0x967/0xcd0
[  849.531640][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531677][T13625]  ? rcu_is_watching+0x15/0xb0
[  849.531707][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531735][T13625]  ? trace_contention_end+0x39/0x120
[  849.531767][T13625]  ? __pfx_do_ipt_set_ctl+0x10/0x10
[  849.531802][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531853][T13625]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  849.531903][T13625]  ? __pfx_aa_sk_perm+0x10/0x10
[  849.531936][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.531972][T13625]  nf_setsockopt+0x26f/0x290
[  849.532006][T13625]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  849.532045][T13625]  do_sock_setsockopt+0x17c/0x1b0
[  849.532077][T13625]  __x64_sys_setsockopt+0x13f/0x1b0
[  849.532109][T13625]  do_syscall_64+0xfa/0xfa0
[  849.532143][T13625]  ? lockdep_hardirqs_on+0x9c/0x150
[  849.532175][T13625]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.532199][T13625]  ? srso_alias_return_thunk+0x5/0xfbef5
[  849.532226][T13625]  ? exc_page_fault+0xab/0x100
[  849.532262][T13625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  849.532285][T13625] RIP: 0033:0x7f8f6bb8f6c9
[  849.532306][T13625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  849.532326][T13625] RSP: 002b:00007f8f69dee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  849.532353][T13625] RAX: ffffffffffffffda RBX: 00007f8f6bde5fa0 RCX: 00007f8f6bb8f6c9
[  849.532372][T13625] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003
[  849.532388][T13625] RBP: 00007f8f69dee090 R08: 0000000000000470 R09: 0000000000000000
[  849.532405][T13625] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001
[  849.532422][T13625] R13: 00007f8f6bde6038 R14: 00007f8f6bde5fa0 R15: 00007ffdb2410c78
[  849.532462][T13625]  </TASK>
[  849.984971][T10020] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  850.075258][ T5907] usb 7-1: USB disconnect, device number 23
[  850.144915][T10020] usb 5-1: device descriptor read/64, error -71
[  850.179950][ T7537] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  850.936493][T13636] loop0: detected capacity change from 0 to 128
[  850.943808][T13636] hpfs: Unknown parameter 'ask'
[  851.057326][T10020] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  851.225305][T10020] usb 5-1: device descriptor read/64, error -71
[  852.226831][T10020] usb usb5-port1: attempt power cycle
[  852.685129][T10020] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  853.623094][T10020] usb 5-1: device descriptor read/8, error -71
[  853.786823][T13661] loop1: detected capacity change from 0 to 512
[  853.805872][T13661] EXT4-fs: Ignoring removed bh option
[  853.823018][T13661] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  853.823485][T13664] netlink: 'syz.4.2088': attribute type 15 has an invalid length.
[  853.850892][T13661] EXT4-fs (loop1): 1 truncate cleaned up
[  854.070176][T13661] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  854.478983][T13671] loop3: detected capacity change from 0 to 2048
[  854.620484][T13671] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  855.058283][T13678] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  855.320757][T13678] overlayfs: failed to verify upper root origin
[  855.328370][T13680] tmpfs: Bad value for 'huge'
[  855.554649][ T5822] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  855.625466][T13686] loop0: detected capacity change from 0 to 2048
[  855.665406][T13686] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  855.705123][T13686] NILFS (loop0): mounting unchecked fs
[  855.722437][T13685] loop6: detected capacity change from 0 to 2048
[  855.772949][T13685] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  855.783726][T13686] NILFS (loop0): recovery complete
[  855.908958][T13694] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  855.999549][T13685] NILFS (loop6): mounting unchecked fs
[  856.642339][T10020] usb 4-1: new high-speed USB device number 32 using dummy_hcd
[  856.753274][T13685] NILFS (loop6): recovery complete
[  856.778411][T13698] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  856.867547][T10020] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[  856.905231][T10020] usb 4-1: config 0 has no interface number 0
[  856.925302][T10020] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023
[  857.031285][T10020] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  857.060053][T10020] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca
[  857.061499][ T5831] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  857.078741][T10020] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  857.093042][T13701] loop5: detected capacity change from 0 to 512
[  857.103467][T10020] usb 4-1: Product: syz
[  857.113108][T10020] usb 4-1: Manufacturer: syz
[  857.146727][T10020] usb 4-1: SerialNumber: syz
[  857.168511][T13701] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem
[  857.198932][T10020] usb 4-1: config 0 descriptor??
[  857.215254][T13701] EXT4-fs error (device loop5): ext4_get_journal_inode:5808: comm syz.5.2098: inode #1792: comm syz.5.2098: iget: illegal inode #
[  857.215330][T13691] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  857.278136][T10020] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected
[  857.306252][T10020] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0
[  857.359588][T13701] EXT4-fs (loop5): Remounting filesystem read-only
[  857.372167][T13701] EXT4-fs (loop5): no journal found
[  857.393245][T13701] EXT4-fs (loop5): can't get journal size
[  857.420328][T13701] EXT4-fs (loop5): warning: mounting fs with errors, running e2fsck is recommended
[  857.441947][T13701] EXT4-fs (loop5): Errors on filesystem, clearing orphan list.
[  857.493989][T13701] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  857.729924][   T30] audit: type=1326 audit(1762378744.908:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  858.343382][ T5907] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  858.410548][   T30] audit: type=1326 audit(1762378744.918:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  858.433761][   T30] audit: type=1326 audit(1762378744.918:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  858.456629][   T30] audit: type=1326 audit(1762378744.928:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  858.479593][   T30] audit: type=1326 audit(1762378744.928:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  858.535015][ T5907] usb 1-1: device descriptor read/64, error -71
[  858.544047][T13711] loop1: detected capacity change from 0 to 256
[  858.586803][   T30] audit: type=1326 audit(1762378744.988:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  858.609504][  T978] usb 4-1: USB disconnect, device number 32
[  858.674079][ T5825] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  858.690152][  T978] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0
[  858.720796][T13719] loop6: detected capacity change from 0 to 1024
[  858.752699][   T30] audit: type=1326 audit(1762378744.988:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  858.778484][  T978] cyberjack 4-1:0.69: device disconnected
[  858.785138][ T5907] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  858.857535][T13711] FAT-fs (loop1): Directory bread(block 64) failed
[  858.878612][T13711] FAT-fs (loop1): Directory bread(block 65) failed
[  858.891488][T13721] kernel read not supported for file / 
  (pid: 13721 comm: syz.6.2102)
[  858.912581][T13711] FAT-fs (loop1): Directory bread(block 66) failed
[  858.919351][T13711] FAT-fs (loop1): Directory bread(block 67) failed
[  858.926904][T13711] FAT-fs (loop1): Directory bread(block 68) failed
[  858.933504][T13711] FAT-fs (loop1): Directory bread(block 69) failed
[  858.957188][   T30] audit: type=1326 audit(1762378745.078:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  858.988100][T13711] FAT-fs (loop1): Directory bread(block 70) failed
[  858.997377][T13711] FAT-fs (loop1): Directory bread(block 71) failed
[  859.011754][T13711] FAT-fs (loop1): Directory bread(block 72) failed
[  859.018827][T13711] FAT-fs (loop1): Directory bread(block 73) failed
[  859.025611][ T5907] usb 1-1: device descriptor read/64, error -71
[  859.057959][   T30] audit: type=1326 audit(1762378745.178:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  859.107565][T13723] netlink: 'syz.5.2103': attribute type 15 has an invalid length.
[  859.219204][ T5907] usb usb1-port1: attempt power cycle
[  859.285817][   T30] audit: type=1326 audit(1762378745.218:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13690 comm="syz.3.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd35758f6c9 code=0x7ffc0000
[  859.308332][    C0] vkms_vblank_simulate: vblank timer overrun
[  859.495085][  T978] usb 2-1: new high-speed USB device number 29 using dummy_hcd
[  859.594990][ T5907] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  859.630235][ T5907] usb 1-1: device descriptor read/8, error -71
[  859.643427][   T12] hfsplus: b-tree write err: -5, ino 4
[  859.651829][  T978] usb 2-1: device descriptor read/64, error -71
[  860.075448][ T5907] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  860.525235][  T978] usb 2-1: new high-speed USB device number 30 using dummy_hcd
[  861.209293][ T5907] usb 1-1: device descriptor read/8, error -71
[  861.249144][T13732] tipc: Started in network mode
[  861.254141][T13732] tipc: Node identity ee19692201c4, cluster identity 4711
[  861.261628][T13732] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  861.269487][T13732] syzkaller0: entered promiscuous mode
[  861.275205][T13732] syzkaller0: entered allmulticast mode
[  861.286568][T13732] tipc: Resetting bearer <eth:syzkaller0>
[  861.356337][ T5907] usb usb1-port1: unable to enumerate USB device
[  861.376019][T13731] tipc: Resetting bearer <eth:syzkaller0>
[  861.501537][T13734] tmpfs: Bad value for 'huge'
[  861.512147][T13731] tipc: Disabling bearer <eth:syzkaller0>
[  861.560960][T13736] loop5: detected capacity change from 0 to 512
[  861.613299][T13736] EXT4-fs: Ignoring removed nobh option
[  861.746709][T13736] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  861.786744][T13736] ext4 filesystem being mounted at /361/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  861.841933][T13745] fuse: Bad value for 'fd'
[  861.848760][T13745] fuse: Bad value for 'fd'
[  861.855112][T13745] fuse: Bad value for 'fd'
[  861.860162][T13745] fuse: Bad value for 'fd'
[  861.866857][T13745] fuse: Bad value for 'fd'
[  861.873499][T13745] fuse: Bad value for 'fd'
[  861.880059][T13745] fuse: Bad value for 'fd'
[  861.944167][T13736] EXT4-fs error (device loop5): ext4_xattr_block_get:597: inode #15: comm syz.5.2107: corrupted xattr block 33: bad e_name length
[  861.973322][T13745] fuse: Bad value for 'fd'
[  861.995476][T13745] fuse: Bad value for 'fd'
[  862.044541][T13745] fuse: Bad value for 'fd'
[  862.080501][T13745] fuse: Bad value for 'fd'
[  862.162008][T13745] fuse: Bad value for 'fd'
[  862.222177][T13745] fuse: Bad value for 'fd'
[  862.319911][T13745] fuse: Bad value for 'fd'
[  862.504728][T13745] fuse: Bad value for 'fd'
[  862.613934][T13745] fuse: Bad value for 'fd'
[  862.775048][T13752] loop6: detected capacity change from 0 to 512
[  862.782412][T13752] EXT4-fs: Ignoring removed bh option
[  862.812674][T13754] loop1: detected capacity change from 0 to 2048
[  862.837103][T13736] EXT4-fs error (device loop5): ext4_get_inode_usage:888: inode #15: comm syz.5.2107: corrupted xattr block 33: bad e_name length
[  862.876874][T13752] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  862.905439][T13754] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  862.936004][T13754] NILFS (loop1): mounting unchecked fs
[  862.968012][T13752] EXT4-fs (loop6): 1 truncate cleaned up
[  862.976849][T13751] EXT4-fs error (device loop5): ext4_xattr_block_get:597: inode #15: comm syz.5.2107: corrupted xattr block 33: bad e_name length
[  863.004958][T13736] EXT4-fs error (device loop5): ext4_xattr_block_find:1874: inode #15: comm syz.5.2107: corrupted xattr block 33: bad e_name length
[  863.032965][T13752] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  863.212738][T13754] NILFS (loop1): recovery complete
[  863.278278][T13766] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  863.499321][T13768] netlink: 'syz.4.2116': attribute type 15 has an invalid length.
[  864.149356][ T5825] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  864.269603][T13778] loop0: detected capacity change from 0 to 1024
[  864.292258][T13778] EXT4-fs: Ignoring removed nobh option
[  864.302875][T13778] EXT4-fs: Ignoring removed bh option
[  864.324962][T13778] EXT4-fs (loop0): can't mount with journal_async_commit, fs mounted w/o journal
[  864.424986][  T979] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  864.474784][T13778] netlink: 'syz.0.2117': attribute type 1 has an invalid length.
[  864.519309][T13778] netlink: 'syz.0.2117': attribute type 2 has an invalid length.
[  864.562552][T13781] loop5: detected capacity change from 0 to 2048
[  864.607885][  T979] usb 5-1: Using ep0 maxpacket: 8
[  864.668536][T13781] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  864.690746][  T979] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  864.721692][  T979] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  864.752757][T13781] NILFS (loop5): mounting unchecked fs
[  864.782475][  T979] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=4f.c8
[  865.527041][T13781] NILFS (loop5): recovery complete
[  865.625038][  T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  865.645741][  T979] usb 5-1: Product: syz
[  865.650049][  T979] usb 5-1: Manufacturer: syz
[  865.654893][  T979] usb 5-1: SerialNumber: syz
[  865.666837][T13791] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2122'.
[  865.744368][T13792] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2122'.
[  865.805641][  T979] usb 5-1: config 0 descriptor??
[  865.814986][T13793] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  866.175831][T13797] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  866.865525][T13799] tipc: Started in network mode
[  866.870829][T13799] tipc: Node identity 36c105eda965, cluster identity 4711
[  866.879989][T13799] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  866.888094][T13799] syzkaller0: entered promiscuous mode
[  866.893566][T13799] syzkaller0: entered allmulticast mode
[  866.996488][T13802] loop0: detected capacity change from 0 to 128
[  867.025928][T13802] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  867.043262][T13802] hpfs: filesystem error: improperly stopped
[  867.112943][T13802] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  867.152401][T13799] tipc: Resetting bearer <eth:syzkaller0>
[  867.311011][T13802] hpfs: You really don't want any checks? You are crazy...
[  867.366999][T13798] tipc: Resetting bearer <eth:syzkaller0>
[  867.390426][ T5907] usb 5-1: USB disconnect, device number 30
[  867.425194][T13802] hpfs: hpfs_map_sector(): read error
[  867.533716][T13802] hpfs: code page support is disabled
[  867.655870][T13802] ==================================================================
[  867.664009][T13802] BUG: KASAN: use-after-free in strcmp+0x6f/0xc0
[  867.670467][T13802] Read of size 1 at addr ffff8880451ae8a6 by task syz.0.2125/13802
[  867.678542][T13802] 
[  867.680880][T13802] CPU: 1 UID: 0 PID: 13802 Comm: syz.0.2125 Not tainted syzkaller #0 PREEMPT(full) 
[  867.680915][T13802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  867.680932][T13802] Call Trace:
[  867.680946][T13802]  <TASK>
[  867.680959][T13802]  dump_stack_lvl+0x189/0x250
[  867.681000][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681032][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681063][T13802]  ? __kasan_check_byte+0x12/0x40
[  867.681089][T13802]  ? __pfx_dump_stack_lvl+0x10/0x10
[  867.681124][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681154][T13802]  ? rcu_is_watching+0x15/0xb0
[  867.681217][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681247][T13802]  ? lock_release+0x4b/0x3e0
[  867.681277][T13802]  ? __virt_addr_valid+0x1c8/0x5c0
[  867.681315][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681345][T13802]  ? __virt_addr_valid+0x4a5/0x5c0
[  867.681384][T13802]  print_report+0xca/0x240
[  867.681417][T13802]  ? strcmp+0x6f/0xc0
[  867.681453][T13802]  kasan_report+0x118/0x150
[  867.681481][T13802]  ? strcmp+0x6f/0xc0
[  867.681523][T13802]  strcmp+0x6f/0xc0
[  867.681561][T13802]  hpfs_get_ea+0x114/0xdb0
[  867.681604][T13802]  ? __pfx_hpfs_get_ea+0x10/0x10
[  867.681636][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681674][T13802]  ? rcu_is_watching+0x15/0xb0
[  867.681704][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681734][T13802]  ? trace_irq_disable+0x37/0x110
[  867.681759][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681790][T13802]  ? preempt_schedule_irq+0xde/0x150
[  867.681824][T13802]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  867.681865][T13802]  ? irqentry_exit+0x74/0x90
[  867.681900][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.681930][T13802]  ? lockdep_hardirqs_on+0x9c/0x150
[  867.681965][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682002][T13802]  ? hpfs_read_inode+0x174/0x1010
[  867.682045][T13802]  hpfs_read_inode+0x19d/0x1010
[  867.682087][T13802]  ? __pfx_hpfs_read_inode+0x10/0x10
[  867.682121][T13802]  ? inode_set_ctime_to_ts+0x126/0x2f0
[  867.682156][T13802]  ? __pfx_inode_set_ctime_to_ts+0x10/0x10
[  867.682194][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682227][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682257][T13802]  ? hpfs_init_inode+0x216/0x350
[  867.682295][T13802]  hpfs_fill_super+0x129d/0x2040
[  867.682337][T13802]  ? __pfx_hpfs_fill_super+0x10/0x10
[  867.682364][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682395][T13802]  ? set_blocksize+0x21e/0x500
[  867.682433][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682467][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682498][T13802]  ? sb_set_blocksize+0x104/0x180
[  867.682537][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682567][T13802]  ? setup_bdev_super+0x4c1/0x5b0
[  867.682609][T13802]  get_tree_bdev_flags+0x40e/0x4d0
[  867.682654][T13802]  ? __pfx_hpfs_fill_super+0x10/0x10
[  867.682679][T13802]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  867.682719][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682752][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682786][T13802]  vfs_get_tree+0x92/0x2b0
[  867.682826][T13802]  do_new_mount+0x302/0xa10
[  867.682866][T13802]  ? apparmor_capable+0x137/0x1b0
[  867.682899][T13802]  ? __pfx_do_new_mount+0x10/0x10
[  867.682939][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.682969][T13802]  ? ns_capable+0x8a/0xf0
[  867.682999][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.683030][T13802]  ? kmem_cache_free+0x19b/0x690
[  867.683078][T13802]  __se_sys_mount+0x313/0x410
[  867.683107][T13802]  ? __pfx___se_sys_mount+0x10/0x10
[  867.683133][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.683163][T13802]  ? __x64_sys_mount+0x20/0xc0
[  867.683188][T13802]  do_syscall_64+0xfa/0xfa0
[  867.683224][T13802]  ? lockdep_hardirqs_on+0x9c/0x150
[  867.683259][T13802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  867.683284][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  867.683314][T13802]  ? exc_page_fault+0xab/0x100
[  867.683350][T13802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  867.683377][T13802] RIP: 0033:0x7f9104f90e6a
[  867.683399][T13802] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  867.683423][T13802] RSP: 002b:00007f9105da3e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  867.683450][T13802] RAX: ffffffffffffffda RBX: 00007f9105da3ef0 RCX: 00007f9104f90e6a
[  867.683470][T13802] RDX: 000020000000a000 RSI: 0000200000009ec0 RDI: 00007f9105da3eb0
[  867.683490][T13802] RBP: 000020000000a000 R08: 00007f9105da3ef0 R09: 0000000003200041
[  867.683509][T13802] R10: 0000000003200041 R11: 0000000000000246 R12: 0000200000009ec0
[  867.683527][T13802] R13: 00007f9105da3eb0 R14: 0000000000009e28 R15: 00002000000002c0
[  867.683559][T13802]  </TASK>
[  867.683569][T13802] 
[  868.148524][T13802] The buggy address belongs to the physical page:
[  868.155111][T13802] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x34 pfn:0x451ae
[  868.163973][T13802] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  868.171370][T13802] raw: 00fff00000000000 dead000000000100 dead000000000122 0000000000000000
[  868.179966][T13802] raw: 0000000000000034 0000000000000000 00000000ffffffff 0000000000000000
[  868.188544][T13802] page dumped because: kasan: bad access detected
[  868.194953][T13802] page_owner tracks the page as freed
[  868.200313][T13802] page last allocated via order 0, migratetype Movable, gfp_mask 0x140cca(GFP_HIGHUSER_MOVABLE|__GFP_COMP), pid 13584, tgid 13583 (syz.1.2064), ts 847331212814, free_ts 848020013215
[  868.218210][T13802]  post_alloc_hook+0x240/0x2a0
[  868.222994][T13802]  get_page_from_freelist+0x2365/0x2440
[  868.228538][T13802]  __alloc_frozen_pages_noprof+0x181/0x370
[  868.234342][T13802]  alloc_pages_mpol+0x232/0x4a0
[  868.239191][T13802]  folio_alloc_mpol_noprof+0x39/0x70
[  868.244479][T13802]  shmem_alloc_and_add_folio+0x447/0xf60
[  868.250115][T13802]  shmem_get_folio_gfp+0x59d/0x1660
[  868.255320][T13802]  shmem_fault+0x179/0x390
[  868.259748][T13802]  __do_fault+0x138/0x390
[  868.264076][T13802]  __handle_mm_fault+0x35e3/0x5400
[  868.269236][T13802]  handle_mm_fault+0x40a/0x8e0
[  868.274076][T13802]  __get_user_pages+0x165c/0x2a00
[  868.279107][T13802]  populate_vma_page_range+0x29f/0x3a0
[  868.284574][T13802]  __mm_populate+0x24c/0x380
[  868.289170][T13802]  vm_mmap_pgoff+0x387/0x4d0
[  868.293766][T13802]  do_syscall_64+0xfa/0xfa0
[  868.298281][T13802] page last free pid 13597 tgid 13583 stack trace:
[  868.304772][T13802]  free_unref_folios+0xdb3/0x14f0
[  868.309810][T13802]  folios_put_refs+0x584/0x670
[  868.314590][T13802]  shmem_undo_range+0x49e/0x14b0
[  868.319532][T13802]  shmem_evict_inode+0x272/0xa70
[  868.324473][T13802]  evict+0x504/0x9c0
[  868.328387][T13802]  __dentry_kill+0x209/0x660
[  868.332985][T13802]  dput+0x19f/0x2b0
[  868.336793][T13802]  __fput+0x68e/0xa70
[  868.340778][T13802]  task_work_run+0x1d4/0x260
[  868.345377][T13802]  do_exit+0x6b5/0x2300
[  868.349624][T13802]  do_group_exit+0x21c/0x2d0
[  868.354220][T13802]  get_signal+0x1285/0x1340
[  868.358724][T13802]  arch_do_signal_or_restart+0xa0/0x790
[  868.364287][T13802]  exit_to_user_mode_loop+0x72/0x130
[  868.369574][T13802]  do_syscall_64+0x2bd/0xfa0
[  868.374266][T13802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.380159][T13802] 
[  868.382476][T13802] Memory state around the buggy address:
[  868.388100][T13802]  ffff8880451ae780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  868.396162][T13802]  ffff8880451ae800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  868.404223][T13802] >ffff8880451ae880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  868.412276][T13802]                                ^
[  868.417378][T13802]  ffff8880451ae900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  868.425442][T13802]  ffff8880451ae980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[  868.433496][T13802] ==================================================================
[  868.585037][T13802] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  868.592376][T13802] CPU: 0 UID: 0 PID: 13802 Comm: syz.0.2125 Not tainted syzkaller #0 PREEMPT(full) 
[  868.601750][T13802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  868.611808][T13802] Call Trace:
[  868.615174][T13802]  <TASK>
[  868.618190][T13802]  dump_stack_lvl+0x99/0x250
[  868.622873][T13802]  ? __asan_memcpy+0x40/0x70
[  868.627477][T13802]  ? __pfx_dump_stack_lvl+0x10/0x10
[  868.632681][T13802]  ? __pfx__printk+0x10/0x10
[  868.637278][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.642917][T13802]  vpanic+0x237/0x6d0
[  868.646915][T13802]  ? __pfx_vpanic+0x10/0x10
[  868.651421][T13802]  ? preempt_schedule_common+0x83/0xd0
[  868.656887][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.662513][T13802]  ? preempt_schedule+0xae/0xc0
[  868.667365][T13802]  panic+0xb9/0xc0
[  868.671098][T13802]  ? __pfx_panic+0x10/0x10
[  868.675525][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.681164][T13802]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  868.687603][T13802]  ? strcmp+0x6f/0xc0
[  868.691594][T13802]  check_panic_on_warn+0x89/0xb0
[  868.696532][T13802]  ? strcmp+0x6f/0xc0
[  868.700516][T13802]  end_report+0x78/0x160
[  868.704928][T13802]  kasan_report+0x129/0x150
[  868.709423][T13802]  ? strcmp+0x6f/0xc0
[  868.713408][T13802]  strcmp+0x6f/0xc0
[  868.717218][T13802]  hpfs_get_ea+0x114/0xdb0
[  868.721668][T13802]  ? __pfx_hpfs_get_ea+0x10/0x10
[  868.726610][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.732269][T13802]  ? rcu_is_watching+0x15/0xb0
[  868.737030][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.742663][T13802]  ? trace_irq_disable+0x37/0x110
[  868.747684][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.753316][T13802]  ? preempt_schedule_irq+0xde/0x150
[  868.758612][T13802]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  868.764519][T13802]  ? irqentry_exit+0x74/0x90
[  868.769170][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.774806][T13802]  ? lockdep_hardirqs_on+0x9c/0x150
[  868.780012][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.785649][T13802]  ? hpfs_read_inode+0x174/0x1010
[  868.790685][T13802]  hpfs_read_inode+0x19d/0x1010
[  868.795541][T13802]  ? __pfx_hpfs_read_inode+0x10/0x10
[  868.800827][T13802]  ? inode_set_ctime_to_ts+0x126/0x2f0
[  868.806283][T13802]  ? __pfx_inode_set_ctime_to_ts+0x10/0x10
[  868.812095][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.817761][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.823405][T13802]  ? hpfs_init_inode+0x216/0x350
[  868.828349][T13802]  hpfs_fill_super+0x129d/0x2040
[  868.833295][T13802]  ? __pfx_hpfs_fill_super+0x10/0x10
[  868.838577][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.844217][T13802]  ? set_blocksize+0x21e/0x500
[  868.848994][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.854803][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.860485][T13802]  ? sb_set_blocksize+0x104/0x180
[  868.865549][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.871269][T13802]  ? setup_bdev_super+0x4c1/0x5b0
[  868.876297][T13802]  get_tree_bdev_flags+0x40e/0x4d0
[  868.881424][T13802]  ? __pfx_hpfs_fill_super+0x10/0x10
[  868.886792][T13802]  ? __pfx_get_tree_bdev_flags+0x10/0x10
[  868.892428][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.898059][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.903776][T13802]  vfs_get_tree+0x92/0x2b0
[  868.908207][T13802]  do_new_mount+0x302/0xa10
[  868.912719][T13802]  ? apparmor_capable+0x137/0x1b0
[  868.917739][T13802]  ? __pfx_do_new_mount+0x10/0x10
[  868.922764][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.928392][T13802]  ? ns_capable+0x8a/0xf0
[  868.932724][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.938355][T13802]  ? kmem_cache_free+0x19b/0x690
[  868.943302][T13802]  __se_sys_mount+0x313/0x410
[  868.947974][T13802]  ? __pfx___se_sys_mount+0x10/0x10
[  868.953173][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.958804][T13802]  ? __x64_sys_mount+0x20/0xc0
[  868.963653][T13802]  do_syscall_64+0xfa/0xfa0
[  868.968167][T13802]  ? lockdep_hardirqs_on+0x9c/0x150
[  868.973374][T13802]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.979467][T13802]  ? srso_alias_return_thunk+0x5/0xfbef5
[  868.985109][T13802]  ? exc_page_fault+0xab/0x100
[  868.989878][T13802]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  868.995771][T13802] RIP: 0033:0x7f9104f90e6a
[  869.000182][T13802] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  869.019869][T13802] RSP: 002b:00007f9105da3e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  869.028292][T13802] RAX: ffffffffffffffda RBX: 00007f9105da3ef0 RCX: 00007f9104f90e6a
[  869.036261][T13802] RDX: 000020000000a000 RSI: 0000200000009ec0 RDI: 00007f9105da3eb0
[  869.044230][T13802] RBP: 000020000000a000 R08: 00007f9105da3ef0 R09: 0000000003200041
[  869.052718][T13802] R10: 0000000003200041 R11: 0000000000000246 R12: 0000200000009ec0
[  869.060684][T13802] R13: 00007f9105da3eb0 R14: 0000000000009e28 R15: 00002000000002c0
[  869.068667][T13802]  </TASK>
[  869.071947][T13802] Kernel Offset: disabled
[  869.076292][T13802] Rebooting in 86400 seconds..