last executing test programs:

29.86424123s ago: executing program 2 (id=980):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x7)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40046104, &(0x7f0000000640)={{}, 0xdc})
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[@ANYBLOB="200000001114010000070000000000000847df99a572808861dfce6d01e18b7c04b7e9bce5bf94a44dbfffa805eb05ffbfe4d58ff42ad1f14c817988292200bcb4bbd36ed68f5cb4ba3b7f43204103b6a3504469a4d6f98b6ed72619ed915c7e5b96754d2a25ab4172ca947cd3969973de4a3e245e93feaabaddee61bc97a83730890a91822f79650c62cef43e60ce38966f105d208f3d492cb53ecacf02e5ef87843e58b73f4b4adf1bd015d2a0", @ANYRES8=r1], 0x20}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100000}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="15"], 0x6)

29.594041595s ago: executing program 2 (id=981):
r0 = io_uring_setup(0x669, &(0x7f0000007940))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup(r2)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3)
dup3(0xffffffffffffffff, r3, 0x0)
r4 = dup3(r2, r1, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x13)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246)
pwritev(r5, &(0x7f0000000080)=[{&(0x7f0000000100)="b750", 0x2}, {&(0x7f0000000280)="8d6d", 0x2}, {&(0x7f0000000340)}], 0x3, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

29.344820237s ago: executing program 2 (id=984):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

24.284630975s ago: executing program 2 (id=999):
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB], 0x22)
capset(&(0x7f0000000100), 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd1, 0x0, 0x0)

23.807849164s ago: executing program 2 (id=1002):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f0000000000)={0x1c, r1, 0x135, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0)

23.369258304s ago: executing program 2 (id=1006):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x7)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40046104, &(0x7f0000000640)={{}, 0xdc})
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[@ANYBLOB="200000001114010000070000000000000847df99a572808861dfce6d01e18b7c04b7e9bce5bf94a44dbfffa805eb05ffbfe4d58ff42ad1f14c817988292200bcb4bbd36ed68f5cb4ba3b7f43204103b6a3504469a4d6f98b6ed72619ed915c7e5b96754d2a25ab4172ca947cd3969973de4a3e245e93feaabaddee61bc97a83730890a91822f79650c62cef43e60ce38966f105d208f3d492cb53ecacf02e5ef87843e58b73f4b4adf1bd015d2a0", @ANYRES8=r1], 0x20}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100000}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="15"], 0x6)

13.36054455s ago: executing program 4 (id=1031):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x65, 0x38, 0x67]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
write$snapshot(r0, &(0x7f000001fa40)="14", 0x1)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, &(0x7f00000000c0)=0x10000, 0x6, 0x0)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x7c00, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)

11.720755974s ago: executing program 5 (id=1038):
r0 = io_uring_setup(0x79af, &(0x7f0000001240))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000004c0)={0x0, 0x1, '\x00', [@pad1, @generic={0x0, 0x3, "e73cf3"}]}, 0x10)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000080)='D', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

10.49589741s ago: executing program 5 (id=1041):
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04"], 0x22)
capset(&(0x7f0000000100), 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd1, 0x0, 0x0)

10.113380399s ago: executing program 5 (id=1042):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SENDCALLACCPT(r0, 0x89e9)
ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000080)={'veth0_macvtap\x00', {0x2, 0x0, @loopback}})
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r1, 0x11, 0x65, &(0x7f00000000c0)=0x6, 0x4)
socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="54030000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYBLOB="360333008000000008021100000108021100000150505050505000000000000000000000000000000100030100058c0000009af6da3eccb31dfdb01e6e7177c98c64430a038b1a5dfa035ea7a9381b60d5573f7a471f2255656c6fda4f9fe2a1cefb7e307f95a05deb88da8d6767435855a59a04759977ef1cf00cf302f452d67e80c72e836d0cfcfd95ca366d0e284f1c03058e40a2283bb06b723df5c6eef98646cae544fd4eebdf5effc6f1ba5debee4b327b120000000000003c04000000007606000000000000ddb731851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc8887e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca05000000000000000a5d5addb3184fec9543e41f70eb1bcd9a87da54ab8f09ec2f4b39e15dca2e549f43749fdc5d2150d9349f08894e39ac26f6ddba1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd484826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335dd25523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366dd120941a0e096d40b7d3b60bec79aa8aaa3f566dd3f7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc62b9e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2edd0b0da71e815422994325dfecdd6530d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cefe477c38a52b4fb790de3ab2c08eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873e92979e62ab34d31a748ae171a86d656075c5a8c88eaba15cdd064f3fef835ea800000038d3b6030000009aab386eddcd74bd0a990a74a32d0520cef4e20037fc14fd1be83b638c04110b784e2038855bc69f536c27031736aac99c9f93b5a8ee8926e1ea777abd21b8a1485c4c183ccbc6c2271c7ccb2c6e47f349ebe91e6d059bab96f492ebb063e42581243ea1fae5d0ba5b9ca3c22b79283b4b3fe917653f57a4e800ffc69b72b1b3040df623f827422445a6f5490f1701e33a2e67a86bf0ee69818665d790e2809fa0923f643492"], 0x354}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x8020, 0x0, 0x0, {0x2}})
r5 = memfd_secret(0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(r6, 0x0, r5)
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, &(0x7f0000000000))
socket$caif_stream(0x25, 0x1, 0x1000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x800, 0xfffffffb)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="196dfccb73d4054326cd1fd9e2d7a80324741a492757daf6068dba5231127a9ff036ea71584437def515a00720e3a534", @ANYRES32=r10, @ANYBLOB="0800050003000000"], 0x24}}, 0x0)

9.632609501s ago: executing program 4 (id=1043):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioperm(0x0, 0x3d, 0x80000000001f)
msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1c"], 0xb, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000001880)={'wg1\x00'})
syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
write$binfmt_elf64(r1, 0x0, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257035bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000006000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf528666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebdb638d91dbef661935839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dc7718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r3 = getpid()
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x309, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r5}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_FLAGS={0x6}}]}, 0x38}}, 0x0)
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000540)=""/91, 0x5b}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640), 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2000007, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x2e00, 0x4000000}, 0x28)
getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="48000000100005f7000000000000000000000002", @ANYRES32=r7, @ANYBLOB="b100000000000000280012000c00010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x2404c051}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff000, 0x66, 0x5, 0x1}, 0x48)
r8 = syz_open_procfs(0x0, &(0x7f00000005c0)='net/ip6_mr_cache\x00')
read$FUSE(r8, &(0x7f0000002280)={0x2020}, 0x2020)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYRES32], 0x20}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffffffffffcf0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
socket$inet6(0xa, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)

5.819841066s ago: executing program 5 (id=1053):
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04"], 0x22)
capset(&(0x7f0000000100), 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd1, 0x0, 0x0)

5.787763932s ago: executing program 4 (id=1054):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@autodefrag}, {@user_subvol_rm}, {@max_inline={'max_inline', 0x3d, [0x6d, 0x33, 0x78, 0x65, 0x38, 0x67]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
write$snapshot(r0, &(0x7f000001fa40)="14", 0x1)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0)
copy_file_range(r1, 0x0, r0, &(0x7f00000000c0)=0x10000, 0x6, 0x0)
r2 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r2, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x7c00, 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
write$rfkill(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)

5.786754628s ago: executing program 3 (id=1055):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = openat$binderfs(0xffffff9c, &(0x7f0000000340)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x2)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000240)={0x1d, r4}, 0x18)
connect$can_j1939(r3, &(0x7f0000000280)={0x1d, r4}, 0x18)
sendmmsg(r3, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff06, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x1050)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)

5.660854452s ago: executing program 5 (id=1056):
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r2}, 0x10)
rt_sigprocmask(0x0, &(0x7f000078b000)={[0xfffffffffffffffd]}, 0x0, 0x8)
fsetxattr(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

4.974324013s ago: executing program 0 (id=1057):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000540), 0x4260, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000300)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[r2, 0x0], 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x0, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)

4.585430701s ago: executing program 1 (id=1058):
socket$packet(0x11, 0x2, 0x300)
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000080)=0xf3e, 0x62)
r1 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
r4 = socket(0x10, 0x803, 0x0)
sendto(r4, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r4, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/110, 0x188}, {&(0x7f0000000280)=""/85, 0x53}, {&(0x7f0000000fc0)=""/4096, 0x503}, {&(0x7f0000000400)=""/106, 0x14}, {&(0x7f0000000740)=""/73, 0x60}, {&(0x7f0000000200)=""/77, 0x630}, {&(0x7f00000007c0)=""/154, 0x4a}, {&(0x7f0000000100)=""/16, 0x158}], 0x8, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})
syz_io_uring_submit(r2, r3, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000000)=""/4, 0x4}], 0x27})
io_uring_enter(r1, 0x567, 0x0, 0x0, 0x0, 0x0)

3.932743051s ago: executing program 1 (id=1059):
r0 = io_uring_setup(0x669, &(0x7f0000007940))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"})
r2 = syz_open_pts(r1, 0x0)
r3 = dup(r2)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f00000000c0)=0x3)
dup3(r1, r3, 0x0)
r4 = dup3(0xffffffffffffffff, r1, 0x0)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000000)=0x13)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0)
ioctl$EVIOCGPROP(r5, 0x40047438, &(0x7f0000000180)=""/246)
pwritev(r5, &(0x7f0000000080)=[{&(0x7f0000000100)="b750", 0x2}, {&(0x7f0000000280)="8d6d", 0x2}, {&(0x7f0000000340)}], 0x3, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3.750619743s ago: executing program 3 (id=1060):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40046104, &(0x7f0000000640)={{}, 0xdc})
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[@ANYBLOB="200000001114010000070000000000000847df99a572808861dfce6d01e18b7c04b7e9bce5bf94a44dbfffa805eb05ffbfe4d58ff42ad1f14c817988292200bcb4bbd36ed68f5cb4ba3b7f43204103b6a3504469a4d6f98b6ed72619ed915c7e5b96754d2a25ab4172ca947cd3969973de4a3e245e93feaabaddee61bc97a83730890a91822f79650c62cef43e60ce38966f105d208f3d492cb53ecacf02e5ef87843e58b73f4b4adf1bd015d2a0", @ANYRES8=r1], 0x20}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100000}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="15"], 0x6)

3.563466903s ago: executing program 0 (id=1061):
r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141142, 0x0)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x12, r0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000500), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000140)={'pimreg0\x00', 0x212})
ioctl$TUNSETTXFILTER(r1, 0x400454d1, &(0x7f0000000240)=ANY=[@ANYBLOB="00020709"])

3.547212433s ago: executing program 1 (id=1062):
setsockopt$packet_tx_ring(0xffffffffffffffff, 0x107, 0xd, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r1, 0x1, 0x70bd2c, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}]}, 0x3c}}, 0x0)

2.644929762s ago: executing program 1 (id=1063):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f0000000000)={0x20, r1, 0x135, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x4}]}, 0x20}}, 0x0)

2.616128248s ago: executing program 3 (id=1064):
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SENDCALLACCPT(r0, 0x89e9)
ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000080)={'veth0_macvtap\x00', {0x2, 0x0, @loopback}})
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r1, 0x11, 0x65, &(0x7f00000000c0)=0x6, 0x4)
socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'})
sendmsg$NL80211_CMD_FRAME(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="54030000", @ANYRES16=r4, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32, @ANYBLOB="360333008000000008021100000108021100000150505050505000000000000000000000000000000100030100058c0000009af6da3eccb31dfdb01e6e7177c98c64430a038b1a5dfa035ea7a9381b60d5573f7a471f2255656c6fda4f9fe2a1cefb7e307f95a05deb88da8d6767435855a59a04759977ef1cf00cf302f452d67e80c72e836d0cfcfd95ca366d0e284f1c03058e40a2283bb06b723df5c6eef98646cae544fd4eebdf5effc6f1ba5debee4b327b120000000000003c04000000007606000000000000ddb731851c27f0515dccb7554d54162c7b9db37edff2415d5589b53027d4db2f9527a9858f2910b19c7737136d933c4cb8b186a2cb77d33dc186120309d0107aae1822ca939dc8887e8bcc0f1b2831ed25db982a9cd8fcd5160c5cdc0cbe25dce28dc9925779fc4799284de17406d9ac3b5e35515e37ca05000000000000000a5d5addb3184fec9543e41f70eb1bcd9a87da54ab8f09ec2f4b39e15dca2e549f43749fdc5d2150d9349f08894e39ac26f6ddba1cb11f4c9767b25df19d1cb86cc9f4059996ff0021375555251d74cf6f777d24ac2b13bbd9b9d6f27b608e3a58d27ba7b7e16a8e13f0d8f288fa3e9a5e6c9ba0bd7028c0866f7cec56d3c8963c4d6e991fbd1547b046152bed86b40dc529d6663ed96a2f54759ca9fd484826eaa5b022f53aa9fb6bffaa0370be496fc201cd5b33db589eb87730dee906175a89a626342c521f0b18b5cb5ed9de356bf155e503ca39d841b335dd25523a4aa23e4123ca5c555c2b2bf412911511b4b39a758f6e3a496d64414c19f01ba62cf366dd120941a0e096d40b7d3b60bec79aa8aaa3f566dd3f7b1f666daa2c5732ac642cd918aea5ee68d9287e589b7d5326dd3b2bfb9e3d1679ee7c57f9ddfe7cc62b9e25076e5fbf36bd5882a567a92f5c2ba4e5d1fe2edd0b0da71e815422994325dfecdd6530d8ac98fdedffdf2ad390d8c532101bdebf905f4f96a12b5400578c02f802cac6cefe477c38a52b4fb790de3ab2c08eed8f45baef37217a654a07159fd6efe9fc5a4effdb0327c0802a3a873e92979e62ab34d31a748ae171a86d656075c5a8c88eaba15cdd064f3fef835ea800000038d3b6030000009aab386eddcd74bd0a990a74a32d0520cef4e20037fc14fd1be83b638c04110b784e2038855bc69f536c27031736aac99c9f93b5a8ee8926e1ea777abd21b8a1485c4c183ccbc6c2271c7ccb2c6e47f349ebe91e6d059bab96f492ebb063e42581243ea1fae5d0ba5b9ca3c22b79283b4b3fe917653f57a4e800ffc69b72b1b3040df623f827422445a6f5490f1701e33a2e67a86bf0ee69818665d790e2809fa0923f643492"], 0x354}}, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x0, @fd, 0x0, 0x20000000, 0x8020, 0x0, 0x0, {0x2}})
r5 = memfd_secret(0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
r6 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
fcntl$dupfd(r6, 0x0, r5)
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x5393, &(0x7f0000000000))
socket$caif_stream(0x25, 0x1, 0x1000004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r7, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$tipc(0x1e, 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
socket$inet6(0xa, 0x800, 0xfffffffb)
socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="196dfccb73d4054326cd1fd9e2d7a80324741a492757daf6068dba5231127a9ff036ea71584437def515a00720e3a534", @ANYRES32=r10, @ANYBLOB="0800050003000000"], 0x24}}, 0x0)

2.255897466s ago: executing program 0 (id=1065):
r0 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14)
sendmsg$nl_route_sched(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000007400)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000010c0)=@newchain={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffef, 0xfff1}}}, 0x24}}, 0x0)

1.789345252s ago: executing program 1 (id=1066):
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioperm(0x0, 0x3d, 0x80000000001f)
msgsnd(0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="1c"], 0xb, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000001880)={'wg1\x00'})
syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
write$binfmt_elf64(r1, 0x0, 0x40)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257035bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000006000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf528666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebdb638d91dbef661935839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dc7718a09f4886afc26abba34635d0e8b598a51bc742135a6e1d33fe226c944bc76be40d435aa8b5202db761014b1b999a12df6bee431a6681"], &(0x7f0000000100)='GPL\x00'}, 0x48)
r3 = getpid()
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r5=>0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=@ipv6_newroute={0x38, 0x18, 0x309, 0x0, 0x0, {}, [@RTA_OIF={0x8, 0x4, r5}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0xc, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_FLAGS={0x6}}]}, 0x38}}, 0x0)
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000540)=""/91, 0x5b}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640), 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x2000007, 0xe, 0x55, &(0x7f0000000140)="a06ad876d56a0064d082778c3938", &(0x7f0000000380)=""/85, 0x2e00, 0x4000000}, 0x28)
getsockname$packet(r1, &(0x7f00000002c0)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="48000000100005f7000000000000000000000002", @ANYRES32=r7, @ANYBLOB="b100000000000000280012000c00010076657468"], 0x48}, 0x1, 0x0, 0x0, 0x2404c051}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff000, 0x66, 0x5, 0x1}, 0x48)
r8 = syz_open_procfs(0x0, &(0x7f00000005c0)='net/ip6_mr_cache\x00')
read$FUSE(r8, &(0x7f0000002280)={0x2020}, 0x2020)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=ANY=[@ANYRES32], 0x20}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0xfffffffffffffcf0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
fcntl$getown(0xffffffffffffffff, 0x9)
socket$inet6(0xa, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)

1.549354129s ago: executing program 4 (id=1067):
syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB="04"], 0x22)
capset(&(0x7f0000000100), 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
setsockopt$MRT_ADD_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd1, 0x0, 0x0)

1.548119107s ago: executing program 0 (id=1068):
r0 = io_uring_setup(0x79af, &(0x7f0000001240))
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, &(0x7f00000004c0)={0x0, 0x1, '\x00', [@pad1, @generic={0x0, 0x3, "e73cf3"}]}, 0x10)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r1, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r1, &(0x7f0000000080)='D', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.16873661s ago: executing program 3 (id=1069):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000080)={0x0, 0x3}, 0x10)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)

1.061938169s ago: executing program 4 (id=1070):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDENABIO(r0, 0x4b36)
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)

705.346881ms ago: executing program 4 (id=1071):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d000000670000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = openat$binderfs(0xffffff9c, &(0x7f0000000340)='./binderfs/binder1\x00', 0x800, 0x0)
mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x2)
r2 = getpid()
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000180)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000240)={0x1d, r4}, 0x18)
connect$can_j1939(r3, &(0x7f0000000280)={0x1d, r4}, 0x18)
sendmmsg(r3, &(0x7f00000038c0)=[{{0x0, 0x0, 0x0}}], 0x3ffffffffffff06, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x1050)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)

592.832183ms ago: executing program 3 (id=1072):
sched_setscheduler(0x0, 0x0, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xe795)
syz_emit_ethernet(0x4a, &(0x7f00000001c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "6cd341", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2}}}}}}}, 0x0)

516.853772ms ago: executing program 1 (id=1073):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000000000000004b64ffec850000006d00000067000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000540), 0x4260, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000300)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000080)={&(0x7f0000000000)=[r2, 0x0], 0x2})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = getpid()
process_vm_readv(r3, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x0, 0x7f, 0x1}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f00004b8fe4)={0xa, 0x0, 0x0, @loopback}, 0x1c)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002a000900000000000000000004b8fa2c82f5c68dc7b400882b04001a80715d2e7b9d37643fe8dd41d385efbf3a50e6bd7902661593eb14"], 0x18}, 0x1, 0x3000000}, 0x0)

485.591698ms ago: executing program 0 (id=1074):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDENABIO(r0, 0x4b36)
get_robust_list(0x0, 0x0, 0x0)

335.987192ms ago: executing program 5 (id=1075):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f00000003c0)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(0xffffffffffffffff, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$IOCTL_STOP_ACCEL_DEV(0xffffffffffffffff, 0x40046104, &(0x7f0000000640)={{}, 0xdc})
socket$inet6_sctp(0xa, 0x1, 0x84)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[@ANYBLOB="200000001114010000070000000000000847df99a572808861dfce6d01e18b7c04b7e9bce5bf94a44dbfffa805eb05ffbfe4d58ff42ad1f14c817988292200bcb4bbd36ed68f5cb4ba3b7f43204103b6a3504469a4d6f98b6ed72619ed915c7e5b96754d2a25ab4172ca947cd3969973de4a3e245e93feaabaddee61bc97a83730890a91822f79650c62cef43e60ce38966f105d208f3d492cb53ecacf02e5ef87843e58b73f4b4adf1bd015d2a0", @ANYRES8=r1], 0x20}}, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8100000}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[@ANYBLOB="15"], 0x6)

208.825128ms ago: executing program 3 (id=1076):
prctl$PR_SET_IO_FLUSHER(0x41, 0x3)
r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x0)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
r3 = pidfd_getfd(r2, r2, 0x0)
r4 = fcntl$dupfd(r0, 0x0, r3)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000f, 0x12, r4, 0x0)

0s ago: executing program 0 (id=1077):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f0000000000)={0x2c, r1, 0x135, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x74}]}]}]}, 0x2c}}, 0x0)

kernel console output (not intermixed with test programs):

.615'.
[  425.685201][ T8255] batman_adv: batadv0: Adding interface: batadv_slave_1
[  425.725198][ T8255] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  425.805438][ T8255] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  426.214016][ T8442] loop3: detected capacity change from 0 to 2048
[  426.276439][ T8442] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  426.369844][ T8439] netlink: 8 bytes leftover after parsing attributes in process `syz.3.620'.
[  426.416518][ T8255] hsr_slave_0: entered promiscuous mode
[  426.461010][ T8255] hsr_slave_1: entered promiscuous mode
[  426.490544][ T8255] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  426.519036][ T8255] Cannot create hsr debugfs directory
[  426.940911][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  426.973986][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  427.441832][ T1105] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  427.454510][ T8461] loop5: detected capacity change from 0 to 512
[  427.466096][ T1105] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  428.550015][   T29] kauditd_printk_skb: 37 callbacks suppressed
[  428.550068][   T29] audit: type=1326 audit(1721569062.717:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.121657][   T29] audit: type=1326 audit(1721569062.717:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.290420][   T29] audit: type=1326 audit(1721569062.737:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.309822][ T8468] dccp_xmit_packet: Payload too large (65475) for featneg.
[  429.371434][   T29] audit: type=1326 audit(1721569062.737:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.440944][ T5158] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  429.482615][   T29] audit: type=1326 audit(1721569062.747:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.522209][   T29] audit: type=1326 audit(1721569062.757:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.553456][   T29] audit: type=1326 audit(1721569062.757:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.647585][   T29] audit: type=1326 audit(1721569062.757:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.722908][ T5158] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  429.745794][ T5158] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  429.820778][   T29] audit: type=1326 audit(1721569062.767:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.843526][ T5158] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  429.881683][ T5158] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  429.921185][   T29] audit: type=1326 audit(1721569062.767:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8459 comm="syz.5.626" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  429.960331][ T5158] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  429.986976][ T5158] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  430.022365][ T5158] usb 5-1: Manufacturer: syz
[  430.092089][ T5158] usb 5-1: config 0 descriptor??
[  430.555284][ T5158] appleir 0003:05AC:8243.0011: unknown main item tag 0x0
[  430.630593][ T5158] appleir 0003:05AC:8243.0011: No inputs registered, leaving
[  430.701424][ T5158] appleir 0003:05AC:8243.0011: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0
[  431.100571][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  431.117482][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  431.130748][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  431.152021][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  431.170194][   T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  431.179679][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  431.408683][   T68] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.703389][ T8488] netlink: 52 bytes leftover after parsing attributes in process `syz.5.631'.
[  431.913507][   T68] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.185266][   T68] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.649924][ T5237] usb 5-1: USB disconnect, device number 11
[  432.863699][   T68] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  433.351947][ T5118] Bluetooth: hci1: command tx timeout
[  434.481289][   T55] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  434.498616][   T55] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  434.517423][   T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  434.530254][   T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  434.548839][   T55] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  434.558917][   T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  434.613370][ T8494] loop3: detected capacity change from 0 to 40427
[  434.631452][ T8494] F2FS-fs (loop3): Wrong NAT boundary, start(2560) end(462336) blocks(1024)
[  434.641060][ T8494] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  434.765562][ T8494] F2FS-fs (loop3): Found nat_bits in checkpoint
[  435.399452][ T5118] Bluetooth: hci1: command tx timeout
[  435.742114][ T8517] loop1: detected capacity change from 0 to 32768
[  435.778012][   T68] bridge_slave_1: left allmulticast mode
[  435.791132][   T68] bridge_slave_1: left promiscuous mode
[  435.797916][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[  435.821128][ T8517] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  435.858725][   T68] bridge_slave_0: left allmulticast mode
[  435.901222][   T68] bridge_slave_0: left promiscuous mode
[  435.910096][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[  436.028974][ T8517] XFS (loop1): Ending clean mount
[  436.141289][ T8517] XFS (loop1): Quotacheck needed: Please wait.
[  436.304003][ T8517] XFS (loop1): Quotacheck: Done.
[  436.386292][ T8545] dccp_xmit_packet: Payload too large (65475) for featneg.
[  436.497231][ T6841] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  436.600452][ T5118] Bluetooth: hci5: command tx timeout
[  437.478246][ T8549] loop1: detected capacity change from 0 to 256
[  437.485409][ T5118] Bluetooth: hci1: command tx timeout
[  437.650350][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  437.712010][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  437.783550][   T68] bond0 (unregistering): Released all slaves
[  437.845267][ T8255] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  438.075989][ T8255] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  438.215660][ T8555] loop1: detected capacity change from 0 to 256
[  438.373051][ T8555] FAT-fs (loop1): Directory bread(block 64) failed
[  438.380752][ T8555] FAT-fs (loop1): Directory bread(block 65) failed
[  438.388818][ T8555] FAT-fs (loop1): Directory bread(block 66) failed
[  438.407795][ T8482] chnl_net:caif_netlink_parms(): no params data found
[  438.412721][ T8555] FAT-fs (loop1): Directory bread(block 67) failed
[  438.433869][ T8555] FAT-fs (loop1): Directory bread(block 68) failed
[  438.461501][ T8555] FAT-fs (loop1): Directory bread(block 69) failed
[  438.464358][ T8255] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  438.477989][ T8555] FAT-fs (loop1): Directory bread(block 70) failed
[  438.505228][ T8255] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  438.512748][ T8555] FAT-fs (loop1): Directory bread(block 71) failed
[  438.530792][ T8555] FAT-fs (loop1): Directory bread(block 72) failed
[  438.537392][ T8555] FAT-fs (loop1): Directory bread(block 73) failed
[  438.681870][ T5118] Bluetooth: hci5: command tx timeout
[  439.564774][ T5118] Bluetooth: hci1: command tx timeout
[  439.711185][   T68] hsr_slave_0: left promiscuous mode
[  439.729003][   T68] hsr_slave_1: left promiscuous mode
[  439.763132][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  439.783977][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[  439.796832][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  439.838764][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[  439.917230][   T68] veth1_macvtap: left promiscuous mode
[  439.923222][   T68] veth0_macvtap: left promiscuous mode
[  439.929221][   T68] veth1_vlan: left promiscuous mode
[  439.936713][   T68] veth0_vlan: left promiscuous mode
[  440.207135][ T3597] kworker/u8:9: attempt to access beyond end of device
[  440.207135][ T3597] loop1: rw=1, sector=1224, nr_sectors = 4 limit=256
[  440.759343][ T5118] Bluetooth: hci5: command tx timeout
[  441.305126][ T8590] loop1: detected capacity change from 0 to 40427
[  441.324623][ T8590] F2FS-fs (loop1): Wrong NAT boundary, start(2560) end(462336) blocks(1024)
[  441.341915][ T8590] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  441.381291][ T8590] F2FS-fs (loop1): Found nat_bits in checkpoint
[  441.431551][   T68] team0 (unregistering): Port device team_slave_1 removed
[  441.518387][ T8590] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  441.528294][   T68] team0 (unregistering): Port device team_slave_0 removed
[  441.528446][ T8590] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  441.612006][ T6841] syz-executor: attempt to access beyond end of device
[  441.612006][ T6841] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  441.629946][ T6841] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  442.720207][ T8585] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[  442.839823][ T5118] Bluetooth: hci5: command tx timeout
[  442.907670][ T8482] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.916382][ T8482] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.923727][ T8482] bridge_slave_0: entered allmulticast mode
[  442.941844][ T8482] bridge_slave_0: entered promiscuous mode
[  442.976318][ T8518] chnl_net:caif_netlink_parms(): no params data found
[  443.042000][ T8482] bridge0: port 2(bridge_slave_1) entered blocking state
[  443.082919][ T8482] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.100251][ T8482] bridge_slave_1: entered allmulticast mode
[  443.124755][ T8482] bridge_slave_1: entered promiscuous mode
[  443.184073][ T5158] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  443.411731][ T5158] usb 4-1: Using ep0 maxpacket: 16
[  443.468583][ T5158] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[  443.518034][ T5158] usb 4-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[  443.537879][ T5158] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  443.600587][ T5158] usb 4-1: config 0 descriptor??
[  443.647601][ T8482] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  443.726162][ T8616] dccp_xmit_packet: Payload too large (65475) for featneg.
[  443.734428][ T8482] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  443.821860][ T8600] PKCS7: Unknown OID: [4] (bad)
[  443.829756][ T8600] PKCS7: Only support pkcs7_signedData type
[  443.849697][ T5118] Bluetooth: Wrong link type (-71)
[  443.856341][ T5118] Bluetooth: hci2: link tx timeout
[  443.862122][ T5118] Bluetooth: hci2: killing stalled connection 11:aa:aa:aa:aa:aa
[  443.933562][ T8600] netlink: 12 bytes leftover after parsing attributes in process `syz.3.654'.
[  444.117347][ T8600] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  444.148896][ T8482] team0: Port device team_slave_0 added
[  444.169139][ T8600] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  444.322311][ T8482] team0: Port device team_slave_1 added
[  444.360457][ T8518] bridge0: port 1(bridge_slave_0) entered blocking state
[  444.367834][ T8518] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.417871][ T8518] bridge_slave_0: entered allmulticast mode
[  444.454391][ T8518] bridge_slave_0: entered promiscuous mode
[  444.786365][ T8518] bridge0: port 2(bridge_slave_1) entered blocking state
[  444.806681][ T8518] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.848022][ T8518] bridge_slave_1: entered allmulticast mode
[  444.887741][ T8518] bridge_slave_1: entered promiscuous mode
[  445.018050][ T5158] usbhid 4-1:0.0: can't add hid device: -71
[  445.055002][ T5158] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  445.120150][ T5158] usb 4-1: USB disconnect, device number 10
[  445.158007][ T8482] batman_adv: batadv0: Adding interface: batadv_slave_0
[  445.203976][ T8482] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  445.305560][ T8482] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  445.517438][ T8482] batman_adv: batadv0: Adding interface: batadv_slave_1
[  445.545332][ T8482] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  445.607653][ T8482] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  445.655720][ T8518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  445.724337][ T8518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  445.881491][ T5118] Bluetooth: hci2: command 0x0406 tx timeout
[  446.120797][ T8255] 8021q: adding VLAN 0 to HW filter on device bond0
[  446.244225][   T68] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.395811][ T8518] team0: Port device team_slave_0 added
[  446.671520][ T8518] team0: Port device team_slave_1 added
[  446.848214][   T68] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.024497][ T8482] hsr_slave_0: entered promiscuous mode
[  447.103375][ T8482] hsr_slave_1: entered promiscuous mode
[  447.142324][ T8482] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  447.177501][ T8482] Cannot create hsr debugfs directory
[  447.368570][ T8255] 8021q: adding VLAN 0 to HW filter on device team0
[  447.514216][   T68] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  447.934542][ T8518] batman_adv: batadv0: Adding interface: batadv_slave_0
[  447.960032][ T8518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.059293][ T8518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  448.142361][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state
[  448.149698][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state
[  448.252182][   T68] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  448.535973][ T8518] batman_adv: batadv0: Adding interface: batadv_slave_1
[  448.552607][ T8518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  448.718849][ T8518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  448.885645][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state
[  448.893014][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  449.072087][ T8678] netlink: 'syz.3.666': attribute type 5 has an invalid length.
[  450.065814][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  450.073907][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  450.673464][ T8518] hsr_slave_0: entered promiscuous mode
[  450.726512][ T8518] hsr_slave_1: entered promiscuous mode
[  450.764349][ T8518] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  450.783857][ T8518] Cannot create hsr debugfs directory
[  451.023304][   T29] kauditd_printk_skb: 37 callbacks suppressed
[  451.023330][   T29] audit: type=1326 audit(1721569085.457:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  451.327716][   T29] audit: type=1326 audit(1721569085.457:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  451.383059][   T29] audit: type=1326 audit(1721569085.457:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=109 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  451.896177][   T29] audit: type=1326 audit(1721569085.457:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  452.139271][ T5118] Bluetooth: hci2: command 0x0406 tx timeout
[  452.383947][   T29] audit: type=1326 audit(1721569085.467:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  452.406441][   T29] audit: type=1326 audit(1721569085.497:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  452.430530][   T29] audit: type=1326 audit(1721569085.507:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  452.458590][   T29] audit: type=1326 audit(1721569085.507:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  452.513274][   T29] audit: type=1326 audit(1721569085.507:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  452.539489][   T29] audit: type=1326 audit(1721569085.507:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8696 comm="syz.5.671" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7ffbd3975b59 code=0x7ffc0000
[  453.601517][   T68] bridge_slave_1: left allmulticast mode
[  453.607224][   T68] bridge_slave_1: left promiscuous mode
[  453.613305][   T68] bridge0: port 2(bridge_slave_1) entered disabled state
[  453.628914][   T68] bridge_slave_0: left allmulticast mode
[  453.635693][   T68] bridge_slave_0: left promiscuous mode
[  453.679618][   T68] bridge0: port 1(bridge_slave_0) entered disabled state
[  453.709611][ T8720] netlink: 'syz.3.677': attribute type 5 has an invalid length.
[  454.957420][   T68] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  454.977599][   T68] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  455.005793][   T68] bond0 (unregistering): Released all slaves
[  455.412563][ T8725] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  455.643651][ T8727] loop3: detected capacity change from 0 to 40427
[  455.687486][ T8727] F2FS-fs (loop3): Wrong NAT boundary, start(2560) end(462336) blocks(1024)
[  455.709255][ T8727] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  455.782195][ T8727] F2FS-fs (loop3): Found nat_bits in checkpoint
[  456.066822][ T8727] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  456.079374][ T8727] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  456.234370][ T7368] syz-executor: attempt to access beyond end of device
[  456.234370][ T7368] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  456.266754][ T7368] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  456.567085][   T68] hsr_slave_0: left promiscuous mode
[  456.612229][   T68] hsr_slave_1: left promiscuous mode
[  456.638835][   T68] batman_adv: batadv0: Removing interface: batadv_slave_0
[  456.666743][   T68] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  456.698676][   T68] batman_adv: batadv0: Removing interface: batadv_slave_1
[  456.830150][   T68] veth1_macvtap: left promiscuous mode
[  456.836827][   T68] veth0_macvtap: left promiscuous mode
[  456.850045][   T68] veth1_vlan: left promiscuous mode
[  456.877014][   T68] veth0_vlan: left promiscuous mode
[  457.576261][ T8752] loop1: detected capacity change from 0 to 16
[  457.661340][ T8752] erofs: (device loop1): mounted with root inode @ nid 36.
[  459.325365][   T68] team0 (unregistering): Port device team_slave_1 removed
[  459.424461][   T68] team0 (unregistering): Port device team_slave_0 removed
[  459.812839][ T8771] loop3: detected capacity change from 0 to 40427
[  459.821875][ T8771] F2FS-fs (loop3): Wrong NAT boundary, start(2560) end(462336) blocks(1024)
[  459.832938][ T8771] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  459.860745][ T8771] F2FS-fs (loop3): Found nat_bits in checkpoint
[  459.970688][ T8771] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  459.977791][ T8771] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  460.076070][ T7368] syz-executor: attempt to access beyond end of device
[  460.076070][ T7368] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  460.098754][ T7368] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  461.049523][ T5290] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  461.155209][ T8482] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  461.169477][ T8786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.698'.
[  461.206561][ T8482] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  461.242634][ T5290] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  461.276929][ T5290] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  461.321665][ T5290] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  461.366623][ T5290] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  461.438401][ T5290] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  461.473132][ T5290] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  461.499919][ T5290] usb 6-1: Manufacturer: syz
[  461.530404][ T5290] usb 6-1: config 0 descriptor??
[  461.585965][ T8482] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  461.719937][ T8482] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  462.020482][ T5290] appleir 0003:05AC:8243.0012: unknown main item tag 0x0
[  462.054353][ T5290] appleir 0003:05AC:8243.0012: No inputs registered, leaving
[  462.161678][ T5290] appleir 0003:05AC:8243.0012: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[  462.598176][ T8255] 8021q: adding VLAN 0 to HW filter on device batadv0
[  462.953874][ T8800] netlink: 60 bytes leftover after parsing attributes in process `syz.1.699'.
[  463.162281][ T8800] Κό: entered promiscuous mode
[  463.282338][ T8518] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  463.426747][ T8518] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  463.467474][ T8518] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  463.654359][ T8518] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  463.764859][ T8482] 8021q: adding VLAN 0 to HW filter on device bond0
[  463.985218][ T8255] veth0_vlan: entered promiscuous mode
[  464.086046][ T5164] usb 6-1: USB disconnect, device number 5
[  464.136351][ T8482] 8021q: adding VLAN 0 to HW filter on device team0
[  464.208425][ T8814] loop3: detected capacity change from 0 to 16
[  464.257266][ T5309] bridge0: port 1(bridge_slave_0) entered blocking state
[  464.264576][ T5309] bridge0: port 1(bridge_slave_0) entered forwarding state
[  464.310610][ T8814] erofs: (device loop3): mounted with root inode @ nid 36.
[  464.359996][ T5309] bridge0: port 2(bridge_slave_1) entered blocking state
[  464.367245][ T5309] bridge0: port 2(bridge_slave_1) entered forwarding state
[  464.885118][ T8255] veth1_vlan: entered promiscuous mode
[  465.654839][ T8827] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  465.953247][ T8482] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  465.994268][ T8255] veth0_macvtap: entered promiscuous mode
[  466.183618][ T8255] veth1_macvtap: entered promiscuous mode
[  466.368755][ T8518] 8021q: adding VLAN 0 to HW filter on device bond0
[  466.686178][ T8518] 8021q: adding VLAN 0 to HW filter on device team0
[  466.727140][ T8255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  466.836156][ T8255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  466.883825][ T8255] batman_adv: batadv0: Interface activated: batadv_slave_0
[  467.057976][ T8818] loop5: detected capacity change from 0 to 40427
[  467.065814][ T8255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.114984][ T8255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.146228][ T8818] F2FS-fs (loop5): Wrong NAT boundary, start(2560) end(462336) blocks(1024)
[  467.179243][ T8818] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  467.179325][ T8255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.262403][ T8255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.309581][ T8255] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  467.350098][ T8818] F2FS-fs (loop5): Found nat_bits in checkpoint
[  467.357402][ T8255] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  467.394683][ T8255] batman_adv: batadv0: Interface activated: batadv_slave_1
[  467.434246][ T5237] bridge0: port 1(bridge_slave_0) entered blocking state
[  467.441521][ T5237] bridge0: port 1(bridge_slave_0) entered forwarding state
[  467.524142][ T5237] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.531611][ T5237] bridge0: port 2(bridge_slave_1) entered forwarding state
[  467.802079][ T8255] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  467.829431][ T8255] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  467.858314][ T8255] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  467.879402][ T8255] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  468.323670][ T8482] 8021q: adding VLAN 0 to HW filter on device batadv0
[  469.204360][ T8482] veth0_vlan: entered promiscuous mode
[  469.347564][ T8482] veth1_vlan: entered promiscuous mode
[  469.915776][ T8482] veth0_macvtap: entered promiscuous mode
[  469.986104][ T8482] veth1_macvtap: entered promiscuous mode
[  470.669078][ T8482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.718369][ T8482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.756839][ T8482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  470.812008][ T8482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  470.887626][ T8482] batman_adv: batadv0: Interface activated: batadv_slave_0
[  470.992102][ T8482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.029690][ T8482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.039780][ T8482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.050274][ T8482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.061828][ T8482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.075340][ T8482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.087272][ T8482] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  471.099357][ T5118] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  471.109941][ T5118] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  471.121459][ T5118] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  471.138264][ T5118] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  471.147106][ T8482] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  471.176604][ T5118] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  471.193117][ T8482] batman_adv: batadv0: Interface activated: batadv_slave_1
[  471.205306][ T5118] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  471.286960][ T8482] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  471.296034][ T8482] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  471.311264][ T8482] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  471.321835][ T8482] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  471.363820][ T8896] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  472.008452][ T1105] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.099620][ T8518] 8021q: adding VLAN 0 to HW filter on device batadv0
[  472.459036][ T1105] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  472.780414][ T1105] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.274475][ T8901] loop3: detected capacity change from 0 to 40427
[  473.300893][ T1105] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  473.319692][ T5118] Bluetooth: hci6: command tx timeout
[  473.332794][ T8901] F2FS-fs (loop3): Wrong NAT boundary, start(2560) end(462336) blocks(1024)
[  473.466138][ T8901] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  473.600088][ T8901] F2FS-fs (loop3): Found nat_bits in checkpoint
[  474.070949][ T8901] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  474.088402][ T8901] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  474.151043][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  474.178828][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  474.196013][   T29] kauditd_printk_skb: 58 callbacks suppressed
[  474.196036][   T29] audit: type=1800 audit(1721569108.637:194): pid=8901 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.722" name="bus" dev="loop3" ino=10 res=0 errno=0
[  474.252009][ T8901] syz.3.722: attempt to access beyond end of device
[  474.252009][ T8901] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  474.464625][ T7368] syz-executor: attempt to access beyond end of device
[  474.464625][ T7368] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  474.513062][ T7368] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  474.962066][   T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  474.979316][   T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  475.001905][ T1105] bridge_slave_1: left allmulticast mode
[  475.007593][ T1105] bridge_slave_1: left promiscuous mode
[  475.029723][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  475.057313][ T1105] bridge_slave_0: left allmulticast mode
[  475.086979][ T1105] bridge_slave_0: left promiscuous mode
[  475.100991][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  475.414864][ T5118] Bluetooth: hci6: command tx timeout
[  477.158443][ T8927] loop5: detected capacity change from 0 to 32768
[  477.196800][ T8927] XFS (loop5): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  477.365157][ T8927] XFS (loop5): Ending clean mount
[  477.397381][ T8927] XFS (loop5): Quotacheck needed: Please wait.
[  477.485404][ T5118] Bluetooth: hci6: command tx timeout
[  477.588778][ T8927] XFS (loop5): Quotacheck: Done.
[  477.774521][ T6646] XFS (loop5): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  478.302026][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  478.429975][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  478.471936][ T1105] bond0 (unregistering): Released all slaves
[  479.028183][ T8961] loop3: detected capacity change from 0 to 256
[  479.129991][ T8891] chnl_net:caif_netlink_parms(): no params data found
[  479.185033][ T8961] FAT-fs (loop3): Directory bread(block 64) failed
[  479.228681][ T8961] FAT-fs (loop3): Directory bread(block 65) failed
[  479.277851][ T8961] FAT-fs (loop3): Directory bread(block 66) failed
[  479.309355][ T8961] FAT-fs (loop3): Directory bread(block 67) failed
[  479.346601][ T8961] FAT-fs (loop3): Directory bread(block 68) failed
[  479.369310][ T8961] FAT-fs (loop3): Directory bread(block 69) failed
[  479.400932][ T8961] FAT-fs (loop3): Directory bread(block 70) failed
[  479.407531][ T8961] FAT-fs (loop3): Directory bread(block 71) failed
[  479.472036][ T8961] FAT-fs (loop3): Directory bread(block 72) failed
[  479.489095][ T8961] FAT-fs (loop3): Directory bread(block 73) failed
[  479.567286][ T5118] Bluetooth: hci6: command tx timeout
[  479.896781][ T8518] veth0_vlan: entered promiscuous mode
[  480.512264][ T1105] hsr_slave_0: left promiscuous mode
[  480.623744][ T8982] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  480.656321][ T1105] hsr_slave_1: left promiscuous mode
[  480.733669][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  480.802606][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  480.859988][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  480.899930][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  480.976124][ T8989] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  481.037340][ T1105] veth1_macvtap: left promiscuous mode
[  481.062501][ T1105] veth0_macvtap: left promiscuous mode
[  481.078746][ T1105] veth1_vlan: left promiscuous mode
[  481.101990][ T1105] veth0_vlan: left promiscuous mode
[  481.853749][ T8969] loop5: detected capacity change from 0 to 40427
[  481.885604][ T8969] F2FS-fs (loop5): Wrong NAT boundary, start(2560) end(462336) blocks(1024)
[  481.905212][ T8969] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  482.013213][ T8969] F2FS-fs (loop5): Found nat_bits in checkpoint
[  482.311915][ T8969] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  482.320569][ T8969] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  483.902748][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  484.091982][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  485.654820][ T8518] veth1_vlan: entered promiscuous mode
[  485.703313][ T8891] bridge0: port 1(bridge_slave_0) entered blocking state
[  485.734074][ T8891] bridge0: port 1(bridge_slave_0) entered disabled state
[  485.769690][ T8891] bridge_slave_0: entered allmulticast mode
[  485.824629][ T8891] bridge_slave_0: entered promiscuous mode
[  485.871662][ T8891] bridge0: port 2(bridge_slave_1) entered blocking state
[  485.896381][ T8891] bridge0: port 2(bridge_slave_1) entered disabled state
[  485.926195][ T8891] bridge_slave_1: entered allmulticast mode
[  485.962589][ T8891] bridge_slave_1: entered promiscuous mode
[  486.272023][ T8891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  486.344286][ T8891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  486.653625][ T9030] loop1: detected capacity change from 0 to 4096
[  487.207740][ T9037] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  487.472394][ T8891] team0: Port device team_slave_0 added
[  487.492824][   T29] audit: type=1800 audit(1721569121.927:195): pid=9039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.751" name="bus" dev="loop1" ino=18 res=0 errno=0
[  487.621425][   T29] audit: type=1804 audit(1721569122.007:196): pid=9030 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.751" name="/newroot/95/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  487.726967][ T8891] team0: Port device team_slave_1 added
[  487.910586][ T9045] loop3: detected capacity change from 0 to 512
[  487.968296][ T9045] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  488.075311][ T8891] batman_adv: batadv0: Adding interface: batadv_slave_0
[  488.093507][ T9045] EXT4-fs (loop3): 1 truncate cleaned up
[  488.111633][ T9045] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  488.140460][ T8891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  488.226299][ T9045] EXT4-fs (loop3): shut down requested (2)
[  488.239240][ T8891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  488.256047][ T9045] overlayfs: failed to create directory ./file0/work (errno: 5); mounting read-only
[  488.340277][ T9045] overlayfs: failed to get uuid (/file2, err=-5); falling back to uuid=null.
[  488.380865][ T8891] batman_adv: batadv0: Adding interface: batadv_slave_1
[  488.400636][ T8891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  488.773458][ T8891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  489.803973][ T8518] veth0_macvtap: entered promiscuous mode
[  489.993404][ T9061] netlink: 4 bytes leftover after parsing attributes in process `syz.1.758'.
[  490.237621][ T7368] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  490.317747][ T8518] veth1_macvtap: entered promiscuous mode
[  490.503560][ T8891] hsr_slave_0: entered promiscuous mode
[  490.535416][ T8891] hsr_slave_1: entered promiscuous mode
[  490.566309][ T8891] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  490.585390][ T8891] Cannot create hsr debugfs directory
[  491.191809][ T1105] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.641521][ T1105] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  491.977926][ T8518] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  492.071164][ T8518] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  492.333394][ T8518] batman_adv: batadv0: Interface activated: batadv_slave_0
[  492.544049][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  492.554570][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  492.563836][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  492.581667][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  492.596056][   T55] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  492.620583][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  492.752926][ T1105] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.092062][ T1105] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.686053][   T55] Bluetooth: hci0: command tx timeout
[  495.013843][ T9105] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  495.242253][ T9107] netlink: 4 bytes leftover after parsing attributes in process `syz.1.772'.
[  495.462588][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  495.482357][ T5118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  495.492283][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  495.509435][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  495.519644][ T5118] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  495.527785][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  496.809724][   T55] Bluetooth: hci0: command tx timeout
[  497.290522][ T1105] bridge_slave_1: left allmulticast mode
[  497.337146][ T1105] bridge_slave_1: left promiscuous mode
[  497.380745][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  497.443834][ T1105] bridge_slave_0: left allmulticast mode
[  497.479338][ T1105] bridge_slave_0: left promiscuous mode
[  497.523334][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  497.639854][   T55] Bluetooth: hci2: command tx timeout
[  498.839278][   T55] Bluetooth: hci0: command tx timeout
[  499.315740][ T9138] dccp_xmit_packet: Payload too large (65475) for featneg.
[  499.719914][   T55] Bluetooth: hci2: command tx timeout
[  500.375956][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  500.466785][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  500.535590][ T1105] bond0 (unregistering): Released all slaves
[  500.921983][   T55] Bluetooth: hci0: command tx timeout
[  501.487399][ T9151] netlink: 16 bytes leftover after parsing attributes in process `syz.1.780'.
[  501.799842][   T55] Bluetooth: hci2: command tx timeout
[  501.972406][ T9158] loop5: detected capacity change from 0 to 256
[  502.335704][ T1105] hsr_slave_0: left promiscuous mode
[  502.421445][ T1105] hsr_slave_1: left promiscuous mode
[  502.511573][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  502.535631][ T9170] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.596532][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  502.639899][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  502.780122][ T1105] veth1_macvtap: left promiscuous mode
[  502.785770][ T1105] veth0_macvtap: left promiscuous mode
[  502.814981][ T1105] veth1_vlan: left promiscuous mode
[  502.824871][ T9177] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  502.862089][ T1105] veth0_vlan: left promiscuous mode
[  503.879668][   T55] Bluetooth: hci2: command tx timeout
[  504.394158][ T9186] loop5: detected capacity change from 0 to 2048
[  504.412111][ T9186] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  504.450180][ T9186] netlink: 8 bytes leftover after parsing attributes in process `syz.5.786'.
[  504.571811][ T5118] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  504.582197][ T5118] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  504.593531][ T5118] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  504.603677][ T5118] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  504.612907][ T5118] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  504.620990][ T5118] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  505.536429][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  505.627696][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  506.465307][ T8891] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  506.496221][ T8891] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  506.547265][ T8891] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  506.679915][ T5118] Bluetooth: hci5: command tx timeout
[  506.803544][ T9083] chnl_net:caif_netlink_parms(): no params data found
[  506.945293][ T8891] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  508.536168][ T9208] netlink: 76 bytes leftover after parsing attributes in process `syz.1.789'.
[  508.759755][ T5118] Bluetooth: hci5: command tx timeout
[  508.798288][ T9208] openvswitch: Κό: Dropping previously announced user features
[  509.128889][ T9083] bridge0: port 1(bridge_slave_0) entered blocking state
[  509.146790][ T9083] bridge0: port 1(bridge_slave_0) entered disabled state
[  509.159690][ T9083] bridge_slave_0: entered allmulticast mode
[  509.177168][ T9083] bridge_slave_0: entered promiscuous mode
[  509.203371][ T9083] bridge0: port 2(bridge_slave_1) entered blocking state
[  509.219487][ T9083] bridge0: port 2(bridge_slave_1) entered disabled state
[  509.236938][ T9083] bridge_slave_1: entered allmulticast mode
[  509.261018][ T9083] bridge_slave_1: entered promiscuous mode
[  509.585098][ T9114] chnl_net:caif_netlink_parms(): no params data found
[  509.908532][ T9083] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  509.997718][ T9083] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  510.266592][ T9221] netlink: 16 bytes leftover after parsing attributes in process `syz.1.792'.
[  510.497412][ T9083] team0: Port device team_slave_0 added
[  510.762297][ T9083] team0: Port device team_slave_1 added
[  510.841014][ T5118] Bluetooth: hci5: command tx timeout
[  511.050680][ T9114] bridge0: port 1(bridge_slave_0) entered blocking state
[  511.057975][ T9114] bridge0: port 1(bridge_slave_0) entered disabled state
[  511.074048][ T9114] bridge_slave_0: entered allmulticast mode
[  511.095442][ T9114] bridge_slave_0: entered promiscuous mode
[  511.487535][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  511.539455][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  512.478648][ T1105] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  512.633794][ T9114] bridge0: port 2(bridge_slave_1) entered blocking state
[  512.665771][ T9114] bridge0: port 2(bridge_slave_1) entered disabled state
[  512.697852][ T9114] bridge_slave_1: entered allmulticast mode
[  512.712165][ T9114] bridge_slave_1: entered promiscuous mode
[  512.769078][ T9234] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  512.920145][ T5118] Bluetooth: hci5: command tx timeout
[  512.960763][ T9241] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  513.040665][ T1105] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.286363][ T9083] batman_adv: batadv0: Adding interface: batadv_slave_0
[  513.299452][ T9083] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  513.327588][ T9083] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  513.350528][ T9188] chnl_net:caif_netlink_parms(): no params data found
[  513.480485][ T1105] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  513.566729][ T9114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  513.615900][ T9114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  513.637591][ T9083] batman_adv: batadv0: Adding interface: batadv_slave_1
[  513.665060][ T9083] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  513.729266][ T9083] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  513.903220][ T1105] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  514.277789][ T9114] team0: Port device team_slave_0 added
[  514.342492][ T9253] loop1: detected capacity change from 0 to 2048
[  514.402714][ T9253] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  514.452228][ T9253] netlink: 8 bytes leftover after parsing attributes in process `syz.1.796'.
[  514.463675][ T9114] team0: Port device team_slave_1 added
[  514.670073][ T9083] hsr_slave_0: entered promiscuous mode
[  514.705781][ T9083] hsr_slave_1: entered promiscuous mode
[  514.732960][ T9083] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  514.749294][ T9083] Cannot create hsr debugfs directory
[  515.150831][ T9114] batman_adv: batadv0: Adding interface: batadv_slave_0
[  515.157837][ T9114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  515.203180][ T9114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  515.267637][ T8891] 8021q: adding VLAN 0 to HW filter on device bond0
[  515.346937][ T9188] bridge0: port 1(bridge_slave_0) entered blocking state
[  515.359031][ T9188] bridge0: port 1(bridge_slave_0) entered disabled state
[  515.379622][ T9188] bridge_slave_0: entered allmulticast mode
[  515.388402][ T9188] bridge_slave_0: entered promiscuous mode
[  515.422201][ T9114] batman_adv: batadv0: Adding interface: batadv_slave_1
[  515.432391][ T9114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  515.489306][ T9114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  515.833104][ T8891] 8021q: adding VLAN 0 to HW filter on device team0
[  516.067168][ T8891] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  516.107172][ T8891] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  516.149306][ T5158] bridge0: port 1(bridge_slave_0) entered blocking state
[  516.156648][ T5158] bridge0: port 1(bridge_slave_0) entered forwarding state
[  516.168119][ T5158] bridge0: port 2(bridge_slave_1) entered blocking state
[  516.175511][ T5158] bridge0: port 2(bridge_slave_1) entered forwarding state
[  517.051247][ T9188] bridge0: port 2(bridge_slave_1) entered blocking state
[  517.058664][ T9188] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.067381][ T9188] bridge_slave_1: entered allmulticast mode
[  517.076267][ T9188] bridge_slave_1: entered promiscuous mode
[  517.262949][ T9114] hsr_slave_0: entered promiscuous mode
[  517.281006][ T9114] hsr_slave_1: entered promiscuous mode
[  517.299609][ T9114] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  517.307231][ T9114] Cannot create hsr debugfs directory
[  517.555448][ T9188] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  517.920989][ T9188] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  518.197234][ T9265] loop1: detected capacity change from 0 to 32768
[  518.303772][ T9265] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  518.389123][ T9188] team0: Port device team_slave_0 added
[  518.604705][ T9265] XFS (loop1): Ending clean mount
[  518.619023][ T9265] XFS (loop1): Quotacheck needed: Please wait.
[  518.671667][ T9188] team0: Port device team_slave_1 added
[  518.749249][ T9265] XFS (loop1): Quotacheck: Done.
[  518.892974][ T6841] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  519.193575][ T9188] batman_adv: batadv0: Adding interface: batadv_slave_0
[  519.203013][ T9188] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  519.229899][ T9188] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  519.244287][ T9188] batman_adv: batadv0: Adding interface: batadv_slave_1
[  519.252002][ T9188] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  519.278669][ T9188] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  519.867907][ T9289] loop1: detected capacity change from 0 to 64
[  519.910202][ T9188] hsr_slave_0: entered promiscuous mode
[  519.950502][ T9188] hsr_slave_1: entered promiscuous mode
[  519.960792][ T9188] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  519.968384][ T9188] Cannot create hsr debugfs directory
[  520.770935][ T9303] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  521.470567][ T9309] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  522.017312][ T9313] netlink: 4 bytes leftover after parsing attributes in process `syz.1.805'.
[  522.113847][ T1105] bridge_slave_1: left allmulticast mode
[  522.123177][ T1105] bridge_slave_1: left promiscuous mode
[  522.129097][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.153132][ T1105] bridge_slave_0: left allmulticast mode
[  522.162863][ T1105] bridge_slave_0: left promiscuous mode
[  522.168799][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  522.197023][ T1105] bridge_slave_1: left allmulticast mode
[  522.212082][ T1105] bridge_slave_1: left promiscuous mode
[  522.223430][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  522.248684][ T1105] bridge_slave_0: left allmulticast mode
[  522.255637][ T1105] bridge_slave_0: left promiscuous mode
[  522.269650][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  523.371459][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  523.392919][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  523.407462][ T1105] bond0 (unregistering): Released all slaves
[  523.549832][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  523.568010][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  523.588580][ T1105] bond0 (unregistering): Released all slaves
[  524.303876][ T8891] 8021q: adding VLAN 0 to HW filter on device batadv0
[  526.102702][ T1105] hsr_slave_0: left promiscuous mode
[  526.129777][ T1105] hsr_slave_1: left promiscuous mode
[  526.152962][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  526.169578][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  526.202590][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  526.210951][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  526.289280][ T1105] hsr_slave_0: left promiscuous mode
[  526.315572][ T1105] hsr_slave_1: left promiscuous mode
[  526.351844][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  526.374017][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  526.414007][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  526.603724][ T1105] veth1_macvtap: left promiscuous mode
[  526.631454][ T1105] veth0_macvtap: left promiscuous mode
[  526.637324][ T1105] veth1_vlan: left promiscuous mode
[  526.665398][ T1105] veth0_vlan: left promiscuous mode
[  526.695641][ T1105] veth1_macvtap: left promiscuous mode
[  526.715113][ T1105] veth0_macvtap: left promiscuous mode
[  526.729540][ T1105] veth1_vlan: left promiscuous mode
[  526.735011][ T1105] veth0_vlan: left promiscuous mode
[  526.764534][ T9328] loop5: detected capacity change from 0 to 32768
[  526.848179][ T9328] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  527.116651][ T9328] XFS (loop5): Ending clean mount
[  527.146035][ T9328] XFS (loop5): Quotacheck needed: Please wait.
[  527.276257][ T9328] XFS (loop5): Quotacheck: Done.
[  527.458003][ T6646] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  528.208703][ T9360] loop5: detected capacity change from 0 to 64
[  529.130583][ T9368] netlink: 60 bytes leftover after parsing attributes in process `syz.5.812'.
[  529.503443][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  529.636292][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  530.464842][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  530.492939][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  530.511125][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  530.532428][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  530.548131][   T55] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  530.557112][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  531.726777][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  531.809947][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  532.608249][ T5118] Bluetooth: hci1: command tx timeout
[  533.782096][ T9083] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  533.806581][ T9083] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  533.878070][ T9083] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  533.931922][ T9083] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  534.281819][ T9368] Κό: entered promiscuous mode
[  534.403280][ T9378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.639508][ T9378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  534.709837][ T5118] Bluetooth: hci1: command tx timeout
[  536.086185][ T9391] loop5: detected capacity change from 0 to 256
[  536.515426][ T9114] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  536.553297][ T9114] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  536.762867][ T5118] Bluetooth: hci1: command tx timeout
[  536.969623][ T9114] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  537.111871][ T9083] 8021q: adding VLAN 0 to HW filter on device bond0
[  537.142773][ T9413] xt_TPROXY: Can be used only with -p tcp or -p udp
[  537.415560][ T9114] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  538.040569][ T9083] 8021q: adding VLAN 0 to HW filter on device team0
[  538.349304][ T9370] chnl_net:caif_netlink_parms(): no params data found
[  538.839701][ T5118] Bluetooth: hci1: command tx timeout
[  539.173723][ T5165] bridge0: port 1(bridge_slave_0) entered blocking state
[  539.181114][ T5165] bridge0: port 1(bridge_slave_0) entered forwarding state
[  539.503530][ T5082] bridge0: port 2(bridge_slave_1) entered blocking state
[  539.510891][ T5082] bridge0: port 2(bridge_slave_1) entered forwarding state
[  541.427367][ T9370] bridge0: port 1(bridge_slave_0) entered blocking state
[  541.436044][ T9370] bridge0: port 1(bridge_slave_0) entered disabled state
[  541.446465][ T9370] bridge_slave_0: entered allmulticast mode
[  541.457394][ T9370] bridge_slave_0: entered promiscuous mode
[  541.487291][ T9370] bridge0: port 2(bridge_slave_1) entered blocking state
[  541.521513][ T9370] bridge0: port 2(bridge_slave_1) entered disabled state
[  541.528903][ T9370] bridge_slave_1: entered allmulticast mode
[  541.563580][ T9370] bridge_slave_1: entered promiscuous mode
[  541.666627][ T9188] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  542.003289][ T9188] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  542.057442][ T9188] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  542.105831][ T9188] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  542.429053][ T9370] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  542.506799][ T9473] xt_TPROXY: Can be used only with -p tcp or -p udp
[  542.915756][ T9370] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  543.427531][ T9370] team0: Port device team_slave_0 added
[  543.551120][ T9370] team0: Port device team_slave_1 added
[  544.864763][ T9370] batman_adv: batadv0: Adding interface: batadv_slave_0
[  544.909287][ T9370] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  545.019334][ T9370] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  545.085153][ T9370] batman_adv: batadv0: Adding interface: batadv_slave_1
[  545.159219][ T9370] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  545.238866][ T9370] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  545.380239][ T3597] bridge_slave_1: left allmulticast mode
[  545.385959][ T3597] bridge_slave_1: left promiscuous mode
[  545.431750][ T3597] bridge0: port 2(bridge_slave_1) entered disabled state
[  545.452719][ T3597] bridge_slave_0: left allmulticast mode
[  545.458498][ T3597] bridge_slave_0: left promiscuous mode
[  545.465159][ T3597] bridge0: port 1(bridge_slave_0) entered disabled state
[  547.029830][ T3597] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  547.066913][ T3597] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  547.084429][ T3597] bond0 (unregistering): Released all slaves
[  547.486368][ T3597] hsr_slave_0: left promiscuous mode
[  547.521461][ T3597] hsr_slave_1: left promiscuous mode
[  547.548202][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_0
[  547.559006][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_1
[  548.470146][ T9506] xt_TPROXY: Can be used only with -p tcp or -p udp
[  549.403015][   T55] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  549.421216][   T55] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  549.430845][   T55] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  549.442047][   T55] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  549.450438][   T55] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  549.458184][   T55] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  550.009643][ T3597] team0 (unregistering): Port device team_slave_1 removed
[  550.327009][ T3597] team0 (unregistering): Port device team_slave_0 removed
[  551.561134][   T55] Bluetooth: hci6: command tx timeout
[  552.771357][ T5118] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1
[  552.798755][ T5118] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9
[  552.814303][ T5118] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9
[  552.850806][ T5118] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4
[  552.867256][ T5118] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3
[  552.888644][ T5118] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2
[  553.077494][ T9370] hsr_slave_0: entered promiscuous mode
[  553.087766][ T9370] hsr_slave_1: entered promiscuous mode
[  553.098405][ T9370] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  553.111582][ T9370] Cannot create hsr debugfs directory
[  553.498555][ T9114] 8021q: adding VLAN 0 to HW filter on device bond0
[  553.649296][   T55] Bluetooth: hci6: command tx timeout
[  553.764969][ T9188] 8021q: adding VLAN 0 to HW filter on device bond0
[  554.473181][ T9188] 8021q: adding VLAN 0 to HW filter on device team0
[  554.702617][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  554.709983][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  554.970738][ T5118] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  554.981389][ T5118] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  554.990249][ T5118] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  555.001682][ T5166] bridge0: port 2(bridge_slave_1) entered blocking state
[  555.008961][ T5166] bridge0: port 2(bridge_slave_1) entered forwarding state
[  555.017007][ T5118] Bluetooth: hci7: command tx timeout
[  555.025021][ T5118] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  555.043374][ T5118] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  555.087140][ T5118] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  555.720155][   T55] Bluetooth: hci6: command tx timeout
[  556.577473][ T9188] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  557.079362][   T55] Bluetooth: hci7: command tx timeout
[  557.178830][ T9509] chnl_net:caif_netlink_parms(): no params data found
[  557.246048][   T55] Bluetooth: hci0: command tx timeout
[  557.553682][ T9370] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  557.617717][ T9370] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  557.700670][ T9522] chnl_net:caif_netlink_parms(): no params data found
[  557.779367][ T9370] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  557.799363][   T55] Bluetooth: hci6: command tx timeout
[  558.121649][ T9370] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  559.047302][ T9188] 8021q: adding VLAN 0 to HW filter on device batadv0
[  559.161888][   T55] Bluetooth: hci7: command tx timeout
[  559.321679][   T55] Bluetooth: hci0: command tx timeout
[  559.370545][ T9509] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.377868][ T9509] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.403469][ T9509] bridge_slave_0: entered allmulticast mode
[  559.413519][ T9509] bridge_slave_0: entered promiscuous mode
[  559.544684][ T9544] chnl_net:caif_netlink_parms(): no params data found
[  559.573796][ T9509] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.592978][ T9509] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.604826][ T9509] bridge_slave_1: entered allmulticast mode
[  559.616466][ T9509] bridge_slave_1: entered promiscuous mode
[  559.630096][ T9522] bridge0: port 1(bridge_slave_0) entered blocking state
[  559.638554][ T9522] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.665817][ T9522] bridge_slave_0: entered allmulticast mode
[  559.682035][ T9522] bridge_slave_0: entered promiscuous mode
[  559.703508][ T9522] bridge0: port 2(bridge_slave_1) entered blocking state
[  559.722489][ T9522] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.739619][ T9522] bridge_slave_1: entered allmulticast mode
[  559.748553][ T9522] bridge_slave_1: entered promiscuous mode
[  560.015083][ T9509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  560.051425][ T9509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  560.242838][ T9522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  560.375792][ T9522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  560.618544][ T9509] team0: Port device team_slave_0 added
[  560.635218][ T9509] team0: Port device team_slave_1 added
[  560.840086][ T9544] bridge0: port 1(bridge_slave_0) entered blocking state
[  560.847393][ T9544] bridge0: port 1(bridge_slave_0) entered disabled state
[  560.868883][ T9544] bridge_slave_0: entered allmulticast mode
[  560.878512][ T9544] bridge_slave_0: entered promiscuous mode
[  560.920528][ T9509] batman_adv: batadv0: Adding interface: batadv_slave_0
[  560.927576][ T9509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  560.970394][ T9509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  561.056546][ T9522] team0: Port device team_slave_0 added
[  561.166963][ T3597] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.209633][ T9544] bridge0: port 2(bridge_slave_1) entered blocking state
[  561.216918][ T9544] bridge0: port 2(bridge_slave_1) entered disabled state
[  561.236497][ T9544] bridge_slave_1: entered allmulticast mode
[  561.242993][   T55] Bluetooth: hci7: command tx timeout
[  561.264320][ T9544] bridge_slave_1: entered promiscuous mode
[  561.331665][ T9509] batman_adv: batadv0: Adding interface: batadv_slave_1
[  561.338676][ T9509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  561.383235][ T9509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  561.419254][   T55] Bluetooth: hci0: command tx timeout
[  561.494372][ T9522] team0: Port device team_slave_1 added
[  561.585354][ T3597] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  561.853536][ T9509] hsr_slave_0: entered promiscuous mode
[  561.862577][ T9509] hsr_slave_1: entered promiscuous mode
[  561.882282][ T9509] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  561.903877][ T9509] Cannot create hsr debugfs directory
[  562.077634][ T9544] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  562.113644][ T9614] xt_TPROXY: Can be used only with -p tcp or -p udp
[  562.386236][ T3597] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  562.628593][ T9522] batman_adv: batadv0: Adding interface: batadv_slave_0
[  562.643885][ T9522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  562.684996][ T9522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  562.736180][ T9544] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  562.883304][ T3597] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  563.018418][ T9522] batman_adv: batadv0: Adding interface: batadv_slave_1
[  563.049183][ T9522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  563.119613][ T9522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  563.377586][ T9544] team0: Port device team_slave_0 added
[  563.418960][ T9370] 8021q: adding VLAN 0 to HW filter on device bond0
[  563.479347][   T55] Bluetooth: hci0: command tx timeout
[  563.582532][ T9544] team0: Port device team_slave_1 added
[  563.656578][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  563.668568][ T5118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  563.678119][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  563.688257][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  563.697525][ T5118] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  563.705640][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  563.837785][ T9522] hsr_slave_0: entered promiscuous mode
[  563.855078][ T9522] hsr_slave_1: entered promiscuous mode
[  563.864003][ T9522] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  563.872003][ T9522] Cannot create hsr debugfs directory
[  563.981823][ T9544] batman_adv: batadv0: Adding interface: batadv_slave_0
[  563.998976][ T9544] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.033669][ T9544] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  564.206157][ T9544] batman_adv: batadv0: Adding interface: batadv_slave_1
[  564.226220][ T9544] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  564.257201][ T9544] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  564.359878][ T3597] bridge_slave_1: left allmulticast mode
[  564.369186][ T3597] bridge_slave_1: left promiscuous mode
[  564.375114][ T3597] bridge0: port 2(bridge_slave_1) entered disabled state
[  564.387934][ T3597] bridge_slave_0: left allmulticast mode
[  564.394831][ T3597] bridge_slave_0: left promiscuous mode
[  564.409840][ T3597] bridge0: port 1(bridge_slave_0) entered disabled state
[  564.425053][ T3597] bridge_slave_1: left allmulticast mode
[  564.430800][ T3597] bridge_slave_1: left promiscuous mode
[  564.436678][ T3597] bridge0: port 2(bridge_slave_1) entered disabled state
[  564.454194][ T3597] bridge_slave_0: left allmulticast mode
[  564.475634][ T3597] bridge_slave_0: left promiscuous mode
[  564.481785][ T3597] bridge0: port 1(bridge_slave_0) entered disabled state
[  564.506269][ T3597] bridge_slave_1: left allmulticast mode
[  564.524341][ T3597] bridge_slave_1: left promiscuous mode
[  564.539685][ T3597] bridge0: port 2(bridge_slave_1) entered disabled state
[  564.556665][ T3597] bridge_slave_0: left allmulticast mode
[  564.573586][ T3597] bridge_slave_0: left promiscuous mode
[  564.591533][ T3597] bridge0: port 1(bridge_slave_0) entered disabled state
[  565.049089][ T9641] loop5: detected capacity change from 0 to 2048
[  565.099194][ T9641]  loop5: p2 < > p4
[  565.126504][ T9641] loop5: p4 size 8192 extends beyond EOD, truncated
[  565.799438][   T55] Bluetooth: hci2: command tx timeout
[  566.280068][ T3597] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  566.296930][ T3597] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  566.317328][ T3597] bond0 (unregistering): Released all slaves
[  566.458242][ T3597] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  566.472692][ T3597] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  566.488826][ T3597] bond0 (unregistering): Released all slaves
[  566.631039][ T3597] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  566.646562][ T3597] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  566.662733][ T3597] bond0 (unregistering): Released all slaves
[  567.093824][ T9370] 8021q: adding VLAN 0 to HW filter on device team0
[  567.146084][ T3597] Κό: left promiscuous mode
[  567.275705][ T9544] hsr_slave_0: entered promiscuous mode
[  567.309997][ T9544] hsr_slave_1: entered promiscuous mode
[  567.332362][ T9544] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  567.341108][ T9544] Cannot create hsr debugfs directory
[  567.476593][ T5165] bridge0: port 1(bridge_slave_0) entered blocking state
[  567.483940][ T5165] bridge0: port 1(bridge_slave_0) entered forwarding state
[  567.866555][ T5237] bridge0: port 2(bridge_slave_1) entered blocking state
[  567.873921][ T5237] bridge0: port 2(bridge_slave_1) entered forwarding state
[  567.881636][   T55] Bluetooth: hci2: command tx timeout
[  569.360372][ T9509] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  569.538469][ T9509] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  569.652954][ T9509] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  569.859923][ T9509] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  569.963157][   T55] Bluetooth: hci2: command tx timeout
[  569.992200][ T9622] chnl_net:caif_netlink_parms(): no params data found
[  570.802241][ T9622] bridge0: port 1(bridge_slave_0) entered blocking state
[  570.819580][ T9622] bridge0: port 1(bridge_slave_0) entered disabled state
[  570.826889][ T9622] bridge_slave_0: entered allmulticast mode
[  570.862056][ T9622] bridge_slave_0: entered promiscuous mode
[  571.017771][ T3597] hsr_slave_0: left promiscuous mode
[  571.033002][ T3597] hsr_slave_1: left promiscuous mode
[  571.049989][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_0
[  571.062511][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_1
[  571.096009][ T3597] hsr_slave_0: left promiscuous mode
[  571.116757][ T3597] hsr_slave_1: left promiscuous mode
[  571.135553][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_0
[  571.150428][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_1
[  571.182428][ T3597] hsr_slave_0: left promiscuous mode
[  571.198951][ T3597] hsr_slave_1: left promiscuous mode
[  571.205971][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_0
[  571.217217][ T3597] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  571.225982][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_1
[  571.285811][ T3597] veth1_macvtap: left promiscuous mode
[  571.291664][ T3597] veth0_macvtap: left promiscuous mode
[  571.297501][ T3597] veth1_vlan: left promiscuous mode
[  571.305118][ T3597] veth0_vlan: left promiscuous mode
[  572.039304][   T55] Bluetooth: hci2: command tx timeout
[  572.421696][ T3597] team0 (unregistering): Port device team_slave_1 removed
[  572.503246][ T3597] team0 (unregistering): Port device team_slave_0 removed
[  572.931116][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  572.937518][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  573.109092][ T9676] loop5: detected capacity change from 0 to 47
[  573.200642][ T9676] MINIX-fs: deleted inode referenced: 9
[  573.208845][ T9676] MINIX-fs: deleted inode referenced: 9
[  573.700564][ T3597] team0 (unregistering): Port device team_slave_1 removed
[  573.805114][ T3597] team0 (unregistering): Port device team_slave_0 removed
[  573.876122][ T9680] xt_TPROXY: Can be used only with -p tcp or -p udp
[  575.510949][ T3597] team0 (unregistering): Port device team_slave_1 removed
[  575.586552][ T3597] team0 (unregistering): Port device team_slave_0 removed
[  576.250128][ T9622] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.257382][ T9622] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.265398][ T9622] bridge_slave_1: entered allmulticast mode
[  576.274369][ T9622] bridge_slave_1: entered promiscuous mode
[  576.413290][ T9622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  576.618617][ T9622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  576.778841][ T9622] team0: Port device team_slave_0 added
[  576.793861][ T9622] team0: Port device team_slave_1 added
[  576.818242][ T9522] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  577.014615][ T9522] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  577.118873][ T9622] batman_adv: batadv0: Adding interface: batadv_slave_0
[  577.127117][ T9622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  577.167275][ T9622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  577.208661][ T9522] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  577.253254][ T9522] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  577.284576][ T9686] loop5: detected capacity change from 0 to 32768
[  577.297049][ T9370] 8021q: adding VLAN 0 to HW filter on device batadv0
[  577.306850][ T9686] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.857 (9686)
[  577.333658][ T9686] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  577.350948][ T9686] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  577.360620][ T9686] BTRFS info (device loop5): using free-space-tree
[  577.511867][ T9622] batman_adv: batadv0: Adding interface: batadv_slave_1
[  577.518902][ T9622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  577.545941][ T9622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  577.693256][   T29] audit: type=1804 audit(1721569212.137:197): pid=9703 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.857" name="/newroot/167/file1/bus" dev="loop5" ino=263 res=1 errno=0
[  577.835594][   T29] audit: type=1804 audit(1721569212.277:198): pid=9704 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.857" name="/newroot/167/file1/bus" dev="loop5" ino=263 res=1 errno=0
[  577.973672][ T9622] hsr_slave_0: entered promiscuous mode
[  577.984838][ T9622] hsr_slave_1: entered promiscuous mode
[  577.999769][ T9622] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  578.007802][ T9622] Cannot create hsr debugfs directory
[  578.330984][ T6646] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  578.607366][ T9509] 8021q: adding VLAN 0 to HW filter on device bond0
[  578.821049][ T9370] veth0_vlan: entered promiscuous mode
[  579.003899][ T9544] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  579.077889][ T9706] loop5: detected capacity change from 0 to 2048
[  579.117168][ T9370] veth1_vlan: entered promiscuous mode
[  579.128898][ T9544] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  579.151516][ T9706]  loop5: p2 < > p4
[  579.158131][ T9706] loop5: p4 size 8192 extends beyond EOD, truncated
[  579.158489][ T9544] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  579.292138][ T9544] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  579.586051][ T9509] 8021q: adding VLAN 0 to HW filter on device team0
[  579.722780][ T5166] bridge0: port 1(bridge_slave_0) entered blocking state
[  579.730156][ T5166] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.834639][ T9713] loop5: detected capacity change from 0 to 64
[  579.980263][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  579.987619][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  580.115203][ T9715] loop5: detected capacity change from 0 to 2048
[  580.153407][ T9715] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  580.194271][ T9370] veth0_macvtap: entered promiscuous mode
[  580.290390][ T9522] 8021q: adding VLAN 0 to HW filter on device bond0
[  580.432788][ T9509] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  580.457768][ T9509] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  580.623586][ T9370] veth1_macvtap: entered promiscuous mode
[  580.802377][ T9370] batman_adv: batadv0: Interface activated: batadv_slave_0
[  580.945446][ T9370] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  581.018855][ T9370] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  581.038068][ T9370] batman_adv: batadv0: Interface activated: batadv_slave_1
[  581.145301][ T9522] 8021q: adding VLAN 0 to HW filter on device team0
[  581.305092][ T9370] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  581.346780][ T9370] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  581.379301][ T9370] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  581.410733][ T9370] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  581.441508][ T3597] bridge_slave_1: left allmulticast mode
[  581.447247][ T3597] bridge_slave_1: left promiscuous mode
[  581.486682][ T3597] bridge0: port 2(bridge_slave_1) entered disabled state
[  581.525149][ T3597] bridge_slave_0: left allmulticast mode
[  581.538171][ T3597] bridge_slave_0: left promiscuous mode
[  581.549799][ T3597] bridge0: port 1(bridge_slave_0) entered disabled state
[  581.680597][ T9726] xt_TPROXY: Can be used only with -p tcp or -p udp
[  582.632696][ T3597] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  582.646465][ T3597] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  582.665120][ T3597] bond0 (unregistering): Released all slaves
[  582.702407][ T9622] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  582.780358][ T9622] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  582.807570][ T5220] bridge0: port 1(bridge_slave_0) entered blocking state
[  582.814919][ T5220] bridge0: port 1(bridge_slave_0) entered forwarding state
[  582.864493][ T9622] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  582.893230][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  582.900638][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  582.931314][ T3597] hsr_slave_0: left promiscuous mode
[  582.937784][ T3597] hsr_slave_1: left promiscuous mode
[  582.947303][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_0
[  582.960466][ T3597] batman_adv: batadv0: Removing interface: batadv_slave_1
[  583.742088][ T3597] team0 (unregistering): Port device team_slave_1 removed
[  583.854717][ T3597] team0 (unregistering): Port device team_slave_0 removed
[  584.741129][ T9622] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  584.750434][ T9732] loop5: detected capacity change from 0 to 32768
[  584.778575][ T9732] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.865 (9732)
[  584.865682][ T9732] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  584.876990][ T9732] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm
[  584.901176][ T9732] BTRFS info (device loop5): using free-space-tree
[  585.215042][ T9509] 8021q: adding VLAN 0 to HW filter on device batadv0
[  585.249054][   T29] audit: type=1804 audit(1721569219.687:199): pid=9749 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.865" name="/newroot/175/file1/bus" dev="loop5" ino=263 res=1 errno=0
[  585.310028][   T29] audit: type=1804 audit(1721569219.747:200): pid=9732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.865" name="/newroot/175/file1/bus" dev="loop5" ino=263 res=1 errno=0
[  585.531642][ T9544] 8021q: adding VLAN 0 to HW filter on device bond0
[  585.612565][ T6646] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  585.704546][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  585.763691][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.043878][ T1034] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  586.088969][ T1034] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  586.102211][ T9544] 8021q: adding VLAN 0 to HW filter on device team0
[  586.275632][ T5082] bridge0: port 1(bridge_slave_0) entered blocking state
[  586.282995][ T5082] bridge0: port 1(bridge_slave_0) entered forwarding state
[  586.345416][ T5237] bridge0: port 2(bridge_slave_1) entered blocking state
[  586.352752][ T5237] bridge0: port 2(bridge_slave_1) entered forwarding state
[  586.470802][ T9509] veth0_vlan: entered promiscuous mode
[  586.674025][ T9522] 8021q: adding VLAN 0 to HW filter on device batadv0
[  587.055679][ T9509] veth1_vlan: entered promiscuous mode
[  587.177659][ T9765] loop5: detected capacity change from 0 to 64
[  587.192417][ T9622] 8021q: adding VLAN 0 to HW filter on device bond0
[  587.715048][ T9622] 8021q: adding VLAN 0 to HW filter on device team0
[  587.725191][ T9767] netlink: 16 bytes leftover after parsing attributes in process `syz.5.870'.
[  587.848334][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  587.856125][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  587.898858][ T9509] veth0_macvtap: entered promiscuous mode
[  587.982082][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[  587.989613][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[  588.127370][ T9522] veth0_vlan: entered promiscuous mode
[  588.186253][ T9509] veth1_macvtap: entered promiscuous mode
[  588.282587][ T9522] veth1_vlan: entered promiscuous mode
[  588.434326][ T9778] loop0: detected capacity change from 0 to 512
[  588.449331][ T9778] EXT4-fs (loop0): Test dummy encryption mode enabled
[  588.459265][ T9778] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  588.539655][ T9778] EXT4-fs (loop0): 1 truncate cleaned up
[  588.547683][ T9778] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  588.577883][ T9778] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  588.620862][ T9509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  588.635633][ T9509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  588.657113][ T9509] batman_adv: batadv0: Interface activated: batadv_slave_0
[  588.673874][ T9780] loop5: detected capacity change from 0 to 2048
[  588.703736][ T9509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  588.722569][ T9509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  588.739561][ T9509] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  588.754359][ T9509] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  588.773024][ T9509] batman_adv: batadv0: Interface activated: batadv_slave_1
[  588.809532][ T9780]  loop5: p2 < > p4
[  588.851139][ T9780] loop5: p4 size 8192 extends beyond EOD, truncated
[  588.914856][ T9544] 8021q: adding VLAN 0 to HW filter on device batadv0
[  588.965802][ T9509] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  589.022029][ T9509] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  589.059237][ T9509] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  589.068055][ T9509] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  589.236167][ T9522] veth0_macvtap: entered promiscuous mode
[  589.328991][ T9791] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  589.461870][ T9522] veth1_macvtap: entered promiscuous mode
[  589.493825][ T9797] loop5: detected capacity change from 0 to 64
[  589.543249][    C0] eth0: bad gso: type: 1, size: 1408
[  589.800675][ T9522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  589.853452][ T9522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  589.926031][ T9522] batman_adv: batadv0: Interface activated: batadv_slave_0
[  590.237699][ T9522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.273109][ T9522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.297393][ T9522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.321947][ T9522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.332106][ T9522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  590.342726][ T9522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  590.356355][ T9522] batman_adv: batadv0: Interface activated: batadv_slave_1
[  590.413397][ T5289] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  590.441228][ T9522] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  590.457606][ T5289] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  590.483139][ T9522] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  590.500638][ T9522] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  590.517936][ T9522] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  590.720837][ T9622] 8021q: adding VLAN 0 to HW filter on device batadv0
[  590.977669][ T3597] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  591.009190][ T3597] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  591.466831][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  591.526306][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  591.834048][ T9622] veth0_vlan: entered promiscuous mode
[  591.971352][ T5289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  591.971487][ T9544] veth0_vlan: entered promiscuous mode
[  592.014961][ T5289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  592.038656][ T9622] veth1_vlan: entered promiscuous mode
[  592.117349][ T9544] veth1_vlan: entered promiscuous mode
[  592.503198][ T9622] veth0_macvtap: entered promiscuous mode
[  592.583501][ T9622] veth1_macvtap: entered promiscuous mode
[  592.682964][ T9544] veth0_macvtap: entered promiscuous mode
[  592.774654][ T9544] veth1_macvtap: entered promiscuous mode
[  592.923217][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  592.926490][ T9816] loop5: detected capacity change from 0 to 32768
[  592.982844][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  593.009262][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  593.066793][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  593.117150][ T9816] XFS (loop5): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  593.125817][ T9622] batman_adv: batadv0: Interface activated: batadv_slave_0
[  593.287736][ T9816] XFS (loop5): Ending clean mount
[  593.295764][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  593.359477][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  593.409272][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  593.445334][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  593.489232][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  593.524491][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  593.592688][ T9544] batman_adv: batadv0: Interface activated: batadv_slave_0
[  593.615934][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  593.665569][ T6646] XFS (loop5): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  593.674412][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  593.727734][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  593.728385][ T9859] loop3: detected capacity change from 0 to 64
[  593.789259][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  593.819202][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  593.867487][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  593.895418][ T9835] loop0: detected capacity change from 0 to 32768
[  593.909622][ T9622] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  593.949449][ T9835] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.884 (9835)
[  593.962700][ T9622] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  594.004053][ T9622] batman_adv: batadv0: Interface activated: batadv_slave_1
[  594.109500][ T9835] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  594.151071][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  594.184127][ T9832] loop1: detected capacity change from 0 to 32768
[  594.200258][ T9835] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  594.223388][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  594.249919][ T9835] BTRFS info (device loop0): using free-space-tree
[  594.257641][ T9832] BTRFS: device /dev/loop1 (7:1) using temp-fsid 83a6a046-d256-40c8-b0b6-e7d0d5abae4c
[  594.269859][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  594.312865][ T9832] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.883 (9832)
[  594.321598][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  594.414438][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  594.428583][ T9832] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  594.492494][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  594.503146][ T9832] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  594.540142][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  594.553016][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  594.568735][ T9544] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  594.569043][ T9832] BTRFS info (device loop1): using free-space-tree
[  594.579317][ T9544] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  594.664100][ T9544] batman_adv: batadv0: Interface activated: batadv_slave_1
[  594.740553][ T9622] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  594.751745][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  594.754569][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  594.768945][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  594.780652][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  594.791227][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  594.801964][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  594.812922][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  594.823263][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  594.835842][ T9832] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  594.853895][ T9875] netlink: 60 bytes leftover after parsing attributes in process `syz.3.889'.
[  594.907094][ T9622] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  594.938005][ T9832] BTRFS error (device loop1): open_ctree failed
[  594.967812][ T9622] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  594.985816][ T9622] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  595.338738][ T9370] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  595.920002][ T9875] Κό: entered promiscuous mode
[  596.035405][ T9544] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  596.111949][ T9544] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  596.186853][ T9544] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  596.339450][ T9544] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  596.734615][ T9917] tipc: Started in network mode
[  596.765302][ T9917] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  596.853843][ T9917] tipc: Enabled bearer <eth:ipvlan0>, priority 0
[  596.900232][ T9924] tipc: Enabled bearer <ib:caif0>, priority 0
[  597.084260][ T9926] netlink: 16 bytes leftover after parsing attributes in process `syz.3.894'.
[  597.494835][ T9935] serio: Serial port pts0
[  597.657710][ T1105] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  597.684534][ T9941] loop1: detected capacity change from 0 to 64
[  597.704704][ T1105] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  597.912901][ T5237] tipc: Node number set to 10136234
[  598.109638][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  598.117632][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  598.258587][ T5289] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  598.307730][ T5289] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  598.477937][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  598.526076][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  600.621198][ T9944] loop3: detected capacity change from 0 to 32768
[  600.689471][ T9944] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.900 (9944)
[  600.744837][ T9980] loop4: detected capacity change from 0 to 64
[  600.791854][ T9978] netlink: 16 bytes leftover after parsing attributes in process `syz.2.910'.
[  600.821692][ T9944] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  600.891220][ T9944] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  600.957588][ T9944] BTRFS info (device loop3): using free-space-tree
[  601.068094][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  601.101903][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  601.114793][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  601.126169][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  601.137093][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  601.151083][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  601.160933][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  601.173777][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  601.195010][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  601.257048][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  601.956308][ T9944] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  602.073131][ T9944] BTRFS error (device loop3): open_ctree failed
[  602.682668][T10024] Bluetooth: MGMT ver 1.23
[  604.146017][T10051] loop0: detected capacity change from 0 to 64
[  607.821581][T10066] loop4: detected capacity change from 0 to 32768
[  608.319805][T10103] syz.1.946 uses obsolete (PF_INET,SOCK_PACKET)
[  608.681036][T10107] hsr0: entered promiscuous mode
[  608.743293][T10107] batman_adv: batadv0: Adding interface: macsec1
[  608.798376][T10107] batman_adv: batadv0: The MTU of interface macsec1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  608.841444][T10107] batman_adv: batadv0: Interface activated: macsec1
[  609.364659][T10118] loop5: detected capacity change from 0 to 2048
[  609.421335][T10118] udf: Bad value for 'anchor'
[  609.649893][T10127] loop5: detected capacity change from 0 to 128
[  610.863781][T10132] loop5: detected capacity change from 0 to 2048
[  610.879896][T10132] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  610.930326][T10132] netlink: 8 bytes leftover after parsing attributes in process `syz.5.956'.
[  612.693589][T10157] capability: warning: `syz.5.963' uses 32-bit capabilities (legacy support in use)
[  613.186377][T10154] syzkaller0: entered promiscuous mode
[  613.219763][T10154] syzkaller0: entered allmulticast mode
[  613.254858][T10137] loop4: detected capacity change from 0 to 32768
[  613.292389][T10137] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.957 (10137)
[  613.384727][T10137] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  613.395077][ T5082] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  613.429547][T10137] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  613.457920][T10137] BTRFS info (device loop4): using free-space-tree
[  613.599935][T10171] loop1: detected capacity change from 0 to 512
[  613.622691][ T5082] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  613.639234][ T5082] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  613.652151][ T5082] usb 6-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00
[  613.652979][T10171] EXT4-fs (loop1): blocks per group (95) and clusters per group (32768) inconsistent
[  613.661366][ T5082] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  613.702066][ T5082] usb 6-1: config 0 descriptor??
[  614.070199][ T9544] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  614.155152][ T5082] isku 0003:1E7D:319C.0013: item fetching failed at offset 6/7
[  614.226179][ T5082] isku 0003:1E7D:319C.0013: parse failed
[  614.272141][ T5082] isku 0003:1E7D:319C.0013: probe with driver isku failed with error -22
[  614.379563][ T5082] usb 6-1: USB disconnect, device number 6
[  614.551458][T10189] loop0: detected capacity change from 0 to 512
[  614.565340][T10149] loop3: detected capacity change from 0 to 32768
[  614.634570][T10149] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.961 (10149)
[  614.689878][T10189] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e01c, mo2=0002]
[  614.725950][T10189] System zones: 1-12
[  614.753377][T10189] EXT4-fs error (device loop0): dx_probe:823: inode #2: comm syz.0.968: Directory hole found for htree index block 0
[  614.772726][T10149] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  614.824429][T10149] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  614.862461][T10189] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -117
[  614.876802][T10149] BTRFS info (device loop3): using free-space-tree
[  614.913675][T10189] EXT4-fs error (device loop0): dx_probe:823: inode #2: comm syz.0.968: Directory hole found for htree index block 0
[  614.965057][T10189] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  614.986380][T10189] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  615.054258][T10149] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  615.074057][T10149] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  615.094549][T10149] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  615.180326][T10149] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  615.282979][T10149] BTRFS error (device loop3): open_ctree failed
[  615.969063][T10217] EXT4-fs error (device loop0): dx_probe:823: inode #2: comm syz.0.968: Directory hole found for htree index block 0
[  616.228351][T10217] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  616.273426][T10227] loop5: detected capacity change from 0 to 2048
[  616.299975][T10227] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  616.325830][T10227] netlink: 8 bytes leftover after parsing attributes in process `syz.5.972'.
[  617.892533][T10240] loop3: detected capacity change from 0 to 32768
[  617.938900][T10240] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  618.074365][T10240] XFS (loop3): Ending clean mount
[  618.090754][T10240] XFS (loop3): Quotacheck needed: Please wait.
[  618.214098][T10240] XFS (loop3): Quotacheck: Done.
[  618.404019][ T9522] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  618.839304][T10197] EXT4-fs error (device loop0): ext4_validate_block_bitmap:440: comm ext4lazyinit: bg 0: block 361: padding at end of block bitmap is not set
[  619.377797][T10258] netlink: 60 bytes leftover after parsing attributes in process `syz.3.977'.
[  620.151455][ T9370] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  620.430586][T10258] openvswitch: Κό: Dropping previously announced user features
[  623.472767][T10278] loop4: detected capacity change from 0 to 32768
[  623.515462][T10278] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.985 (10278)
[  623.591055][T10310] loop3: detected capacity change from 0 to 2048
[  623.606500][T10278] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  623.608137][T10310] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  623.635304][T10272] loop0: detected capacity change from 0 to 32768
[  623.645717][T10310] netlink: 8 bytes leftover after parsing attributes in process `syz.3.994'.
[  623.689605][T10278] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  623.757826][T10278] BTRFS info (device loop4): using free-space-tree
[  624.460523][T10278] BTRFS error (device loop4): open_ctree failed
[  624.752134][T10289] loop1: detected capacity change from 0 to 32768
[  624.819443][T10289] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.987 (10289)
[  624.930029][T10289] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  624.989721][T10289] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  625.049731][T10289] BTRFS info (device loop1): using free-space-tree
[  625.090415][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  625.091628][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  625.164007][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  625.312406][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  625.360466][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  625.507125][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  625.552818][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  625.651208][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  625.765510][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  625.840319][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  625.968898][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  626.053108][T10289] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  626.084498][T10368] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1000'.
[  626.189904][T10368] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1000'.
[  626.239099][T10289] BTRFS error (device loop1): open_ctree failed
[  626.249752][T10368] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1000'.
[  626.498824][T10367] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1001'.
[  626.745023][T10367] Κό: entered promiscuous mode
[  627.593364][T10396] loop0: detected capacity change from 0 to 2048
[  627.667184][T10396] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  627.721862][T10396] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1009'.
[  629.415466][T10407] netlink: 696 bytes leftover after parsing attributes in process `syz.1.1013'.
[  629.562629][ T5118] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  629.579354][ T5118] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  629.587551][ T5118] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  629.600325][ T5118] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  629.620888][ T5118] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  629.628634][ T5118] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  629.646795][T10413] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1013'.
[  631.091731][ T1105] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  631.606983][ T1105] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  631.879709][   T55] Bluetooth: hci2: command tx timeout
[  631.924307][ T1105] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.024278][T10435] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1021'.
[  632.312315][ T1105] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  633.187781][T10443] loop3: detected capacity change from 0 to 2048
[  633.207035][T10443] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  633.261874][T10443] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1025'.
[  633.380610][T10420] loop0: detected capacity change from 0 to 32768
[  633.401026][T10420] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.1017 (10420)
[  633.510043][T10420] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  633.579461][T10420] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  633.691194][T10420] BTRFS info (device loop0): using free-space-tree
[  633.866768][T10445] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1026'.
[  633.907034][ T1105] bridge_slave_1: left allmulticast mode
[  633.915093][ T1105] bridge_slave_1: left promiscuous mode
[  633.922896][ T1105] bridge0: port 2(bridge_slave_1) entered disabled state
[  633.935925][ T1105] bridge_slave_0: left allmulticast mode
[  633.942154][ T1105] bridge_slave_0: left promiscuous mode
[  633.947968][ T1105] bridge0: port 1(bridge_slave_0) entered disabled state
[  633.959350][   T55] Bluetooth: hci2: command tx timeout
[  634.371638][ T1245] ieee802154 phy0 wpan0: encryption failed: -22
[  634.378664][ T1245] ieee802154 phy1 wpan1: encryption failed: -22
[  634.441699][T10420] BTRFS error (device loop0): open_ctree failed
[  635.313280][T10474] netlink: 696 bytes leftover after parsing attributes in process `syz.4.1030'.
[  635.676447][T10477] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1030'.
[  636.039248][ T5118] Bluetooth: hci2: command tx timeout
[  636.110578][ T1105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  636.152036][ T1105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  636.184838][ T1105] bond0 (unregistering): Released all slaves
[  636.262864][T10445] Κό: entered promiscuous mode
[  637.291732][T10411] chnl_net:caif_netlink_parms(): no params data found
[  637.911928][T10502] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1035'.
[  638.119633][ T5118] Bluetooth: hci2: command tx timeout
[  638.249803][T10502] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(11)
[  638.257296][T10502] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  638.388339][T10510] vhci_hcd: connection closed
[  638.409483][T10502] vhci_hcd vhci_hcd.0: Device attached
[  638.524423][   T35] vhci_hcd: stop threads
[  638.559065][   T35] vhci_hcd: release socket
[  638.571603][ T1105] hsr_slave_0: left promiscuous mode
[  638.578399][   T35] vhci_hcd: disconnect device
[  638.701667][ T1105] hsr_slave_1: left promiscuous mode
[  638.969353][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  638.976821][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  639.461124][ T1105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  639.520979][T10486] loop4: detected capacity change from 0 to 32768
[  639.542438][ T1105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  639.586209][T10486] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1031 (10486)
[  639.657864][ T5118] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  639.679732][T10486] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  639.692005][T10486] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  639.701554][T10486] BTRFS info (device loop4): using free-space-tree
[  639.728251][ T1105] veth1_macvtap: left promiscuous mode
[  639.734853][ T1105] veth0_macvtap: left promiscuous mode
[  639.742202][ T1105] veth1_vlan: left promiscuous mode
[  639.748661][ T1105] veth0_vlan: left promiscuous mode
[  639.797639][T10486] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  639.798876][T10486] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  639.820946][T10486] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  639.840793][T10486] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  639.869741][T10486] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  639.894568][T10486] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  639.936158][T10486] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  640.073732][T10486] BTRFS error (device loop4): open_ctree failed
[  640.115080][T10545] netlink: 696 bytes leftover after parsing attributes in process `syz.5.1042'.
[  640.400129][T10546] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1042'.
[  641.848331][T10526] loop1: detected capacity change from 0 to 32768
[  641.876481][T10526] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1040 (10526)
[  641.937256][T10526] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  641.953809][T10569] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1050'.
[  641.965179][T10526] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  641.984960][T10526] BTRFS info (device loop1): using free-space-tree
[  642.245572][   T29] audit: type=1804 audit(1721569276.687:201): pid=10526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1040" name="/newroot/29/file1/bus" dev="loop1" ino=263 res=1 errno=0
[  642.339452][   T29] audit: type=1804 audit(1721569276.777:202): pid=10587 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1040" name="/newroot/29/file1/bus" dev="loop1" ino=263 res=1 errno=0
[  642.646094][ T9509] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  642.741427][ T1105] team0 (unregistering): Port device team_slave_1 removed
[  642.910423][ T1105] team0 (unregistering): Port device team_slave_0 removed
[  643.932491][T10411] bridge0: port 1(bridge_slave_0) entered blocking state
[  643.947446][T10411] bridge0: port 1(bridge_slave_0) entered disabled state
[  643.955097][T10411] bridge_slave_0: entered allmulticast mode
[  643.964447][T10411] bridge_slave_0: entered promiscuous mode
[  644.009338][T10549] netlink: 'syz.4.1043': attribute type 6 has an invalid length.
[  644.243876][ T5118] Bluetooth: hci3: Received unexpected HCI Event 0x00
[  644.306337][T10411] bridge0: port 2(bridge_slave_1) entered blocking state
[  644.347439][T10411] bridge0: port 2(bridge_slave_1) entered disabled state
[  644.379518][T10411] bridge_slave_1: entered allmulticast mode
[  644.660881][T10411] bridge_slave_1: entered promiscuous mode
[  644.960039][T10411] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  645.079800][T10411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  645.411149][T10615] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1057'.
[  645.894417][T10411] team0: Port device team_slave_0 added
[  646.105132][T10411] team0: Port device team_slave_1 added
[  646.899393][T10411] batman_adv: batadv0: Adding interface: batadv_slave_0
[  646.969620][T10411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  647.040382][T10608] loop4: detected capacity change from 0 to 32768
[  647.120739][T10608] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1054 (10608)
[  647.179203][T10411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  647.223325][T10608] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  647.281361][T10608] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  647.426459][T10608] BTRFS info (device loop4): using free-space-tree
[  647.477836][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  647.502196][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  647.568314][T10411] batman_adv: batadv0: Adding interface: batadv_slave_1
[  647.591622][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  647.592820][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  647.634360][T10411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  647.690487][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  647.709475][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  647.787598][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  647.825687][T10411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  647.867244][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  647.869500][T10652] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1064'.
[  647.889028][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  647.903204][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  648.001799][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  648.061607][T10608] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  648.157927][T10608] BTRFS error (device loop4): open_ctree failed
[  648.679802][ T5118] Bluetooth: hci0: Received unexpected HCI Event 0x00
[  648.847159][T10411] hsr_slave_0: entered promiscuous mode
[  648.986420][T10411] hsr_slave_1: entered promiscuous mode
[  649.067282][T10411] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  649.097643][T10411] Cannot create hsr debugfs directory
[  649.147133][T10664] netlink: 'syz.1.1066': attribute type 6 has an invalid length.
[  649.876920][T10690] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1073'.
[  650.090323][T10694] ------------[ cut here ]------------
[  650.096540][T10694] kernel BUG at mm/page_table_check.c:157!
[  650.169389][T10694] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
[  650.176579][T10694] CPU: 0 PID: 10694 Comm: syz.3.1076 Not tainted 6.10.0-syzkaller-11185-g2c9b3512402e #0
[  650.186423][T10694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  650.196501][T10694] RIP: 0010:__page_table_check_zero+0x2fd/0x360
[  650.202797][T10694] Code: ff 48 89 ef e8 c4 d0 ff ff 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 91 32 98 ff e8 8c 32 98 ff 90 0f 0b e8 84 32 98 ff 90 <0f> 0b e8 7c 32 98 ff 90 0f 0b e8 94 34 f5 ff e9 85 fd ff ff 48 c7
[  650.222449][T10694] RSP: 0018:ffffc900031ffab8 EFLAGS: 00010283
[  650.228550][T10694] RAX: 000000000000d7ea RBX: 0000000000000001 RCX: ffffc90014360000
[  650.236548][T10694] RDX: 0000000000040000 RSI: ffffffff81f3673c RDI: 0000000000000005
[  650.244633][T10694] RBP: ffff888018e69bc0 R08: 0000000000000005 R09: 0000000000000000
[  650.252629][T10694] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[  650.260625][T10694] R13: 0000000000000002 R14: ffff888018e69c0c R15: dffffc0000000000
[  650.268628][T10694] FS:  00007f8e6f6d46c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
[  650.277591][T10694] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  650.284204][T10694] CR2: 0000001b3251eff8 CR3: 0000000067bb0000 CR4: 0000000000350ef0
[  650.292205][T10694] Call Trace:
[  650.295504][T10694]  <TASK>
[  650.298454][T10694]  ? show_regs+0x8c/0xa0
[  650.302761][T10694]  ? die+0x36/0xa0
[  650.306513][T10694]  ? do_trap+0x232/0x430
[  650.310806][T10694]  ? __page_table_check_zero+0x2fd/0x360
[  650.316492][T10694]  ? __page_table_check_zero+0x2fd/0x360
[  650.322167][T10694]  ? do_error_trap+0xf4/0x230
[  650.326926][T10694]  ? __page_table_check_zero+0x2fd/0x360
[  650.332604][T10694]  ? handle_invalid_op+0x34/0x40
[  650.337592][T10694]  ? __page_table_check_zero+0x2fd/0x360
[  650.343266][T10694]  ? exc_invalid_op+0x2e/0x50
[  650.347978][T10694]  ? asm_exc_invalid_op+0x1a/0x20
[  650.353057][T10694]  ? __page_table_check_zero+0x2fc/0x360
[  650.358734][T10694]  ? __page_table_check_zero+0x2fd/0x360
[  650.364412][T10694]  ? __page_table_check_zero+0x2fc/0x360
[  650.370091][T10694]  free_unref_page+0x659/0xe40
[  650.374908][T10694]  hcd_buffer_free_pages+0xe8/0x180
[  650.380167][T10694]  dec_usb_memory_use_count+0x27b/0x410
[  650.385772][T10694]  ? __pfx_usbdev_vm_close+0x10/0x10
[  650.391124][T10694]  mmap_region+0x15f1/0x2760
[  650.395783][T10694]  ? __pfx_mmap_region+0x10/0x10
[  650.400805][T10694]  ? srso_alias_return_thunk+0x5/0xfbef5
[  650.406501][T10694]  ? security_mmap_addr+0x8e/0xb0
[  650.411567][T10694]  ? srso_alias_return_thunk+0x5/0xfbef5
[  650.417250][T10694]  ? __get_unmapped_area+0x271/0x3a0
[  650.422591][T10694]  do_mmap+0xbc7/0xf60
[  650.426719][T10694]  ? security_mmap_file+0x192/0x1d0
[  650.431962][T10694]  vm_mmap_pgoff+0x1ba/0x360
[  650.436618][T10694]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  650.441798][T10694]  ksys_mmap_pgoff+0x332/0x5d0
[  650.446630][T10694]  __x64_sys_mmap+0x125/0x190
[  650.451350][T10694]  do_syscall_64+0xcd/0x250
[  650.455917][T10694]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  650.461859][T10694] RIP: 0033:0x7f8e6e975b59
[  650.466299][T10694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  650.486032][T10694] RSP: 002b:00007f8e6f6d4048 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  650.494483][T10694] RAX: ffffffffffffffda RBX: 00007f8e6eb05f60 RCX: 00007f8e6e975b59
[  650.502479][T10694] RDX: 000000000200000f RSI: 0000000000004000 RDI: 0000000020ff9000
[  650.510477][T10694] RBP: 00007f8e6e9e4e5d R08: 0000000000000006 R09: 0000000000000000
[  650.518476][T10694] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000
[  650.526473][T10694] R13: 000000000000000b R14: 00007f8e6eb05f60 R15: 00007fffbf2b3088
[  650.534491][T10694]  </TASK>
[  650.537525][T10694] Modules linked in:
[  650.584283][T10690] ieee80211 phy71: Selected rate control algorithm 'minstrel_ht'
[  650.622063][T10694] ---[ end trace 0000000000000000 ]---
[  650.702879][T10694] RIP: 0010:__page_table_check_zero+0x2fd/0x360
[  650.710212][T10694] Code: ff 48 89 ef e8 c4 d0 ff ff 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f e9 91 32 98 ff e8 8c 32 98 ff 90 0f 0b e8 84 32 98 ff 90 <0f> 0b e8 7c 32 98 ff 90 0f 0b e8 94 34 f5 ff e9 85 fd ff ff 48 c7
[  650.734009][T10694] RSP: 0018:ffffc900031ffab8 EFLAGS: 00010283
[  650.740206][T10694] RAX: 000000000000d7ea RBX: 0000000000000001 RCX: ffffc90014360000
[  650.748352][T10694] RDX: 0000000000040000 RSI: ffffffff81f3673c RDI: 0000000000000005
[  650.756476][T10694] RBP: ffff888018e69bc0 R08: 0000000000000005 R09: 0000000000000000
[  650.764865][T10694] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[  650.776892][T10694] R13: 0000000000000002 R14: ffff888018e69c0c R15: dffffc0000000000
[  650.785264][T10694] FS:  00007f8e6f6d46c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000
[  650.794344][T10694] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  650.801079][T10694] CR2: 00000000203ff000 CR3: 0000000067bb0000 CR4: 0000000000350ef0
[  650.809249][T10694] Kernel panic - not syncing: Fatal exception
[  650.815550][T10694] Kernel Offset: disabled
[  650.819876][T10694] Rebooting in 86400 seconds..