last executing test programs:

13.759098697s ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000df1f00000000000700000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000002c0)={[{@huge_always}]})
chdir(&(0x7f0000000140)='./file0\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0)

12.478388023s ago: executing program 1:
r0 = openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
read$snddsp(r0, &(0x7f0000000740)=""/56, 0x38)

11.257326266s ago: executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180800000000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fe}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000007, 0x10, 0xffffffffffffffff, 0x0)
r3 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r3, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)

8.975560106s ago: executing program 3:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
pipe(&(0x7f0000000100))
write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a843500140600fe80000000000000e5000000", @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000200)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473ba6100b021ee66b9800000c00f146635004000000f300f20e06635800000000f22e0f30fa6c8", 0x54}], 0x1, 0x0, 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

8.90936972s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000009007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000001440)=@newtaction={0x850, 0x31, 0x1, 0x0, 0x0, {}, [{0x83c, 0x1, [@m_police={0x838, 0x0, 0x0, 0x0, {{0xb}, {0x80c, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404}, @TCA_POLICE_RATE={0x404}]]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x850}}, 0x0)

7.628332911s ago: executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001c2df6f270000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e000000"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0)

6.705251635s ago: executing program 3:
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000001140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(aes-aesni)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000080)=""/42, 0x2a}, {&(0x7f0000000000)=""/32, 0x20}], 0x2}}], 0x1, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000040)=ANY=[], 0x38}}, 0x0)

6.534014511s ago: executing program 2:
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$snddsp(0xffffffffffffffff, &(0x7f0000000740)=""/56, 0x38)

5.813894389s ago: executing program 0:
write$rfkill(0xffffffffffffffff, &(0x7f00000033c0)={0x1}, 0x8)
socket(0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x2000000, &(0x7f0000000080), 0x1, 0x4f5, &(0x7f0000000740)="$eJzs3U9rJGkZAPCnKunZZCZr96rIuuLu4q5kFp3uZOPuBpF1BdHTgjreY0w6IaSTDunOOAmDZj6BIKKCJ09eBD+AIPMRRBjQu+CoiM7owYNOSVdXdJLpTlryp8fO7wc19b5VXfU8bw15u6rrpSqAS+vViHgvIj4WEW9ERLlYnhbTQqey3/3co4d3ljpTEll28y9JJMWyg3116uMRca27SUxExNe+HPHN5Om4rd299cVGo75d1Gvtja1aa3fvxtrG4mp9tb45Nzf79vw782/Nz2SFU7WzEhHvfvHBD7770y+9+8tPf+t3C3+6/u1OWp/7SDfviFg6VYA+uvsu5cfiQOcYbZ9HsCEYK9pTGnYiAAAMpHOO/8GI+ER+/l+OsfxsDgAAABgl2een4p9JRAYAAACMrDQipiJJq8VYgKlI02q1O4b3w3E1bTRb7U+tNHc2lzvrIipRSlfWGvWZYqxwJUpJpz5bjLE9qL95pD4XES9ExPfLk3m9utRsLA/7xw8AAAC4JK69cvj6/+/lNC8DAAAAI6bStwIAAACMCpf8AAAAMPoGvv7/Q/l8EwEAAADOw1fef78zZQfv8V6+tbuz3rx1Y7neWq9u7CxVl5rbW9XVZnM1f2bfxkn7azSbW5+JzZ3btXa91a61dvcWNpo7m+2FtUOvwAYAAAAu0Auv3PttEhH7n53MpyieAwhwyO+HnQBwlsaGnQAwNOPDTgAYmtIT5d7nAnoIGHXJCev7Dt751ZH65NnkAwAAnL3pjz59//9Ksa401MyA82asDwBcPu7uweVVMgIQLr0PdGfP9Vs/8P3/vrLsf04KAAA4U1P5lKTV4l7gVKRptRrxfP5agFKystaozxTXB78pl57r1GfzLZMTxwwDAAAAAAAAAAAAAAAAAAAAAAAAAF1ZlkQGAAAAjLSI9I9J/jT/iOny61NHfx+4kvyjHA+Kyo9v/vD2Yru9PdtZ/tdyvj4i2j8qlr+ZeSUAAAAAPAO61+nFfHbY2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwah49vLN0MF1k3D9/ISIqveKPx0Q+n4hSRFz9WxLjT2yXRMTYGcTfvxsRL/aKn8TjLMsqRRa94k+ec/xKfmh6x08j4toZxIfL7F6n/3mv199fGq/m895/f+PFdFr9+7/0P/3fWJ/+5/kBY7x0/+e1vvHvRrw03rv/OYif9In/2oDxv/H1vb1+67KfREz3/P5JDsWqtTe2aq3dvRtrG4ur9dX65tzc7Nvz78y/NT9TW1lr1It/e8b43sd/8fi49l/tE79yQvtfH7D9/7p/++GHusVSr/jXX+v9/ftiN372nSPx0+K775NFuZPL9EF5v1t+0ss/+/XLx7V/uU/7T/r/vz5g+9/46pUBPwkAXITW7t76YqNR3z6mMDHAZxT+HwoRsf8MpNGjkJ/kRsTp9nPKzZ8qZMM+LEMsDLtnAgAAztp/T/qHnQkAAAAAAAAAAAAAAAAAAABcXhfxOLGjMfeH01QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgGP9OwAA///MZN36")
sendto(0xffffffffffffffff, 0x0, 0x0, 0x4004000, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000b80)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'})
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x2100)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'})
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xa, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eded8e4a093f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

5.447324421s ago: executing program 2:
r0 = socket$inet(0x2, 0x1, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000100)={@multicast2, @local}, 0xc)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000000400)=ANY=[@ANYBLOB="bf16000000000000b70700000100e0ff5070000028000000770000000000000095000200000000007ae9413df8ff0af5aa35339f4b382c4cad9db6fa7a9b857b72abaca100af1ba23d699b89e890c10500000000000000000000000000ac0e064c27bdfbd301150500000000000000bfdc995279d64072aacbb0595b95060000009ad3bf16a461e48e955a772d4062093f4cb1c3d9532abad2085401f098eb039ae4f4103699b9e079227e98cc07c09c1a72cb6d47cef1595e84d21951010f0274b1445a2ad6a7ad73827cccc21842599e0ae7b91f0b878b9267aa0b28d69a74ffdea613e892f0f9ff94e690b6ad68e4cb6dd65fd7bf3124702c6b1c2aea53ee0cb83ff1807459c7cba77cedca0bff6d8370c33e2bd9cebd29c152ff9dc8c2772fe552fecfcd1778b0838100000031d521207e5223d86508416780983c2f380bc01cefe9773a9a5cd5b24aa24a561e72393c0ce2bf44825b05c138779fe74f884c2472ab45c2af60289cb199963312dd1929096c6f49d116f1612a7b97f77169fa5e8a66a372ef8e3ee7167f7d2a26fc6c3cfa4dc5860277223d6eb3460e3b10a0dc9495635a9fca19d7beb5e700498b43bdadc916c01264d22d7969530633f94b257fbc5da7a96820e31444c0b0f62619c9e351996185e4015510875b774666ba5c0ba9845ad25b578d"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x15}, 0x48)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4)
syz_emit_ethernet(0xd2, &(0x7f0000000900)=ANY=[], 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2}}}}}, 0x0)

5.353797483s ago: executing program 4:
futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0)
rt_sigreturn()
syz_read_part_table(0x401f, &(0x7f0000000000)="$eJzs0DEOAUEUBuB/NqKgUbuERk2UjrKNTqLRuIrKMSQaB3EBJ9CMZElIVuv7mvlnMjMv741vp1WSMttu2l1eNJ28bJKSZF73Jf/nvedrsjgnGfX5pDvUtPcvNycfzveHGoZ96j4N6ro+Ti+/vAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAe7MCBAAAAAACQ/2sjVFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWEHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AgAwAAACDM3zqP9gMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEsBAAD//4IoCls=")
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000001180)={0xa, 0x4e21, 0x405, @private1}, 0x1c)
r0 = eventfd(0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
socket$unix(0x1, 0x1, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
write$P9_RSTATFS(r1, &(0x7f0000000080)={0x43, 0x9, 0x0, {0x1ff}}, 0x43)
write$FUSE_DIRENT(r1, &(0x7f0000004080)=ANY=[@ANYBLOB="30000000f5ffffff", @ANYRES64=0x0, @ANYBLOB="024d37ed35d17d09147900000000000000020000000000000001000000090000002d00000000000000"], 0x30)

4.628024061s ago: executing program 3:
r0 = semget$private(0x0, 0x4, 0x0)
semop(r0, &(0x7f00000000c0)=[{0x0, 0x5}, {}], 0x2)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001100)={<r1=>0xffffffffffffffff})
write$binfmt_script(r1, &(0x7f0000000340), 0xffffff46)
rt_sigreturn()
write(r1, &(0x7f0000001140)='x', 0x1)
semctl$SETALL(r0, 0x0, 0x11, &(0x7f0000002240)=[0x7fff])

4.267277001s ago: executing program 2:
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r0 = syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000280)='./file0\x00', 0x480, &(0x7f00000000c0)=ANY=[], 0x0, 0x25d, &(0x7f0000000c00)="$eJzs3E+LG2UcB/Cf27q73dJmDyIoiA960cvQ3b6CIC2IC8raiHoQpu6shh2TJRMiEbG9efV1FI/eBPUN7MWbd297Ebz0IEY2f7axRrRl11Hz+UB4fuHJlzyTTMJv5vAcv/3FRwf7Vbaf92NlPcVKxN24H7F5Uk09MR1XxvVqzLsbL1/++Yfn3nzn3deaOzs3dlO62bx1fTuldPX5bz7+9MsXvutffuurq1+vxdHme8c/bf949PTRM8e/3vqwXaV2lTrdfsrT7W539m7VQZbSG2WRV0Vqd6qiN53v57fLIu2X3cPDYco7e1c2DntFVaW8M0wHxTD1u6nfG6b8g7zdSVmWpSsbwV9p3dvdzZt1r4Lz1es18wsRcekPM60LtSwIAKjVWfX/q7P+/2T6Mfr/SX+/1/5H+//rZ/1p/tfo/5fBSf+/Mf39/l7rXi0LAgAAAAAAAAAAAAAAHsn90agxGo0as3H2WIuI9YiYPa97nZwP3/9ym9u4Yz2i/HzQGrQm42S+uR/tKKOIa9GIX8bnw9Skvvnqzo1raWwzvi3vTPN3BtOtBU7zW9GIzcX5rUk+zeej9WRszOe3oxFPLc5vL8gPWqvx0otz+Swa8f370Y0y9sbn9YP8Z1spvfL6zkP5S+PXAQAAwP9Blk4tvH7Psj+bn+Qf4f7AQ9fXF+PZi/UeOwAAACyLavjJQV6WRU+hUChOi7r/mQAAgLP2oOmveyUAAAAAAAAAAAAAAAAAAACwvB5rh7DR2iT8N1N1HyMAAAAAAAAAAAAAAAAAAAAAAAD8W/wWAAD//ySDKGU=")
r1 = openat(r0, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$VFAT_IOCTL_READDIR_BOTH(r1, 0x82307202, &(0x7f0000000f00)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}])

4.204906903s ago: executing program 0:
unshare(0x4040600)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000140)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x0, 0x0, 0xfffffff7})
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000004300), 0x0, 0x0)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0})

4.058528231s ago: executing program 4:
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="3b00000000000800020100c0"])

3.518064074s ago: executing program 3:
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000980)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90)
r0 = syz_open_dev$evdev(0x0, 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
ioctl$EVIOCRMFF(0xffffffffffffffff, 0x4004550e, 0x0)
openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_open_dev$amidi(0x0, 0x0, 0x0)
ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000040))
arch_prctl$ARCH_SHSTK_DISABLE(0x5003, 0x0)
r1 = gettid()
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r2, &(0x7f0000000200)=""/209, 0xd1)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000080)={0x335})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f00000003c0)={0x0, 0x0, 0x0, 'queue1\x00'})
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r2, 0xc0605345, &(0x7f0000000300))
tkill(r1, 0x7)

3.099511348s ago: executing program 2:
syz_mount_image$bcachefs(&(0x7f0000000080), &(0x7f0000000040)='./file0\x00', 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="6261636b67726f756e645f636f6d7072657373696f6e3d6e6f6e652c6261636b67726f756e644c636f6d7072657373696f6e3d7a7374642c7374725f686173683d63726336342c7374725f68616372633332632c646174615f636865636b73756d3d63726336342c646174615f636865636b7375003d6372eee532632c7374725f686173683d736970686173682c6261636b67726f756e645f636f6d7072657373696f6e3d6e6f6e652c00000000"], 0x1, 0x5b22, &(0x7f0000000280)="$eJzs3Q2MHNWdIPCq7hnPjMc2YxLAMR8ewPgMF2CMyQEWEQOnALnEhEBikkCwHTw2Q/wBHjsGJ8QGKSQiHGfpTgkXKQihROKEELlDl8vHRSZaQrRho1jKsia7myWCRBt2RRwRSLwYxauZqZrprqnXVdPd4xj4/WRPTVW//r/3f/Wmpup1TXcEAADA28LTXxj541UL3/eTu4de23Xl9zbdFfVWx7Z3pwX6kuXtf6kWciR1dSwYW2bHxZ7BWU9fct8Hn/v6J7/5wovzly77xi2XH7ptzsp77x38+QWHfvrnO4vipuPpzMn1+OU4ik7+2dKv3POjZ04Y3RZHUVSN+3ZH0fy48sP5cSbEwOtRFK2baGf9g0+8tnz96HL3l7vqth+TCWK8v711J+Psiz/YctJvz7n8ub2/uOy1ge7Xt+6eLBJ314ynKJq3pvb5nVEU9ST/R6WjbUH65GR5dRRFs2ued2FBu04r2f6zA+sLk+WsZNlbECd9/NTMemfJdnRklt0ln9esygzHT6X7b84M1589uGXrmZ8sv50sz5xm/Gr6P44qcdQxUd3GeHKMRDX7LY7isX0/uV6pGwtxZmzEURRn1iuZ9WpnJq+xepOBVo3j+u1pucz2/mR7R7L91IKxdm1g+7vSfJMf1IOZ/LNBe6d8M5HXmLRdv2rQliOhUnMMytuetrc72Rm9ybbe+NgpzzmcI31s1Yv3P/7CzgcX9wXaEX8rTuLHTcV/dtNF+5fs/OWBBaH4aypJ/EpT8UfOeeWxl6758QnB+HvS+NWm4j9//pKvfn/XjoPB/vl92j8dTcWvrjjr0LK7B1YF2/9QGr+7qfgPX/bo1+a956nHgu0fSPunp7n+Gd7+xvWPHHcgGD9K489uKv6lrx5/xootj24Ixn8y7Z/epuI/MzK88p6bF+3oD8Xfl8af21T80359w/V79w89H2z/YNo/fU3Ff+/iS69eeWDzfaFjZ7z7SP2GBXhrekdyjvWlZL3Z68xW1VwvPNAXj5/zzUn+z622s6Z6o/XMm7nwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALxNPdy3bujP3z3ljY5kvSv55pTq+DLdPiuK4p4oika2rd26bXjzhv5btmzfunntxv612/qHNm/bekf/+e/u3zp068a1d4w+OnD28vHnHRvF48v45Cl1Hz58+HClr35bWt+nL/jvT/Sfsv/vo2jguJ+f0hFs/4fuXPif5+d8zYgHD2/8b2fc+NKcv94+vqEvaVdfoF1RoF0XP/Lyit9+r+e/RtHA8Y3a9c9Lr/hRXYPGNkzGSVS6osrYN13x7Nx2TLQ6aU/aXx3rhzcODRT3bzWQx28O/p+P7hi5afd4/3YH8yjZvz2Dh/+0+TtP3nTxzqvHNxyt+72ov9Ms0val/ded9Pe8JK95gbw6Anndc8ap//R3/3PTy7ujgY4/LJpad1FenckA6IzfVaretIbZcX2fdCfl0z2ePu/cbZtuPXfkjp1nD29au2Fow9Dm5cuXX3j+8vMuOO8/nTuW+vjXtuWf1v8fSuZ/ZMbTlgsGh9Ov5cZTUbuK+mO0XcX9Udui0M/fOz9yxT/c9X/3XDO+oWicp6UnjifJcvbobl4W1Yy3qX2Vl1dRP3QG+mHDtb3/69X+Lf9WdByq3TO1XzPiwcN/GP6bS+bsPf3G8Q1H5Dhf26Amj/MTrU7a01l73Fl29PZvV1RN8urNbdfpd7/ysb/9btw/0b5Zs6Lb127btnXZ+NcjlNc7r/1ce/O6cMm/3rZzzV3zp+R13vjXOUlL58Qn5rYruzXNa9HY12qUdEu6iLor+fl1RuPty/5eSJ+X7dXe5LHe+NjcvLLSx1a9eP/jL+x8cHGop+NvjdfYE80dX8YnBUpuzDyxOtHgvPqLxkcURWtqt6X9+OR3/kf/3p/M31Q4PsZHxpSv2fQGD3/+ojm/Gblu38rxDUfmuFLToCaPKxOtnmzPWH+NHVfOO3ry+Mvt57ofrHjw8N6T3r1h+f/flvzYF/XvROm8/l0eRUXHgUWZ9Zk6DmTrmSyfH68/s94bVZs6bjx//pKvfn/XjoPB48bvyx43Ple3Vm3xuBEHxtP+z//vP312/7Pvb99x4/1Lqp/4x0XLkw49Wn7eupNx3R0Y1xOtTtoT147rc27asnHd+Paj9/w3WRZc/6S/v0fu2PnptRs3Dm0dKZdX2fOStJ5sLzd7XpL+9B1bkFe6vybzmrlvyvRX2Z+3tP3rsv3V5M8b5OmN4qZ+nz276aL9S3b+8kBfIG68ppLErzQVf+ScVx576ZofnxCMvyeN39FU/OqKsw4tu3tgVTD+Q3ESv7up+A9f9ujX5r3nqceC8QfS9vc0dz4xvP2N6x85Ltz/URq/t6n4z4wMr7zn5kU7gvH3xUk9o+d2UfTEa8vXj6/HUWdyHE7b0VnXrii7HmfWK5n1au16ZXwOfqKCahzXb0/LJdtPrWlLnuuiKNrXNXV7evbYvWB8eTBdj7LfNN5+tKnUnBPkbS86vwaAt5L09f/0XCN9/X9R8gux5vX/8WU8q+75C5LzqQWTm8au8+7qH/9FOt15vbQd2Xm9NP7S0+tjNDuvVzQvd1pmPW3XoqRX0vY0OG+YE5WYl5taT+N5uUz6xfNm/V/KbOgYm9sL7bfOZKYi73XmTHvnjEZo9Tx7QX6rJ86zQ+MuO9+Rvk4flxx32fsi0v2bvS8ijb8wM4HW7H0RrY67dFqjwbgby6x4PnXquIga9OvkuMiPlh0X0xhHfePjaGZfl3rzX+/P7Pz722Y+Idpd3z8l5xOO9uv9dHt6fOgoOQ+wKrC9XfMA6eEibdevGrTlSDAPAACT1//pOcXo9f/o7+r+zHl+0XVL9iojjRe8j6Wa356i69+p97PNbuq88tJXjz9jxZZHNwTPi58se1/KrXVrswvuSynqx8WZ9cJ+DNwKUjTvsCRTvjea21Q/nvbrG67fu3/o+WA/Do6fSBX34566tbkt9uPSzHphP3bmt6qoH7P1FI3fMzPrvckdQdPt9/cuvvTqlQc23xfs991l+/2hurW+gn53nR6I7zr9LfG6f9F85F9sHiCZt56peYBrA9unOw/QO+WbibzGvOnmAQK/FwDgzSy9/p+4Xz65/v+rTLlWrw+D522D7bmfNXjeNnFe29p5ebD9E+flrV0XBeNPXBe1dt0S7J+J65bWrruC8Seuu1qbpwn2z5Np/0w9799VIn563h/6c4H0vP/Nf100s/MMrouS9Sj7zTjXRQAAHA3S6//0dDW9//+pZD17bjzz17kzfR0609fRMz3PMNPzJG/269wjP89QJn75eYaZnmczD2AeoJh5AACAt4b3JcsbS5bvGLuHOIo+ddPN561eN/SZ1eu3Dg2N3Lr2pqHVw5uHt02U6xy78pp6n3SovqL7pPPKz25QfnUwfn17Lg+UD2k1/1B9RfnnlW+U/5pg/Pr2XBEoH9Jq/qH6ivKvLX9JifzXBuPXt+fKQPmQVvMP1VeUf175Rvl/Khi/vj3vD5QPaTX/UH1F+eeVb5T/TcH49e35L4HyIa3mH6qvKP+88o3yz75fZij/DwTKh7Saf6i+ovzzyjfKfygYv749HwyUD2k1/1B9RfnnlW+U//pg/Pr2rAyUD2k1/1B9RfnnlW+U/4Zg/Pr2XBUoH9Jq/qH6ivLPK98o/5uD8evb86FA+ZBW8w/VV5R/XvlG+Q8H49e35+pA+To1E8et5h+qryj/vPKN8r8lGL++PR8OlA9pNf9QfUX555VvlP+ng/Hr23NNoHxIq/mH6ivKP698o/w3BuPXt+faQPmQVvMP1VeUf175RvlvCsavb89HAuVDWs0/VF9R/nnlG+W/ORi/vj0fDZQPaTX/UH1F+eeVb5T/lmD8+vasCpQPaTX/UH1F+eeVb5T/rcH49e25LlA+pNX8Q/UV5Z9XvlH+twXj17fnY4HyIa3mH6qvKP+88o3y3xqMX9+ejwfKh7Saf6i+ovzzyjfKfyQYv749nwiUD2k1/1B9RfnnlW+U/7Zg/Pr2XB8oH9Jq/qH6ivLPK98o/+3B+PXtuSFQPqTV/EP1FeWfV75R/p8Jxq9vzycD5UNazT9UX1H+eeUb5b8jGL++PTcGyoe0mn+ovqL888o3yv/2YPz69qwOlA+ZyH/b1qGh1dtvXbd229DqzVvWDY2s3rF1eNu2oeRErdX7EoP3lSX3JXZGHQ3zX5hZPyZ5f6BjAu8PlC2fhj1x7Jup7w+Urbaj4H1yivZXtv6i9xnKK5833kL7t+h4UHY8ZNX9fIwPkuHNI0Nbpx6/exr2R+2YiMZum+sZX8bHlyqffbvOQDWFyufT3TCf7Oau5EbArvi4UuWjwOfBTVf5fOJgPnntmO7n2KVhp/U5dpkvU+S8R2tdvutHxg7Sw2s3Du8cmtr+2UdB+8v04+62t6MypR1F+z/O9Mf8pCXzQ5/3Fui/Hd/+l4d/97v/94EoGjiuelJL/RcPHl5z8PhP/ezirnNH219p2P6JkunnKhd8/mG2fJpPx8YtI9v+4/ot2zfnv4KW3u9cmVifofudkzyrJe9fDt3vMd37l+Mp3xydyt6/DAAA8HaR/v1/er26IPkb1PmZKYLy88Ct/X10cB54X7l54OxsRNE8cLZ8mnbZeeDeFueBs/WH5mkrDco3et2l7DzwJwLlp6v8OGntfQCC4yTpqaJxkv07/KJxki0/3XHS0+I4ydZfNE7yyjd6fbrsOLkuUD6k/Hho4n0n+iffdyI4HgbKjYfs52oWjYds+emOh+4Wx0O2/qLxkFe+0f06ZcfDRwLlyyo/Plp7X5jg+FhTbnxkPy+laHxky093fMQtjo9s/UXjI698o/sZy46PDwfKp8rv/9betye4//eU2//Zz20p2v/Z8tPd/5UW93+2/qL9n1e+0f3cZff/VYHyqfr9P7rjx/b70OodW7bW3gM905/bElK+fTP7uTXNKt/+mX3fp5lv/8y+r9TMt7+166Zg+/e19kpX+fbP7OcSNeuIvR6b/M1Q0ftPFb1O+/HA9um+TjtryjdHJ6/TAgAAwMxLX/9PP44/fX/4LyfLwMf0N+3N//nePn87N36bPn+7aB7TfF6Dyo4C5vMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADao6tjwdjy6S+M/PGqhe/7yd1Dr+268nub7tozOOvpS+774HNf/+Q3X3hx/tJl37jl8kO3zVl5772DP7/g0E//fGdh4L7xxZnJancUxS/HUXTyz5Z+5Z4fPXPC6LY4iqJq3Lc7iubHlR/G2QgDr0dRtG6infUPPvHa8vWjy91f7qrbfkwmSDavqLeatqeundHthRnxJtSdjLMv/mDLSb895/Ln9v7istcGul/funuySNxdM56iaN6a2ud3RlHUk/wflY62BemTk+XVURTNrnnehQXtOq1k+88OrC9MlrOSZW9BnPTxUzPrnSXb0ZFZdpd8XrMqMxw/le6/OTNc/5SjW6ae+cny28nyzGnGr6b/46gSRx0T1W2MJ8dIVLPf4ige2/eT65W6sRBnxkYcRXFmvZJZr3Zm8hqrNxlo1Tiu356Wy2zvT7Z3JNtPLRhr1wa2vyvNN/lBPZjJPxu0d8o3E3mNSdv1qwZtORIqNcegvO1pe7uTndGbbOuNj53ynMM50sdWvXj/4y/sfHBxX6C++FtxEj9uKv6zmy7av2TnLw8sCOQZr6kk8StNxR8555XHXrrmxycE4+9J41ebiv/8+Uu++v1dOw72heL/Pu2fjqbiV1ecdWjZ3QOrgu1/KI3f3VT8hy979Gvz3vPUY8H2D6T909Nc/wxvf+P6R447EIwfpfFnNxX/0lePP2PFlkc3BOM/mfZPb1PxnxkZXnnPzYt29Ifi70vjz20q/mm/vuH6vfuHng+2fzDtn76m4r938aVXrzyw+b7QsTPefaR+wwK8Nb0jOcf6UrLe7HVmq2quFx7oi8fP+eYk/+e2s6KM0XrmzWB8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADemoaueGDXFftWX9kRR1EcKHM4R/pYddbgYH8T9VZXnHVo2d0Dq2q3LWgiDgAAAFAsvQ6vTGzpjhZEO+Ke6MTc8ukcwYnpWly/PTuH0DNZsi1xKm2KU21TnI42xelsU5xZbYrT1aY43QVxuqNycXoaxqmUbs/sNsXpbVOcOW2KM7dNcea1Kc4xbYrT1zBO+XE4v01xjm1TnHe0Kc472xTnuDbFOb5NcU5oU5zsnPJ0x+HcpOTCUJyxb6qFcTri6sQDefPpaT0nZ55XmWY9vSXryc7ZT7eenpL1nN5iPd0l61nSYj1xyXrObLGeSkE96bi9Pdu+tJ50reT4v6NNcXa2Kc5n2xTnc22Kc2eb4ny+TXF2tRgHoKz0+n/yurEv6uq4OJqdHHGyswDp9e6i8WdPOR51Zy/QE2m8kzLbZxXFy16oZ+ItanP7Tsts76yL1zFx3tQgXl9tvMWZBwvzzU4oZNq3dLrxshMLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADCDhq54YNcV+1ZfGcXR6L9ch3Okj1VnDQ72N1Hvqhfvf/yFnQ8urt3W1dFEIAAAAKBQeh3eObGlO+rqODeaFc/6d3btL0auqn4A+Lk7szPDtvCb/gJ1IIWOLF0xIi1dlD+p4aIPs8SgBDAaMN0tZVg3bHeR3aawImt9ID5oINHE1SfDE4bwoAZFJVkeNAYlYRPFJoLyIlE0QAIk1MRkzO7cO/8601lGtAU/n4d77j3ne873ntmmyffMtMUVknOAQvKcKdbbqDy00Y5E204an03idy8eumv3wr1LH545dGC6Ol2dGx8fv/Ly8b1X7P3o7jtmZqt76teQ77PecLLewr1Ldx6Yna3evVB/7nzvUjKv1OyaWr8cTd77//vkiZL4Zp7/3E3/vxYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJxa1crKcmVtcmIkCiHqEVPrIh3L5OK4PEDea9/cvuvq+UenW/vy2QEWAgAAAPpK6/DhRk8h5LOZkAnnbjxd2AwthtCs+wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP891crKcmVtcmJLFELUI6bWRTqWycVxeYC8v1mYuf6BL+w80tpXGmAdAAAAoL+0Dh9q9BRCKYyG4ejctrj0bOC8jvmdcek6528yrvPsoFfc6CbjxjYZ98E+cZ9K2nvqzXPXBAAAAHj3Suv/bKOnGPLZM3vW//3q+jRuZ0dcJmkH+a0AAAAA8O9J6/9co6cU8tlSo17fbL1/YUdcOr/f9/bp/H7f26dxF/fI0/l9PgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABw+qpWVpYra5MTmSiEqEdMrYt0LJOL4/IAeV+8fOzbP18+cry1L58dYCEAAACgr7QOb5behZDPjoThsGWj7r9y7O9fXJo6um24mAzncuGeA4uLd++tX9O40a++/rnf/TQqnxB3Wf16SjYHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8o6qVleXK2uTEGVEIUY+YWhfpWCYXx+UB8r44c/iftz5yzmutfaUB1gEAAAD6S+vwZu1fCKWQC7mwfeOptdZfN9Qxv9eZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDesXDv0p0HZmerd7tx48ZN4+ZU/88EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcLqqVleXK2uREIQoh6hFT6yIdy+TiuDxA3oc//uh3z/rILx5r7SsNsA4AAADQX1qHN2v/QiiF4TAcztl46nYmsFH/F/+LLwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJwWqpWV5cra5MSZUQhRj5haF+lYJhfH5QHyXvjnz9+6eqz6YmtfPjvAQgAAAEBfaR2ea/QUQj57WciHHcnzbPuEKJO03c8FmvPuaps2sul597XNy2x63tc6dpZNdlOfV0jXK9bbxrzyifPKIYRSMq/UHJhqmxceapt15qbf83tt84p95gUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DVUrK8uVtcmJKAoh6hFT6yIdy+TiuDxA3ucOXXVsbOmPr7X2lQZYBwAAAOgvrcObtX8hlML54axw/kbdH4rt8WncvkdeufqvPzvjGyHs2f7bC7I91//LxZVfdl5CGGoPGgrh/5J8UY98R378t4dfffUnnwxhzzmZHW83X/uScW3q+Pbbnt2X332SDwYAAADeQ9L6f7jRUwz57FzP+j+tvN9W/T9/9k33bUuuSUXeMWOomOQb6pHvziu++aPyBcf+sF7/nyzfp7983ie2hfkr4pn0Wu/pEMW12Qd37X9569OH013X82c68qefy0vHf/iZIwsHv1LPXwiFpP+8bLf8J147nBHX3pp74qmD+5ZuaM+f7bH/B3a9/0+//86hV9bzv7FzpJH/AyfZ/8nzn31z5fmjjz90Y3v+4R75p2/a8v03y/P/6Nz/SMfCySdf/4O3/BU6RHHtjZlnrtm6Orq/PX8IYao1MP38n3riW+XVX287lOZPfyty8WhH/pZ/aq3XjjOnKK6t7rhkevzJxS3t+aOO/On+j93/g7e+dOy56zr3f3vn/nvm79z/dWOZW17YOT7Ij2cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN4FqpWV5cra5ETIhBD1iKl1kY5lcnFcHiDvxy669obrX5v7emtfPjvAQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMA7plpZWa6sTU4MRSFEPWJqXaRjmVwclwfIu3Dp64+9fOOv3tfaVxpgHQAAAKC/tA5v1v6FUAq5kAsjG3X/1PHttz27L787FOujUdJmZ+cXFj90x/zhudtP0ZsDAAAAm5XW/9lGTzHksxeF4aT+X91xyfT4k4tb0vo/hDC1fincMTNbHQ+Nc4LrxjK3vLBzvNw4J2iNu/Tg/GxyTJCue/9VW19a+Oza9V3X3duMe2PmmWu2ro7uT+OGk3Yj7rJm3OyDu/a/vPXpw2ncUHpOsR63pxn31twTTx3ct3RDOp5pXa8l7uybK88fffyhGxvrJO1IkhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+xQ4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX26yjEqiKOA/DMvbt69a7bblFuUqRiokGyUlEJ0SokPbQhBb5Y4ENWRia1hCGEm5CFSfhUERQRBYFIQdBDERaUQRIFEdpDGNpDPcRGtCFuVOzuzO7do6fdTq2CfB8cxplzz2/+Z8549l4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg/Jrb1jPWHn564Pc7F932+e4tw7tuf3/bU/v75hy+dd8dx165980TJ7tXrH7jofUjj3b0793b9/WNI1/8+eS0wU+MNytTtxFC/DmGcOWXK17Y8+mRhaNjMYRQj12DIXTH2sfdsZDQezqEcN9EnVNPvjt83f2j7eBzc6eMX1QIKd5XaNZzPeO6ptbLhaWR9tkzH26/4sdV648d+nbdcG/j9GODkx+JjZb9FELn5tbr20MI89IxKu+2nnxxajeEEOa3XHfTNHUtnWH915b0F6V2Tmqb0+Tk80sK/fYZ1tFWaBszvK6q2iznZ/n5dczy/MWXW3Ge7tS+l9qV/zK/no8YajG0TUz3cJzcI6HlucUQx579ZL82ZS/Ewt6IIcRCv1bo19sL9zU2b9po9RinjufPFcYXp/G2NL5kmr12d8n45fl+03/UU4X7L4Y2z/jHxH2NyXV9/w+1nAu1lnfQ2cZzvY30MJpprBkvPuOav84in9t48vm3T+x8dVlXSR3xnZjyY6X8b7bdfHT5zu+GesryN9dSfq1S/sCqXw/+dNdnC0vz9+f8eqX849cvf/GDXTtOla7PL3l92irl19dcM7J6d+/G0vpfy/mNSvmvrzvwcucNnxwsrb83r8+8auuz9fE/Nr116VBpfsj58yvlr/3tsqvXbD/wQGn+R3l9mpXyjwxs7d/z4FU7Fpflf5XzF1TKX/rDPZsOHd1yvLT+vrw+XZXyb1m2dkP/0CP7yt6dcfBc/YUFuDBdkr5jPZv6VX9n/lctvxde6orj3/k60rHg/5yoYHSezlnMBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC/2YEDEgAAAABB/1+3I1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD///jJWGs=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x40142, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000005dc0)={'#! ', './file1', [], 0xa, "6d5710629424cea434a7782b21bc5d4008989b28cb4f33d28d322978289518807785b0fc52bd7d"}, 0x32)
copy_file_range(r1, &(0x7f00000001c0), r0, 0x0, 0xffffffffa003e45c, 0x700000000000000)

2.995925899s ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001c2df6f270000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e000000"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r1 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r1, &(0x7f00000000c0), 0x492492492492627, 0x0)

2.989664503s ago: executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000df1f00000000000700000018190000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000002c0)={[{@huge_always}]})
chdir(&(0x7f0000000140)='./file0\x00')
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='rss_stat\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0)

2.881825852s ago: executing program 4:
openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
read$snddsp(0xffffffffffffffff, &(0x7f0000000740)=""/56, 0x38)

2.075042428s ago: executing program 4:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000005c0)={0x0, 0x0, 0x0, r2})
r3 = eventfd2(0x0, 0x0)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000180)={0x0, 0x0, 0x0, r3, 0x4})

1.934614424s ago: executing program 0:
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
getsockopt$bt_BT_VOICE(r0, 0x112, 0xb, 0x0, &(0x7f0000001140))

1.920878326s ago: executing program 1:
r0 = io_uring_setup(0x511f, &(0x7f0000000180)={0x0, 0x0, 0x2})
io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, &(0x7f0000000040)="e9", 0x1)

1.57304274s ago: executing program 3:
syz_open_dev$radio(&(0x7f0000000040), 0x2, 0x2)
getrandom(&(0x7f0000000040)=""/25, 0x19, 0x0)

1.140398669s ago: executing program 0:
mknod(&(0x7f0000000200)='./file0\x00', 0x8000, 0x287e)
open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
msgget$private(0x0, 0x208)
socket(0x11, 0x3, 0x0)
mknod(&(0x7f00000000c0)='./bus\x00', 0x8000, 0x44002802)
open(&(0x7f0000000280)='./bus\x00', 0x0, 0x0)

909.201273ms ago: executing program 4:
r0 = socket(0x18, 0x3, 0x0)
getsockname(r0, 0x0, 0xffffffffffffffff)

797.373481ms ago: executing program 1:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x2, [@struct={0x0, 0x1, 0x0, 0x10, 0x0, 0x0, [{}]}]}}, &(0x7f0000000280)=""/246, 0x32, 0xf6, 0x1}, 0x20)
write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0xfd14)
fallocate(0xffffffffffffffff, 0x100000003, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.stat\x00', 0x275a, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000180)='./file0/file0\x00', 0x80000c, &(0x7f00000003c0)=ANY=[@ANYBLOB="706172743d3078300002a27f9edc6b44900000c63d5f852c6769643d", @ANYRESOCT, @ANYRESOCT, @ANYRES64=0x0, @ANYRESOCT=r0, @ANYRES8, @ANYBLOB="2c6e03d465636f6d706f73652c6769643d29ab72f4a2f73b811c7fd9bae7ecd520839bd791f81b6637f549a77ac6cb621635f9c08b2615964a3c43b727df50d049dc760465dea7349206240e6fb4756f276c72f20bab7d507fe4853b18ebe583cbf9009044b021249834326e80399ca072639251325e38177eef4f05093acfe76553919ecca99460ea4ebdbcef9c4e0ed3f10f86889116979b7aa52b38442546b806d6b8964f99a04195ad43adb611", @ANYRES16=r0, @ANYBLOB="459b"], 0x1, 0x701, &(0x7f00000009c0)="$eJzs3UtoHOcdAPD/rFaPVcGREz/SEsgSQ1oqaksWSqte6pZSdAglpIeeF1uOF6/lIClFNqVR+rj3kFNP6UG30ENJ74b23BAo6VHHQCGXnHRTmdmZ3Vlptbuy9Yrz+4mZ+Wa+x3zzn52ZfSC+AL6xlmej+iSSWJ59czNd39leaI1tL0zm2a2ImIiISkQ1Ikk3JauR5d7Kp/h25Dml5QEfNpfe/vyrnS/aa9V8yspXBtXrY+Lgpq18inpEjOXLg8YPafGT/bvvae/2oe2NKukcYRqwa0Xg4i/P1Co8s70Dtjp5H/8nm3fK9Kl+lOsWOKeS9nMz173UZyKmI2Iqov3Uz+8OldPv4fHaOusOAAAAwFHVjl7lhd3Yjc24cBLdAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdVPv5/kk+VIl2PpBj/fyLfFnn6HBo+EOJnk+3lk5PvDAAAAAAAAACcuFd3Yzc240Kxvpdkv/m/VvqN/1vxXqzHSqzF9diMRmzERqzFfETMlBqa2GxsbKzNZzUjLg2oeTM+7VPz5uF9vNW7mhzHcQMAAAAAAADAOTY1JP/++MFtv4/l7u//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwHiQRY+1FNl0q0jNRqUbEVFFuK+LTiJg4294eSdJv45PT7wcAAAA8k6ne1WRqhDovvB+7sRkXivW9JPvMfyX7vDwV78VqbEQzNqIVK3En/wydfuqv7GwvtHa2Fx6k08F2f/rlkbqetRjt7x767/nlrEQt7kYz23I9bkcSe5lK3srLO9sL6fJB/359kPYp+UluQG/GSuk76ezqJ1n6z73fIlSPdIgj2t9o5dCSM1nueCcic3nf0hoXiwj0j8TQs1MduKf5qHS++bk0eE/9Y/7B4L1P7yvV95ubM7E/Ejej0jlDVwZHIuK7//j41/daq/fv3V2fPT+H1Nf7Q0vsj8RCKRJXn6NIDDeXReJyZ305fhG/itn4cvKtWItm/CYasREr9SK/kb+e0/nM4Eh9Nl1ee2tYT9Jrst65f/XrUz16+hT1+HmWasRr2Tm9EM1I4mFErMQb2d/NmO/cDbpn+PIIV31lhDttybXvZYtOmKJ2eNm/jdbkcUnjerEU1/I9dybLK2/pRunFvlEqnnWjP49Kqt/JE2kLfxj4fDht+yMxX4rES4e9Xtoh/eteOl9vrd5fu9d4d8T9vZ4v0+voTwOeEifymB4oPcMvxlR+cBezeZJdU3NZ3kudXhXx+m8zYj7Lu9RppfeJm+Zd7tRrX6m/jIdxp+dK/WEsxmIsZaWvZKXHDzyx0ryrnZZ67+FpXvpOq9r5Yaf8futhtNrvhyK2vva3bYDn2fT3pydq/6v9u/ZR7Y+1e7U3p342+aPJVyZi/F/jP67Ojb1eeSX5e3wUv+t+/gcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ7e+qPH9xut1spa/0Slf1YyuFajtVcMJDagTE8iyYfKGaFwsv7o8d7QBgcnJvPuPWX140wUozUOL1w/wW4kW/vP19Twc1GM8jTCLpJ8mMrSSysinrrPxZ67W8bPwancn6gfuVb9wHHlieIFWyp89Fdvrd/5GouIfoWH3DjGjuHmA5ypGxsP3r2x/ujxD5oPGu+svLOyOr64uDS3tPjGwo27zdbKXHteqnD6o+oBJ6T8dqJjIiJeHV53wECtAAAAAAAAAAAAwAk6jf+FOOtjBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL7elmej+iSSmJ+7Ppeu72wvtNKpSHdLViOiEhHJbyOSf0bcivYUM6XmksP282Fz6e3Pv9r5ottWtShfidg6tN6gNru28inqETGWL59BT3u3h7c30U1O9slOOkeRBuxaETg4a/8PAAD//9qm8z8=")
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x41, 0x0, 0x0)
clock_adjtime(0x0, &(0x7f00000004c0)={0xc7})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

666.554834ms ago: executing program 3:
r0 = inotify_init1(0x0)
r1 = dup(r0)
readv(r1, &(0x7f00000000c0)=[{&(0x7f0000000bc0)=""/210, 0xd2}], 0x1)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6}]})

37.731377ms ago: executing program 4:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x301, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x10042, 0x0)
pwrite64(r1, &(0x7f0000000000)="19", 0xffffff18, 0x9)
sendfile(r0, r1, 0x0, 0x1002000000002)
timer_settime(0x0, 0x0, 0x0, 0x0)
pipe2(0x0, 0x0)
r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140), 0x8, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0, 0x0)
dup3(r3, r2, 0x0)

0s ago: executing program 0:
r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
fchdir(r0)
mount(&(0x7f0000000100)=@filename='\x00', &(0x7f0000000040)='./cgroup/file0\x00', &(0x7f00000000c0)='proc\x00', 0x0, 0x0)
statx(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
getresuid(0x0, 0x0, 0x0)
setresuid(0xee01, 0x0, 0xee01)

kernel console output (not intermixed with test programs):

d
[  414.124968][ T7389] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm
[  414.136594][ T7389] BTRFS info (device loop2): using free-space-tree
[  414.689617][ T7420] loop1: detected capacity change from 0 to 1024
[  414.789542][ T7420] EXT4-fs: Ignoring removed orlov option
[  414.795825][ T7420] EXT4-fs: Ignoring removed nomblk_io_submit option
[  414.944423][ T7420] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  415.204302][   T29] audit: type=1804 audit(1717044378.101:178): pid=7389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir1199615156/syzkaller.49mH78/127/bus/cgroup.controllers" dev="loop2" ino=263 res=1 errno=0
[  415.578501][ T5076] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  415.766883][ T7425] loop4: detected capacity change from 0 to 512
[  415.839418][ T5077] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  415.934318][ T7425] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  415.972970][ T7425] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1)
[  415.999288][ T7425] EXT4-fs (loop4): Remounting filesystem read-only
[  416.019321][ T7425] EXT4-fs (loop4): 1 truncate cleaned up
[  416.025621][ T7425] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.100667][ T5170] usb 1-1: USB disconnect, device number 11
[  416.106178][ T7425] overlayfs: missing 'lowerdir'
[  416.237149][ T7428] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'.
[  416.392230][ T7428] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.610391][ T7428] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  416.915710][ T7428] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.023865][ T5086] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.050509][ T3018] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.154943][ T7428] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.255961][ T3018] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.374801][ T3018] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.476580][ T7428] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  417.513666][ T7428] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  417.540201][ T7428] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  417.566664][ T7428] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  417.642263][ T3018] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  417.954901][ T3018] bridge_slave_1: left allmulticast mode
[  417.961160][ T3018] bridge_slave_1: left promiscuous mode
[  417.968131][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.989089][ T3018] bridge_slave_0: left allmulticast mode
[  417.995453][ T3018] bridge_slave_0: left promiscuous mode
[  418.002314][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state
[  418.502156][ T7441] loop2: detected capacity change from 0 to 1024
[  418.580648][ T3018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  418.657194][ T3018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  418.687375][ T3018] bond0 (unregistering): Released all slaves
[  418.744193][ T7438] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  419.216988][ T3018] hsr_slave_0: left promiscuous mode
[  419.228441][ T3018] hsr_slave_1: left promiscuous mode
[  419.243697][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  419.251375][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_0
[  419.274749][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  419.283387][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_1
[  419.292489][   T11] hfsplus: b-tree write err: -5, ino 4
[  419.305760][ T3018] veth1_macvtap: left promiscuous mode
[  419.312300][ T3018] veth0_macvtap: left promiscuous mode
[  419.318401][ T3018] veth1_vlan: left promiscuous mode
[  419.324157][ T3018] veth0_vlan: left promiscuous mode
[  420.714451][ T3018] team0 (unregistering): Port device team_slave_1 removed
[  420.793470][ T7456] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  420.857525][ T3018] team0 (unregistering): Port device team_slave_0 removed
[  421.074282][ T7454] loop0: detected capacity change from 0 to 32768
[  421.187132][ T7454] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (7454)
[  421.223749][ T7454] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  421.234470][ T7454] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm
[  421.245912][ T7454] BTRFS info (device loop0): using free-space-tree
[  421.260088][   T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  421.437449][   T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  421.453099][   T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  421.475247][   T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  421.496294][   T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  421.506001][   T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  421.821891][  T779] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  422.206612][  T779] usb 4-1: config 0 has an invalid descriptor of length 188, skipping remainder of the config
[  422.217342][  T779] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  422.226854][  T779] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  422.236330][  T779] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.312924][  T779] usb 4-1: config 0 descriptor??
[  422.417229][ T7459] chnl_net:caif_netlink_parms(): no params data found
[  422.589021][   T29] audit: type=1804 audit(1717044385.491:179): pid=7454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4189600340/syzkaller.qltzyk/135/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0
[  422.706763][ T7486] loop1: detected capacity change from 0 to 512
[  422.878682][ T7486] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  422.888684][ T7486] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 2683928664 (level 1)
[  422.939980][ T7486] EXT4-fs (loop1): Remounting filesystem read-only
[  422.949854][ T7486] EXT4-fs (loop1): 1 truncate cleaned up
[  422.956137][ T7486] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  423.001146][ T7486] overlay: Unknown parameter '/'
[  423.084781][ T5072] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  423.562942][   T50] Bluetooth: hci3: command tx timeout
[  423.826844][ T7459] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.835302][ T7459] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.850686][ T7459] bridge_slave_0: entered allmulticast mode
[  423.859961][ T7459] bridge_slave_0: entered promiscuous mode
[  423.912976][ T5077] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  423.938961][ T7498] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  423.978718][ T7459] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.986711][ T7459] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.994668][ T7459] bridge_slave_1: entered allmulticast mode
[  424.004041][ T7459] bridge_slave_1: entered promiscuous mode
[  424.244199][ T7459] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  424.313235][ T7459] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  424.543004][ T7459] team0: Port device team_slave_0 added
[  424.576356][ T7459] team0: Port device team_slave_1 added
[  424.713336][ T7459] batman_adv: batadv0: Adding interface: batadv_slave_0
[  424.720505][ T7459] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  424.746996][ T7459] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  424.798016][ T7459] batman_adv: batadv0: Adding interface: batadv_slave_1
[  424.805411][ T7459] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  424.832294][ T7459] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  425.032142][  T779] usb 4-1: USB disconnect, device number 6
[  425.067112][ T7459] hsr_slave_0: entered promiscuous mode
[  425.121840][ T7459] hsr_slave_1: entered promiscuous mode
[  425.148785][ T7459] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  425.156936][ T7459] Cannot create hsr debugfs directory
[  425.646098][   T50] Bluetooth: hci3: command tx timeout
[  425.815624][ T3018] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.923017][ T3018] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  425.949017][ T7504] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  426.077791][ T3018] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.134189][ T7509] loop3: detected capacity change from 0 to 64
[  426.238787][ T3018] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.315529][ T7509] hfs: unable to read volume bitmap
[  426.321264][ T7509] hfs: can't find a HFS filesystem on dev loop3
[  426.440553][ T3018] bridge_slave_1: left allmulticast mode
[  426.447829][ T3018] bridge_slave_1: left promiscuous mode
[  426.456376][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.487300][ T3018] bridge_slave_0: left allmulticast mode
[  426.494836][ T3018] bridge_slave_0: left promiscuous mode
[  426.502149][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.293265][ T3018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  427.358848][ T3018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  427.396903][ T3018] bond0 (unregistering): Released all slaves
[  427.601579][ T4429] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  427.621046][ T4429] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  427.665139][ T4429] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  427.742784][ T4429] Bluetooth: hci3: command tx timeout
[  427.745926][ T5082] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  427.761741][ T5082] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  427.771259][ T5082] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  427.994152][ T7459] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  428.066671][ T7459] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  428.188656][ T7459] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  428.266835][ T7459] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  428.417171][ T3018] hsr_slave_0: left promiscuous mode
[  428.434221][ T3018] hsr_slave_1: left promiscuous mode
[  428.465985][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  428.474214][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_0
[  428.521368][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  428.530287][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_1
[  428.570428][ T3018] veth1_macvtap: left promiscuous mode
[  428.577077][ T3018] veth0_macvtap: left promiscuous mode
[  428.583128][ T3018] veth1_vlan: left promiscuous mode
[  428.588687][ T3018] veth0_vlan: left promiscuous mode
[  429.541705][ T7535] loop0: detected capacity change from 0 to 32768
[  429.587829][ T3018] team0 (unregistering): Port device team_slave_1 removed
[  429.613032][ T7535] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (7535)
[  429.648571][ T7535] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  429.654274][ T3018] team0 (unregistering): Port device team_slave_0 removed
[  429.659162][ T7535] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm
[  429.677552][ T7535] BTRFS info (device loop0): using free-space-tree
[  429.806223][ T5082] Bluetooth: hci3: command tx timeout
[  429.885787][ T5082] Bluetooth: hci1: command tx timeout
[  430.742720][   T29] audit: type=1804 audit(1717044393.661:180): pid=7535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4189600340/syzkaller.qltzyk/138/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0
[  430.993061][ T7459] 8021q: adding VLAN 0 to HW filter on device bond0
[  431.016794][ T7522] chnl_net:caif_netlink_parms(): no params data found
[  431.209045][ T5072] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  431.300999][ T7459] 8021q: adding VLAN 0 to HW filter on device team0
[  431.388173][ T5123] bridge0: port 1(bridge_slave_0) entered blocking state
[  431.396028][ T5123] bridge0: port 1(bridge_slave_0) entered forwarding state
[  431.482007][ T7560] loop3: detected capacity change from 0 to 512
[  431.555270][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state
[  431.563026][ T5123] bridge0: port 2(bridge_slave_1) entered forwarding state
[  431.604574][ T7561] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  431.701196][ T7560] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13
[  431.742889][ T7560] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz-executor.3: invalid indirect mapped block 2683928664 (level 1)
[  431.798404][ T7560] EXT4-fs (loop3): Remounting filesystem read-only
[  431.807017][ T7560] EXT4-fs (loop3): 1 truncate cleaned up
[  431.813196][ T7560] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  431.841979][ T7561] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.956030][ T7565] overlay: Unknown parameter '/'
[  431.966784][ T5082] Bluetooth: hci1: command tx timeout
[  431.973197][ T7561] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.107669][ T7561] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.310120][ T7561] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.576845][ T7522] bridge0: port 1(bridge_slave_0) entered blocking state
[  432.584985][ T7522] bridge0: port 1(bridge_slave_0) entered disabled state
[  432.592933][ T7522] bridge_slave_0: entered allmulticast mode
[  432.602067][ T7522] bridge_slave_0: entered promiscuous mode
[  432.761239][ T7522] bridge0: port 2(bridge_slave_1) entered blocking state
[  432.769207][ T7522] bridge0: port 2(bridge_slave_1) entered disabled state
[  432.777957][ T7522] bridge_slave_1: entered allmulticast mode
[  432.787171][ T7522] bridge_slave_1: entered promiscuous mode
[  432.832884][ T7561] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  432.863848][ T7561] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  432.893806][ T7561] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  433.074714][ T7561] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  433.129427][ T5089] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  433.194611][ T7522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  433.330197][ T7522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  433.499434][ T7522] team0: Port device team_slave_0 added
[  433.550506][ T7522] team0: Port device team_slave_1 added
[  433.768498][ T7522] batman_adv: batadv0: Adding interface: batadv_slave_0
[  433.779005][ T7522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  433.806538][ T7522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  433.903959][   T29] audit: type=1326 audit(1717044396.791:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000
[  433.928039][   T29] audit: type=1326 audit(1717044396.811:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000
[  433.951599][   T29] audit: type=1326 audit(1717044396.821:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000
[  433.974967][   T29] audit: type=1326 audit(1717044396.821:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000
[  433.991972][ T7522] batman_adv: batadv0: Adding interface: batadv_slave_1
[  434.002553][   T29] audit: type=1326 audit(1717044396.821:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000
[  434.005048][ T7522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  434.028201][   T29] audit: type=1326 audit(1717044396.831:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc4bd47bc2f code=0x7ffc0000
[  434.028424][   T29] audit: type=1326 audit(1717044396.851:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4bd47cee9 code=0x7ffc0000
[  434.054562][ T7522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  434.111676][ T5082] Bluetooth: hci1: command tx timeout
[  434.116402][   T29] audit: type=1326 audit(1717044396.861:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc4bd47bae0 code=0x7ffc0000
[  434.144501][   T29] audit: type=1326 audit(1717044396.951:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7570 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fc4bd47e677 code=0x7ffc0000
[  434.421602][ T3018] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  434.505112][ T7459] 8021q: adding VLAN 0 to HW filter on device batadv0
[  434.880033][ T3018] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.017747][ T7522] hsr_slave_0: entered promiscuous mode
[  435.093067][ T7522] hsr_slave_1: entered promiscuous mode
[  435.142457][ T3018] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.332034][ T7577] loop2: detected capacity change from 0 to 32768
[  435.362945][ T3018] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  435.379961][ T7577] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7577)
[  435.469884][ T7577] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  435.480618][ T7577] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm
[  435.492384][ T7577] BTRFS info (device loop2): using free-space-tree
[  435.813255][ T3018] bridge_slave_1: left allmulticast mode
[  435.819246][ T3018] bridge_slave_1: left promiscuous mode
[  435.828384][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state
[  435.853629][ T3018] bridge_slave_0: left allmulticast mode
[  435.859525][ T3018] bridge_slave_0: left promiscuous mode
[  435.866304][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state
[  436.110865][   T29] kauditd_printk_skb: 58 callbacks suppressed
[  436.110936][   T29] audit: type=1800 audit(1717044399.071:248): pid=7577 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[  436.157305][ T5082] Bluetooth: hci1: command tx timeout
[  436.453857][ T3018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  436.511642][ T3018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  436.567524][ T3018] bond0 (unregistering): Released all slaves
[  437.062036][  T779] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  437.240785][ T7459] veth0_vlan: entered promiscuous mode
[  437.285620][ T5076] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  437.332530][  T779] usb 1-1: Using ep0 maxpacket: 32
[  437.506037][  T779] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.517632][  T779] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.528114][  T779] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  437.537609][  T779] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.618675][  T779] hub 1-1:4.0: USB hub found
[  437.666766][ T7459] veth1_vlan: entered promiscuous mode
[  437.683111][   T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  437.712288][   T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  437.740592][   T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  437.757250][   T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  437.778418][   T50] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  437.788877][   T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  437.831911][ T3018] hsr_slave_0: left promiscuous mode
[  437.868121][ T3018] hsr_slave_1: left promiscuous mode
[  437.911913][  T779] hub 1-1:4.0: config failed, can't read hub descriptor (err -22)
[  437.912099][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  437.927892][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_0
[  437.947579][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  437.955431][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_1
[  437.964768][  T779] usb 1-1: USB disconnect, device number 12
[  437.999501][ T3018] veth1_macvtap: left promiscuous mode
[  438.005598][ T3018] veth0_macvtap: left promiscuous mode
[  438.011691][ T3018] veth1_vlan: left promiscuous mode
[  438.017313][ T3018] veth0_vlan: left promiscuous mode
[  438.633136][ T3018] team0 (unregistering): Port device team_slave_1 removed
[  438.672187][ T3018] team0 (unregistering): Port device team_slave_0 removed
[  439.465095][ T7459] veth0_macvtap: entered promiscuous mode
[  439.501366][ T7459] veth1_macvtap: entered promiscuous mode
[  439.561141][ T7459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  439.573211][ T7459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.583548][ T7459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  439.594399][ T7459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.609251][ T7459] batman_adv: batadv0: Interface activated: batadv_slave_0
[  439.636795][ T7522] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  439.673674][ T7522] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  439.753243][ T7459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.764049][ T7459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.774261][ T7459] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  439.784997][ T7459] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  439.799645][ T7459] batman_adv: batadv0: Interface activated: batadv_slave_1
[  439.825241][ T7522] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  439.882941][   T50] Bluetooth: hci4: command tx timeout
[  439.907390][ T7522] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  439.940753][ T7459] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  439.949898][ T7459] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  439.959083][ T7459] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  439.968264][ T7459] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  440.479524][ T7605] chnl_net:caif_netlink_parms(): no params data found
[  441.089824][ T7522] 8021q: adding VLAN 0 to HW filter on device bond0
[  441.235985][ T7522] 8021q: adding VLAN 0 to HW filter on device team0
[  441.352081][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state
[  441.359892][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  441.478579][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state
[  441.486401][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  441.961884][   T50] Bluetooth: hci4: command tx timeout
[  442.180379][ T7605] bridge0: port 1(bridge_slave_0) entered blocking state
[  442.188338][ T7605] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.197879][ T7605] bridge_slave_0: entered allmulticast mode
[  442.207237][ T7605] bridge_slave_0: entered promiscuous mode
[  442.324067][ T7605] bridge0: port 2(bridge_slave_1) entered blocking state
[  442.332787][ T7605] bridge0: port 2(bridge_slave_1) entered disabled state
[  442.340566][ T7605] bridge_slave_1: entered allmulticast mode
[  442.350248][ T7605] bridge_slave_1: entered promiscuous mode
[  442.854240][ T7605] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  442.967520][ T7638] loop2: detected capacity change from 0 to 512
[  443.038941][ T7605] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  443.041970][ T7635] loop0: detected capacity change from 0 to 32768
[  443.147517][ T7635] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (7635)
[  443.179405][ T7638] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  443.196833][ T7635] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  443.208054][ T7635] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm
[  443.219462][ T7635] BTRFS info (device loop0): using free-space-tree
[  443.300685][ T7638] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 2683928664 (level 1)
[  443.348033][ T7605] team0: Port device team_slave_0 added
[  443.359232][ T7638] EXT4-fs (loop2): Remounting filesystem read-only
[  443.403786][ T7605] team0: Port device team_slave_1 added
[  443.418182][ T7638] EXT4-fs (loop2): 1 truncate cleaned up
[  443.424360][ T7638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  443.528238][ T7638] overlay: Unknown parameter '/'
[  443.626703][ T7605] batman_adv: batadv0: Adding interface: batadv_slave_0
[  443.635734][ T7605] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.664638][ T7605] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  443.837785][ T7522] 8021q: adding VLAN 0 to HW filter on device batadv0
[  443.858248][ T7605] batman_adv: batadv0: Adding interface: batadv_slave_1
[  443.865693][ T7605] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  443.892505][ T7605] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  444.077165][   T50] Bluetooth: hci4: command tx timeout
[  444.114026][   T29] audit: type=1804 audit(1717044407.071:249): pid=7635 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4189600340/syzkaller.qltzyk/143/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0
[  444.457214][ T7605] hsr_slave_0: entered promiscuous mode
[  444.467483][ T7605] hsr_slave_1: entered promiscuous mode
[  444.478592][ T7605] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  444.485752][ T5072] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  444.486460][ T7605] Cannot create hsr debugfs directory
[  444.949642][ T5076] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  444.954974][ T3018] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.032591][ T7522] veth0_vlan: entered promiscuous mode
[  445.098364][ T3018] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.201863][ T3018] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.357348][ T3018] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.457401][ T7522] veth1_vlan: entered promiscuous mode
[  445.853569][ T3018] bridge_slave_1: left allmulticast mode
[  445.859470][ T3018] bridge_slave_1: left promiscuous mode
[  445.866247][ T3018] bridge0: port 2(bridge_slave_1) entered disabled state
[  445.906904][ T3018] bridge_slave_0: left allmulticast mode
[  445.914114][ T3018] bridge_slave_0: left promiscuous mode
[  445.920720][ T3018] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.143566][   T50] Bluetooth: hci4: command tx timeout
[  446.512288][ T3018] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  446.543626][ T3018] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  446.564654][ T3018] bond0 (unregistering): Released all slaves
[  446.767334][  T787] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  446.860268][ T5136] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  446.868665][ T5136] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  447.096975][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  447.105753][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  447.118605][  T787] usb 1-1: no configurations
[  447.124904][  T787] usb 1-1: can't read configurations, error -22
[  447.333573][  T787] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  447.384838][ T7522] veth0_macvtap: entered promiscuous mode
[  447.551087][ T3018] hsr_slave_0: left promiscuous mode
[  447.574094][ T3018] hsr_slave_1: left promiscuous mode
[  447.609670][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  447.618137][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_0
[  447.664297][ T3018] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  447.672494][ T3018] batman_adv: batadv0: Removing interface: batadv_slave_1
[  447.683289][ T5082] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  447.693082][ T5082] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  447.698394][  T787] usb 1-1: no configurations
[  447.704081][ T5082] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  447.707257][  T787] usb 1-1: can't read configurations, error -22
[  447.720182][ T5082] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  447.737320][  T787] usb usb1-port1: attempt power cycle
[  447.737615][ T3018] veth1_macvtap: left promiscuous mode
[  447.749398][ T3018] veth0_macvtap: left promiscuous mode
[  447.751600][ T5082] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  447.755358][ T3018] veth1_vlan: left promiscuous mode
[  447.767684][ T3018] veth0_vlan: left promiscuous mode
[  447.770893][ T5082] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  448.161874][  T787] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  448.325675][  T787] usb 1-1: no configurations
[  448.330704][  T787] usb 1-1: can't read configurations, error -22
[  448.443598][ T3018] team0 (unregistering): Port device team_slave_1 removed
[  448.472729][ T3018] team0 (unregistering): Port device team_slave_0 removed
[  448.739440][  T787] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  448.806715][ T7522] veth1_macvtap: entered promiscuous mode
[  449.057607][  T787] usb 1-1: no configurations
[  449.062684][  T787] usb 1-1: can't read configurations, error -22
[  449.070998][  T787] usb usb1-port1: unable to enumerate USB device
[  449.253630][ T7522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  449.264679][ T7522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  449.275147][ T7522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  449.285908][ T7522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  449.300658][ T7522] batman_adv: batadv0: Interface activated: batadv_slave_0
[  449.327280][ T7605] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  449.420126][ T7522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  449.431612][ T7522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  449.444134][ T7522] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  449.455369][ T7522] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  449.470140][ T7522] batman_adv: batadv0: Interface activated: batadv_slave_1
[  449.485325][ T7605] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  449.540054][ T7522] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  449.550552][ T7522] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  449.560920][ T7522] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  449.570131][ T7522] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  449.690223][ T7605] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  449.779629][ T7605] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  449.883245][ T5082] Bluetooth: hci2: command tx timeout
[  450.053197][ T7673] chnl_net:caif_netlink_parms(): no params data found
[  451.252130][ T7695] loop4: detected capacity change from 0 to 32768
[  451.352645][ T7695] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (7695)
[  451.424942][ T7695] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  451.437298][ T7695] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm
[  451.449054][ T7695] BTRFS info (device loop4): using free-space-tree
[  451.524003][ T7605] 8021q: adding VLAN 0 to HW filter on device bond0
[  451.614375][ T7605] 8021q: adding VLAN 0 to HW filter on device team0
[  451.664805][ T5119] bridge0: port 1(bridge_slave_0) entered blocking state
[  451.672608][ T5119] bridge0: port 1(bridge_slave_0) entered forwarding state
[  451.755944][ T5119] bridge0: port 2(bridge_slave_1) entered blocking state
[  451.763769][ T5119] bridge0: port 2(bridge_slave_1) entered forwarding state
[  451.962051][ T5082] Bluetooth: hci2: command tx timeout
[  452.099827][   T29] audit: type=1800 audit(1717044414.961:250): pid=7695 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=263 res=0 errno=0
[  452.405227][ T7673] bridge0: port 1(bridge_slave_0) entered blocking state
[  452.416973][ T7673] bridge0: port 1(bridge_slave_0) entered disabled state
[  452.425167][ T7673] bridge_slave_0: entered allmulticast mode
[  452.434824][ T7673] bridge_slave_0: entered promiscuous mode
[  452.591358][ T7673] bridge0: port 2(bridge_slave_1) entered blocking state
[  452.599170][ T7673] bridge0: port 2(bridge_slave_1) entered disabled state
[  452.608256][ T7673] bridge_slave_1: entered allmulticast mode
[  452.622033][ T7673] bridge_slave_1: entered promiscuous mode
[  453.012778][ T7673] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  453.049155][ T7459] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  453.145016][ T7673] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  453.415152][ T7673] team0: Port device team_slave_0 added
[  453.468904][ T7673] team0: Port device team_slave_1 added
[  453.688542][ T7673] batman_adv: batadv0: Adding interface: batadv_slave_0
[  453.697227][ T7673] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  453.724120][ T7673] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  453.807446][ T7673] batman_adv: batadv0: Adding interface: batadv_slave_1
[  453.816446][ T7673] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  453.842851][ T7673] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  454.041860][ T5082] Bluetooth: hci2: command tx timeout
[  454.289119][ T7673] hsr_slave_0: entered promiscuous mode
[  454.325867][ T7673] hsr_slave_1: entered promiscuous mode
[  454.374482][ T7673] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  454.382577][ T7673] Cannot create hsr debugfs directory
[  454.640640][ T7605] 8021q: adding VLAN 0 to HW filter on device batadv0
[  455.300098][ T7605] veth0_vlan: entered promiscuous mode
[  455.459145][ T7605] veth1_vlan: entered promiscuous mode
[  455.757985][ T7605] veth0_macvtap: entered promiscuous mode
[  455.769394][ T7673] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  455.821826][ T7673] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  455.857128][ T7605] veth1_macvtap: entered promiscuous mode
[  455.867682][ T7673] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  455.913546][ T7673] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  456.059703][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  456.071967][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  456.082256][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  456.093110][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  456.104277][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  456.115357][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  456.130809][ T7605] batman_adv: batadv0: Interface activated: batadv_slave_0
[  456.160607][ T5082] Bluetooth: hci2: command tx timeout
[  456.279992][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  456.290885][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  456.301006][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  456.315412][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  456.326470][ T7605] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  456.337890][ T7605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  456.353250][ T7605] batman_adv: batadv0: Interface activated: batadv_slave_1
[  456.465400][   T25] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  456.473636][   T25] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  456.476365][ T7605] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  456.491296][ T7605] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  456.500456][ T7605] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  456.510810][ T7605] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  456.657232][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  456.666645][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  457.102556][ T7750] loop4: detected capacity change from 0 to 512
[  457.380190][ T7750] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  457.484873][ T7750] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1)
[  457.501115][ T7748] loop0: detected capacity change from 0 to 32768
[  457.553704][ T7750] EXT4-fs (loop4): Remounting filesystem read-only
[  457.577394][ T7748] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (7748)
[  457.601642][ T7748] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  457.612264][ T7748] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm
[  457.624280][ T7748] BTRFS info (device loop0): using free-space-tree
[  457.679809][ T7750] EXT4-fs (loop4): 1 truncate cleaned up
[  457.686593][ T7750] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  457.700257][ T7673] 8021q: adding VLAN 0 to HW filter on device bond0
[  457.814961][ T7673] 8021q: adding VLAN 0 to HW filter on device team0
[  457.885966][  T779] bridge0: port 1(bridge_slave_0) entered blocking state
[  457.893827][  T779] bridge0: port 1(bridge_slave_0) entered forwarding state
[  457.968025][ T5123] bridge0: port 2(bridge_slave_1) entered blocking state
[  457.975850][ T5123] bridge0: port 2(bridge_slave_1) entered forwarding state
[  458.391065][ T7775] loop1: detected capacity change from 0 to 1024
[  458.584031][ T7768] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  458.773986][   T29] audit: type=1804 audit(1717044421.651:251): pid=7748 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir4189600340/syzkaller.qltzyk/149/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0
[  459.098985][ T7459] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.209069][ T1090] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.244173][ T5072] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  459.416611][ T1090] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.613038][ T1090] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  459.760568][ T3516] hfsplus: b-tree write err: -5, ino 4
[  459.809975][ T1090] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  460.214058][ T7673] 8021q: adding VLAN 0 to HW filter on device batadv0
[  460.318592][ T1090] bridge_slave_1: left allmulticast mode
[  460.326657][ T1090] bridge_slave_1: left promiscuous mode
[  460.333338][ T1090] bridge0: port 2(bridge_slave_1) entered disabled state
[  460.406266][ T1090] bridge_slave_0: left allmulticast mode
[  460.412317][ T1090] bridge_slave_0: left promiscuous mode
[  460.418900][ T1090] bridge0: port 1(bridge_slave_0) entered disabled state
[  461.085947][ T1090] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  461.145419][ T1090] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  461.195466][ T1090] bond0 (unregistering): Released all slaves
[  461.660625][ T7673] veth0_vlan: entered promiscuous mode
[  461.868044][ T7673] veth1_vlan: entered promiscuous mode
[  462.018563][ T1090] hsr_slave_0: left promiscuous mode
[  462.052631][ T1090] hsr_slave_1: left promiscuous mode
[  462.148668][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  462.156831][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_0
[  462.181231][ T1090] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  462.189170][ T1090] batman_adv: batadv0: Removing interface: batadv_slave_1
[  462.228486][ T1090] veth1_macvtap: left promiscuous mode
[  462.234446][ T1090] veth0_macvtap: left promiscuous mode
[  462.240340][ T1090] veth1_vlan: left promiscuous mode
[  462.249539][ T1090] veth0_vlan: left promiscuous mode
[  463.136557][   T50] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  463.152624][   T50] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  463.165910][   T50] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  463.180829][   T50] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  463.200761][ T1090] team0 (unregistering): Port device team_slave_1 removed
[  463.204607][   T50] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  463.236581][   T50] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  463.249775][ T1090] team0 (unregistering): Port device team_slave_0 removed
[  463.739174][ T7673] veth0_macvtap: entered promiscuous mode
[  463.908558][ T7673] veth1_macvtap: entered promiscuous mode
[  464.295942][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  464.306859][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  464.317012][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  464.327734][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  464.337958][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  464.348744][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  464.363774][ T7673] batman_adv: batadv0: Interface activated: batadv_slave_0
[  464.470728][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  464.483183][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  464.494702][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  464.506553][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  464.517243][ T7673] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  464.528053][ T7673] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  464.543227][ T7673] batman_adv: batadv0: Interface activated: batadv_slave_1
[  464.593477][ T7673] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  464.604174][ T7673] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  464.613781][ T7673] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  464.623122][ T7673] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  464.789355][ T7803] chnl_net:caif_netlink_parms(): no params data found
[  464.876204][ T1220] ieee802154 phy0 wpan0: encryption failed: -22
[  464.883044][ T1220] ieee802154 phy1 wpan1: encryption failed: -22
[  465.401960][   T50] Bluetooth: hci3: command tx timeout
[  465.452573][ T4552] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  465.460632][ T4552] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  465.571333][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  465.579850][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  466.413129][ T7803] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.420843][ T7803] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.428980][ T7803] bridge_slave_0: entered allmulticast mode
[  466.438333][ T7803] bridge_slave_0: entered promiscuous mode
[  466.488242][ T7803] bridge0: port 2(bridge_slave_1) entered blocking state
[  466.497699][ T7803] bridge0: port 2(bridge_slave_1) entered disabled state
[  466.505761][ T7803] bridge_slave_1: entered allmulticast mode
[  466.515265][ T7803] bridge_slave_1: entered promiscuous mode
[  466.523553][  T787] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  466.823608][ T7803] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  466.943810][ T7803] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  466.959103][  T787] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  466.968463][  T787] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184
[  466.978172][  T787] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  466.987668][  T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  467.145352][  T787] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  467.283946][ T7803] team0: Port device team_slave_0 added
[  467.434110][ T7803] team0: Port device team_slave_1 added
[  467.451997][  T787] gspca_sn9c2028: read1 error -32
[  467.481624][   T50] Bluetooth: hci3: command tx timeout
[  467.503876][  T787] gspca_sn9c2028: read1 error 0
[  467.736553][  T787] gspca_sn9c2028: read1 error -71
[  467.742373][  T787] sn9c2028 4-1:220.0: probe with driver sn9c2028 failed with error -71
[  467.760115][  T787] usb 4-1: USB disconnect, device number 7
[  467.787874][ T7803] batman_adv: batadv0: Adding interface: batadv_slave_0
[  467.795203][ T7803] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  467.823060][ T7803] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  467.943993][ T7803] batman_adv: batadv0: Adding interface: batadv_slave_1
[  467.951167][ T7803] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  467.982032][ T7803] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  468.295641][ T7803] hsr_slave_0: entered promiscuous mode
[  468.345399][ T7803] hsr_slave_1: entered promiscuous mode
[  468.376618][ T7803] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  468.384639][ T7803] Cannot create hsr debugfs directory
[  469.022414][ T7851] loop0: detected capacity change from 0 to 512
[  469.240536][ T7851] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13
[  469.292305][ T7851] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz-executor.0: invalid indirect mapped block 2683928664 (level 1)
[  469.437009][ T7851] EXT4-fs (loop0): Remounting filesystem read-only
[  469.454003][ T7850] loop1: detected capacity change from 0 to 32768
[  469.480740][ T7851] EXT4-fs (loop0): 1 truncate cleaned up
[  469.487177][ T7851] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  469.504446][ T7850] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (7850)
[  469.534552][ T7850] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  469.545327][ T7850] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  469.556720][ T7850] BTRFS info (device loop1): using free-space-tree
[  469.581746][   T50] Bluetooth: hci3: command tx timeout
[  470.225180][   T29] audit: type=1804 audit(1717044433.171:252): pid=7850 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir3818307259/syzkaller.FgS3UU/5/bus/cgroup.controllers" dev="loop1" ino=263 res=1 errno=0
[  470.497851][ T5072] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  470.544449][ T7803] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  470.599243][ T7599] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  470.703865][ T7803] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  470.835366][ T7599] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  470.891210][ T7522] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  470.908195][ T7803] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  470.979120][ T7803] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  471.038665][ T7599] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.196171][ T7599] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  471.318283][ T7716] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  471.328685][ T7716] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  471.599071][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  471.608036][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  471.658945][   T50] Bluetooth: hci3: command tx timeout
[  471.725038][ T7599] bridge_slave_1: left allmulticast mode
[  471.730920][ T7599] bridge_slave_1: left promiscuous mode
[  471.737770][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state
[  471.813089][ T7599] bridge_slave_0: left allmulticast mode
[  471.819108][ T7599] bridge_slave_0: left promiscuous mode
[  471.826581][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state
[  472.468223][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  472.525692][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  472.560539][ T7599] bond0 (unregistering): Released all slaves
[  473.344424][ T7599] hsr_slave_0: left promiscuous mode
[  473.368084][ T7599] hsr_slave_1: left promiscuous mode
[  473.388082][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  473.397095][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  473.446698][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  473.455026][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  473.519751][ T7599] veth1_macvtap: left promiscuous mode
[  473.525721][ T7599] veth0_macvtap: left promiscuous mode
[  473.532070][ T7599] veth1_vlan: left promiscuous mode
[  473.537726][ T7599] veth0_vlan: left promiscuous mode
[  474.223697][ T5082] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  474.243634][ T5082] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  474.262122][ T5082] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  474.280513][ T5082] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  474.292842][ T5082] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  474.302735][ T5082] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  474.368847][ T7599] team0 (unregistering): Port device team_slave_1 removed
[  474.519199][ T7599] team0 (unregistering): Port device team_slave_0 removed
[  474.930887][ T7892] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.1'.
[  475.258481][ T7803] 8021q: adding VLAN 0 to HW filter on device bond0
[  475.531227][ T7803] 8021q: adding VLAN 0 to HW filter on device team0
[  475.618782][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[  475.626586][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[  475.740565][ T5119] bridge0: port 2(bridge_slave_1) entered blocking state
[  475.748945][ T5119] bridge0: port 2(bridge_slave_1) entered forwarding state
[  476.219771][ T7803] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  476.522008][ T5082] Bluetooth: hci0: command tx timeout
[  476.869595][ T7893] chnl_net:caif_netlink_parms(): no params data found
[  477.739429][ T7914] loop2: detected capacity change from 0 to 128
[  477.855018][ T7803] 8021q: adding VLAN 0 to HW filter on device batadv0
[  477.886750][ T7914] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  478.110381][ T7918] loop1: detected capacity change from 0 to 512
[  478.261792][ T7920] warning: `syz-executor.2' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  478.299944][ T7893] bridge0: port 1(bridge_slave_0) entered blocking state
[  478.307831][ T7893] bridge0: port 1(bridge_slave_0) entered disabled state
[  478.315837][ T7893] bridge_slave_0: entered allmulticast mode
[  478.331608][ T7893] bridge_slave_0: entered promiscuous mode
[  478.448180][ T7918] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13
[  478.493840][ T7918] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz-executor.1: invalid indirect mapped block 2683928664 (level 1)
[  478.506815][ T7893] bridge0: port 2(bridge_slave_1) entered blocking state
[  478.519679][ T7893] bridge0: port 2(bridge_slave_1) entered disabled state
[  478.533773][ T7893] bridge_slave_1: entered allmulticast mode
[  478.543168][ T7893] bridge_slave_1: entered promiscuous mode
[  478.602039][ T5082] Bluetooth: hci0: command tx timeout
[  478.631555][ T7918] EXT4-fs (loop1): Remounting filesystem read-only
[  478.639100][ T7918] EXT4-fs (loop1): 1 truncate cleaned up
[  478.645138][ T7918] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  478.863805][ T7893] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  478.917554][ T7893] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  479.186809][ T7893] team0: Port device team_slave_0 added
[  479.232310][ T7893] team0: Port device team_slave_1 added
[  479.389087][ T7893] batman_adv: batadv0: Adding interface: batadv_slave_0
[  479.397485][ T7893] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  479.424210][ T7893] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  479.459680][ T7893] batman_adv: batadv0: Adding interface: batadv_slave_1
[  479.467140][ T7893] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  479.493822][ T7893] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  479.835675][ T7893] hsr_slave_0: entered promiscuous mode
[  479.890890][ T7893] hsr_slave_1: entered promiscuous mode
[  479.914978][ T7522] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  479.917424][ T7893] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  479.933641][ T7893] Cannot create hsr debugfs directory
[  480.536236][ T7599] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.685203][ T5082] Bluetooth: hci0: command tx timeout
[  480.750762][ T7599] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  480.960542][ T7599] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.071168][ T7803] veth0_vlan: entered promiscuous mode
[  481.137750][ T7937] loop2: detected capacity change from 0 to 32768
[  481.198822][ T7599] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.233996][ T7937] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7937)
[  481.258644][ T7937] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  481.269437][ T7937] BTRFS info (device loop2): using sha256 (sha256-generic) checksum algorithm
[  481.280857][ T7937] BTRFS info (device loop2): using free-space-tree
[  481.660922][ T7803] veth1_vlan: entered promiscuous mode
[  481.684318][ T7599] bridge_slave_1: left allmulticast mode
[  481.690250][ T7599] bridge_slave_1: left promiscuous mode
[  481.703671][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state
[  481.718864][ T7599] bridge_slave_0: left allmulticast mode
[  481.726129][ T7599] bridge_slave_0: left promiscuous mode
[  481.732864][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state
[  482.339046][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  482.380291][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  482.406601][ T7599] bond0 (unregistering): Released all slaves
[  482.526370][ T7673] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  482.765463][ T5082] Bluetooth: hci0: command tx timeout
[  483.641997][ T7599] hsr_slave_0: left promiscuous mode
[  483.672475][ T7599] hsr_slave_1: left promiscuous mode
[  483.682623][   T50] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  483.696065][   T50] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  483.705259][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  483.705617][   T50] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  483.713296][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  483.752696][   T50] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  483.767390][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  483.775408][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  483.784300][   T50] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  483.813387][   T50] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  483.823021][ T7599] veth1_macvtap: left promiscuous mode
[  483.828784][ T7599] veth0_macvtap: left promiscuous mode
[  483.834888][ T7599] veth1_vlan: left promiscuous mode
[  483.840445][ T7599] veth0_vlan: left promiscuous mode
[  484.710939][ T7599] team0 (unregistering): Port device team_slave_1 removed
[  484.737709][ T7599] team0 (unregistering): Port device team_slave_0 removed
[  484.972139][ T7963] loop3: detected capacity change from 0 to 32768
[  485.311269][ T7963] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  485.397311][ T7893] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  485.450887][ T7803] veth0_macvtap: entered promiscuous mode
[  485.461775][ T7893] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  485.515469][ T7893] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  485.583343][ T7803] veth1_macvtap: entered promiscuous mode
[  485.615093][ T7893] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  485.875276][ T7803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.886073][ T7803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.896227][ T7803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.906966][ T7803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.922479][ T7803] batman_adv: batadv0: Interface activated: batadv_slave_0
[  485.968850][ T5082] Bluetooth: hci1: command tx timeout
[  485.996962][ T7963] XFS (loop3): Ending clean mount
[  486.037760][ T7803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.050700][ T7803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.061251][ T7803] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.072155][ T7803] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.088495][ T7803] batman_adv: batadv0: Interface activated: batadv_slave_1
[  486.115216][ T7963] XFS (loop3): Quotacheck needed: Please wait.
[  486.227125][ T7963] XFS (loop3): Quotacheck: Done.
[  486.276954][ T7803] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  486.286182][ T7803] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  486.295338][ T7803] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  486.304480][ T7803] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  486.387230][ T7964] chnl_net:caif_netlink_parms(): no params data found
[  486.594822][ T7982] nbd2: detected capacity change from 0 to 2199023255570
[  486.841943][ T7605] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  486.990817][ T7893] 8021q: adding VLAN 0 to HW filter on device bond0
[  487.189502][ T7893] 8021q: adding VLAN 0 to HW filter on device team0
[  487.233387][ T7983] block nbd2: shutting down sockets
[  487.326265][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state
[  487.334144][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  487.428075][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state
[  487.435924][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  487.706198][ T7964] bridge0: port 1(bridge_slave_0) entered blocking state
[  487.715871][ T7964] bridge0: port 1(bridge_slave_0) entered disabled state
[  487.723891][ T7964] bridge_slave_0: entered allmulticast mode
[  487.733060][ T7964] bridge_slave_0: entered promiscuous mode
[  487.785646][ T7964] bridge0: port 2(bridge_slave_1) entered blocking state
[  487.793543][ T7964] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.801670][ T7964] bridge_slave_1: entered allmulticast mode
[  487.810815][ T7964] bridge_slave_1: entered promiscuous mode
[  488.041992][ T5082] Bluetooth: hci1: command tx timeout
[  488.093687][ T7964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  488.225680][ T7964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  488.505356][ T7964] team0: Port device team_slave_0 added
[  488.567382][ T7964] team0: Port device team_slave_1 added
[  488.820379][ T7964] batman_adv: batadv0: Adding interface: batadv_slave_0
[  488.828750][ T7964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  488.855109][ T7964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  488.960496][ T7964] batman_adv: batadv0: Adding interface: batadv_slave_1
[  488.967862][ T7964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  488.995996][ T7964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  489.235038][ T5119] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  489.466280][ T7964] hsr_slave_0: entered promiscuous mode
[  489.527976][ T7964] hsr_slave_1: entered promiscuous mode
[  489.673714][ T5119] usb 3-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  489.683106][ T5119] usb 3-1: config 220 has 1 interface, different from the descriptor's value: 184
[  489.692744][ T5119] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  489.702210][ T5119] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  489.859769][ T5119] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  490.018144][ T7893] 8021q: adding VLAN 0 to HW filter on device batadv0
[  490.081130][ T7999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  490.090933][ T7999] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  490.141776][ T5082] Bluetooth: hci1: command tx timeout
[  490.167872][ T5119] gspca_sn9c2028: read1 error -32
[  490.218469][ T5119] gspca_sn9c2028: read1 error -32
[  490.469801][ T5136] usb 3-1: USB disconnect, device number 5
[  490.725660][ T7893] veth0_vlan: entered promiscuous mode
[  490.890684][ T7964] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  490.925011][ T7893] veth1_vlan: entered promiscuous mode
[  490.938126][ T7964] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  491.000943][ T7964] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  491.143466][ T7964] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  491.343030][ T7893] veth0_macvtap: entered promiscuous mode
[  491.475789][ T7893] veth1_macvtap: entered promiscuous mode
[  491.590500][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  491.601281][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.611698][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  491.622528][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.633936][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  491.644971][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.660400][ T7893] batman_adv: batadv0: Interface activated: batadv_slave_0
[  491.723692][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.734732][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.744884][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.755611][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.766802][ T7893] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  491.777569][ T7893] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  491.792945][ T7893] batman_adv: batadv0: Interface activated: batadv_slave_1
[  492.014678][ T7893] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  492.024816][ T7893] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  492.034032][ T7893] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  492.045509][ T7893] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  492.150581][ T1090] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.159333][ T1090] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.224292][ T5082] Bluetooth: hci1: command tx timeout
[  492.358973][ T7964] 8021q: adding VLAN 0 to HW filter on device bond0
[  492.412476][ T8020] loop2: detected capacity change from 0 to 512
[  492.473663][ T4312] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.481981][ T4312] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.491828][ T7964] 8021q: adding VLAN 0 to HW filter on device team0
[  492.574830][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state
[  492.582671][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  492.674319][ T8020] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -13
[  492.698253][ T8020] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz-executor.2: invalid indirect mapped block 2683928664 (level 1)
[  492.734673][ T8020] EXT4-fs (loop2): Remounting filesystem read-only
[  492.748235][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state
[  492.756126][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  492.771333][ T8021] loop3: detected capacity change from 0 to 2048
[  492.807131][ T8020] EXT4-fs (loop2): 1 truncate cleaned up
[  492.813719][ T8020] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  492.953322][ T8021] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  493.345323][ T8021] loop3: detected capacity change from 0 to 1024
[  493.539597][ T8021] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  494.161610][ T8028] loop4: detected capacity change from 0 to 32768
[  494.276164][ T8028] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (8028)
[  494.474308][ T8028] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  494.485764][ T8028] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm
[  494.501850][ T8028] BTRFS info (device loop4): using free-space-tree
[  494.527829][ T7673] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.673505][ T7599] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.790215][ T7599] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  494.913851][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  494.980067][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.030325][ T7599] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  495.042396][   T29] audit: type=1800 audit(1717044457.911:253): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=263 res=0 errno=0
[  495.060831][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.064270][   T29] audit: type=1800 audit(1717044457.921:254): pid=8028 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=263 res=0 errno=0
[  495.153523][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.213454][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.282670][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.292239][ T7599] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  495.333417][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.403204][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.453412][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.459521][ T7964] 8021q: adding VLAN 0 to HW filter on device batadv0
[  495.581096][ T7605] EXT4-fs error (device loop3): ext4_empty_dir:3083: inode #11: comm syz-executor.3: invalid size
[  495.685533][ T7599] bridge_slave_1: left allmulticast mode
[  495.692675][ T7599] bridge_slave_1: left promiscuous mode
[  495.699318][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.751158][ T7599] bridge_slave_0: left allmulticast mode
[  495.757431][ T7599] bridge_slave_0: left promiscuous mode
[  495.764141][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.808025][ T7803] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  496.436759][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  496.494840][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  496.558053][ T7599] bond0 (unregistering): Released all slaves
[  497.175308][ T7964] veth0_vlan: entered promiscuous mode
[  497.428811][ T7964] veth1_vlan: entered promiscuous mode
[  497.857582][   T50] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  497.912729][   T50] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  497.927705][   T50] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  497.947676][   T50] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  497.976416][ T7599] hsr_slave_0: left promiscuous mode
[  497.979785][   T50] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  498.004969][   T50] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  498.016206][ T7599] hsr_slave_1: left promiscuous mode
[  498.024592][ T7605] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  498.059020][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  498.068232][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  498.092448][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  498.100160][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  498.126435][ T7599] veth1_macvtap: left promiscuous mode
[  498.132320][ T7599] veth0_macvtap: left promiscuous mode
[  498.138239][ T7599] veth1_vlan: left promiscuous mode
[  498.143957][ T7599] veth0_vlan: left promiscuous mode
[  499.180422][ T8067] loop4: detected capacity change from 0 to 32768
[  499.203621][ T7599] team0 (unregistering): Port device team_slave_1 removed
[  499.236131][ T7599] team0 (unregistering): Port device team_slave_0 removed
[  499.438473][ T8067] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (8067)
[  499.574015][ T8067] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  499.592237][ T8067] BTRFS info (device loop4): using sha256 (sha256-generic) checksum algorithm
[  499.614336][ T8067] BTRFS info (device loop4): using free-space-tree
[  499.932811][ T7964] veth0_macvtap: entered promiscuous mode
[  499.957000][ T7964] veth1_macvtap: entered promiscuous mode
[  500.133711][   T50] Bluetooth: hci2: command tx timeout
[  500.272256][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  500.283143][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  500.293552][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  500.304628][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  500.314749][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  500.325748][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  500.342288][ T7964] batman_adv: batadv0: Interface activated: batadv_slave_0
[  500.401845][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  500.413048][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  500.423232][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  500.434328][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  500.445621][ T7964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  500.456890][ T7964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  500.472148][ T7964] batman_adv: batadv0: Interface activated: batadv_slave_1
[  500.720673][ T7964] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  500.730920][ T7964] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  500.740122][ T7964] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  500.752556][ T7964] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  500.838767][ T8064] chnl_net:caif_netlink_parms(): no params data found
[  501.580130][  T992] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  501.588363][  T992] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  501.615003][ T7803] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  501.844913][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  501.853192][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  502.202922][   T50] Bluetooth: hci2: command tx timeout
[  502.388024][ T5082] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  502.402234][ T5082] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  502.430337][ T5082] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  502.457933][ T5082] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  502.496017][ T5082] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  502.537912][ T5082] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  502.708068][ T8064] bridge0: port 1(bridge_slave_0) entered blocking state
[  502.715986][ T8064] bridge0: port 1(bridge_slave_0) entered disabled state
[  502.723860][ T8064] bridge_slave_0: entered allmulticast mode
[  502.733136][ T8064] bridge_slave_0: entered promiscuous mode
[  502.903889][ T8064] bridge0: port 2(bridge_slave_1) entered blocking state
[  502.911819][ T8064] bridge0: port 2(bridge_slave_1) entered disabled state
[  502.916831][   T29] audit: type=1326 audit(1717044465.851:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  502.919564][ T8064] bridge_slave_1: entered allmulticast mode
[  502.942628][   T29] audit: type=1326 audit(1717044465.851:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  502.950990][ T8064] bridge_slave_1: entered promiscuous mode
[  503.154216][   T29] audit: type=1326 audit(1717044465.941:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  503.177551][   T29] audit: type=1326 audit(1717044465.941:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  503.201230][   T29] audit: type=1326 audit(1717044465.941:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  503.227471][   T29] audit: type=1326 audit(1717044465.941:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  503.252107][   T29] audit: type=1326 audit(1717044466.021:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  503.278419][   T29] audit: type=1326 audit(1717044466.031:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  503.301768][   T29] audit: type=1326 audit(1717044466.051:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  503.327292][   T29] audit: type=1326 audit(1717044466.051:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8100 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fafc7e7cee9 code=0x7ffc0000
[  503.544785][ T8064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  503.646247][ T8064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  503.910877][ T8064] team0: Port device team_slave_0 added
[  504.009568][ T8064] team0: Port device team_slave_1 added
[  504.257629][ T8064] batman_adv: batadv0: Adding interface: batadv_slave_0
[  504.265293][ T8064] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  504.291816][ T8064] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  504.309531][ T5082] Bluetooth: hci2: command tx timeout
[  504.339381][ T8101] chnl_net:caif_netlink_parms(): no params data found
[  504.363059][ T8064] batman_adv: batadv0: Adding interface: batadv_slave_1
[  504.370236][ T8064] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  504.396706][ T8064] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  504.571703][  T787] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  504.601744][ T5082] Bluetooth: hci4: command tx timeout
[  504.827765][ T7599] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.873486][ T8064] hsr_slave_0: entered promiscuous mode
[  504.913217][ T8064] hsr_slave_1: entered promiscuous mode
[  504.925979][ T8064] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  504.934207][ T8064] Cannot create hsr debugfs directory
[  504.975488][ T7599] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  504.992521][  T787] usb 1-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  505.002273][  T787] usb 1-1: config 220 has 1 interface, different from the descriptor's value: 184
[  505.012339][  T787] usb 1-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  505.021889][  T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.142952][  T787] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  505.173545][ T7599] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.230463][ T8121] loop4: detected capacity change from 0 to 1024
[  505.376840][ T8114] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  505.386023][ T8114] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  505.409890][ T7599] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  505.498591][  T787] gspca_sn9c2028: read1 error -32
[  505.602700][  T787] gspca_sn9c2028: read1 error -32
[  505.806513][ T8101] bridge0: port 1(bridge_slave_0) entered blocking state
[  505.814611][ T8101] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.822629][ T8101] bridge_slave_0: entered allmulticast mode
[  505.832054][ T8101] bridge_slave_0: entered promiscuous mode
[  505.876038][ T7599] bridge_slave_1: left allmulticast mode
[  505.884583][ T7599] bridge_slave_1: left promiscuous mode
[  505.893223][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state
[  505.915952][ T4552] usb 1-1: USB disconnect, device number 17
[  505.939124][ T8121] EXT4-fs: Ignoring removed orlov option
[  505.954462][ T7599] bridge_slave_0: left allmulticast mode
[  505.957845][ T8121] EXT4-fs (loop4): Test dummy encryption mode enabled
[  505.960706][ T7599] bridge_slave_0: left promiscuous mode
[  505.981623][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state
[  505.991816][ T8121] EXT4-fs (loop4): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  506.182595][ T8121] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  506.242252][ T8121] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  506.367303][ T5082] Bluetooth: hci2: command tx timeout
[  506.462889][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  506.486310][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  506.506244][ T7599] bond0 (unregistering): Released all slaves
[  506.566551][ T5136] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  506.655015][ T8101] bridge0: port 2(bridge_slave_1) entered blocking state
[  506.662909][ T8101] bridge0: port 2(bridge_slave_1) entered disabled state
[  506.670684][ T8101] bridge_slave_1: entered allmulticast mode
[  506.680239][ T8101] bridge_slave_1: entered promiscuous mode
[  506.704258][ T5082] Bluetooth: hci4: command tx timeout
[  506.913751][ T5136] usb 5-1: Using ep0 maxpacket: 32
[  507.028891][ T8101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  507.033279][ T5136] usb 5-1: config index 0 descriptor too short (expected 35577, got 27)
[  507.047524][ T5136] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  507.055948][ T8101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  507.057044][ T5136] usb 5-1: config 1 has an invalid interface number: 196 but max is 91
[  507.075204][ T5136] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  507.088790][ T5136] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92
[  507.102555][ T5136] usb 5-1: config 1 has no interface number 0
[  507.108963][ T5136] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  507.119378][ T5136] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.460390][ T8101] team0: Port device team_slave_0 added
[  507.519147][ T8101] team0: Port device team_slave_1 added
[  507.626951][ T8121] overlayfs: failed to resolve './file1': -2
[  507.688291][ T7599] hsr_slave_0: left promiscuous mode
[  507.701602][ T7599] hsr_slave_1: left promiscuous mode
[  507.738509][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  507.746682][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  507.770697][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  507.778699][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  507.863468][ T7599] veth1_macvtap: left promiscuous mode
[  507.869333][ T7599] veth0_macvtap: left promiscuous mode
[  507.875410][ T7599] veth1_vlan: left promiscuous mode
[  507.880970][ T7599] veth0_vlan: left promiscuous mode
[  508.290540][  T787] usb 5-1: USB disconnect, device number 9
[  508.498890][ T7599] team0 (unregistering): Port device team_slave_1 removed
[  508.529942][ T7599] team0 (unregistering): Port device team_slave_0 removed
[  508.761798][ T5082] Bluetooth: hci4: command tx timeout
[  509.117878][ T8101] batman_adv: batadv0: Adding interface: batadv_slave_0
[  509.125193][ T8101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  509.154347][ T8101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  509.164846][ T7803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  509.201140][ T5128] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.209295][ T5128] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.317496][ T8101] batman_adv: batadv0: Adding interface: batadv_slave_1
[  509.326834][ T8101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  509.354625][ T8101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  509.391583][ T5136] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  509.399646][ T5136] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  509.427118][ T8064] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  509.476718][ T8064] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  509.566094][ T8064] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  509.737763][ T8064] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  509.893540][ T8101] hsr_slave_0: entered promiscuous mode
[  509.934451][ T8101] hsr_slave_1: entered promiscuous mode
[  509.981840][ T8101] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  509.990184][ T8101] Cannot create hsr debugfs directory
[  510.448479][ T8149] netlink: 'syz-executor.0': attribute type 9 has an invalid length.
[  510.566162][ T8151] loop4: detected capacity change from 0 to 512
[  510.775275][ T8151] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  510.799354][ T8151] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1)
[  510.848327][ T5082] Bluetooth: hci4: command tx timeout
[  510.880103][ T8151] EXT4-fs (loop4): Remounting filesystem read-only
[  510.970689][ T8151] EXT4-fs (loop4): 1 truncate cleaned up
[  510.977819][ T8151] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  511.307369][ T8064] 8021q: adding VLAN 0 to HW filter on device bond0
[  511.450423][ T8101] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  511.483960][ T8101] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  511.530717][ T8101] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  511.609240][ T8064] 8021q: adding VLAN 0 to HW filter on device team0
[  511.618464][ T8101] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  511.715910][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state
[  511.723768][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  511.800475][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state
[  511.808321][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  511.956696][ T8160] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  512.225107][ T8162] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.0'.
[  512.276931][ T7803] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  512.365747][ T8160] netlink: 120 bytes leftover after parsing attributes in process `syz-executor.0'.
[  512.470102][ T8064] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  512.481139][ T8064] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  512.795632][ T8163] loop1: detected capacity change from 0 to 32768
[  512.948921][ T8163] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (8163)
[  512.979745][ T8163] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  512.990835][ T8163] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  513.002465][ T8163] BTRFS info (device loop1): using free-space-tree
[  513.420810][   T29] kauditd_printk_skb: 8 callbacks suppressed
[  513.420889][   T29] audit: type=1800 audit(1717044476.313:273): pid=8163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[  513.450403][   T29] audit: type=1800 audit(1717044476.313:274): pid=8163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[  513.687478][ T8101] 8021q: adding VLAN 0 to HW filter on device bond0
[  513.802407][ T5082] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  513.898906][ T8101] 8021q: adding VLAN 0 to HW filter on device team0
[  514.033971][ T7599] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  514.156317][ T7964] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  514.192317][ T7599] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  514.264762][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state
[  514.272653][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  514.399145][ T7599] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  514.461517][ T4552] bridge0: port 2(bridge_slave_1) entered blocking state
[  514.469256][ T4552] bridge0: port 2(bridge_slave_1) entered forwarding state
[  514.573000][ T7599] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  514.907264][ T8064] 8021q: adding VLAN 0 to HW filter on device batadv0
[  515.048450][ T7599] bridge_slave_1: left allmulticast mode
[  515.054731][ T7599] bridge_slave_1: left promiscuous mode
[  515.061307][ T7599] bridge0: port 2(bridge_slave_1) entered disabled state
[  515.124676][ T7599] bridge_slave_0: left allmulticast mode
[  515.130590][ T7599] bridge_slave_0: left promiscuous mode
[  515.137522][ T7599] bridge0: port 1(bridge_slave_0) entered disabled state
[  516.154093][ T7599] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  516.254513][ T7599] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  516.319416][ T7599] bond0 (unregistering): Released all slaves
[  516.465127][ T5082] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  516.475386][ T5082] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  516.485939][ T5082] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  516.527352][ T8186] loop0: detected capacity change from 0 to 32768
[  516.544359][ T5082] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  516.555995][ T5082] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  516.570846][ T5082] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  516.646520][ T8186] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (8186)
[  516.706235][ T8186] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  516.716981][ T8186] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm
[  516.734650][ T8186] BTRFS info (device loop0): using free-space-tree
[  517.445414][ T8064] veth0_vlan: entered promiscuous mode
[  517.541272][ T7599] hsr_slave_0: left promiscuous mode
[  517.579025][ T7599] hsr_slave_1: left promiscuous mode
[  517.608714][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  517.616737][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_0
[  517.655341][ T7599] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  517.664919][ T7599] batman_adv: batadv0: Removing interface: batadv_slave_1
[  517.681297][ T7599] veth1_macvtap: left promiscuous mode
[  517.687915][ T7599] veth0_macvtap: left promiscuous mode
[  517.694034][ T7599] veth1_vlan: left promiscuous mode
[  517.699928][ T7599] veth0_vlan: left promiscuous mode
[  517.782106][ T7893] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  518.552822][ T7599] team0 (unregistering): Port device team_slave_1 removed
[  518.590771][ T7599] team0 (unregistering): Port device team_slave_0 removed
[  518.683824][   T50] Bluetooth: hci3: command tx timeout
[  518.861331][ T5130] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  519.142777][ T8064] veth1_vlan: entered promiscuous mode
[  519.378749][ T8101] 8021q: adding VLAN 0 to HW filter on device batadv0
[  519.422661][ T5130] usb 2-1: config 220 has too many interfaces: 184, using maximum allowed: 32
[  519.432782][ T5130] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 184
[  519.442469][ T5130] usb 2-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85
[  519.452001][ T5130] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  519.599045][ T5130] gspca_main: sn9c2028-2.14.0 probing 0c45:8008
[  519.649467][ T8064] veth0_macvtap: entered promiscuous mode
[  519.735260][ T8187] chnl_net:caif_netlink_parms(): no params data found
[  519.785290][ T8215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  519.797057][ T8215] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  519.821778][ T8064] veth1_macvtap: entered promiscuous mode
[  519.899387][ T8101] veth0_vlan: entered promiscuous mode
[  519.957525][ T5130] gspca_sn9c2028: read1 error -32
[  520.009432][ T5130] gspca_sn9c2028: read1 error -32
[  520.118361][ T8101] veth1_vlan: entered promiscuous mode
[  520.151303][ T8064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  520.163726][ T8064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  520.174013][ T8064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  520.184866][ T8064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  520.201246][ T8064] batman_adv: batadv0: Interface activated: batadv_slave_0
[  520.284595][ T5119] usb 2-1: USB disconnect, device number 7
[  520.368746][ T8101] veth0_macvtap: entered promiscuous mode
[  520.395202][ T8064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  520.407885][ T8064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  520.418422][ T8064] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  520.430336][ T8064] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  520.445495][ T8064] batman_adv: batadv0: Interface activated: batadv_slave_1
[  520.473660][ T8101] veth1_macvtap: entered promiscuous mode
[  520.538619][ T8064] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  520.547804][ T8064] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  520.557028][ T8064] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  520.566161][ T8064] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  520.749475][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  520.760446][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  520.770650][   T50] Bluetooth: hci3: command tx timeout
[  520.777781][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  520.789610][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  520.799836][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  520.810692][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  520.827046][ T8101] batman_adv: batadv0: Interface activated: batadv_slave_0
[  521.066284][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  521.077364][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.089213][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  521.100119][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.111621][ T8101] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  521.123438][ T8101] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  521.138691][ T8101] batman_adv: batadv0: Interface activated: batadv_slave_1
[  521.445318][ T8101] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  521.454558][ T8101] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  521.463743][ T8101] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  521.473148][ T8101] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  521.505616][ T8187] bridge0: port 1(bridge_slave_0) entered blocking state
[  521.513439][ T8187] bridge0: port 1(bridge_slave_0) entered disabled state
[  521.521200][ T8187] bridge_slave_0: entered allmulticast mode
[  521.531887][ T8187] bridge_slave_0: entered promiscuous mode
[  521.610434][ T8187] bridge0: port 2(bridge_slave_1) entered blocking state
[  521.618276][ T8187] bridge0: port 2(bridge_slave_1) entered disabled state
[  521.626359][ T8187] bridge_slave_1: entered allmulticast mode
[  521.637250][ T8187] bridge_slave_1: entered promiscuous mode
[  521.912348][ T8187] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  522.030656][ T8187] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  522.414231][ T8187] team0: Port device team_slave_0 added
[  522.538118][ T8187] team0: Port device team_slave_1 added
[  522.833565][ T8187] batman_adv: batadv0: Adding interface: batadv_slave_0
[  522.840750][ T8187] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  522.868614][ T8187] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  522.874808][   T50] Bluetooth: hci3: command tx timeout
[  522.901000][ T8187] batman_adv: batadv0: Adding interface: batadv_slave_1
[  522.911967][ T8187] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  522.939246][ T8187] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  523.123219][ T8187] hsr_slave_0: entered promiscuous mode
[  523.138800][ T8187] hsr_slave_1: entered promiscuous mode
[  523.149555][ T8187] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  523.157876][ T8187] Cannot create hsr debugfs directory
[  524.499624][ T8187] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  524.538269][ T8187] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  524.592938][ T8187] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  524.652866][ T8187] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  524.926024][   T50] Bluetooth: hci3: command tx timeout
[  524.951805][ T8263] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'.
[  526.089074][ T8187] 8021q: adding VLAN 0 to HW filter on device bond0
[  526.094053][ T8267] loop1: detected capacity change from 0 to 32768
[  526.193202][ T8267] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (8267)
[  526.235995][ T8187] 8021q: adding VLAN 0 to HW filter on device team0
[  526.255320][ T8267] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  526.267464][ T8267] BTRFS info (device loop1): using sha256 (sha256-generic) checksum algorithm
[  526.278990][ T8267] BTRFS info (device loop1): using free-space-tree
[  526.324661][ T1220] ieee802154 phy0 wpan0: encryption failed: -22
[  526.331787][ T1220] ieee802154 phy1 wpan1: encryption failed: -22
[  526.555254][ T4552] bridge0: port 1(bridge_slave_0) entered blocking state
[  526.563109][ T4552] bridge0: port 1(bridge_slave_0) entered forwarding state
[  526.668088][ T5128] bridge0: port 2(bridge_slave_1) entered blocking state
[  526.675928][ T5128] bridge0: port 2(bridge_slave_1) entered forwarding state
[  526.745342][   T29] audit: type=1800 audit(1717044489.673:275): pid=8267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[  526.767933][   T29] audit: type=1800 audit(1717044489.683:276): pid=8267 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="loop1" ino=263 res=0 errno=0
[  527.091809][ T8187] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  527.520343][ T3420] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  527.528790][ T3420] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  527.531139][ T7964] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  527.725591][ T5119] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  527.733893][ T5119] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  528.423156][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  528.431230][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  528.631189][  T992] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  528.639388][  T992] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  528.763024][ T8187] 8021q: adding VLAN 0 to HW filter on device batadv0
[  529.898240][ T8309] loop0: detected capacity change from 0 to 32768
[  529.980030][ T8309] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (8309)
[  530.019229][ T8309] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  530.033747][ T8309] BTRFS info (device loop0): using sha256 (sha256-generic) checksum algorithm
[  530.046508][ T8309] BTRFS info (device loop0): using free-space-tree
[  530.776712][   T29] audit: type=1804 audit(1717044493.683:277): pid=8334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir3623999246/syzkaller.EdIep0/12/bus/cgroup.controllers" dev="loop0" ino=263 res=1 errno=0
[  531.248110][ T7893] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  531.249355][ T8187] veth0_vlan: entered promiscuous mode
[  531.386380][ T8187] veth1_vlan: entered promiscuous mode
[  531.685114][ T8187] veth0_macvtap: entered promiscuous mode
[  531.753629][ T8187] veth1_macvtap: entered promiscuous mode
[  531.889784][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.902871][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.913505][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.924243][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.937096][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.947947][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.958862][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  531.969624][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  531.990069][ T8187] batman_adv: batadv0: Interface activated: batadv_slave_0
[  532.160033][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  532.170958][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.185288][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  532.197199][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.209474][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  532.222063][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.232338][ T8187] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  532.243149][ T8187] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.258344][ T8187] batman_adv: batadv0: Interface activated: batadv_slave_1
[  532.519235][ T8187] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  532.528514][ T8187] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  532.537929][ T8187] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  532.547183][ T8187] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  535.277489][ T8356] loop0: detected capacity change from 0 to 2048
[  535.479834][ T8360] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  535.684135][ T8362] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'.
[  536.088722][ T8364] loop2: detected capacity change from 0 to 4096
[  538.104295][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  538.112685][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  538.474848][ T3420] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  538.483134][ T3420] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  538.746697][ T8381] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  539.600021][ T8386] loop4: detected capacity change from 0 to 2048
[  539.698348][ T8386] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  541.438707][ T8402] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'.
[  541.587751][ T8405] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'.
[  541.632733][ T8397] kvm: kvm [8396]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800
[  542.510375][ T8391] loop1: detected capacity change from 0 to 40427
[  542.635245][ T8391] F2FS-fs (loop1): invalid crc value
[  542.716598][ T8391] F2FS-fs (loop1): Found nat_bits in checkpoint
[  543.325173][ T8419] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
[  543.335323][ T8419] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'.
[  543.441912][ T5170] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  543.823300][ T5170] usb 5-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[  543.832842][ T5170] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  543.883913][ T5170] usb 5-1: config 0 descriptor??
[  544.378653][ T5170] hackrf 5-1:0.0: Board ID: 00
[  544.385073][ T5170] hackrf 5-1:0.0: Firmware version: 
[  544.419954][ T5170] hackrf 5-1:0.0: Registered as swradio16
[  544.449861][ T5170] hackrf 5-1:0.0: Registered as swradio17
[  544.456357][ T5170] hackrf 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  544.654648][ T5170] usb 5-1: USB disconnect, device number 10
[  545.497542][  T779] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  545.862948][  T779] usb 2-1: New USB device found, idVendor=0582, idProduct=00c4, bcdDevice=ac.5f
[  545.872596][  T779] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.894272][  T779] usb 2-1: config 0 descriptor??
[  546.011865][ T5170] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  546.131033][ T8435] binder_alloc: 8434: binder_alloc_buf size -552 failed, no address space
[  546.145559][ T8435] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 8192 (num: 1 largest: 8192)
[  546.160877][ T8435] binder: 8434:8435 ioctl c0306201 20000380 returned -14
[  546.272652][ T5170] usb 3-1: Using ep0 maxpacket: 8
[  546.361943][  T779] usb 2-1: USB disconnect, device number 8
[  546.432199][ T5170] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  546.443661][ T5170] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  546.453952][ T5170] usb 3-1: New USB device found, idVendor=04d8, idProduct=f372, bcdDevice= 0.00
[  546.463420][ T5170] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  546.515086][ T5170] usb 3-1: config 0 descriptor??
[  546.962606][ T8438] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'.
[  547.094109][ T5170] hid-led 0003:04D8:F372.0002: hidraw0: USB HID v0.00 Device [HID 04d8:f372] on usb-dummy_hcd.2-1/input0
[  547.141236][ T5170] hid-led 0003:04D8:F372.0002: Greynut Luxafor initialized
[  547.219589][ T5170] usb 3-1: USB disconnect, device number 6
[  547.263583][  T779] leds luxafor0:blue:led5: Setting an LED's brightness failed (-38)
[  547.303809][  T779] leds luxafor0:green:led5: Setting an LED's brightness failed (-38)
[  547.323873][  T779] leds luxafor0:red:led5: Setting an LED's brightness failed (-38)
[  547.365818][  T779] leds luxafor0:blue:led4: Setting an LED's brightness failed (-38)
[  547.410039][  T779] leds luxafor0:green:led4: Setting an LED's brightness failed (-38)
[  547.455221][  T779] leds luxafor0:red:led4: Setting an LED's brightness failed (-38)
[  547.524853][  T779] leds luxafor0:blue:led3: Setting an LED's brightness failed (-38)
[  547.560935][  T779] leds luxafor0:green:led3: Setting an LED's brightness failed (-38)
[  547.588757][  T779] leds luxafor0:red:led3: Setting an LED's brightness failed (-38)
[  547.634477][  T779] leds luxafor0:blue:led2: Setting an LED's brightness failed (-38)
[  547.687544][  T779] leds luxafor0:green:led2: Setting an LED's brightness failed (-38)
[  547.707547][  T779] leds luxafor0:red:led2: Setting an LED's brightness failed (-38)
[  547.763090][  T779] leds luxafor0:blue:led1: Setting an LED's brightness failed (-38)
[  547.813356][  T779] leds luxafor0:green:led1: Setting an LED's brightness failed (-38)
[  547.832945][  T779] leds luxafor0:red:led1: Setting an LED's brightness failed (-38)
[  547.876769][  T779] leds luxafor0:blue:led0: Setting an LED's brightness failed (-38)
[  547.914721][  T779] leds luxafor0:green:led0: Setting an LED's brightness failed (-38)
[  547.929852][  T779] leds luxafor0:red:led0: Setting an LED's brightness failed (-38)
[  548.760681][ T8442] kvm: kvm [8440]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800
[  549.251619][   T29] audit: type=1326 audit(1717044512.163:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000
[  549.275266][   T29] audit: type=1326 audit(1717044512.173:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000
[  549.301660][   T29] audit: type=1326 audit(1717044512.183:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000
[  549.309664][ T8449] loop3: detected capacity change from 0 to 2048
[  549.332258][   T29] audit: type=1326 audit(1717044512.183:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000
[  549.358851][   T29] audit: type=1326 audit(1717044512.183:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8448 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe1b947cee9 code=0x7ffc0000
[  549.551306][ T8449] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  549.716704][ T8451] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  549.728303][ T8449] syz-executor.3: attempt to access beyond end of device
[  549.728303][ T8449] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  549.815697][ T8449] syz-executor.3: attempt to access beyond end of device
[  549.815697][ T8449] loop3: rw=0, sector=33554430, nr_sectors = 2 limit=2048
[  549.830353][ T8449] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=3)
[  549.839734][ T8449] NILFS (loop3): error -5 reading inode: ino=12
[  551.862649][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  552.032441][ T8464] loop1: detected capacity change from 0 to 2048
[  552.140214][ T8464] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  552.693889][ T8473] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  552.703869][ T8473] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  553.925503][ T8482] kvm: kvm [8480]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800
[  556.204010][ T8512] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  556.213637][ T8512] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  557.506407][ T8526] kvm: kvm [8522]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800
[  557.876881][ T8530] kvm: kvm [8529]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800
[  558.028936][ T8538] loop0: detected capacity change from 0 to 128
[  558.130330][ T8538] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[  558.177254][ T8539] loop1: detected capacity change from 0 to 128
[  558.239323][ T8538] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  559.380447][ T8549] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  559.390361][ T8549] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  559.430460][ T8548] syz-executor.1[8548] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  559.442110][ T8548] syz-executor.1[8548] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  561.727348][ T8552] process 'syz-executor.3' launched './file1' with NULL argv: empty string added
[  562.971591][ T8575] loop2: detected capacity change from 0 to 128
[  564.906200][ T8580] kvm: kvm [8577]: vcpu0, guest rIP: 0x20e Unhandled WRMSR(0x11e) = 0x800
[  565.556724][ T8589] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  565.570377][ T8589] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[  566.136041][ T8591] syz-executor.0[8591] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  566.136595][ T8591] syz-executor.0[8591] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  567.579005][ T8610] loop0: detected capacity change from 0 to 512
[  567.769164][ T8610] EXT4-fs (loop0): blocks per group (95) and clusters per group (32768) inconsistent
[  568.811771][ T8623] loop2: detected capacity change from 0 to 128
[  569.950581][ T8638] syz-executor.1[8638] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  569.951132][ T8638] syz-executor.1[8638] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  570.074122][ T8642] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'.
[  570.095844][ T8642] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  571.718164][ T8640] loop2: detected capacity change from 0 to 32768
[  571.942956][ T8640] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=crc64,str_hash=crc64,nojournal_transaction_names
[  571.959093][ T8640] bcachefs (loop2): recovering from clean shutdown, journal seq 8
[  572.128657][ T8640] bcachefs (loop2): alloc_read... done
[  572.135455][ T8640] bcachefs (loop2): stripes_read... done
[  572.151104][ T8640] bcachefs (loop2): snapshots_read... done
[  572.257001][ T8640] bcachefs (loop2): journal_replay... done
[  572.264535][ T8640] bcachefs (loop2): resume_logged_ops... done
[  572.282783][ T8640] bcachefs (loop2): going read-write
[  572.305436][ T8640] bcachefs (loop2): done starting filesystem
[  572.407623][ T8665] =====================================================
[  572.415110][ T8665] BUG: KMSAN: uninit-value in bch2_dirent_invalid+0x1ea/0xa30
[  572.422999][ T8665]  bch2_dirent_invalid+0x1ea/0xa30
[  572.434365][ T8665]  bch2_bkey_val_invalid+0x24f/0x380
[  572.439868][ T8665]  validate_bset_keys+0x12d8/0x25d0
[  572.445411][ T8665]  validate_bset_for_write+0x1dd/0x340
[  572.451061][ T8665]  __bch2_btree_node_write+0x5383/0x67c0
[  572.457045][ T8665]  bch2_btree_node_write+0xa5/0x2e0
[  572.462524][ T8665]  __btree_node_flush+0x4d0/0x640
[  572.467720][ T8665]  bch2_btree_node_flush0+0x35/0x60
[  572.473191][ T8665]  journal_flush_pins+0xce6/0x1780
[  572.478465][ T8665]  __bch2_journal_reclaim+0xd88/0x1610
[  572.484269][ T8665]  bch2_journal_reclaim_thread+0x18e/0x760
[  572.490245][ T8665]  kthread+0x3e2/0x540
[  572.494602][ T8665]  ret_from_fork+0x6d/0x90
[  572.499180][ T8665]  ret_from_fork_asm+0x1a/0x30
[  572.504211][ T8665] 
[  572.506612][ T8665] Uninit was stored to memory at:
[  572.512075][ T8665]  bch2_sort_keys+0x1b4d/0x2cb0
[  572.517140][ T8665]  __bch2_btree_node_write+0x3acd/0x67c0
[  572.523183][ T8665]  bch2_btree_node_write+0xa5/0x2e0
[  572.533691][ T8665]  __btree_node_flush+0x4d0/0x640
[  572.538921][ T8665]  bch2_btree_node_flush0+0x35/0x60
[  572.545542][ T8665]  journal_flush_pins+0xce6/0x1780
[  572.550831][ T8665]  __bch2_journal_reclaim+0xd88/0x1610
[  572.556554][ T8665]  bch2_journal_reclaim_thread+0x18e/0x760
[  572.562647][ T8665]  kthread+0x3e2/0x540
[  572.566896][ T8665]  ret_from_fork+0x6d/0x90
[  572.571550][ T8665]  ret_from_fork_asm+0x1a/0x30
[  572.576500][ T8665] 
[  572.578903][ T8665] Uninit was created at:
[  572.583468][ T8665]  __kmalloc_large_node+0x231/0x370
[  572.588816][ T8665]  __kmalloc_node+0xb10/0x10c0
[  572.593814][ T8665]  kvmalloc_node+0xc0/0x2d0
[  572.598469][ T8665]  bch2_btree_node_read_done+0x4e68/0x75e0
[  572.605454][ T8665]  btree_node_read_work+0x8a5/0x1eb0
[  572.610987][ T8665]  bch2_btree_node_read+0x3d42/0x4b50
[  572.616722][ T8665]  bch2_btree_root_read+0xa6c/0x13d0
[  572.622380][ T8665]  read_btree_roots+0x454/0xee0
[  572.627403][ T8665]  bch2_fs_recovery+0x7b6a/0x93e0
[  572.637114][ T8665]  bch2_fs_start+0x7b2/0xbd0
[  572.643005][ T8665]  bch2_fs_open+0x152a/0x15f0
[  572.647881][ T8665]  bch2_mount+0x90d/0x1d90
[  572.652605][ T8665]  legacy_get_tree+0x114/0x290
[  572.657549][ T8665]  vfs_get_tree+0xa7/0x570
[  572.662264][ T8665]  do_new_mount+0x71f/0x15e0
[  572.667033][ T8665]  path_mount+0x742/0x1f20
[  572.671732][ T8665]  __se_sys_mount+0x725/0x810
[  572.676586][ T8665]  __x64_sys_mount+0xe4/0x150
[  572.681550][ T8665]  x64_sys_call+0x2bf4/0x3b50
[  572.686412][ T8665]  do_syscall_64+0xcf/0x1e0
[  572.691097][ T8665]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  572.697522][ T8665] 
[  572.699943][ T8665] CPU: 0 PID: 8665 Comm: bch-reclaim/loo Not tainted 6.9.0-syzkaller-02707-g614da38e2f7a #0
[  572.710276][ T8665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  572.720540][ T8665] =====================================================
[  572.727824][ T8665] Disabling lock debugging due to kernel taint
[  572.738428][ T8665] Kernel panic - not syncing: kmsan.panic set ...
[  572.744945][ T8665] CPU: 0 PID: 8665 Comm: bch-reclaim/loo Tainted: G    B              6.9.0-syzkaller-02707-g614da38e2f7a #0
[  572.756615][ T8665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  572.766770][ T8665] Call Trace:
[  572.770125][ T8665]  <TASK>
[  572.773127][ T8665]  dump_stack_lvl+0x216/0x2d0
[  572.777957][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  572.783904][ T8665]  dump_stack+0x1e/0x30
[  572.788201][ T8665]  panic+0x4e2/0xcd0
[  572.792239][ T8665]  ? kmsan_get_metadata+0xf1/0x1d0
[  572.797492][ T8665]  kmsan_report+0x2d5/0x2e0
[  572.802118][ T8665]  ? kmsan_get_metadata+0x146/0x1d0
[  572.807450][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  572.813387][ T8665]  ? __msan_warning+0x95/0x120
[  572.818263][ T8665]  ? bch2_dirent_invalid+0x1ea/0xa30
[  572.823676][ T8665]  ? bch2_bkey_val_invalid+0x24f/0x380
[  572.829288][ T8665]  ? validate_bset_keys+0x12d8/0x25d0
[  572.834815][ T8665]  ? validate_bset_for_write+0x1dd/0x340
[  572.840598][ T8665]  ? __bch2_btree_node_write+0x5383/0x67c0
[  572.846560][ T8665]  ? bch2_btree_node_write+0xa5/0x2e0
[  572.852081][ T8665]  ? __btree_node_flush+0x4d0/0x640
[  572.857400][ T8665]  ? bch2_btree_node_flush0+0x35/0x60
[  572.862895][ T8665]  ? journal_flush_pins+0xce6/0x1780
[  572.868310][ T8665]  ? __bch2_journal_reclaim+0xd88/0x1610
[  572.874072][ T8665]  ? bch2_journal_reclaim_thread+0x18e/0x760
[  572.880189][ T8665]  ? kthread+0x3e2/0x540
[  572.884569][ T8665]  ? ret_from_fork+0x6d/0x90
[  572.889282][ T8665]  ? ret_from_fork_asm+0x1a/0x30
[  572.894360][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  572.900301][ T8665]  ? kmsan_get_metadata+0x146/0x1d0
[  572.905625][ T8665]  ? kmsan_get_metadata+0x146/0x1d0
[  572.910956][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  572.916894][ T8665]  ? kmsan_get_metadata+0x146/0x1d0
[  572.922218][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  572.928163][ T8665]  ? bch2_bkey_ptrs_invalid+0x250d/0x2d40
[  572.934057][ T8665]  ? kmsan_get_metadata+0x146/0x1d0
[  572.939381][ T8665]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  572.945321][ T8665]  __msan_warning+0x95/0x120
[  572.950021][ T8665]  bch2_dirent_invalid+0x1ea/0xa30
[  572.955260][ T8665]  ? kmsan_get_metadata+0x146/0x1d0
[  572.960587][ T8665]  ? __pfx_bch2_dirent_invalid+0x10/0x10
[  572.966346][ T8665]  bch2_bkey_val_invalid+0x24f/0x380
[  572.971800][ T8665]  validate_bset_keys+0x12d8/0x25d0
[  572.977199][ T8665]  validate_bset_for_write+0x1dd/0x340
[  572.982821][ T8665]  __bch2_btree_node_write+0x5383/0x67c0
[  572.988603][ T8665]  ? kmsan_get_metadata+0x146/0x1d0
[  572.993991][ T8665]  bch2_btree_node_write+0xa5/0x2e0
[  572.999340][ T8665]  __btree_node_flush+0x4d0/0x640
[  573.004491][ T8665]  ? __btree_node_flush+0xd1/0x640
[  573.009728][ T8665]  ? __pfx_bch2_btree_node_flush0+0x10/0x10
[  573.015750][ T8665]  bch2_btree_node_flush0+0x35/0x60
[  573.021077][ T8665]  journal_flush_pins+0xce6/0x1780
[  573.026352][ T8665]  __bch2_journal_reclaim+0xd88/0x1610
[  573.031968][ T8665]  ? kmsan_get_metadata+0x146/0x1d0
[  573.037321][ T8665]  bch2_journal_reclaim_thread+0x18e/0x760
[  573.043284][ T8665]  kthread+0x3e2/0x540
[  573.047493][ T8665]  ? __pfx_bch2_journal_reclaim_thread+0x10/0x10
[  573.053976][ T8665]  ? __pfx_kthread+0x10/0x10
[  573.058707][ T8665]  ret_from_fork+0x6d/0x90
[  573.063244][ T8665]  ? __pfx_kthread+0x10/0x10
[  573.067974][ T8665]  ret_from_fork_asm+0x1a/0x30
[  573.072894][ T8665]  </TASK>
[  574.445958][ T8665] Shutting down cpus with NMI
[  574.451008][ T8665] Kernel Offset: disabled
[  574.455397][ T8665] Rebooting in 86400 seconds..