last executing test programs:

13.006347123s ago: executing program 0:
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000000)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="04010100000000001400030064756d6d79300000000000000000000008000a00", @ANYRES32=r1], 0x3c}}, 0x0)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
r3 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010000100"/20, @ANYRES32=0x0, @ANYBLOB="02200000000000001400030062617461647630"], 0x3c}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001b00)={'team0\x00', <r4=>0x0})
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=@ipv6_newaddr={0x20, 0x10, 0x1, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, r4}, [@IFA_RT_PRIORITY={0x8}]}, 0x20}}, 0x0)

12.426114514s ago: executing program 0:
syz_mount_image$nilfs2(&(0x7f0000000080), &(0x7f0000000040)='./file2\x00', 0x3200400, &(0x7f0000000c00)=ANY=[], 0x1, 0xa56, &(0x7f0000001c80)="$eJzs3U2MW0fhAPB53vUmm6T/OP0ndElCm/DRlo/uNpslfETQVM2FqKm4Vaq4RGlaItKASCVoVYkkJ260qsKVD3EqhwoQUntBUU9cKtFIXHoqHDgQBakSBygkRrFnvPasrWfvl+317yfNjufNs2fe2+fn9zUzAZhYlcbfpaW5IoRrb79+8u8P/m327pTHWnPUGn+n21LVEEIR09PZ530w1Yxvf/jK2W5xERYbf1M6PHWr9d6dIYTL4VC4Hmph/7Ubr727+OTpK6euHn7vjeM3N2bpAQBgsnzz+vGlfX/504E9H715/4mwrTU9HZ/XYnpXPO4/EQ/80/F/JXSmi7bQbiabbzqGSjbfVJf52supZvNN9yh/Jvvcaiv/QMd820rKn2qb1m25YZyl7bgWisp8R7pSmZ9vnpOHxnn9TDF/8fyF5y4NqaLAuvvnAyGEQ8KgoV6v/6ixAkegLoKw2lDfPew9EEBTfr9whcv5lYW1aX3adH/l33q80v39sA42e/tX/niV/6sr9jisn626NaXlSt+jXTGd30fIn18a9PufPi+/H1Hts5697iOMy/2FXvWc2uR6rFav+ufbxVb1tRin9fD1LL/9+5P/T8flfwx0968Ju/5/aATqsKVDdQTqIPQd6sPeAQEja/m5uaZ6lPLz5/ry/G0l+dtL8mdL8neU5O8syYdJ9rsXfxJeLZbP8/Nz+kGvh6XrbPfE+P8GrE9+PXLQ8vPnfge11vLz54lhlL115ulzX372mRvN5/+L1vZ/J27vh2K6Fr9b1+MM6Xphfl299ex/rbOcSo/57s3qc8+K+evNEvd2zlfsXf6c0LafWVGPuc737e4138HO+WrZfLMxbM/qmx+f7Mjel44/0n41ra/pbHmr2XLMZPVI+5U9Mc7rAauRtsdez/+n7XMuVIvnzl8492hMp+30j1PVbXenH2n/0F9vTt2Btem3/c9c6Gz/s6s1vVpp3y/sXp5etO8Xatn0xWaydZs8TT8a0+l37ttTs43p82e/e+HZ9V54mHCXXnr5O2cuXDj3fS/Si1mrxQsvhr1nAjbawosvfG/h0ksvP3L+hTPPn3v+3MWjx44dXVw89pWjSwuN4/qF9qN7YCtZ/tEfdk0AAAAAAAAAAACAfv3g1Mkbf37nS+832/8vt/9L7f/Tk7+p/f+Ps/b/eTv51A4+tQPc0yW/Me7eW531mMnmq8bw/1l992bl7Mve97EYt8bxi+3/U3v7vF/XVJ/7sul5/71pvqw7gRX9pcxkfZDk4wV+MsZXY/zLAENUzHafHOOy/q3Ttp76p9AvxXhK/7e0NaR+TFL77179OqX9/55NqCPrbzOaEw57GYHu/jHy/X+3HYkPvS4TEKzniQr1ulE8gNEw7PE/03XPFF/8wze23w1ptluPd+4v8/5LYS1GffxJ5W+t8T9b49/1tf/r0rt6Rz/P/Y+u8O+f3Xy/rdiwv9/9b778qR/oveVltvsolp+W/6HQX/n1X2Tl5zeE+vSfrPwdfZa/YvkPrq78/8by02p7+FP9lt+scVHprEd+3Tjd/8uvGye3s+VPfXsOvPyrHKjxTiwfJlnvcWb7HcF2NI3L+L+95M9hfDGm044wPeeQ/yIPWv/0fEX6HdiXfX5R8vs2LuMU9zLp4/9+NcZl34c0/m/aHmtd0pW2dLXLuh33bQW2mg9G/v7fmIXLI1AHYUTD7AjUoTPU6/WNvaBVYqiFM/T1P+y7z8Muf9jrv0w+/m9+DJ+P/1vJTiDy8X/z9+fj/+b5+fh6eX4+/m++PvPxf/P8+7LPza9gz5Xkf7wkf39J/oHl/Nlu+QdL3v+JkvzDJfn3l+Q/UJJ/b0n+VEn+p0vyP1OS/2BJ/sMl+Z8tyd/qUnuUSV1+mGR5+zzff5gc6f5Pr+//3pJ8YHz99M0jTzzz22/Vmu3/Z1rna+k+3omYrsZz5x/GdH7fO7Sl7+a9E9N/zfJH/XoHTJK8/4z89/2hknxgfKXnvHy/YQIV3Xvs6bffql7H+YyXz8X48zH+QowfifF8jBdifCTGi5tUPzbGE7/5/fFXi+Xz/d1Zfr/Pk+ftgfJ+oo72WZ/8+sCgz7Pn/fgNaq3lr7I5GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNBUGn+XluaKEK69/frJp0+fX7g75bHWHLXG3+m2VLX1vhAejfFUjH8eX9z+8JWz7fGdGBdhMRShaE0PT91qlbQzhHA5HArXQy3sv3bjtXcXnzx95dTVw++9cfzmxq0BAAAA2Pr+FwAA//9BFBh3")
r0 = open(0x0, 0x64842, 0x0)
creat(&(0x7f0000000300)='./file2\x00', 0x0)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000280)="85", 0xffffffea}], 0x1, 0x0, 0x0, 0x0)

10.461698562s ago: executing program 0:
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000100)='./bus\x00', 0x8, &(0x7f00000003c0)={[{@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x31, 0x78, 0x30, 0x6b, 0x2d, 0x2d, 0x78, 0x67]}}, {@compress}, {@nobarrier}, {@clear_cache}, {@nodatacow}, {}, {@space_cache_v1}, {@nodatacow}, {@autodefrag}]}, 0x3, 0x55a3, &(0x7f000000ac00)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKAbRbfDNkX/YqW/AwN3Zcr8vqr3G4d+3Slh9cnJhqK53vrsB3cqRxV6QdatulpK6iOHaLg7bHau60XvNsKtvMST1vuF6nMN5TNW0LVoXxm26zpCzrmx0fKQ2Njn2I17aDned2mc2ZsTbrXvA5jBxq2y+vwgdpJ9Ze9PfHglSf/8fR956+duq3dfC5nk+amd7TqkHnN9ZrnMZrg86QXvP0KviUN9aUrhHD8nz5f9sycl3bf+MGrJ068/YWLr5628JopE58d9Iux/3jtLndPu7xg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MbKxP5uYAAADQa/SGvaZfHf3qS6c+dPeiF5cfV/Hdcb86abf6irO/33H8rivHf/HSK9sf36Vg/j+0tOP/8ZB/Xe5oV4cwoStxwYAQdut6PAn8LHbn5AEh7NWVaskPHJYKrA7hC12J/bNVpUr0jSWGpgK/r88EJqQCa2KgJRW4MQaWpAIXxsCKVGBGDKxOBQ6PgdCeP44D6jPjKDlQEwOtyUZcEc9CeKc+tpbaVuuyVQEAAGwnmdlhZf7dnHMdtjVDnF6uqOkpQzwDu2iG6lQN6RlsdlpVtIaKnmoo76mG7LgXffTwC2ou66nmgtMwyvIzfDjkO+UDJu79o7tuHHFT84sTv/vu2OO/8uc33129/z/993vOmX/dAQXz/6aPnv9Xd9ORsoLj/yFM7vobc5dnIh3ZeGtLXgYAAABgG1z12NInbzjgqP9z38v33fmla28oX3311//vKxsv2HvUccPL+v7dt1cUzP8nlHb+f9wn0icnc3g07oaYPSCEpvxAUu3BhYHkqHe/TAAAAAB6g+zx+Oyx8PbMbXKKdno+XZi/ZSvzxwP/E7rNf/mmv372y9c+eeLCYftsuOK/nflB2efH/m6XY9eOfPytPYf9Q0PfwvP/W0o7/782/zbpxJrYiysHhNA3J/BI7GVnoMvQGHj50PxAZvxr4gZYHKvKnJiQrWpxLNEaA02pwLJiJX6bLbFbfiDzZGUbvyA7jvZMiZwAAAAAfOLi7oB4XD6e/3/P5AO+tP+gl8a8uOe9C1+bsPSEU2t/uM8tu74+oGPSmAMnHHLEMwXz/9atO/+/ax5ccHp/R78QRlaE0Cf9w4BHa5OFAWOgriyTuL82qatPuqrzakMY3zmwdFWvZNb/r0ivMfhETVJVDOy29083DetM3FATwsjcwDPfvH5MZ2J+KpBt/Bs1IQzpHG268ZV9k8Yr041f0zeEPXMC2apO7htCZ2NV6aoerM5cxyBd1W3VIQzMCWSrOrA6hIUBgF4q/iudmfvgvIVnz57e0dF2xg5MxH34NWFWe0db44w5HTOri/RpZqrPecsYnVc4plKvfPN8ZomiqUNuH15KOvs7wabctjL78QtOHMzcj9+FKrvG2VyZd3d0esjD9ylsIuR8kyo25PIdPOTa3Eq2PIkF9cf8VaFf6LtgXtsZjWdNnz//jFHJ31KzNyd/42GmZFuNSm+r2u76VsLLo+hqWSkfd1vtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbkbw9D3a+7qlND3Xx9iePajkPdvSKnkk/iU0NCQqK3JaYvKTt/wrRf3/+tPdacdtZJe/z9HjNHnPRXl/9m7omNh0z+1fV/ubZg/j/3o+f/8VMnfvJn1mcodvy/IR7mTx7fcpi/NQaWlXr8v6HY0fzsiQFDU4FFMbDIYX4AAAA+G+LuyLg3M+6Vvq7un+4+cuaMQ97/5QlTrv7bseNOPWv9vg0XX33skv+w/p0lq454u2D+v6i03/9vp/X/s0vXf63YMv/7xxJNxdb/Ty/zn13/f1Gx9f/Ty/xn1/9f9ims/78gG0htknes/w8AAHwWfHLr//e4vH/6AgEFGXpc3j99gYCCDD0u41/qBQK2ev3/OR1/UTvo8jnjDh0x98ePrNp7ycDbvvT8xF/vs/SgEfeuvOW9UbcWzP+XlDb/t3A/AAAA7Dwe+mXfb1/87rD7n3rk/SPLLv3txpuO/6u2Aw75w8DmUyYfXfP9m/6tYP6/rLT5/ye//l8odv7/0GKBlmILA1r/DwAAgF6q2Pp/Nw98eejq+SNufOznb97yUusvZo5/7d8t+cFXpg9runnNut80zFhfMP9fUdr8P552UZ6XO/bmw/pkTbuQXtNuY332JwMAAADQO5SHxsbKEvPmrYx62Mdvc11mKdCPSud6+r5BqxaUP3RVWfXGH1wy7ZDGc489c86RF63/fu2TP6md2lh9RsH8f3Vp8/+832U8UDup/rK3Jx784cqT/3j6vvPXTt1y/B8AAADYcUrdLwEAAAAAAAAAAAAAAHz6nmpdetAHo45+Y+Zeo/70jWNf+MHiL37zkb+59s9n/vzw+/Zq3zxsSsHv/8PkrnLFfv8fr/sXf1+wa17u2GrP6/9l7k855taFXUsWPlofwj65gdnnz/5cyFybf7/cwKqp+w/uTJyfLnHfi4e/1pmYlg4cNWKX9zoT41OB1rhI4hfSgXhVxff6pwJxecUn04G4PVakA1WZwCX9k3GUpbfVhrpkW5Wlt9VzdSEMyAlkt9XddUkbZekBXpUKZAd4ejoQBzgpEyhP9+rWfkmvYqAuFv2bfkmvAADYacVvgZVhVntHW1P8Ch9vd6/Iv43yliw7r7DashKbfz6zNNnUIbcPLyXdJ/1ddMu1xitDdecQRhV8Xc3NUtY1yu1TSw+bbtciQ+5ptbfyIuXStnbTVRUfUU0yosYZczpmVvY48NE9Z2mu6DHLqILJTm6W8q5NWkItJfSlhBGVuG1K6HK8Xx4aG/ukco2LwYaQp6dXRKm/189d56/YqyA3z9/WXHtpn8F93v+38Rc99OCAyo5TJ7ddtPtj/zxw1Mwf//DB1mt+XzD/byht/l+dO673MhcDWBSvrHfwgBBaSxwRAAAAfPb9z3OX33HinDUbZq2uePZ3v5tdftyJlZvPueucsy967v7FR13y72/e1viKsqc2nfjGprP++o2ffOW6h8966fAZZ901ad0h69uqb/zuXyw/dUjB/H9oafP/uAcrcyg42duxOl7//4IBIXRdWr8hCfwsDvfkASHs1ZVqiSWSC+p/LZZoSgI/iztM9o8lWlvyq+obAytSgd/XZwKrU4E1MZDZS/HTkNmVc0V9CGO6UpPzS8yNJRpSgeNiYGgq0BgDTalA/xiYkAq82T8TaEkF/jEGQnv+trqzf2ZbAQAAbI3MPKsy/25Iz/NWVPSUoaynDLU9ZSjvKUN1TxmKjSLevyNmqEydvFKWk6kyXWtNqpaCDPFi+Fvdr4IM4bf5OdMFC5qO5x9kzzcoy88w7od3tB70tXk/3nTxjx4/8sALj1xy5duXHt1v8JXP/u/2c/v131RbMP9vKm3+X5t/m7S+Js7/t1z/Lwk8Ert3ZTx1fGgMvHxofiCzY2BNnOwuzlbVkimRmbQvjiUmxMDQVGBuDExIBVonZwLLBucHMjPtbOMXZBtvz5TICQAAAMAnLu4giLtp4vx/5bjwzh5Hvt+8+5UD5457/JHzjphes2t1zT+PX7t0/KXVD+3Xt2D+P6G0+X9sr19uYxfG3rzaP4S7y7b0JhsYUZcE4n6Muvjz+D3qQvhczg6ObIm22qREVarh8HBN8gv1qnRV99YkawzE+1OeeHDVZZ2Jq2pC2Ddn70u2jReqkzZq0oFhVUmgNh2YU5EE4p6fbOCe8iQA2yy7VzC+oDKnumQ1dF+uyOvvs3JN0PTwCvaBdpOvu99c7SjV6Qcy+1Sztu5pK6iOHaLg7bHau603vtsavNtyv0hlvqFs3hKqDuUz22ZNX9AxPz6S+0vWAjvoec79lWop6e3wOlz08Xvbs+p0B5pSHx9N3Zfr/nVYFqt7oHZS/WVvTzx45cl/PH3f+WunltyNIuIPhQ++de4Bz+Vs3h2tOmRec73u86TF50lv/Dcw1NMWQlh+wawnn/iX95+vWN/8Xw4cu/y2Nx9b/pODHpg14gsbLvnyxrfePapg/t9S2vy/InXb5YO4MecNCGF4zsZ9NG7+iQOSz8GcQPIpObAwkBxyX19f9JMTAAAAtrfs7o7s/oL2zG1yQnh6nlyYv2Ur88f9FRO6zV9qvweO+YfvHXrV69/4+vrdL3906VPr/tObrxwx7dAHNj29YuXrzcd+/umC+X/rR8//+6a66fi/4//sII7/d2tn3xXdN/3Aom3aFV1QHTuE4//d2tnfbY7/d8vxf8f/u+P4fw8c/+/Wzv60FXxLmutLVwihdcANt/+idvrwflec860Za3/+9DtN416oO/foO//H4YvDNeet+nPB/H9uafN/6/91v2hfdv2/1mLr/80ttv7fIuv/AQAAO1SRhebS87yC1fsKMqRX7yvI0OMCgT0uMWj9v61e/6/2pLNPeqX+rb2umXj7f75z+oXPn3Tis/v2ef6E20+4aeTVw1/68oaC+f+i0ub/8eXQL7f13rL+39DJRapaEgNzLQwIAADAzqjYDgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+XSseXPzFzYv3OeimZz9/0+H/umzNrL1/dcDm0WNObhy+eGDZlX/3L28NWrDwjbZJZ17bMn35NRtWLg2hvatcWVK87KFB5eWj/3DMXbdd8XDTtMFTzq3O1FuZuf1iXu7Y6of1ISzLeaQuJjbWd97ZEphyzK0LKzoTj9aHsE9uYPb5sz/XmbixPoT9cgOrpu4/uDNxfrrEfS8e/lpnYlo6cNSIXd7rTIzPBMrS3b2uf9LdsnR3L+sfwoCcQLa73+6fX1W2jf+YCZSn27i5LmkjBupi0R/VJW3EQEcs0d43hJEVIfRJV/Xr6qSqPumq/r46qapPuqr/Wh3C+BBCRbqqF6uSqirSI19blVQVA7vt/dNNwzoTy6pCGJkbeOab14/pTJyeCmQb/3pVCEM6XzLpxu+oTBqvTDd+VWUIe4YQqtIl/rUiKVGVLvFKRQgDcwLZxk+tCGFh4DMhfvjMzH1w3sKzZ0/v6Gg7YwcmqjJt1YRZ7R1tjTPmdMysTvWpmLKc9ObzPv7Yn990zozO26lDbh9eSroiU66yq8vNlXl3R+/svY/9qs2tZMvzUVB/zF8V+oW+C+a1ndF41vT5888YlfwtNXtz8rdPJppsq1G9ZVvtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbk7/YY6vWf/FB3r8ip5JP4AJCQkOhtifK8T7emnf2DvOCL/paOVobqrg/ogmlFbpayrlFuj0Ef9jFH/HG+p/Q4olEFE4eCLM09ZxldMJnYkqUmydL1va5gcphbU3nXJo33y0NjY59i26Eh/27u5n1rGzbvusymKzUNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//5twzl8=")
io_setup(0x1, &(0x7f00000004c0)=<r0=>0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)
io_submit(r0, 0x1, &(0x7f00000002c0)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x0, 0x0, r1, &(0x7f0000000140)}])

4.007462134s ago: executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
ftruncate(r0, 0x8001)
r1 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETVERSION(r1, 0x80044944, &(0x7f0000001040))

3.802080372s ago: executing program 4:
sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="c0000000", @ANYRES16, @ANYBLOB="000829bddf250300", @ANYRES32, @ANYBLOB="0c009900070000002e0000009800330094000400080211000000ffffffffffff01a00320963923582c1c22182c1cf62e9c81dee4892f841fdbf487c8c11e4e9d063f292c8414667316ab76c73f8a363276480ed7f6017db930c74e32b80492cb134aded8748d385dbdbe5928b48ed0e1e255efd9079f19e5bd26f8231867f6c649f7474fe7"], 0xc0}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@o_path={0x0}, 0x18)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="02000000050000f58f04"])

3.752181501s ago: executing program 0:
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10)
chdir(&(0x7f0000000040)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl1\x00', &(0x7f0000000340)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x24, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast2, @loopback, {[@ra={0x94, 0x4}, @generic={0x0, 0x9, "ba8fab810cab6c"}]}}}}})
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r4, &(0x7f0000000380), 0x20000000}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0)

3.351041599s ago: executing program 4:
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000407b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='9p_protocol_dump\x00', r3}, 0x10)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014fa0000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r5}, 0x10)
r6 = dup(r1)
write$FUSE_BMAP(r6, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r6, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
chdir(&(0x7f0000000040)='./file0\x00')
syz_mount_image$fuse(0x0, &(0x7f0000006340)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000540)='./file0\x00', 0x0)

2.931035471s ago: executing program 4:
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x100080a, &(0x7f0000001840)=ANY=[@ANYBLOB='iocharset=cp857,iocharset=iso885D-15,gid=', @ANYRESHEX=0xee01, @ANYBLOB=',iocharset=macgaelic,fmask=00000000000000000000003,dmask=00000000000000000000002,errors=continue,fmask=00000000000000000000011,iocharset=cp861,\x00'], 0x9, 0x1505, &(0x7f0000000180)="$eJzs3Au4jdX2MPAx5pwvm9BKcp9jjpeVXCZJEknIJUmSJMktIUmSJCS33JKQhNyT3ENyC8n9fss9SY4kSUJCwvweHefzndPp9P2/0/mc59nj9zzz2XPstcZY411jr9u7n72/azewUp3K5WsxM/xb8K9fugJACgD0AYBrASACgOKZi2e+dHk6jV3/vRsRf66Hp1ztDsTVJPNP3WT+qZvMP3WT+aduMv/UTeafusn8UzeZvxCp2ZapOa6TlXqXnP9PzeT1P3WT+aduMv/UTeafusn8UzOW+adyMv/UTeafusn8hUjN/pTzyGkvF/svOJ/9H1h/u6uudh9/sKL/p7yr95MnhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEECI1ORuuMADwt/3V7ksIIYQQQgghhBB/npD2ancghBBCCCGEEEKI/zwEMBoMRJAG0kIKpIP0cA1kgIyQCa6FBFwHmeF6yAI3QFbIBtkhB+SEXJAbLBA4YIghD+SFJNwI+eAmyA8FoCAUAg+FoQjcDEXhFigGt0JxuA1KwO1QEkrBHVAa7oQycBeUhXJQHu6GClARKkFluAeqwL1QFe6DanA/VIcHoAY8CDXhIagFD0NteATqwKNQFx6DelAfGkBDaPTP8/W/zn8JOsHL0Bm66Ev3QHd4BXpAT+gFvaEPvAp94TXoB69DfxgAA+ENGARvwmB4C4bAUBgGb8NwGAEjYRSMhjEwFt6BcfAujIf3YAJMhEkwGabAVJgG78N0mAEz4QOYBR/CbJgDc2EezIePYAEshEXwMSyGT2AJLIVlsBxWwEpYBathDayFdbAeNsBG2ASbYQt8ClthG2yHHbATdsFu+Az2wOewF76AffDl/zD/zD/kt0dAQIUKDRpMg2kwBVMwPabHDJgBM2EmTGACM2NmzIJZMCtmxeyYHXNiTsyNuZGQkJExD+bBJCYxH+bD/JgfC2JB9OixCBbBongLFsNiWByLYwksgSWxFJbC0lgay2AZLItlsfztcwCwAlbCSngP3oP3YlWsitWwGlbH6lgDa2BNrIm1sBbWxtpYB+tgXayL9bAeNsAG2AgbYWNsjE2wCTbDZtgcm2MLbIEtsSW2wlbYGltjG2yDbbEttsN22B47YAd8CV/Cl/Fl7IIVVDfsjt2xB/bAXtgbe+Or2Bdfw9fwdeyPA3AgvoFv4Js4GE/jEByKw3AYllEjcCSOQlZjcCyOxXE4DsfjeJyAE3EiTsYpOBWn4TScjjNwBn6As/BD/BDn4Bych/NxPi7AhbgIF+FiPINLcCkuw+W4AlfiClyNa3A1rlN/e2huxs34KX6K23Ab7sAduAt34Wf4GX6On2N/3If7cD/uxwN4AA/iQTyEh/AwHsYjeASP4lE8hsfwOJ7Ak3gCT+EpPI1n8CyexXN4Ds/jCzm/qb2rwNr+oC4xyqg0Ko1KUSkqvUqvMqgMKpPKpBIqoTKrzCqLyqKyqqwqu8qucqqcKrfKrUiRYhWrPCqPSqqkyqfyAUBXVVAVVF55VUQVUUVVUVVMFVPF1W2qhLpdlVSlVFNfWpVWZVQzX1aVU+VVeVVBVVSVVGVVWVVRVVRVVVVVU9VUdVVd1VAPqpqqG/bCh9WlydRRA7CuGoj1VH3VQDVUb+LjqrEajE1UU9VMPamG4hBsoRr7luoZ1UqNxNbqOTUKn1dt1Rhsp15U7VUH1VG9pDqpJr6z6qImYDfVXU3GHqqn6qV6q+lYUV2aWCX1uuqvBqiB6g01D99Ug9Vbaogaqoapt9VwNUKNVKPUaDVGjVXvqHHqXTVevacmqIlqkpqspqipapp6X01XM9RM9YGapT5Us9UcNVfNU/PVR2qBWqgWqY/VYvWJWqKWqmVquVqhVqpVarVao9aqdWq92qA2qk1qs9qiPlVb1Ta1Xe1QO9UutVt9pvaoz9Ve9YXap75U+9Vf1AH1lTqovlaH1DfqsPpWHVHfqaPqe3VMdVHH1Ql1Uv2oTqmf1Gl1Rp1VP6tz6hd1Xl1QF1VQoFErrbXRkU6j0+oUnU6n19foDDqjzqSv1Ql9nc6sr9dZ9A06q86ms+scOqfOpXNrq0k7zTrWeXRendQ36nz6Jp1fF9AFdSHtdWFdRN+si+pbdDF9qy6ub9Ml9O26pC6l79Cl9Z26jL5Ll9XldHl9t66gK+pKurK+R1fR9+qq+j5dTd+vq+sHdA39oK6pH9K19MO6tn5E19GP6rr6MV1P19cNdEPdSD+uG+sndBPdVDfTT+rm+indQj+tW+pndCv9rG6tn9Nt9PO6rX5Bt9Mv6va6g+6oL+iLOujOuovuqrvp7voV3UP31L10b91Hv6r76td0P/267q8H6IH6DT1Iv6kH67f0ED1UD9Nv6+F6hB6pR+nReoweq9/R4/S7erx+T0/QE/UkPVlP0VN1r8uVZl7KN/Av89/9J/n9fr31zXqL/lRv1dv0dr1D79S79G69W+/Re/RevVfv0/v0fr1fH9AH9EF9UB/Sh/RhfVgf0Uf0UX1UH9PH9HF9Qv+sf9Sn9E/6tD6jz+if9Tl9Tp+/fB+AQaOMNsZEJo1Ja1JMOpPeXGMymIwmk7nWJMx1JrO53mQxN5isJpvJbnKYnCaXyW2sIeMMm9jkMXlN0txo8pmbTH5TwBQ0hYw3hU0Rc/Pv5UeXn+H+MP93+ls+6XJ+I9PINDaNTRPTxDQzzUxz09y0MC1MS9PStDKtTGvT2rQxbUxb09a0M+1Me9PedDQdTSfTyXRGMF1NV9PdvGJ6mJ6ml+lt+phXTV/T1/Qz/Ux/098MNAPNIDPIDDaDzRAzxAwzw8xwM9yMNCPNaDPajDVjzTgzzow3480EM8FMMpPMFDPFXHphvWSmmWlmmVlmtplt5pq5Zr6ZbxaYBWaRWWQWm8VmiVlqlprlZrlZaVaa1Wa1WWvWmvVmvdloNpolZovZYraarWa72W52mp1mt9lt9pg9Zq/Za/aZfWa/2W8OmAPmoDloDplD5rA5bI6YI+aoOWqOmWPmuDluTpqT5pQ5ZU6b0+asOWvOmXPmvDlvLpqLl972RSpSkYlMlCZKE6VEKVH6KH2UIcoQZYoyRYkoEWWOMkdZohuirFG2KHuUI8oZ5YpyRzaiyEUcxVGeKG+UjG6M8kU3RfmjAlHBqFDko8JRkejmqGh0S1QsujUqHt0WlYhuj0pGpaI7otLRnVGZ6K6obFQuKh/dHVWIKkaVosrRPVGV6N6oanRfVC26P6oePRDViB6MakYPRbWih6Pa0SNRnejRqG70WFQvqh81iBpGjf7U+iGczvaE72y72LTQzXa3r9getqftZXvbPvZV29e+ZvvZ121/O8AOtG/YQfZNO9i+ZYfYoXaYfdsOtyPsSDvKjrZj7Fj7jh1n37Xj7Xt2gp1oJ9nJdoqdaqfZ9+10O8POtB/YWfZDO9vOsXPtPDvffmQX2IV2kf3YLraf2CV2qV1ml9sVdqVdZVfbNXatXWfX2w12o91kN9st9lO71W6z2+0Ou9PusrvtZ3aP/dzutV/YffZLu9/+xR6wX9mD9mt7yH5jD9tv7RH7nT1qv7fH7A/2uD1hT9of7Sn7kz1tz9iz9md7zv5iz9sL9qINl97cX3p5J0OG0lAaSqEUSk/pKQNloEyUiRKUoMyUmbJQFspKWSk7ZaeclJNyU266hIkpD+WhJCUpH+Wj/JSfClJB8uSpCBWholSUilExKk7FqQSVuPxoAbqT7qS76C4qR+XobrqbKlJFqkyVqQpVoapUlapRNapO1akG1aCaVJNqUS2qTbWpDtWhulSX6lE9akANqBE1osbUmJpQE2pGzag5NacW1IJaUktqRa2oNbWmNtSG2lJbakftqD21p47UkTpRJ+pMnakrdaXu1J16UA/qRb2oD/WhvtSX+lE/6k/9aSANpEE0iAbTYBpCQ2kYvU3DaQSNpFE0msbQWBpL42gcjafxNIEm0CSaRFNoCk2jaTSdptNMmkmzaBbNptk0l+bSfJpPC2gBLaJFtJgW0xJaQstoGa2gFbSKVtEaWkPraB1toA20iTbRFtpCW2krbafttJN20m7aTXtoD+2lvbSP9tF+2k8H6AAdpIN0iA7RYTpMR+gIHaWjdIyO0XE6TifpJJ2iU3SaTtNZOkvn6Bc6TxfoIgVKcelceneNy+AyukzuWvePcXaXw+V0uVxuZ11Wl+3vYnLO5XcFXEFXyHlX2BVxN/8mLulKuTtcaXenK+PucmV/E1dx97qq7j5Xzd3vKrt7/i6u7h5wNdyjrqZ7zNVy9V1t19DVcY+6uu4xV8/Vdw1cQ9fcPeVauKddS/eMa+We/U28wC10a9xat86td3vc5+6s+9kdcd+5c+4X19l1cX3cq66ve831c6+7/m7Ab+Jh7m033I1wI90oN9qN+U08yU12U9xUN82976a7Gb+J57uP3Cy3yM12c9xcN+/X+FJPi9zHbrH7xC1xS90yt9ytcCvdKrf6f/e63G10m9xmt9t95ra6bW672+F2ul2/xpeOY6/7wu1zX7rD7lt3wH3lDrqj7pD75tf40vEddd+7Y+4Hd9ydcCfdj+6U+8mddmd+Pf5Lx/6ju+AuuuCAkRVrNhxxGk7LKZyO0/M1nIEzcia+lhN8HWfm6zkL38BZORtn5xyck3NxbrZM7Jg55jycl5N8I+fjmzg/F+CCXIg9F+YifDMX5Vu4GN/Kxfk2LsG3c0kuxXdwab6Ty/BdXJbLcXm+mytwRa7ElfkersL3clW+j6vx/VydH+Aa/CDX5Ie4Fj/MtfkRrsOPcl1+jOtxfW7ADbkRP86N+Qluwk25GT/JzfkpbsFPc0t+hlvxs9yan+M2/Dy35Re4Hb/I7bkDd+SXuBO/zJ25C3flbtydX+Ee3JN7cW/uw69yX36N+/Hr3J8H8EB+gwfxmzyY3+IhPJSH8ds8nEfwSB7Fo3kMj+V3eBy/y+P5PZ7AE3kST+YpPJWn8fs8nWfwTP6AZ/GHPJvn8Fyex/P5I17AC3kRf8yL+RNewkt5GS/nFbySV/FqXsNreR2v5w28kTfxZt7Cn/JW3sbIO3gn7+Ld/Bnv4c95L3/B+/hL3s9/4QP8FR/kr/kQf8OH+Vs+wt/xUf6ej/EPfJxP8En+kU/xT3yaz/BZ/pnP8S98ni/wRQ4MMcYq1rGJozhNnDZOidPF6eNr4gxxxjhTfG2ciK+LM8fXx1niG+KscbY4e5wjzhnninPHNqbYxRzHcZ44b5yMb4zzxTfF+eMCccG4UOzjwnGR+Oa4aHxLXCy+NS4e3xaXiG+PS8al4kfvLx3fGZeJ74rLxuXi8vHdcYW4YlwprhzfE1eJ742rxvfF1eL742LxA3GN+MG4ZvxQXCt+OK4dPxLXiR+N68aPxfXi+nGDuGHcKH48bhw/ETeJm8bN4ifj5vFTcYv46bhl/EzcKn72Dy/vGneLu8evxK/EIdyn5ybnJecnP0ouSC5MLkp+nFyc/CS5JLk0uSy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ORlC5bTg0SuvvfGRT+PT+hSfzqf31/gMPqPP5K/1CX+dz+yv91n8DT6rz+az+xw+p8/lc3vryTvPPvZ5fF6f9Df6fP4mn98X8AV9Ie99YV/EN/SNfCPf2D/hm/imvpl/0j/pn/JP+af90/4Z38o/61v753wb/7xv61/wL/gXfXvfwXf0L/lO/mXf2XfxXX1X39139z18D9/L9/J9fB/f1/f1/Xw/399f8AP9QD/ID/KD/WA/xA/xw/wwP9wP9yP9SD/aj/Zj/Vg/zo/z4/14PyFlgp/kJ/kpfoqf5qf56X66n+ln+ln5Z/nZfraf6+f6+X6+X+AX+EV+kV/sF/slfolf5pf5FX6FX+VX+TV+jV/n1/kNfoPf5Df5LX6L3+q3+u1+u9/pd/rdfrff4/f4vX6v3+dDCF32nw3+gD/ov/aH/Df+sP/WH/Hf+aP+e3/M/+CP+xP+pP/Rn/I/+dP+jD/rf/bn/C/+vL/gL/rgxybeSYxLvJsYn3gvMSExMTEpMTkxJTE1MS3xfmJ6YkZiZuKDxKzEh4nZiTmJuYl5ifmJjxILEgsTixIfJxYnPkksSSxNLEssT6xIrEyEkGtrHPKEvCEZbgz5wk0hfygQCoZCwYfCoUi4ORQNt4Ri4dZQPNwWSoTbQ8lQKtwRHgv1Qv3QIDQMjcLjoXF4IjQJTUOz8GRoHp4KLcLToWV4JrQKz4bW4bnQJjwf2oYXQrvwYmgfOoSO4aXQKbwcOocuoWvoFrqHV0KP0DP8EnqHPuHV0De8FvqF10P/MCAMDG+EQeHNMDi8FYaEoWFYeDsMDyPCyDAqjA5jwtjwThgX3g3jw3thQpgYJoXJYUqYGqaF98P0MCPMDB+EWeHDMDvMCXPDvDA/fBQWhIVhUfg4LA6fhCVhaVgWlgdIWRlWhdVhTVgb1oX1YUPYGDaFzWFL+DRsDdvC9rAj7Ay7wu7wWdgTPg97wxdhX/gy7A9/CQfCV+Fg+DocCt+Ew+HbcCR8F46G78Ox8EM4Hk6EkwHDqfBTOB3OhLPh53Au/BLOhwvhovzNmhBCCCHE/xX9B5d3+yffU5cX/Pq7c4CM23Ic+seaG7L+dd9T5WyeAIBnurR7+G+rQoWuXbtevu4SDVHeOQCQuJKfBq7ES6EZPAUtoSkU/af99VQdzvG/rv8bKQCQHv6x/i2/U3/ErD+oHyXnAOTPeyUnHVyJr9Qv9jv1szX+g/rpvhoL0OT/yMkAV+Ir9YvAE/AstPy7awohhBBCCCGEEH/VU93R5o8+3176fJ7TXMlJC1fiP/p8LoQQQgghhBBCiKvv+Q4dn368ZcumbWRzFTbtMv51Cv8t/fzOJs1/Rxt/3gYvn736b+nnP70pd/nR/j/JumpPSUIIIYQQQoj/kCtv+q92J0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghROr1/+OfkF3tYxRCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGutv8VAAD//zmwHF0=")
renameat2(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x0)
connect$tipc(0xffffffffffffffff, &(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x3, {0x3}}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
close(r1)
recvmsg$unix(r0, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x100}, 0x40000120)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x4}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x10, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x0, 0x1, 0x10}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10)
r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x30d4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r3, &(0x7f0000000040))
epoll_ctl$EPOLL_CTL_MOD(r4, 0x3, r3, &(0x7f0000000240)={0xda08495046135326})
epoll_pwait(r4, &(0x7f0000000280)=[{}], 0x1, 0x0, 0x0, 0x0)
connect$unix(r3, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e)
syz_usb_control_io$hid(r2, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0x0, "f81d36c1"}, @main, @local]}}, 0x0}, 0x0)
syz_usb_control_io(r2, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000280)=ANY=[@ANYBLOB="b275d05e5d76d42b"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x591402, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x131)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000dc0)=@v1={0x0, @aes128, 0x0, @desc2})
syz_open_procfs(0x0, &(0x7f0000000080)='fd/4\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0x5, &(0x7f0000000440)=@framed={{}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x4af, 0x0, 0x0, 0x0, 0x7c}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

2.306880579s ago: executing program 0:
r0 = open(&(0x7f0000000040)='./bus\x00', 0x1612c2, 0x0)
r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000340)='/proc/timer_list\x00', 0x0, 0x0)
sendfile(r0, r1, 0x0, 0x4000000000010046)

2.066387494s ago: executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_X2APIC_API(r1, 0x4068aea3, &(0x7f0000000040)={0x81, 0x0, 0x1})
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))

1.972019462s ago: executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x7, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r0}, 0x0, &(0x7f00000002c0)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x6}]})

1.941063968s ago: executing program 0:
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./bus\x00', 0x8, &(0x7f0000000a40)={[{@autodefrag}, {@enospc_debug}, {@max_inline={'max_inline', 0x3d, [0x54]}}, {@datasum}, {@clear_cache}, {@ssd}, {@noenospc_debug}, {@barrier}, {@nospace_cache}, {@thread_pool={'thread_pool', 0x3d, 0x7}}]}, 0x1, 0x55a3, &(0x7f0000005680)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKAbRbfDNkX/YqW/AwN3Zcr8vqr3G4d+3Slh9cnJhqK53vrsB3cqRxV6QdatulpK6iOHaLg7bHau60XvNsKtvMST1vuF6nMN5TNW0LVoXxm26zpCzrmx0fKQ2Njn2I17aDned2mc2ZsTbrXvA5jBxq2y+vwgdpJ9Ze9PfHglSf/8fR956+duq3dfC5nk+amd7TqkHnN9ZrnMZrg86QXvP0KviUN9aUrhHD8nz5f9sycl3bf+MGrJ068/YWLr5628JopE58d9Iux/3jtLndPu7xg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MbKxP5uYAAADQa/SGvaZfHf3qS6c+dPeiF5cfV/Hdcb86abf6irO/33H8rivHf/HSK9sf36Vg/j+0tOP/8ZB/Xe5oV4cwoStxwYAQdut6PAn8LHbn5AEh7NWVaskPHJYKrA7hC12J/bNVpUr0jSWGpgK/r88EJqQCa2KgJRW4MQaWpAIXxsCKVGBGDKxOBQ6PgdCeP44D6jPjKDlQEwOtyUZcEc9CeKc+tpbaVuuyVQEAAGwnmdlhZf7dnHMdtjVDnF6uqOkpQzwDu2iG6lQN6RlsdlpVtIaKnmoo76mG7LgXffTwC2ou66nmgtMwyvIzfDjkO+UDJu79o7tuHHFT84sTv/vu2OO/8uc33129/z/993vOmX/dAQXz/6aPnv9Xd9ORsoLj/yFM7vobc5dnIh3ZeGtLXgYAAABgG1z12NInbzjgqP9z38v33fmla28oX3311//vKxsv2HvUccPL+v7dt1cUzP8nlHb+f9wn0icnc3g07oaYPSCEpvxAUu3BhYHkqHe/TAAAAAB6g+zx+Oyx8PbMbXKKdno+XZi/ZSvzxwP/E7rNf/mmv372y9c+eeLCYftsuOK/nflB2efH/m6XY9eOfPytPYf9Q0PfwvP/W0o7/782/zbpxJrYiysHhNA3J/BI7GVnoMvQGHj50PxAZvxr4gZYHKvKnJiQrWpxLNEaA02pwLJiJX6bLbFbfiDzZGUbvyA7jvZMiZwAAAAAfOLi7oB4XD6e/3/P5AO+tP+gl8a8uOe9C1+bsPSEU2t/uM8tu74+oGPSmAMnHHLEMwXz/9atO/+/ax5ccHp/R78QRlaE0Cf9w4BHa5OFAWOgriyTuL82qatPuqrzakMY3zmwdFWvZNb/r0ivMfhETVJVDOy29083DetM3FATwsjcwDPfvH5MZ2J+KpBt/Bs1IQzpHG268ZV9k8Yr041f0zeEPXMC2apO7htCZ2NV6aoerM5cxyBd1W3VIQzMCWSrOrA6hIUBgF4q/iudmfvgvIVnz57e0dF2xg5MxH34NWFWe0db44w5HTOri/RpZqrPecsYnVc4plKvfPN8ZomiqUNuH15KOvs7wabctjL78QtOHMzcj9+FKrvG2VyZd3d0esjD9ylsIuR8kyo25PIdPOTa3Eq2PIkF9cf8VaFf6LtgXtsZjWdNnz//jFHJ31KzNyd/42GmZFuNSm+r2u76VsLLo+hqWSkfd1vtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbkbw9D3a+7qlND3Xx9iePajkPdvSKnkk/iU0NCQqK3JaYvKTt/wrRf3/+tPdacdtZJe/z9HjNHnPRXl/9m7omNh0z+1fV/ubZg/j/3o+f/8VMnfvJn1mcodvy/IR7mTx7fcpi/NQaWlXr8v6HY0fzsiQFDU4FFMbDIYX4AAAA+G+LuyLg3M+6Vvq7un+4+cuaMQ97/5QlTrv7bseNOPWv9vg0XX33skv+w/p0lq454u2D+v6i03/9vp/X/s0vXf63YMv/7xxJNxdb/Ty/zn13/f1Gx9f/Ty/xn1/9f9ims/78gG0htknes/w8AAHwWfHLr//e4vH/6AgEFGXpc3j99gYCCDD0u41/qBQK2ev3/OR1/UTvo8jnjDh0x98ePrNp7ycDbvvT8xF/vs/SgEfeuvOW9UbcWzP+XlDb/t3A/AAAA7Dwe+mXfb1/87rD7n3rk/SPLLv3txpuO/6u2Aw75w8DmUyYfXfP9m/6tYP6/rLT5/ye//l8odv7/0GKBlmILA1r/DwAAgF6q2Pp/Nw98eejq+SNufOznb97yUusvZo5/7d8t+cFXpg9runnNut80zFhfMP9fUdr8P552UZ6XO/bmw/pkTbuQXtNuY332JwMAAADQO5SHxsbKEvPmrYx62Mdvc11mKdCPSud6+r5BqxaUP3RVWfXGH1wy7ZDGc489c86RF63/fu2TP6md2lh9RsH8f3Vp8/+832U8UDup/rK3Jx784cqT/3j6vvPXTt1y/B8AAADYcUrdLwEAAAAAAAAAAAAAAHz6nmpdetAHo45+Y+Zeo/70jWNf+MHiL37zkb+59s9n/vzw+/Zq3zxsSsHv/8PkrnLFfv8fr/sXf1+wa17u2GrP6/9l7k855taFXUsWPlofwj65gdnnz/5cyFybf7/cwKqp+w/uTJyfLnHfi4e/1pmYlg4cNWKX9zoT41OB1rhI4hfSgXhVxff6pwJxecUn04G4PVakA1WZwCX9k3GUpbfVhrpkW5Wlt9VzdSEMyAlkt9XddUkbZekBXpUKZAd4ejoQBzgpEyhP9+rWfkmvYqAuFv2bfkmvAADYacVvgZVhVntHW1P8Ch9vd6/Iv43yliw7r7DashKbfz6zNNnUIbcPLyXdJ/1ddMu1xitDdecQRhV8Xc3NUtY1yu1TSw+bbtciQ+5ptbfyIuXStnbTVRUfUU0yosYZczpmVvY48NE9Z2mu6DHLqILJTm6W8q5NWkItJfSlhBGVuG1K6HK8Xx4aG/ukco2LwYaQp6dXRKm/189d56/YqyA3z9/WXHtpn8F93v+38Rc99OCAyo5TJ7ddtPtj/zxw1Mwf//DB1mt+XzD/byht/l+dO673MhcDWBSvrHfwgBBaSxwRAAAAfPb9z3OX33HinDUbZq2uePZ3v5tdftyJlZvPueucsy967v7FR13y72/e1viKsqc2nfjGprP++o2ffOW6h8966fAZZ901ad0h69uqb/zuXyw/dUjB/H9oafP/uAcrcyg42duxOl7//4IBIXRdWr8hCfwsDvfkASHs1ZVqiSWSC+p/LZZoSgI/iztM9o8lWlvyq+obAytSgd/XZwKrU4E1MZDZS/HTkNmVc0V9CGO6UpPzS8yNJRpSgeNiYGgq0BgDTalA/xiYkAq82T8TaEkF/jEGQnv+trqzf2ZbAQAAbI3MPKsy/25Iz/NWVPSUoaynDLU9ZSjvKUN1TxmKjSLevyNmqEydvFKWk6kyXWtNqpaCDPFi+Fvdr4IM4bf5OdMFC5qO5x9kzzcoy88w7od3tB70tXk/3nTxjx4/8sALj1xy5duXHt1v8JXP/u/2c/v131RbMP9vKm3+X5t/m7S+Js7/t1z/Lwk8Ert3ZTx1fGgMvHxofiCzY2BNnOwuzlbVkimRmbQvjiUmxMDQVGBuDExIBVonZwLLBucHMjPtbOMXZBtvz5TICQAAAMAnLu4giLtp4vx/5bjwzh5Hvt+8+5UD5457/JHzjphes2t1zT+PX7t0/KXVD+3Xt2D+P6G0+X9sr19uYxfG3rzaP4S7y7b0JhsYUZcE4n6Muvjz+D3qQvhczg6ObIm22qREVarh8HBN8gv1qnRV99YkawzE+1OeeHDVZZ2Jq2pC2Ddn70u2jReqkzZq0oFhVUmgNh2YU5EE4p6fbOCe8iQA2yy7VzC+oDKnumQ1dF+uyOvvs3JN0PTwCvaBdpOvu99c7SjV6Qcy+1Sztu5pK6iOHaLg7bHau603vtsavNtyv0hlvqFs3hKqDuUz22ZNX9AxPz6S+0vWAjvoec79lWop6e3wOlz08Xvbs+p0B5pSHx9N3Zfr/nVYFqt7oHZS/WVvTzx45cl/PH3f+WunltyNIuIPhQ++de4Bz+Vs3h2tOmRec73u86TF50lv/Dcw1NMWQlh+wawnn/iX95+vWN/8Xw4cu/y2Nx9b/pODHpg14gsbLvnyxrfePapg/t9S2vy/InXb5YO4MecNCGF4zsZ9NG7+iQOSz8GcQPIpObAwkBxyX19f9JMTAAAAtrfs7o7s/oL2zG1yQnh6nlyYv2Ur88f9FRO6zV9qvweO+YfvHXrV69/4+vrdL3906VPr/tObrxwx7dAHNj29YuXrzcd+/umC+X/rR8//+6a66fi/4//sII7/d2tn3xXdN/3Aom3aFV1QHTuE4//d2tnfbY7/d8vxf8f/u+P4fw8c/+/Wzv60FXxLmutLVwihdcANt/+idvrwflec860Za3/+9DtN416oO/foO//H4YvDNeet+nPB/H9uafN/6/91v2hfdv2/1mLr/80ttv7fIuv/AQAAO1SRhebS87yC1fsKMqRX7yvI0OMCgT0uMWj9v61e/6/2pLNPeqX+rb2umXj7f75z+oXPn3Tis/v2ef6E20+4aeTVw1/68oaC+f+i0ub/8eXQL7f13rL+39DJRapaEgNzLQwIAADAzqjYDgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+XSseXPzFzYv3OeimZz9/0+H/umzNrL1/dcDm0WNObhy+eGDZlX/3L28NWrDwjbZJZ17bMn35NRtWLg2hvatcWVK87KFB5eWj/3DMXbdd8XDTtMFTzq3O1FuZuf1iXu7Y6of1ISzLeaQuJjbWd97ZEphyzK0LKzoTj9aHsE9uYPb5sz/XmbixPoT9cgOrpu4/uDNxfrrEfS8e/lpnYlo6cNSIXd7rTIzPBMrS3b2uf9LdsnR3L+sfwoCcQLa73+6fX1W2jf+YCZSn27i5LmkjBupi0R/VJW3EQEcs0d43hJEVIfRJV/Xr6qSqPumq/r46qapPuqr/Wh3C+BBCRbqqF6uSqirSI19blVQVA7vt/dNNwzoTy6pCGJkbeOab14/pTJyeCmQb/3pVCEM6XzLpxu+oTBqvTDd+VWUIe4YQqtIl/rUiKVGVLvFKRQgDcwLZxk+tCGFh4DMhfvjMzH1w3sKzZ0/v6Gg7YwcmqjJt1YRZ7R1tjTPmdMysTvWpmLKc9ObzPv7Yn990zozO26lDbh9eSroiU66yq8vNlXl3R+/svY/9qs2tZMvzUVB/zF8V+oW+C+a1ndF41vT5888YlfwtNXtz8rdPJppsq1G9ZVvtl1vJyPmnzR05b+HZI9pPm35K2ylt32keO6q5ecxXx45pHtk5qqbk7/YY6vWf/FB3r8ip5JP4AJCQkOhtifK8T7emnf2DvOCL/paOVobqrg/ogmlFbpayrlFuj0Ef9jFH/HG+p/Q4olEFE4eCLM09ZxldMJnYkqUmydL1va5gcphbU3nXJo33y0NjY59i26Eh/27u5n1rGzbvusymKzUNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKUAAAD//5twzl8=")
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
r1 = open(&(0x7f00000001c0)='./file1\x00', 0x10b942, 0x0)
sendfile(r1, r0, 0x0, 0x80000000)

1.763276237s ago: executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000880)={{r0}, &(0x7f0000000800), &(0x7f0000000840)=r1}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
statfs(&(0x7f0000000200)='./file0\x00', 0x0)

1.687349373s ago: executing program 1:
sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="c0000000", @ANYRES16, @ANYBLOB="000829bddf250300", @ANYRES32, @ANYBLOB="0c009900070000002e0000009800330094000400080211000000ffffffffffff01a00320963923582c1c22182c1cf62e9c81dee4892f841fdbf487c8c11e4e9d063f292c8414667316ab76c73f8a363276480ed7f6017db930c74e32b80492cb134aded8748d385dbdbe5928b48ed0e1e255efd9079f19e5bd26f8231867f6c649f7474fe7"], 0xc0}}, 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@o_path={0x0}, 0x18)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r3 = dup(r2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="02000000050000f58f04"])

1.65585285s ago: executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x12, &(0x7f0000000040)=0x6, 0x4)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000780)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d862b9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000002000002090666159e3ef5f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac1b3fca19fc0a9e346a78c12e5c3c6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027ec3d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af16aa9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e314f57d9507dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f06ac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdce943f895dd45045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bda8847e37f3c3d49018ecb97ce1a4a6cbd7c3ec5029d938b18a206f7f9bf678dfef1758d6a1ec0000000000000000000000000000003454686fbafb46bef43449725b85cfd3547fa97111e037819af7a0c21b15f4c3e3e4b64e130528d055cfc5fe1fe26307ea8e352cd098d8eac5d0ba0514556a9ca4534518f51bd41f43f21afe183a6233650514ca340a899a28d7784b747af027e7c986b1e66d0ea260b9a4bc4e6da64d984dc79646c6c61c4cd5458a0b8e14f9abc0ddb9cc164a22f6", 0x54e676f5, 0xc000, 0x0, 0xffffffffffffff59)
write$binfmt_misc(r0, 0x0, 0x0)

1.551288129s ago: executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000180)=ANY=[@ANYRES32=0x0], 0x12, 0xa10, &(0x7f00000001c0)="$eJzs3c1vXGe9B/Dv8UviulWStrm9vVGbTNKb1G19Hdu5TW7UxSWxJ4mLX5DtSI1YNKVxUBRDoQWprZBIJWBFBRKIBewqVqwqdUM3qDvYwYoFEuq/UCEWYWV0zoyTsT1jO2lsp+nnY83Mefmd5/mdOS+PZ3x8nrCzLj+y3twba6Ys7V0xtrRUPe5y/OLvPk/qfPGdHf/0gw/fLx/v3ciudOfF4vdJX5Ja0pPkyaR3bHx2ZmqDgq4nl5N8khRJdqfxuimXU/wsLYfBJyl+U9bb0a7NlsxGlvhS2+n9DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7kfF2Pjw8EixKxPTF1+pNSS1NcbGZ2eKLC2tnbO8TMPHVa/fxccb1psU5SN9fctdfT+5//bsJ5LUjuSpxthTVYfk6cu7Dz+x76XHe7qWl++Uzeeye/PFvvXOu9dfW1xceHNLErn/na9PT8zNTEydOV+vTczN1E6fPDl8/MK5udq5icn63KW5+fpUbWy2fmZ+ZrY2MPZcbeT06RO1+tClmYvT58eHJuvLE0/9z+jw8Mnay0Nfq5+ZnZuZPv7y0NzYhYnJyYnp81VMObuMOVXuiF+dmK/N189M1WpXry0unFiVU3dW7b9l0MhGa1IGjW4UNDo8OjoyMjo68l6z9+xbE06+ePrFU8PDPcOrZE3EFu203F8e6ryZ7/1JHO5SV6P9TyYzkelczCuptf0Zy3hmM5OpDvObltv/o8fr69bb2v43W/meltkHyqcjOdic2Neh/e+Qy/b9vJV38m6u57UsZjELeXPHM9ren/OpZzoTmctMJjKVM9WUWnNKLadzMicznFdzIYcyl1rOZSKTqWculzKX+dSrPWoss6nnTOYzk9nUMpCxPJdaRnI6p3MitdQzlEuZycVM53zGc6Yq5WquVe/7iXVyvBU0spmg0XWC1jTmd9z+11f/csKXzlacxuGuLDXb/10bhw6MbUdCAAAAwD33X3/Knv2P/fHvSZGnq+/lz01M1od3Oi0AAADgHqou13uqfOkth55O4fM/AAAAPGiKHGx+C9CfQ42h5f+E8iUAAAAAPCCqv/8fTHHo9gSf/wEAAOAB89DyQMd77G94F/5icPn2v7UrjdcrzYjGWNF/bmKyPjQ2M/nSSI5Vdxmo/tNgTWndSdFb/fvB8znciDrc33jtv11iWWdfGTUy9NJIns+RRsSRgWfKl2cG2kSONiKfbUQ+2xrZnRWRJ8pIAHjQHWnfHhebbP97VxQ2eKBq8nsOtGmDh7WsAHC/OFJd/5/kX80uzdp8/m9GHOz0+f9/V33+77mysv1/LFcPNS4pGMrreSOLuZLBNK84ONSu1OXeCBqXIQxu8G1Af/OShb+c6srgmu8D+m6ta2vsQkYz2PYbgZZyi+UcTjTiurdoIwDANjuybju8ufZ/MIONiA6f//tdUggA95VbPdhv4cBOryMAsJJWGgAAAAAAAAAAAAAAAAAAAAAAAAAAAO69Td3A/8/HksXFhWQbOgu4NdB3JxmuP9CVbcp5xwe6k+xU7f+fO16q3Mb3y1v34A38+J+NI+juFt/JsxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbpUi6203vSnYnGU5yfPuz2jo3djqBe6W27tz3Os0obuZm3s6erUgJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODLrHn//640Xh9uTEpPV3I0yeUkX9/pHO+lmzudwI75VvXccv//rqQ3S7nR0+wAougdG5+dmSo3f7G7nP/pBx++Xz42LnttrwplAWUNKzqXaNbQMqV35VKPVkv1jy+8df17b3ynNn622jHPzp+bHJ86P/uV24FPFB81ukBo7QZhOd8fHP3Dz1sm72pW/lF6OuW/ut5zVb3ja+v9z3ZLd6h3E64tLoyWNc3XX5n//revvd0y67EcTp4ZSAZW1vTN8tGhpsOr38+Vis+KnxR78qtcrrZ/+W4US0W5ifZW6//Q1WuLC0Ovv7F45VZOP1yR074cSnIl6VuZ0/Jou5wOVeeTth6uau0tax2ugsqn/Rus47paShzp8L4+Wu0y/WvWYb06a53XobLB+97M6ETbjH7x3cdz7I639LENamyr+Kz4W3Ehf82PWvr/6Cq3/9G0PTrbFFFFtuwprfNWHF5djchqzUdbZ7y6usyORyVb4Kf5Rv7v1vbvWirK97/luNmm81FLje2Pi+TOj4vf7l3TotxWtUj7V7VIzbNPp2Waee5vRHXI8z/yQtJz4I7OKC9scEbZquP/18VA/pEb+v8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADuf0XS3W56V3I0yb4ke8vxWrK0OubGXdTX1V/cTZr3zN3k/MVTdFzR4mZu5u3s2e6MAAAAAAAAANgaZ8c//eDD98tH9ff47vx3V3NOLelJsq/4Ze/Y+OzM1AYF9SaXl/+k33dnOVwunx65Pf5JOfbkBgvt7OUDAPCF9u8AAAD//yjzadA=")
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f0000000040))
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.296229961s ago: executing program 1:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000480)={0x1c, 0x3, 0x1, 0x101, 0x0, 0x0, {0x2}, [@CTA_MARK_MASK={0x8}]}, 0x1c}}, 0x0)

1.110083534s ago: executing program 3:
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000002580)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cf84ded40224b9c5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c86e00f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec231fed44da4928b30142ba11de6c5d50b83c6e613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e00d548cfda58c01359a17469a7a434f128dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038d0100a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f9429450c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b17680100969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06de269e97fbb0776bf56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105cfdf8be5877050c91301bb997316dbf17866fb84d4173731efe895012f1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857306f01000080000000004febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60133641a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000004641624c0000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c95b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d37261774cc5a3bf6b466cb72812da518ff602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d50a36a54c832e45b2569dc0d90b075225fde44c4da723171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2e9a20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1015ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3e8bab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846899c6b23c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33694f40000000000005d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b95bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e12a7697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953f88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca86f750189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71d2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc681b6c9a693979f55174a5fe1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8504611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c01446234437b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c64cd14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7243d574ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00000000000000aceb111b66a500ca52fd8f848088c67ee65dfdcc4c580e9bc18c1699dca07d019bf1bf9dd3da480d6c155d7e60674ce88ab5ae07a9d16e22792d99986b531ab4e592ab5925da779e700cf20309a2137877690dc5c07956fc82d7b3bb46d3138041af18508938c9be4e5d0a98073463a5cff6c146d020743da474cb81677a6f389f0e00c33b70b7f8bab9a2bc51d067f365a29fb09cbf35bf192f6a65616fa2ad9a6c7ca3a3ecd96aaecd993e8badb40e7eb8a22b0015e70c885cd519e28448168c6d914265998bff74ea1b0e651a6cae9419096248a0e41573827ad60fafce6e6540734c1f23f75337d836c31497e8112969a039d65aa297e2b046b5f4d11116a89f9f65693d4dc3e70fbfe0b2044fdb3f87e887d1daae8e38a0c19f668f776e19a02bb2449ee4384f6536879c85d7e41bc0276ee2b125d41ff358323311703ec01d64a5ffbdeb75bdcc87d01de38365ab9222713d2d1640a742d62fefb5403b2ed9969c32a0841e8c36b0107bb888eb14ac62e6d4bdfaeb9ee7430100bf3825a1996c8997ce285edf1d277ed703f560460417bfe702af833e83c5b987befb6d1fcf765ab7ea537d9dafb622a1ba8686cb150963b84470364942e90d1cf856cead864f5e38c83b9ed86cc5725a20299ce512b1650000000000000000000000000042ffb84a7e00000000000000aa5169d756bad126e74f69c660cff5368a330415b850eeffaebbfdafcc00"/4136], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x2e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='kfree\x00', r2}, 0x10)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r1)
syz_mount_image$ext4(0x0, &(0x7f0000000440)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f0000000040)={0x30}, 0x30)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

1.097247879s ago: executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x11, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="1800"/13], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r2}, 0x10)
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYBLOB="010000000000000000000b"], 0x44}}, 0x0)
sendto$packet(r0, &(0x7f0000000840)="1412e0c84935a9", 0x7, 0x0, &(0x7f00000007c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10)
connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$phonet(0x23, 0x2, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000400)='sched_switch\x00', r4}, 0x10)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
socket(0x11, 0x3, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x14, 0x31, 0x105, 0x0, 0x0, {0x1}}, 0x14}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

807.311231ms ago: executing program 1:
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f0000000040)=[{}, {}, {}], 0x3e)

787.568967ms ago: executing program 2:
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, 0xffffffffffffffff, 0x0)
ftruncate(0xffffffffffffffff, 0x8001)
r0 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETVERSION(r0, 0x80044944, &(0x7f0000001040))

719.259832ms ago: executing program 3:
r0 = socket$kcm(0x21, 0x2, 0x2)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @broadcast}}, 0x80, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000100100000100000070"], 0x18}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=[{0x18, 0x110, 0x1, 'p'}], 0x18}, 0x0)

608.905046ms ago: executing program 1:
mlockall(0x3)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)

608.131981ms ago: executing program 2:
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x111042, 0x0)
write$FUSE_GETXATTR(r0, &(0x7f0000000000)={0x18}, 0x18)
sendfile(r0, r0, &(0x7f00000001c0), 0xe0000000)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
dup3(r1, 0xffffffffffffffff, 0x0)

462.010762ms ago: executing program 3:
socket(0x0, 0x0, 0x0)
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[], 0xfe3c)
dup3(r1, r0, 0x0)
setxattr$security_ima(&(0x7f0000000180)='./bus\x00', &(0x7f0000000040), &(0x7f00000000c0)=@ng={0x4, 0x15}, 0x2, 0x0)
finit_module(r1, 0x0, 0x0)

458.935333ms ago: executing program 2:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r0, 0x10c, 0x1, &(0x7f00000017c0)=0x7fffffff, 0x4)

416.68489ms ago: executing program 4:
socket$nl_route(0x10, 0x3, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000006112001c0000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x90)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x34)
bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70)

287.132749ms ago: executing program 2:
bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0xf)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0xc9d7, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f0000000880)=""/120}, 0x20)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
write$cgroup_devices(r3, &(0x7f0000000280)=ANY=[], 0xffdd)

128.083544ms ago: executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000070080000000000000000000850000006d00000095"], &(0x7f0000000700)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='mm_page_free\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0x0)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
prctl$PR_SET_MM_MAP(0x41, 0x3, 0x0, 0x0)
r4 = pidfd_getfd(r3, r3, 0x0)
r5 = fcntl$dupfd(r1, 0x0, r4)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x200000f, 0x12, r5, 0x0)

0s ago: executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$llc_int(r0, 0x10c, 0x1, &(0x7f00000017c0), 0x4)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.159' (ED25519) to the list of known hosts.
2024/06/01 20:40:53 fuzzer started
2024/06/01 20:40:53 dialing manager at 10.128.0.169:30010
[   71.800403][ T5094] cgroup: Unknown subsys name 'net'
[   71.817939][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[   71.827974][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[   71.987598][ T5094] cgroup: Unknown subsys name 'rlimit'
2024/06/01 20:40:55 starting 5 executor processes
[   73.363287][ T5100] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   73.377314][ T5100] syz-executor (5100) used greatest stack depth: 18832 bytes left
[   75.334656][ T5119] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   75.343153][ T5123] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   75.352733][ T5123] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   75.360333][ T5123] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   75.373011][ T5123] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   75.382018][ T5124] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   75.389718][ T5124] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   75.397713][ T5123] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   75.408343][ T5123] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   75.418387][ T5123] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   75.427641][ T5123] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   75.428781][ T5130] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   75.435939][ T5123] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   75.443744][ T5130] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   75.449496][ T5123] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   75.457232][ T5130] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   75.464512][ T5123] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   75.470722][ T5130] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   75.478425][ T5123] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   75.500071][ T5123] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   75.508115][ T5123] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   75.517434][ T5123] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   75.527620][ T5124] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   75.535847][ T5123] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   75.561549][ T4489] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   75.581297][ T4489] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   75.602128][ T4489] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   75.616748][ T4489] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   75.633541][ T4489] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   75.641359][ T4489] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   76.041660][ T5115] chnl_net:caif_netlink_parms(): no params data found
[   76.278933][ T5127] chnl_net:caif_netlink_parms(): no params data found
[   76.297993][ T5114] chnl_net:caif_netlink_parms(): no params data found
[   76.344221][ T5115] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.352536][ T5115] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.360005][ T5115] bridge_slave_0: entered allmulticast mode
[   76.367928][ T5115] bridge_slave_0: entered promiscuous mode
[   76.410447][ T5115] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.418810][ T5115] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.426358][ T5115] bridge_slave_1: entered allmulticast mode
[   76.433983][ T5115] bridge_slave_1: entered promiscuous mode
[   76.515738][ T5117] chnl_net:caif_netlink_parms(): no params data found
[   76.530305][ T5115] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.565743][ T5115] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.658708][ T5115] team0: Port device team_slave_0 added
[   76.718112][ T5115] team0: Port device team_slave_1 added
[   76.738246][ T5114] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.747335][ T5114] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.755250][ T5114] bridge_slave_0: entered allmulticast mode
[   76.765061][ T5114] bridge_slave_0: entered promiscuous mode
[   76.774730][ T5114] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.782387][ T5114] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.789641][ T5114] bridge_slave_1: entered allmulticast mode
[   76.797625][ T5114] bridge_slave_1: entered promiscuous mode
[   76.805019][ T5132] chnl_net:caif_netlink_parms(): no params data found
[   76.835378][ T5127] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.842750][ T5127] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.849975][ T5127] bridge_slave_0: entered allmulticast mode
[   76.857617][ T5127] bridge_slave_0: entered promiscuous mode
[   76.917056][ T5127] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.925764][ T5127] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.933134][ T5127] bridge_slave_1: entered allmulticast mode
[   76.940301][ T5127] bridge_slave_1: entered promiscuous mode
[   76.970810][ T5114] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.984750][ T5114] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.999763][ T5115] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.007060][ T5115] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.033654][ T5115] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.047979][ T5115] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.055189][ T5115] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.081291][ T5115] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.184031][ T5127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.219792][ T5114] team0: Port device team_slave_0 added
[   77.230179][ T5114] team0: Port device team_slave_1 added
[   77.250581][ T5117] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.257956][ T5117] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.265561][ T5117] bridge_slave_0: entered allmulticast mode
[   77.273165][ T5117] bridge_slave_0: entered promiscuous mode
[   77.284627][ T5127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.337117][ T5117] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.344498][ T5117] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.352368][ T5117] bridge_slave_1: entered allmulticast mode
[   77.360860][ T5117] bridge_slave_1: entered promiscuous mode
[   77.420201][ T5114] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.428692][ T5114] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.454837][ T5114] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.468519][ T5114] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.475602][ T5114] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.502191][ T5114] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.528769][ T5127] team0: Port device team_slave_0 added
[   77.539031][ T5127] team0: Port device team_slave_1 added
[   77.545444][ T5132] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.552944][ T5132] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.560191][ T5132] bridge_slave_0: entered allmulticast mode
[   77.565247][ T4489] Bluetooth: hci2: command tx timeout
[   77.568650][ T5132] bridge_slave_0: entered promiscuous mode
[   77.571683][ T5133] Bluetooth: hci3: command tx timeout
[   77.583391][ T5124] Bluetooth: hci1: command tx timeout
[   77.594959][ T5115] hsr_slave_0: entered promiscuous mode
[   77.601494][ T5115] hsr_slave_1: entered promiscuous mode
[   77.640538][ T5132] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.642693][ T5124] Bluetooth: hci0: command tx timeout
[   77.653676][ T5132] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.660956][ T5132] bridge_slave_1: entered allmulticast mode
[   77.668845][ T5132] bridge_slave_1: entered promiscuous mode
[   77.694403][ T5117] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.722415][ T5124] Bluetooth: hci4: command tx timeout
[   77.758442][ T5117] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.781405][ T5127] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.788989][ T5127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.815011][ T5127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.828395][ T5127] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.835498][ T5127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   77.862739][ T5127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.891380][ T5132] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.949632][ T5132] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.969057][ T5117] team0: Port device team_slave_0 added
[   77.979218][ T5117] team0: Port device team_slave_1 added
[   77.992394][ T5114] hsr_slave_0: entered promiscuous mode
[   77.999444][ T5114] hsr_slave_1: entered promiscuous mode
[   78.006545][ T5114] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.015883][ T5114] Cannot create hsr debugfs directory
[   78.101634][ T5132] team0: Port device team_slave_0 added
[   78.140978][ T5117] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.148095][ T5117] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.174393][ T5117] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.188281][ T5117] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.195512][ T5117] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.228410][ T5117] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.242843][ T5132] team0: Port device team_slave_1 added
[   78.330009][ T5127] hsr_slave_0: entered promiscuous mode
[   78.336630][ T5127] hsr_slave_1: entered promiscuous mode
[   78.343256][ T5127] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.350874][ T5127] Cannot create hsr debugfs directory
[   78.385274][ T5132] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.392444][ T5132] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.418706][ T5132] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.481098][ T5132] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.488475][ T5132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.514767][ T5132] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.571477][ T5117] hsr_slave_0: entered promiscuous mode
[   78.578862][ T5117] hsr_slave_1: entered promiscuous mode
[   78.585685][ T5117] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.593382][ T5117] Cannot create hsr debugfs directory
[   78.783770][ T5132] hsr_slave_0: entered promiscuous mode
[   78.790563][ T5132] hsr_slave_1: entered promiscuous mode
[   78.798242][ T5132] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.806211][ T5132] Cannot create hsr debugfs directory
[   78.852952][ T5115] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   78.872177][ T5115] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   78.931365][ T5115] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   78.969687][ T5115] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.168171][ T5114] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   79.187409][ T5114] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   79.198849][ T5114] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   79.217159][ T5114] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   79.314357][ T5127] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   79.327256][ T5127] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   79.338583][ T5127] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   79.349824][ T5127] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   79.446141][ T5117] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   79.470475][ T5117] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   79.483201][ T5117] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   79.498628][ T5117] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   79.643502][ T5133] Bluetooth: hci3: command tx timeout
[   79.648973][ T5133] Bluetooth: hci2: command tx timeout
[   79.655779][ T5124] Bluetooth: hci1: command tx timeout
[   79.671621][ T5115] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.681643][ T5132] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   79.716461][ T5132] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   79.724076][ T5133] Bluetooth: hci0: command tx timeout
[   79.733760][ T5132] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   79.767233][ T5132] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   79.801929][ T5133] Bluetooth: hci4: command tx timeout
[   79.814171][ T5114] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.830332][ T5115] 8021q: adding VLAN 0 to HW filter on device team0
[   79.889648][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.897487][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.938387][ T5167] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.945618][ T5167] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.968885][ T5114] 8021q: adding VLAN 0 to HW filter on device team0
[   79.995584][ T5127] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.008766][ T5167] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.016208][ T5167] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.093605][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.101322][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.168199][ T5127] 8021q: adding VLAN 0 to HW filter on device team0
[   80.186341][ T5117] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.213256][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.220556][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.246795][ T5132] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.281533][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.288885][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.371318][ T5117] 8021q: adding VLAN 0 to HW filter on device team0
[   80.395230][ T5132] 8021q: adding VLAN 0 to HW filter on device team0
[   80.417212][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.424555][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.463486][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.470723][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.488467][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.495724][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.564320][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.571493][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.634930][ T5115] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.819378][ T5132] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   81.004603][ T5115] veth0_vlan: entered promiscuous mode
[   81.045539][ T5114] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.077548][ T5115] veth1_vlan: entered promiscuous mode
[   81.192254][ T5115] veth0_macvtap: entered promiscuous mode
[   81.257080][ T5115] veth1_macvtap: entered promiscuous mode
[   81.279068][ T5117] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.349872][ T5127] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.397153][ T5115] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.418010][ T5132] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.455255][ T5115] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.510009][ T5115] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.519629][ T5115] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.536476][ T5115] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.545870][ T5115] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.652899][ T5117] veth0_vlan: entered promiscuous mode
[   81.677555][ T5132] veth0_vlan: entered promiscuous mode
[   81.705615][ T5127] veth0_vlan: entered promiscuous mode
[   81.728151][ T5133] Bluetooth: hci2: command tx timeout
[   81.734188][ T4489] Bluetooth: hci3: command tx timeout
[   81.738587][ T5124] Bluetooth: hci1: command tx timeout
[   81.756835][ T5117] veth1_vlan: entered promiscuous mode
[   81.803066][ T5124] Bluetooth: hci0: command tx timeout
[   81.805030][ T5114] veth0_vlan: entered promiscuous mode
[   81.834870][ T5132] veth1_vlan: entered promiscuous mode
[   81.844249][ T5127] veth1_vlan: entered promiscuous mode
[   81.882605][ T5124] Bluetooth: hci4: command tx timeout
[   81.933530][ T5114] veth1_vlan: entered promiscuous mode
[   81.958894][   T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.977541][ T5117] veth0_macvtap: entered promiscuous mode
[   81.989938][ T5117] veth1_macvtap: entered promiscuous mode
[   82.002128][   T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.057031][ T5127] veth0_macvtap: entered promiscuous mode
[   82.095077][ T3887] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.107851][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.119742][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.132638][ T3887] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.139721][ T5117] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.152983][ T5132] veth0_macvtap: entered promiscuous mode
[   82.195841][ T5117] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.222106][ T5117] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.243640][ T5117] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.271064][ T5114] veth0_macvtap: entered promiscuous mode
[   82.287646][ T5114] veth1_macvtap: entered promiscuous mode
[   82.309141][ T5132] veth1_macvtap: entered promiscuous mode
[   82.337152][ T5117] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.391995][ T5117] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.400822][ T5117] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.431317][ T5117] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.444784][ T5127] veth1_macvtap: entered promiscuous mode
[   82.477814][ T5201] batman_adv: batadv0: Adding interface: vlan2
[   82.484817][ T5201] batman_adv: batadv0: The MTU of interface vlan2 is too small (1480) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   82.512738][ T5201] batman_adv: batadv0: Not using interface vlan2 (retrying later): interface not active
[   82.607993][ T5127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.642024][ T5127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.677552][ T5127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.717076][ T5127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.744531][ T5127] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.775300][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.795817][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.825236][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.852228][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.868646][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.879985][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.883290][ T5206] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure
[   82.892936][ T5132] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.923700][   T30] audit: type=1800 audit(1717274465.403:2): pid=5206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="bus" dev="sda1" ino=1945 res=0 errno=0
[   82.975777][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.007593][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.036535][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.047511][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.057947][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.071719][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.081701][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.099081][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.111055][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.126920][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.138206][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.149396][ T5132] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.164286][ T5132] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.177525][ T5132] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.199268][ T5127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.210198][ T5127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.220369][ T5127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.230920][ T5127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.245444][ T5127] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.256039][ T5127] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.267534][ T5127] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.279223][ T5132] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.281005][   T45] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   83.290442][ T5132] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.310922][ T5132] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.319892][ T5132] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.338335][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.350471][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.363664][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.374205][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.384094][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.395375][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.405542][ T5114] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.416190][ T5114] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.428154][ T5114] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.439839][ T5114] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.448991][ T5114] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.458900][ T5114] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.468636][ T5114] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.491884][   T45] usb 1-1: Using ep0 maxpacket: 8
[   83.500878][ T5127] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.506387][   T45] usb 1-1: unable to get BOS descriptor or descriptor too short
[   83.511181][ T5127] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.526943][ T5127] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.528244][   T45] usb 1-1: config index 0 descriptor too short (expected 35451, got 117)
[   83.535717][ T5127] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.567912][   T45] usb 1-1: config 255 has too many interfaces: 248, using maximum allowed: 32
[   83.580640][   T45] usb 1-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config
[   83.592381][ T4301] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.603011][ T4301] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.611271][   T45] usb 1-1: config 255 has 0 interfaces, different from the descriptor's value: 248
[   83.636327][   T45] usb 1-1: string descriptor 0 read error: -22
[   83.643365][   T45] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   83.659841][   T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   83.771287][ T4301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.784011][ T4301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.802223][ T5124] Bluetooth: hci1: command tx timeout
[   83.802241][ T4489] Bluetooth: hci3: command tx timeout
[   83.802282][ T4489] Bluetooth: hci2: command tx timeout
[   83.893125][ T4489] Bluetooth: hci0: command tx timeout
[   83.922143][   T45] usb 1-1: USB disconnect, device number 2
[   83.933349][   T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.941340][   T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.951620][ T3887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.963433][ T4489] Bluetooth: hci4: command tx timeout
[   83.975341][ T3887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.125976][   T29] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.134045][   T29] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.239279][   T62] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.264963][   T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.266854][   T62] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.285772][   T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.397037][   T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.416933][   T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.628579][ T5214] loop4: detected capacity change from 0 to 512
[   84.791725][ T5214] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   84.839500][ T5214] ext4 filesystem being mounted at /root/syzkaller-testdir4102995024/syzkaller.wCToRv/0/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   84.869349][ T5221] input: syz0 as /devices/virtual/input/input5
[   84.940727][ T5214] EXT4-fs error (device loop4): ext4_search_dir:1548: inode #2: block 3: comm syz-executor.4: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[   85.366140][ T5208] loop2: detected capacity change from 0 to 32768
[   85.393454][ T5208] =======================================================
[   85.393454][ T5208] WARNING: The mand mount option has been deprecated and
[   85.393454][ T5208]          and is ignored by this kernel. Remove the mand
[   85.393454][ T5208]          option from the mount to silence this warning.
[   85.393454][ T5208] =======================================================
[   85.882033][ T4489] Bluetooth: hci1: command tx timeout
[   86.397647][ T5240] syz-executor.0 (5240) used greatest stack depth: 18768 bytes left
[   86.440682][ T5215] loop1: detected capacity change from 0 to 32768
[   86.545386][ T5215] find_entry called with index = 0
[   86.584044][ T5215] find_entry called with index = 0
[   86.632995][ T5243] find_entry called with index >= next_index
[   86.647188][ T5243] find_entry called with index >= next_index
[   86.680440][   T30] audit: type=1326 audit(1717274469.163:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   86.706511][ T5243] find_entry called with index >= next_index
[   86.734565][ T5243] find_entry called with index >= next_index
[   86.748314][ T5243] find_entry called with index >= next_index
[   86.775348][   T30] audit: type=1326 audit(1717274469.163:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   86.856149][   T30] audit: type=1326 audit(1717274469.163:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   86.913962][ T5215] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   86.942016][   T30] audit: type=1326 audit(1717274469.163:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   86.997128][   T30] audit: type=1326 audit(1717274469.163:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   87.053337][   T30] audit: type=1326 audit(1717274469.163:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   87.131864][   T30] audit: type=1326 audit(1717274469.163:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   87.174397][    T9] cfg80211: failed to load regulatory.db
[   87.199277][   T30] audit: type=1326 audit(1717274469.163:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   87.224503][   T30] audit: type=1326 audit(1717274469.163:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5244 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[   87.251120][ T5214] EXT4-fs error (device loop4): ext4_find_dest_de:2111: inode #12: block 32: comm syz-executor.4: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=12, rec_len=106, size=2048 fake=1
[   87.427313][ T5114] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.837643][ T5242] loop3: detected capacity change from 0 to 40427
[   87.914974][ T5242] F2FS-fs (loop3): Found nat_bits in checkpoint
[   87.988064][ T5247] loop2: detected capacity change from 0 to 32768
[   88.145541][ T5247] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   88.177958][ T5242] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   88.305950][ T5247] XFS (loop2): Ending clean mount
[   88.336214][ T5247] XFS (loop2): Quotacheck needed: Please wait.
[   88.468239][ T5247] XFS (loop2): Quotacheck: Done.
[   88.737727][ T5117] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   89.360790][ T5301] syz-executor.4: attempt to access beyond end of device
[   89.360790][ T5301] loop9: rw=0, sector=0, nr_sectors = 1 limit=0
[   89.380945][ T5301] FAT-fs (loop9): unable to read boot sector
[   89.601940][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   89.825765][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   89.862908][    T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   89.899503][    T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   89.942404][    T9] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[   89.970880][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.023828][    T9] usb 2-1: config 0 descriptor??
[   90.059997][    T9] usbhid 2-1:0.0: can't add hid device: -22
[   90.087259][    T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -22
[   90.258303][   T45] usb 2-1: USB disconnect, device number 2
[   90.614461][ T5293] loop0: detected capacity change from 0 to 40427
[   90.648288][ T5293] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[   90.703521][ T5293] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   90.795364][ T5293] F2FS-fs (loop0): Found nat_bits in checkpoint
[   90.861056][ T5331] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[   91.124729][ T5293] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   91.136744][ T5293] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   91.272870][ T5341] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   91.317562][   T30] kauditd_printk_skb: 128 callbacks suppressed
[   91.317607][   T30] audit: type=1804 audit(1717274473.733:140): pid=5341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir640897272/syzkaller.CdAFsn/7/file0" dev="sda1" ino=1967 res=1 errno=0
[   92.549700][ T5347] loop2: detected capacity change from 0 to 4096
[   92.738898][ T5347] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   92.822440][ T5347] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   94.522854][ T5345] loop3: detected capacity change from 0 to 40427
[   94.553699][ T5345] F2FS-fs (loop3): Invalid log sectorsize (2)
[   94.581965][ T5345] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   94.713733][ T5345] F2FS-fs (loop3): Found nat_bits in checkpoint
[   96.362555][   T30] audit: type=1804 audit(1717274478.833:141): pid=5382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4102995024/syzkaller.wCToRv/13/file0" dev="sda1" ino=1942 res=1 errno=0
[   98.070112][   T30] audit: type=1804 audit(1717274480.553:142): pid=5399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir61500457/syzkaller.rX9MNn/6/file0" dev="sda1" ino=1965 res=1 errno=0
[   98.696101][    T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!!
[   99.062370][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  102.850595][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  103.157623][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  103.319425][ T5441] loop1: detected capacity change from 0 to 256
[  103.487785][   T30] audit: type=1804 audit(1717274485.973:143): pid=5445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name=2F726F6F742F73797A6B616C6C65722D74657374646972343037323337343434342F73797A6B616C6C65722E4C584D6F67502F382FE91F7189591E9233614B2F2E6C6F67 dev="loop1" ino=1048595 res=1 errno=0
[  103.572604][ T5447] loop2: detected capacity change from 0 to 512
[  103.632108][ T5447] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  103.699978][ T5447] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  103.758707][ T5447] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2856: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  103.816419][ T5447] EXT4-fs (loop2): 1 truncate cleaned up
[  103.833259][ T5447] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.950107][ T5457] loop3: detected capacity change from 0 to 2048
[  103.971975][ T5447] loop2: detected capacity change from 512 to 64
[  104.007130][ T5457] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  104.058588][ T5457] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  104.071525][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.090311][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.108107][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.124517][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.139569][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.168149][ T5457] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 10 with max blocks 2 with error 28
[  104.184220][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.200010][ T5457] EXT4-fs (loop3): This should not happen!! Data will be lost
[  104.200010][ T5457] 
[  104.202399][ T5464] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'.
[  104.211318][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.236087][ T5457] EXT4-fs (loop3): Total free blocks count 0
[  104.244588][ T5457] EXT4-fs (loop3): Free/Dirty block details
[  104.253632][ T5457] EXT4-fs (loop3): free_blocks=2415919104
[  104.259645][ T5457] EXT4-fs (loop3): dirty_blocks=16
[  104.267306][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.281276][ T5457] EXT4-fs (loop3): Block reservation details
[  104.289775][ T5457] EXT4-fs (loop3): i_reserved_data_blocks=1
[  104.296915][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.317296][ T5464] netlink: 'syz-executor.1': attribute type 1 has an invalid length.
[  104.340923][ T5117] EXT4-fs warning (device loop2): ext4_empty_dir:3116: inode #11: lblock 5: comm syz-executor.2: error -12 reading directory block
[  104.387919][ T5127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  104.843535][ T5479] loop4: detected capacity change from 0 to 1024
[  104.985934][ T5479] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  105.330552][ T5117] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.750907][ T3887] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.063133][ T5486] loop1: detected capacity change from 0 to 2048
[  106.119024][ T3887] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.159329][ T5486] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  106.386326][ T5490] loop3: detected capacity change from 0 to 2048
[  106.421209][ T3887] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.578728][   T30] audit: type=1804 audit(1717274489.043:144): pid=5501 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.4" name="/root/syzkaller-testdir4102995024/syzkaller.wCToRv/24/file0" dev="sda1" ino=1936 res=1 errno=0
[  107.449154][ T5490] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.580025][ T5506] loop4: detected capacity change from 0 to 512
[  107.675816][ T5506] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  107.675973][ T5490] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  107.684396][ T5506] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2
[  107.708472][ T5506] EXT4-fs error (device loop4): ext4_orphan_get:1420: comm syz-executor.4: bad orphan inode 13
[  107.742600][ T5506] EXT4-fs (loop4): Remounting filesystem read-only
[  107.759264][ T5490] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 10 with max blocks 2 with error 28
[  107.782637][ T5506] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  107.795537][ T5490] EXT4-fs (loop3): This should not happen!! Data will be lost
[  107.795537][ T5490] 
[  107.796975][ T3887] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  107.852924][ T5490] EXT4-fs (loop3): Total free blocks count 0
[  107.892154][ T5490] EXT4-fs (loop3): Free/Dirty block details
[  107.915313][ T5490] EXT4-fs (loop3): free_blocks=2415919104
[  107.924860][ T5114] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.931182][ T5490] EXT4-fs (loop3): dirty_blocks=16
[  107.945705][ T5490] EXT4-fs (loop3): Block reservation details
[  107.952355][ T5505] loop1: detected capacity change from 0 to 8192
[  107.963661][ T5490] EXT4-fs (loop3): i_reserved_data_blocks=1
[  108.038498][ T5505]  loop1: p1 < > p2 p3 < p5 >
[  108.055183][ T5505] loop1: partition table partially beyond EOD, truncated
[  108.102844][ T5505] loop1: p1 start 277760 is beyond EOD, truncated
[  108.116240][ T5505] loop1: p2 start 2228224 is beyond EOD, truncated
[  108.136249][ T5127] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  108.202803][ T5505] loop1: p5 start 2228224 is beyond EOD, truncated
[  108.215631][ T3887] bridge_slave_1: left allmulticast mode
[  108.221744][ T3887] bridge_slave_1: left promiscuous mode
[  108.244513][ T3887] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.341437][ T3887] bridge_slave_0: left allmulticast mode
[  108.394089][ T3887] bridge_slave_0: left promiscuous mode
[  108.399940][ T3887] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.459149][ T5124] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  108.483675][ T5124] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  108.500771][ T5124] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  108.511144][ T5124] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  108.520167][ T5124] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  108.537871][ T5124] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  110.601934][ T5124] Bluetooth: hci2: command tx timeout
[  110.978307][ T3887] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  110.999619][ T3887] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  111.017685][ T3887] bond0 (unregistering): Released all slaves
[  111.248887][ T5547] loop3: detected capacity change from 0 to 32768
[  111.391327][ T5571] loop4: detected capacity change from 0 to 1024
[  111.393190][ T5547] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  111.450380][ T5571] hfsplus: failed to load catalog file
[  111.696349][ T5547] XFS (loop3): Ending clean mount
[  111.708606][ T5547] XFS (loop3): Quotacheck needed: Please wait.
[  111.782903][ T5547] XFS (loop3): Quotacheck: Done.
[  112.077272][ T5127] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  112.287235][ T3887] hsr_slave_0: left promiscuous mode
[  112.398183][ T3887] hsr_slave_1: left promiscuous mode
[  112.477356][ T3887] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  112.502052][ T3887] batman_adv: batadv0: Removing interface: batadv_slave_0
[  112.518771][ T3887] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  112.539337][ T3887] batman_adv: batadv0: Removing interface: batadv_slave_1
[  112.572665][ T5605] loop0: detected capacity change from 0 to 8192
[  112.647391][ T3887] veth1_macvtap: left promiscuous mode
[  112.682742][ T5124] Bluetooth: hci2: command tx timeout
[  112.696135][ T3887] veth0_macvtap: left promiscuous mode
[  112.703050][ T5605]  loop0: p1 < > p2 p3 < p5 >
[  112.707810][ T5605] loop0: partition table partially beyond EOD, truncated
[  112.733537][ T3887] veth1_vlan: left promiscuous mode
[  112.739249][ T3887] veth0_vlan: left promiscuous mode
[  112.792056][ T5605] loop0: p1 start 277760 is beyond EOD, truncated
[  112.798574][ T5605] loop0: p2 start 2228224 is beyond EOD, truncated
[  112.852396][ T5605] loop0: p5 start 2228224 is beyond EOD, truncated
[  113.419343][ T5122] udevd[5122]: inotify_add_watch(7, /dev/loop0p3, 10) failed: No such file or directory
[  114.304962][ T5640] loop4: detected capacity change from 0 to 32768
[  114.324552][ T3887] team0 (unregistering): Port device team_slave_1 removed
[  114.378510][ T5640] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  114.392530][ T3887] team0 (unregistering): Port device team_slave_0 removed
[  114.463567][ T5640] XFS (loop4): Ending clean mount
[  114.490001][ T5640] XFS (loop4): Quotacheck needed: Please wait.
[  114.589709][ T5640] XFS (loop4): Quotacheck: Done.
[  114.712951][ T5114] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  114.762658][ T5124] Bluetooth: hci2: command tx timeout
[  115.062251][ T5632] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[  115.867158][ T5697] loop0: detected capacity change from 0 to 512
[  115.898086][ T5697] EXT4-fs: Ignoring removed nobh option
[  115.905119][ T5512] chnl_net:caif_netlink_parms(): no params data found
[  115.914507][ T5699] loop3: detected capacity change from 0 to 512
[  115.933904][ T5697] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  115.953186][ T5699] ext2: Unknown parameter 'audit'
[  116.072020][ T5699] loop3: detected capacity change from 0 to 64
[  116.118831][ T5699] MINIX-fs: mounting unchecked file system, running fsck is recommended
[  116.174520][ T5699] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  116.225375][ T5699] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(6)
[  116.232345][ T5699] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  116.240564][ T5697] EXT4-fs (loop0): failed to open journal device unknown-block(0,0) -6
[  116.278861][ T5512] bridge0: port 1(bridge_slave_0) entered blocking state
[  116.282728][ T5699] vhci_hcd vhci_hcd.0: Device attached
[  116.286439][ T5512] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.299564][ T5512] bridge_slave_0: entered allmulticast mode
[  116.334360][ T5512] bridge_slave_0: entered promiscuous mode
[  116.356185][ T5707] vhci_hcd: connection closed
[  116.365088][ T4301] vhci_hcd: stop threads
[  116.387728][ T5512] bridge0: port 2(bridge_slave_1) entered blocking state
[  116.410517][ T4301] vhci_hcd: release socket
[  116.416921][ T4301] vhci_hcd: disconnect device
[  116.443443][ T5512] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.450781][ T5512] bridge_slave_1: entered allmulticast mode
[  116.482224][ T5209] vhci_hcd: vhci_device speed not set
[  116.522771][ T5512] bridge_slave_1: entered promiscuous mode
[  116.626568][ T5718] net_ratelimit: 2 callbacks suppressed
[  116.626589][ T5718] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  116.723339][ T5512] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  116.769051][ T5512] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  116.841900][ T5124] Bluetooth: hci2: command tx timeout
[  116.857244][ T5512] team0: Port device team_slave_0 added
[  116.871408][ T5512] team0: Port device team_slave_1 added
[  117.002232][ T5512] batman_adv: batadv0: Adding interface: batadv_slave_0
[  117.011977][    T9] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  117.023292][ T5512] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.090040][ T5731] loop4: detected capacity change from 0 to 512
[  117.097172][ T5512] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  117.114761][ T5512] batman_adv: batadv0: Adding interface: batadv_slave_1
[  117.132120][ T5512] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  117.168612][ T5512] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  117.210907][ T5122] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  117.238013][    T9] usb 1-1: config 1 has an invalid descriptor of length 99, skipping remainder of the config
[  117.273576][    T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3
[  117.306362][    T9] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  117.336312][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  117.364360][    T9] usb 1-1: SerialNumber: syz
[  117.448714][ T5738] loop4: detected capacity change from 0 to 512
[  117.470378][ T5738] EXT4-fs: Ignoring removed bh option
[  117.526426][ T5738] EXT4-fs (loop4): blocks per group (71) and clusters per group (32768) inconsistent
[  117.611034][ T5512] hsr_slave_0: entered promiscuous mode
[  117.616978][   T30] audit: type=1800 audit(1717274500.103:145): pid=5738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1959 res=0 errno=0
[  117.671043][ T5512] hsr_slave_1: entered promiscuous mode
[  117.687110][    T9] usb 1-1: 0:2 : does not exist
[  117.708943][ T5512] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  117.746024][ T5512] Cannot create hsr debugfs directory
[  117.770490][ T5745] netdevsim netdevsim1: Direct firmware load for �I� failed with error -2
[  117.781473][ T5745] netdevsim netdevsim1: Falling back to sysfs fallback for: �I�
[  117.862459][ T5166] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  118.053101][ T5166] usb 4-1: Using ep0 maxpacket: 8
[  118.068538][ T5166] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  118.108050][ T5166] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  118.150725][ T5166] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  118.192384][    T9] usb 1-1: USB disconnect, device number 3
[  118.213958][ T5166] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  118.244971][ T5166] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  118.290325][ T5122] udevd[5122]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  118.306726][ T5166] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  118.326861][ T5166] usb 4-1: config 168 descriptor has 1 excess byte, ignoring
[  118.338047][ T5166] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  118.355494][ T5166] usb 4-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  118.417925][ T5166] usb 4-1: string descriptor 0 read error: -22
[  118.442339][ T5166] usb 4-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  118.451478][ T5166] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  118.531131][ T5166] adutux 4-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  118.635731][ T5754] netdevsim netdevsim1: Direct firmware load for � failed with error -2
[  118.707127][ T5754] netdevsim netdevsim1: Falling back to sysfs fallback for: �
[  118.835230][ T5762] netlink: 32 bytes leftover after parsing attributes in process `syz-executor.4'.
[  118.844186][ T5167] usb 4-1: USB disconnect, device number 2
[  118.856275][ T5761] usb 4-1: Couldn't submit interrupt_out_urb -19
[  119.393643][   T30] audit: type=1326 audit(1717274501.883:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  119.490252][   T30] audit: type=1326 audit(1717274501.883:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  119.595854][ T5512] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  119.602405][ T5785] loop1: detected capacity change from 0 to 512
[  119.612663][   T30] audit: type=1326 audit(1717274501.913:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  119.641537][ T5787] TCP: MD5 Hash failed for 172.20.20.187.0->172.20.20.170.20002 []  L3 index 0
[  119.666890][   T30] audit: type=1326 audit(1717274501.913:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  119.702178][ T5512] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  119.722915][   T30] audit: type=1326 audit(1717274501.913:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  119.751532][ T5785] EXT4-fs warning (device loop1): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  119.784357][ T5512] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  119.837836][ T5785] EXT4-fs warning (device loop1): dx_probe:880: Enable large directory feature to access it
[  119.852123][   T30] audit: type=1326 audit(1717274501.923:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  119.900653][ T5785] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz-executor.1: Corrupt directory, running e2fsck is recommended
[  119.940344][ T5512] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  119.962744][   T30] audit: type=1326 audit(1717274501.923:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  120.003790][ T5785] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  120.050493][ T5785] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.1: corrupted in-inode xattr: invalid ea_ino
[  120.064294][   T30] audit: type=1326 audit(1717274501.923:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=438 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  120.064351][   T30] audit: type=1326 audit(1717274501.923:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5776 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0a7b07cee9 code=0x7ffc0000
[  120.132213][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  120.155962][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  120.246202][ T5785] EXT4-fs (loop1): Remounting filesystem read-only
[  120.279312][ T5785] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  120.340652][ T5512] 8021q: adding VLAN 0 to HW filter on device bond0
[  120.399150][ T5785] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  120.423726][ T5512] 8021q: adding VLAN 0 to HW filter on device team0
[  120.490537][ T5209] bridge0: port 1(bridge_slave_0) entered blocking state
[  120.497808][ T5209] bridge0: port 1(bridge_slave_0) entered forwarding state
[  120.623856][ T5209] bridge0: port 2(bridge_slave_1) entered blocking state
[  120.631073][ T5209] bridge0: port 2(bridge_slave_1) entered forwarding state
[  120.722511][ T5166] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  120.762438][ T5132] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.763048][ T5814] loop0: detected capacity change from 0 to 64
[  120.835683][ T5814] hfs: can't find a HFS filesystem on dev loop0
[  120.983332][ T5166] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  121.026374][ T5166] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  121.058727][ T5166] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  121.114025][ T5166] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.159749][ T5809] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  121.171988][ T5824] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[  121.412141][ T5166] usb 5-1: USB disconnect, device number 2
[  121.656321][ T5835] dummy0: entered promiscuous mode
[  121.740796][ T5835] team0: Port device dummy0 added
[  121.752195][ T5209] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  121.811524][ T5806] loop3: detected capacity change from 0 to 32768
[  121.830226][ T5836] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.854203][ T5836] team0: Port device batadv0 added
[  121.872892][ T5806] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (5806)
[  121.885138][ T5512] 8021q: adding VLAN 0 to HW filter on device batadv0
[  121.955114][ T5209] usb 2-1: Using ep0 maxpacket: 8
[  121.972935][ T5209] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  121.994962][ T5209] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  122.021491][ T5209] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  122.050627][ T5806] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  122.094744][ T5209] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  122.115104][ T5209] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  122.142635][ T5806] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  122.151378][ T5806] BTRFS info (device loop3): using free-space-tree
[  122.159702][ T5512] veth0_vlan: entered promiscuous mode
[  122.177681][ T5209] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  122.219314][ T5209] usb 2-1: config 168 descriptor has 1 excess byte, ignoring
[  122.229371][ T5209] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  122.262831][ T5209] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  122.321246][ T5209] usb 2-1: string descriptor 0 read error: -22
[  122.349912][ T5512] veth1_vlan: entered promiscuous mode
[  122.359655][ T5209] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  122.406506][ T5209] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.230315][ T5512] veth0_macvtap: entered promiscuous mode
[  123.291335][ T5847] loop0: detected capacity change from 0 to 2048
[  123.348559][ T5512] veth1_macvtap: entered promiscuous mode
[  123.467796][ T5209] adutux 2-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  123.485692][ T5865] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  123.515817][ T5512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.601496][ T5868] loop4: detected capacity change from 0 to 256
[  123.602913][ T5512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.689683][ T5806] BTRFS error (device loop3): open_ctree failed
[  123.709888][ T5512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.748871][ T5868] FAT-fs (loop4): Directory bread(block 64) failed
[  123.749771][ T5512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.765182][ T5868] FAT-fs (loop4): Directory bread(block 65) failed
[  123.768004][ T5847] NILFS (loop0): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3)
[  123.784590][ T5512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.787907][ T5868] FAT-fs (loop4): Directory bread(block 66) failed
[  123.803424][ T5512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.819021][ T5868] FAT-fs (loop4): Directory bread(block 67) failed
[  123.821215][ T5847] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=16)
[  123.834549][ T5868] FAT-fs (loop4): Directory bread(block 68) failed
[  123.836578][ T5512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  123.857898][ T5512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  123.860192][ T5209] usb 2-1: USB disconnect, device number 3
[  123.868078][ T5873] usb 2-1: Couldn't submit interrupt_out_urb -19
[  123.890015][ T5868] FAT-fs (loop4): Directory bread(block 69) failed
[  123.909686][ T5847] Remounting filesystem read-only
[  123.920476][ T5868] FAT-fs (loop4): Directory bread(block 70) failed
[  123.937261][ T5847] NILFS (loop0): error -5 truncating bmap (ino=16)
[  123.962319][ T5868] FAT-fs (loop4): Directory bread(block 71) failed
[  123.974391][ T5512] batman_adv: batadv0: Interface activated: batadv_slave_0
[  124.003152][ T5868] FAT-fs (loop4): Directory bread(block 72) failed
[  124.024534][ T5868] FAT-fs (loop4): Directory bread(block 73) failed
[  124.057066][ T5512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.095691][ T5512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.113936][ T5512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.137848][ T5512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.158985][ T5512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.180819][ T5512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.196197][ T5512] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  124.207977][ T5512] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  124.228471][ T5512] batman_adv: batadv0: Interface activated: batadv_slave_1
[  124.244401][ T5115] NILFS (loop0): discard dirty page: offset=4096, ino=6
[  124.265994][ T5512] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  124.285866][ T5115] NILFS (loop0): discard dirty block: blocknr=39, size=1024
[  124.319967][ T5512] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  124.333113][ T5115] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  124.350783][ T5512] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  124.372272][ T5115] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  124.381426][ T5512] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  124.403621][ T5115] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  124.420228][ T5115] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer
[  124.524991][ T5115] NILFS (loop0): discard dirty page: offset=0, ino=3
[  124.554495][ T5115] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  124.569910][ T5884] loop4: detected capacity change from 0 to 512
[  124.597764][ T5115] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  124.653610][ T5115] NILFS (loop0): discard dirty block: blocknr=44, size=1024
[  124.698522][ T5115] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024
[  125.054529][ T5884] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  126.739007][ T3887] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  126.788832][ T5884] ext4 filesystem being mounted at /root/syzkaller-testdir4102995024/syzkaller.wCToRv/53/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  126.841925][ T3887] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.134835][   T29] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  127.184516][   T29] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  127.259692][ T5114] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.713433][ T5923] loop2: detected capacity change from 0 to 4096
[  127.715154][ T5927] loop3: detected capacity change from 0 to 1764
[  127.779006][ T5932] loop4: detected capacity change from 0 to 1764
[  127.795592][ T5923] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512).
[  127.866627][ T5932] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  127.930019][ T5932] ISOFS: unable to read i-node block
[  127.967534][ T5932] isofs_fill_super: get root inode failed
[  127.986568][ T5927] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  128.079763][ T5927] ISOFS: unable to read i-node block
[  128.085462][ T5927] isofs_fill_super: get root inode failed
[  128.090442][ T5923] ntfs3: loop2: Mark volume as dirty due to NTFS errors
[  129.114927][ T5909] loop0: detected capacity change from 0 to 32768
[  129.153809][ T5909] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (5909)
[  129.230016][ T5909] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  129.254388][ T5909] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  129.305840][ T2886] ntfs3: loop2: ino=5, ntfs3_write_inode failed, -22.
[  129.325072][ T5909] BTRFS info (device loop0): disk space caching is enabled
[  129.458407][ T5950] loop1: detected capacity change from 0 to 2048
[  129.659837][ T5974] deleting an unspecified loop device is not supported.
[  129.749669][ T5909] BTRFS info (device loop0): rebuilding free space tree
[  130.427202][ T5909] BTRFS info (device loop0): disabling free space tree
[  130.503934][ T5909] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  130.596127][ T5909] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  130.844929][ T5115] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  131.460731][ T6020] loop1: detected capacity change from 0 to 1764
[  131.478677][ T6019] loop3: detected capacity change from 0 to 1764
[  131.517369][ T6020] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  131.546812][ T6020] ISOFS: unable to read i-node block
[  131.566680][ T6020] isofs_fill_super: get root inode failed
[  131.582252][ T6019] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  131.632848][ T6019] ISOFS: unable to read i-node block
[  131.644425][ T6019] isofs_fill_super: get root inode failed
[  131.738005][ T6027] loop4: detected capacity change from 0 to 256
[  131.808421][ T6027] exFAT-fs (loop4): failed to load upcase table (idx : 0x00017f3e, chksum : 0x0b83170a, utbl_chksum : 0xe619d30d)
[  131.880646][ T6013] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4091629214 (65466067424 ns) > initial count (185248 ns). Using initial count to start timer.
[  131.933267][ T6019] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4091629214 (65466067424 ns) > initial count (185248 ns). Using initial count to start timer.
[  132.003318][ T6019] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  132.022037][ T6020] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  132.251992][    T9] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  132.474384][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  132.513095][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  132.555136][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  132.582932][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.635765][    T9] usb 5-1: config 0 descriptor??
[  132.724078][   T30] kauditd_printk_skb: 1 callbacks suppressed
[  132.724098][   T30] audit: type=1326 audit(1717274515.203:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6053 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f1e9667cee9 code=0x0
[  133.093777][    T9] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[  133.126056][    T9] arvo 0003:1E7D:30D4.0001: unknown main item tag 0x0
[  133.151392][ T6067] loop2: detected capacity change from 0 to 1764
[  133.175809][ T6067] ISOFS: root inode is unusable. Disabling Rock Ridge and switching to Joliet.
[  133.184138][    T9] arvo 0003:1E7D:30D4.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.4-1/input0
[  133.231550][ T6067] ISOFS: unable to read i-node block
[  133.246191][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[  133.256850][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[  133.271316][ T6067] isofs_fill_super: get root inode failed
[  133.279628][    T9] arvo 0003:1E7D:30D4.0001: couldn't init struct arvo_device
[  133.304139][    T9] arvo 0003:1E7D:30D4.0001: couldn't install keyboard
[  133.328984][    T9] arvo 0003:1E7D:30D4.0001: probe with driver arvo failed with error -5
[  133.515645][ T6067] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4091629214 (65466067424 ns) > initial count (185248 ns). Using initial count to start timer.
[  133.551600][ T5118] usb 5-1: USB disconnect, device number 3
[  133.579912][ T6067] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  134.123547][ T6056] loop0: detected capacity change from 0 to 32768
[  134.160026][ T6056] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor.0 (6056)
[  134.228720][ T6056] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  134.243842][ T6056] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  134.272067][   T30] audit: type=1804 audit(1717274516.753:157): pid=6092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir61500457/syzkaller.rX9MNn/49/bus" dev="sda1" ino=1944 res=1 errno=0
[  134.310120][ T6092] Invalid ELF header magic: != ELF
[  134.471717][ T6056] BTRFS info (device loop0): rebuilding free space tree
[  134.559571][ T6056] BTRFS info (device loop0): disabling free space tree
[  134.586461][ T6056] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  134.606803][ T6115] ------------[ cut here ]------------
[  134.613069][ T6115] kernel BUG at mm/page_table_check.c:148!
[  134.632779][ T6115] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI
[  134.632813][ T6115] CPU: 1 PID: 6115 Comm: syz-executor.4 Not tainted 6.10.0-rc1-next-20240531-syzkaller #0
2024/06/01 20:41:57 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF
[  134.632837][ T6115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024
[  134.632850][ T6115] RIP: 0010:__page_table_check_zero+0x25c/0x340
[  134.632885][ T6115] Code: c1 0f 8c 51 fe ff ff 48 89 df e8 8f 27 f4 ff e9 44 fe ff ff e8 35 3a 8e ff 90 0f 0b e8 2d 3a 8e ff 90 0f 0b e8 25 3a 8e ff 90 <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 ed 3e 8e
[  134.632903][ T6115] RSP: 0018:ffffc900031c7938 EFLAGS: 00010287
[  134.632931][ T6115] RAX: ffffffff820841cb RBX: dffffc0000000000 RCX: 0000000000040000
[  134.632948][ T6115] RDX: ffffc900090c1000 RSI: 0000000000005220 RDI: 0000000000005221
[  134.632963][ T6115] RBP: ffff88801611160c R08: ffff88801611160f R09: 1ffff11002c222c1
[  134.632979][ T6115] R10: dffffc0000000000 R11: ffffed1002c222c2 R12: ffff8880161115c0
[  134.632995][ T6115] R13: 1ffffffff29049d8 R14: 0000000000000002 R15: 0000000000000000
[  134.633010][ T6115] FS:  00007f41812e16c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  134.633028][ T6115] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  134.633044][ T6115] CR2: 00007ff65e0e66e4 CR3: 000000007e3f8000 CR4: 00000000003506f0
[  134.633062][ T6115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  134.633075][ T6115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  134.633089][ T6115] Call Trace:
[  134.633102][ T6115]  <TASK>
[  134.633111][ T6115]  ? __die_body+0x88/0xe0
[  134.633145][ T6115]  ? die+0xcf/0x110
[  134.633177][ T6115]  ? do_trap+0x15a/0x3a0
[  134.633210][ T6115]  ? __page_table_check_zero+0x25c/0x340
[  134.633238][ T6115]  ? do_error_trap+0x1dc/0x2c0
[  134.633265][ T6115]  ? __page_table_check_zero+0x25c/0x340
[  134.633294][ T6115]  ? __pfx_do_error_trap+0x10/0x10
[  134.633328][ T6115]  ? handle_invalid_op+0x34/0x40
[  134.633356][ T6115]  ? __page_table_check_zero+0x25c/0x340
[  134.633380][ T6115]  ? exc_invalid_op+0x38/0x50
[  134.633415][ T6115]  ? asm_exc_invalid_op+0x1a/0x20
[  134.633448][ T6115]  ? __page_table_check_zero+0x25b/0x340
[  134.633484][ T6115]  ? __page_table_check_zero+0x25c/0x340
[  134.633510][ T6115]  ? __page_table_check_zero+0x25b/0x340
[  134.633537][ T6115]  free_unref_page+0xd36/0xea0
[  134.633567][ T6115]  dec_usb_memory_use_count+0x259/0x350
[  134.633591][ T6115]  ? __pfx_usbdev_vm_close+0x10/0x10
[  134.633616][ T6115]  mmap_region+0x13b4/0x2090
[  134.633655][ T6115]  ? __pfx_mmap_region+0x10/0x10
[  134.633681][ T6115]  ? thp_get_unmapped_area_vmflags+0x269/0x380
[  134.633716][ T6115]  ? cap_mmap_addr+0x163/0x2c0
[  134.633753][ T6115]  ? __get_unmapped_area+0x2f0/0x360
[  134.633782][ T6115]  do_mmap+0x8ad/0xfa0
[  134.633814][ T6115]  ? __pfx_do_mmap+0x10/0x10
[  134.633838][ T6115]  ? __pfx_ima_file_mmap+0x10/0x10
[  134.633876][ T6115]  vm_mmap_pgoff+0x1dd/0x3d0
[  134.633907][ T6115]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  134.633932][ T6115]  ? __fget_files+0x29/0x470
[  134.633954][ T6115]  ? __fget_files+0x3f6/0x470
[  134.633978][ T6115]  ksys_mmap_pgoff+0x4f1/0x720
[  134.634004][ T6115]  ? __x64_sys_mmap+0x7f/0x140
[  134.634038][ T6115]  do_syscall_64+0xf3/0x230
[  134.634064][ T6115]  ? clear_bhb_loop+0x35/0x90
[  134.634095][ T6115]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  134.634123][ T6115] RIP: 0033:0x7f418047cee9
[  134.634149][ T6115] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  134.634167][ T6115] RSP: 002b:00007f41812e10c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  134.634190][ T6115] RAX: ffffffffffffffda RBX: 00007f41805b3fa0 RCX: 00007f418047cee9
[  134.634206][ T6115] RDX: 000000000200000f RSI: 0000000000004000 RDI: 0000000020ff9000
[  134.634221][ T6115] RBP: 00007f41804c947f R08: 0000000000000008 R09: 0000000000000000
[  134.634236][ T6115] R10: 0000000000000012 R11: 0000000000000246 R12: 0000000000000000
[  134.634249][ T6115] R13: 000000000000000b R14: 00007f41805b3fa0 R15: 00007ffd969467c8
[  134.634273][ T6115]  </TASK>
[  134.634281][ T6115] Modules linked in:
[  134.634349][ T6115] ---[ end trace 0000000000000000 ]---
[  134.651307][ T6056] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  135.056982][ T6115] RIP: 0010:__page_table_check_zero+0x25c/0x340
[  135.063313][ T6115] Code: c1 0f 8c 51 fe ff ff 48 89 df e8 8f 27 f4 ff e9 44 fe ff ff e8 35 3a 8e ff 90 0f 0b e8 2d 3a 8e ff 90 0f 0b e8 25 3a 8e ff 90 <0f> 0b f3 0f 1e fa 4c 89 f6 48 81 e6 ff 0f 00 00 31 ff e8 ed 3e 8e
[  135.083241][ T6115] RSP: 0018:ffffc900031c7938 EFLAGS: 00010287
[  135.089355][ T6115] RAX: ffffffff820841cb RBX: dffffc0000000000 RCX: 0000000000040000
[  135.097398][ T6115] RDX: ffffc900090c1000 RSI: 0000000000005220 RDI: 0000000000005221
[  135.107369][ T6115] RBP: ffff88801611160c R08: ffff88801611160f R09: 1ffff11002c222c1
[  135.115445][ T6115] R10: dffffc0000000000 R11: ffffed1002c222c2 R12: ffff8880161115c0
[  135.123522][ T6115] R13: 1ffffffff29049d8 R14: 0000000000000002 R15: 0000000000000000
[  135.131529][ T6115] FS:  00007f41812e16c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  135.140554][ T6115] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  135.147750][ T6115] CR2: 00007ff65e0e66e4 CR3: 000000007e3f8000 CR4: 00000000003506f0
[  135.156259][ T6115] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  135.167865][ T6115] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  135.177898][ T6115] Kernel panic - not syncing: Fatal exception
[  135.184288][ T6115] Kernel Offset: disabled
[  135.188616][ T6115] Rebooting in 86400 seconds..