last executing test programs:

42.820063954s ago: executing program 2 (id=1101):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040))
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002024207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
keyctl$setperm(0x5, 0x0, 0x0)
keyctl$unlink(0x9, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2d, &(0x7f00000001c0)=0x4, 0x4)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r5, 0x0)
write$bt_hci(r3, &(0x7f00000000c0)=ANY=[], 0x6)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000340)=0xb1, 0x0, 0x1)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)

41.725323764s ago: executing program 2 (id=1102):
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=@framed, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r1, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
r2 = memfd_secret(0x0)
ftruncate(r2, 0x51a9497)
io_uring_setup(0x3c92, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}]}, 0x44}}, 0x0)

34.47565786s ago: executing program 2 (id=1120):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f00000024c0)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x1)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r1, 0x0, 0x0, 0x20044015, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
r2 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r2, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd000000100001000b080800418e00000004fc", 0x57}], 0x1)

33.542333339s ago: executing program 2 (id=1125):
socket$inet6(0xa, 0x2, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e000000850000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r7=>0xffffffffffffffff})
close(r7)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0xd, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000084, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r8], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r9}, 0x10)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x5, 0x2, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
r11 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r5}, &(0x7f0000000240), &(0x7f00000003c0)=r11}, 0x20)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r6, r3, 0x25, 0x2, @val=@tcx}, 0x40)
syz_emit_ethernet(0x5a, &(0x7f0000000340)={@local, @dev, @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@canfd={0xd, {{}, 0x0, 0x0, 0x0, 0x0, "ec7ab49f42266b558197758939c3a67064eb2413deb6d588b153902f5348321b2aa24fcea6549a091e651e6c1d3053eef4b8f189054244df8c1353433e834d4c"}}}}, 0x0)

33.133042659s ago: executing program 2 (id=1128):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x5, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000300), 0x80800, 0x0)
ioctl$PTP_PIN_GETFUNC(r4, 0xc0603d06, &(0x7f0000000080)={'\x00', 0x5, 0x2, 0x9})

31.335914512s ago: executing program 2 (id=1131):
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=@framed, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r1, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
r2 = memfd_secret(0x0)
ftruncate(r2, 0x51a9497)
io_uring_setup(0x3c92, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}]}, 0x44}}, 0x0)

26.087864441s ago: executing program 4 (id=1147):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000500)={0x38, 0x1403, 0x6c08c44bda12f87d, 0x70bd29, 0x0, "", [{{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'sit0\x00'}}]}, 0x38}}, 0x0)

24.966439504s ago: executing program 0 (id=1149):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f000000e0c0)=@newtaction={0x78, 0x30, 0x220, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbedit={0x60, 0x0, 0x0, 0x0, {{0xc}, {0x4}, {0x32, 0x6, "769f4f615bc3d2ebeb9eaadfc0dae4c22ba98da5b80964c0f2a18de9803271ba55faf9ca6409be186b9cf9b5ed05"}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)

24.88406978s ago: executing program 4 (id=1150):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000200)='i2c_write\x00', r0}, 0x10)
r1 = syz_open_dev$I2C(&(0x7f0000000800), 0x0, 0x0)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000002c0)={&(0x7f0000000840)=[{0x0, 0x0, 0x0, 0x0}, {0x800, 0x11, 0x0, 0x0}], 0x2})

24.688084224s ago: executing program 4 (id=1153):
symlinkat(0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00')
mkdirat(0xffffffffffffffff, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sigaltstack(0x0, 0x0)
sigaltstack(&(0x7f0000000180)={0x0, 0x2}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setreuid(0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
write$tcp_mem(0xffffffffffffffff, 0x0, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8)
mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

22.699825801s ago: executing program 4 (id=1155):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r3 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r3, 0x7a7, &(0x7f00000002c0)=0xa0000)
r4 = dup(r3)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000040)={@my=0x0})
syz_io_uring_setup(0x231, &(0x7f0000000180)={0x0, 0x0, 0x10100}, 0x0, &(0x7f0000000100)=<r5=>0x0)
syz_io_uring_submit(0x0, r5, 0x0)
io_uring_enter(0xffffffffffffffff, 0x7a98, 0x0, 0x0, 0x0, 0x0)
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r4, 0x7ab, &(0x7f0000000080)={0x0})

22.684201032s ago: executing program 0 (id=1156):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x2d, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000040), 0x65, 0x103800)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)={0x2c, 0x13, 0x821, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd=r1}, @typed={0x6, 0x0, 0x0, 0x0, @str='\xa1K'}, @typed={0xc, 0x1, 0x0, 0x0, @u64}]}, 0x2c}], 0x1}, 0x0)

21.410085497s ago: executing program 4 (id=1158):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file1/file3\x00', 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
setreuid(0x0, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f0000000000)=0xffb)
accept$alg(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
setsockopt(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0)
r5 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_int(r5, 0x29, 0x19, &(0x7f0000000000), 0x4)
sendmmsg$inet6(r5, 0x0, 0x0, 0x0)
ioctl$TIOCSWINSZ(r0, 0x5414, &(0x7f0000000100)={0x6, 0x5, 0x0, 0xf7d6})
close_range(r0, r0, 0x2)
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000))

20.392666591s ago: executing program 0 (id=1162):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000cc0)=@ieee802154={0x24, @long={0x3, 0x3, {0xaaaaaaaaaaaa0302}}}, 0x80, &(0x7f00000004c0)=[{&(0x7f00000002c0)=';', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0)

20.260571422s ago: executing program 4 (id=1164):
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r2, 0x80049370, &(0x7f0000000000))
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = socket(0xf, 0x3, 0x2)
write(r4, &(0x7f0000a97ff0)="020baf040200000000067bbc8e1d4b48", 0x10)
r5 = syz_open_procfs(0x0, 0x0)
preadv(r5, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000020900010073797a30000000000900030073797a320000000064000000060a010400000000000000000100000008000b40000000003c000480140001800c000100636f756e7465720004000280240001800b000100657874686472000014000280080005400000000108000640000000010900010073797a30"], 0x40c}}, 0x0)
read$hidraw(r0, 0x0, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000440), 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)

19.943987665s ago: executing program 0 (id=1165):
symlinkat(0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00')
mkdirat(0xffffffffffffffff, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sigaltstack(0x0, 0x0)
sigaltstack(&(0x7f0000000180)={0x0, 0x2}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setreuid(0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
write$tcp_mem(0xffffffffffffffff, &(0x7f0000000000), 0x48)
r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8)
mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

18.504515141s ago: executing program 0 (id=1166):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000000c0)="2c385a4706", 0x5)
r1 = accept4(r0, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r1)
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f000000e0c0)=@newtaction={0x78, 0x30, 0x220, 0x0, 0x0, {}, [{0x64, 0x1, [@m_skbedit={0x60, 0x0, 0x0, 0x0, {{0xc}, {0x4}, {0x32, 0x6, "769f4f615bc3d2ebeb9eaadfc0dae4c22ba98da5b80964c0f2a18de9803271ba55faf9ca6409be186b9cf9b5ed05"}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x0)

16.435594234s ago: executing program 0 (id=1171):
ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x2, 0x3, &(0x7f0000000040)=@framed, 0x0}, 0x90)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000500)={r1, 0x0, 0x29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
socket$kcm(0x2, 0xa, 0x2)
ftruncate(0xffffffffffffffff, 0x51a9497)
io_uring_setup(0x3c92, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r3 = socket(0x400000000010, 0x3, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_RSC={0x10}}}]}, 0x44}}, 0x0)

11.08908784s ago: executing program 3 (id=1178):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = add_key$keyring(&(0x7f0000000080), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = add_key$keyring(0x0, &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r4)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, &(0x7f0000000140)='asymmetric\x00', &(0x7f0000000340)=@keyring={'key_or_keyring:', r5})

9.311826241s ago: executing program 3 (id=1180):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040))
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002024207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x10)
keyctl$setperm(0x5, 0x0, 0x0)
keyctl$unlink(0x9, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2d, &(0x7f00000001c0)=0x4, 0x4)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
write$bt_hci(r4, &(0x7f00000000c0)=ANY=[], 0x6)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000340)=0xb1, 0x0, 0x1)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf)

7.934060423s ago: executing program 3 (id=1183):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0xa04254, &(0x7f0000000080)=ANY=[], 0x8, 0x2fd, &(0x7f0000000c40)="$eJzs3M9rE1sUwPGTNE2TlCZZPN7jPXj0ohvdDG10LQZpQQxY2kZsBWHaTjRkTEomVCJideVW/CNclC67K6j/QDfudOPGXTeCC4uII5kfbdKmqU5N0x/fD5S5mXPO9F4mLWdCZjZvv3hQKlhaQa9JOKYkJCKyJZKWsPhC3jbsjKPS7KlcHPzy/v+pmdkb2VxubFKp8ez0pYxSKjn8+uHjuJe2PiAb6bubnzOfNv7e+Hfzx/T9oqWKlipXakpXc5WPNX3ONNRC0SppSk2Yhm4Zqli2jKobr7jxgllZXKwrvbwwlFisGpal9HJdlYy6qlVUrVpX+j29WFaapqmhhOAg+ZXJST0bsHj+D08GQX2zbbtDuFrN6n0iEt8Tya90dV4AAOBY2t3/hxstfaD+X5JO/99I3un/V8+9rQ3eWkt6/f96tF3/f/mDe6yW/j8mIl3v//d2RCfe8u8kH6r/x/EwHN2zK9TyqtH/J7y/X8ezO6sjzoD+HwAAAAAAAAAAAAAAAAAAAACAk2DLtlO2baf8rf+zcwuB9xqn0n7nf0BEYo2zb3P+T7OpmVmJOTfuRZIi5vOl/FLe3XpxP3FEUvLdeT94GmP/ziPVkJY35rJXv7yU73Mi2YIUxRRDRiUl6d31tj1+PTc2qlyt9f2SaK7PSEr+al+faVsflQvnm+o1Scm7eamIKQvO+3qn/smoUtdu5nbVx508AAAAAABOA01ta3v9rmn7xd367evrtp8PuNfXI22vzyOp/yK9XTsAAAAAAGeFVX9U0k3TqHYYxOXgnOCDSLDy/k45fU0r/NUDRp3vu4h0b6UdBv4XKVpCMW9nsCP76+/OnMMSpGq4MR912N/uf2y0X45M9OAMOoN/Xr76Gqw85D21tzl0ZS12wEq7Nug/iv89AAAAAI6W3/THLX/P1d5OCAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAM+goHifW6zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAx8XPAAAA//+JzwPM")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$sndpcmc(&(0x7f0000000080), 0x1, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
setsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, 0x0, 0x0)
sendmmsg$inet(r3, 0x0, 0x0, 0x4000800)
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000002140)={[{@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x3}}]}, 0x0, 0x46b, &(0x7f00000014c0)="$eJzs289vFFUcAPDvzLaUX7UV8Qc/1FU0Nv5oaUHlYGI0mnAxMdEDHmspBCnU0JoIaaQag0fDX6AeTfwLPOnFqCeNV70bE2J6AT2YNbM7099buttut7CfTzLw3s6bfd83bx7zZh4bQMcqZ38kEXsj4veI6KtllxYo1/66NTcz9s/czFgSlcpbfyfVcjfnZsaKosVxe/LMQBqRfprEoVXqnbp85fzoxMT4pTw/NH3h/aGpy1eeO3dh9Oz42fGLIydOHD82/OILI89vSjt7s1gPfjR5+MDJd66/MXbq+rs/fZPFuzfff3NuZsfSI/o3XGc5ykvP5SJPbvjbt5feRemkq42B0JBSRGTd1V0d/31RioXO64vXP2lrcEBLVSqVSk8tWVr4dD45WwHuYkm0OwKgPYobffYcX2xbPAVpqxuv1B6Asnbfyrfanq5Is2f4/tqzUW+L6i9HxKnZf7/Itlj2PgUAoBW+y+Y/z642/0vjgUXl7snXhvoj4t6I2BcR90XE/oi4P6Ja9sGIeKjB+svL8ivnP7/uaqph65TN/17K17aWzv/Sokh/Kc/1VtvfnZw5NzF+ND8nA9Hdk+WH16jj+9d++7zevsXzv2zL6i/mgnkcf3X1LD3m9Oj0pq2w3Pg44mDXau1P5lcCkog4EBEHm/j+7Jyde/rrw/X23779a9iEs1D5KuKpWv/PxrL2F5K11yeHdsbE+NGh4qpY6edfrr1Zr/4NtX8TZP2/e9Xrf779/cni9dqpxuu49sdndZ9pmrz+R3ckb1fTxaLth6PT05eGI3Yksys/H1k4tsgX5bP2DxxZffzvi/jvy/y4QxGRXcQPR8QjEfFoHvtjEfF4RBxZo/0/vvrEe823v7Wy9p9uqP8bT5TO//BtvfrL+Xrx2v1/vJoayD/J+v927apVvjPP1Q+w2fMGAAAAd5K0+n/gk3RwPr1gf+xOJyanpp85M/nBxdO1ff3RnRZvuvoWvQ8dzt8NF/mRZflj1ffGlUqlsquaHxybnGjVmjqwPntWjP80HRys7fuztLTsy22JEGiphtbR6v2iDbgj+b0mdK51jH93fbhLNX3/n93cOICtZ/4PnWu18X814lYbQgG2mPs/dC7jHzqX8Q+dy/iHjrSR3/Wvldh3slXffLclStsjjIYTkW6LMJpLpNsjjFqiJyLWW/hqbFVg7f6XCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYHP8HwAA//+/OuLi")
prctl$PR_SET_PTRACER(0x59616d61, r0)
ioctl$FS_IOC_ENABLE_VERITY(0xffffffffffffffff, 0x8004587d, &(0x7f0000000140)={0x2, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r4, &(0x7f0000000100)=""/155, 0x9b)

6.580991363s ago: executing program 3 (id=1184):
syz_mount_image$jfs(&(0x7f0000000700), &(0x7f0000000000)='./file0\x00', 0x2010880, &(0x7f0000000600)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=0x0, @ANYBLOB=',noquota,nodiscard,iocharset=macturkish,errors=continue,iocharset=iso8859-6,iocharset=default\x00gid=', @ANYRESHEX=0x0, @ANYBLOB="2c71756f74612c696f636861727365743d6370b737352c726573697a652c6769643d", @ANYRESHEX=0x0, @ANYBLOB=',discard,noquota,noquota,\x00'], 0x1, 0x60a5, &(0x7f0000006400)="$eJzs3UuPHFfZB/Cnr3PxG2eURZTXQmjihEsI8TUYQ4AkC1iwyQJ5i2xNJpGFA8g2yIksPNFsWLDiE4CQWCLEErHgA2TBlh0rVliykUBZUahmzvFUt7vdY8bT1Z7z+0njqqdO9fSp+Xf1xVXVJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA+O53vne2ExGXf5oWrEX8X/QiuhErdb0eESvra3n9fkS8EDvN8XxEDJYi6tvv/PNsxOsR8cnxiHv3b2/Ui8/tsx/f/v1ff/P9Y+/85XeD0//+w83eG9PWu3XrF//6452DbTMAAACUpqqqqpM+5p9In++7bXcKAJiL/PpfJXn5ka9/+fd3/rRI/VGr1Wq1eg51UzXZnWYREVvN29TvGRyOB4CnzFZ82nYXaJH8i9aPiGNtdwJYaJ22O8ChuHf/9kYn5dtpvh6s77bnc0FG8t/qPLi+Y9p0lvFzTOb1+NqOXjw3pT8rc+rDIsn5d8fzv7zbPkzrHXb+8zIt/+HupU/Fyfn3xvMfc3Ty707Mv1Q5//5j5d+TPwAAAAAALLD8//9rLR//XTr4puzLo47/rs+pDwAAAAAAAADwpB10/L8HjP8HAAAAC6v+rF771fG9ZdO+i61efqkT8czY+kBh0sUyq233AwAAAAAAAAAAAABK0t89h/dSJ2IQEc+srlZVVf80jdeP66C3f9qVvv1Qsraf5AEAYNcnx8eu5e9ELEfEpfRdf4PV1dWqWl5ZrVarlaX8fna4tFytND7X5mm9bGm4jzfE/WFV/7Llxu2aZn1entU+/vvq+xpWvX107AkZpL/mlOaWwgaAZPfV6J5XpCOmqp6d9uYDRtj/jx77P/vR9uMUAAAAOHxVVVWd9HXeJ9Ix/27bnQIA5iK//o8fFziUOuJwf79arVar1epH1k3VZHeaRURsNW9Tv2cwHD8APGW24tO2u0CL5F+0fkS80HYngIXWabsDHIp7929vdFK+nebrQRrfPZ8LMpL/Vmfndvn2k6azjJ9jMq/H13b04rkp/Xl+Tn1YJDn/7nj+l3fbh2m9w85/XqblX2/nWgv9aVvOvzee/5ijk393Yv6lyvn3Hyv/nvwBAAAAAGCB5f//X3P8N28yAAAAAAAAADx17t2/vZGve83H/z8zYT3Xfx5NOf+O/IuU8++O5f/FsfV6jfm7b+/l/8/7tzd+e/Mf/5+n+81/Kc900iOrkx4RnXRPnX6aHmTrHrY96A3rexp0ur1+OuenGrwXV+NabMaZkXW76e+x1352pL3u6WCk/dxIe/+h9vMj7YP0vQPVSm4/FRvxo7gW7+60121LM7Z/eUZ7NaM959+z/xcp599v/NT5r6b2zti0dvfj7kP7fXM66X7euvrZn585/M2ZaTt6D7atqd6+ky30Z+dvcmwYP7mxef3UrSs3b14/G2kysvRcpMkTlvMf7Pws7T3/v7Tbnp/3m/vr3Y+Hj53/otiO/tT8X2rM19v7ypz71oac/zD95PzfTe2T9/+nOf/p+/+rLfQHAAAAAAAAAAAAAAAAHqWqqp1LRN+KiAvp+p+2rs0EAOYrv/5XSV6uVqvVarX66NVN1WRvNouI+HPzNvV7hp9N+mUAwCL7T0T8re1O0Br5Fyx/3189fbntzgBzdePDj35w5dq1zes32u4JAAAAAAAAAPC/yuN/rjfGf345ItbG1hsZ//XtWD/o+J/9PPNggNEnPND3FNvdYa/bGG78xdgZn/vUtPG/T8ajx//uz7i/wYz24Yz2pRntyxOX7qU18UKPhpz/i43xzuv8T4wNv17C+K/jY96XIOd/svF4rvP/wth6zfyrXy9c/lv7XXE7uiP5n775wY9P3/jwo9eufnDl/c33N394/uzZM+cvXLh48eLp965e2zyz++/h9HoB5Pzz2NfOAy1Lzj9nLv+y5Pw/l2r5lyXn//lUy78sOf/8fk/+Zcn5588+8i9Lzv+VVMu/LDn/L6Va/mXJ+b+aavmXJef/5VTLvyw5/9dSLf+y5PxPpVr+Zcn5n071PvL39fBHSM4/H+Gy/5cl55/PbJB/WXL+51It/7Lk/M+nWv5lyfm/nmr5lyXn/5VUy78sOf8LqZZ/WXL+X021/MuS87+YavmXJef/tVTLvyw5/6+nWv5lyfm/kWr5lyXn/41Uy78sOf9vplr+Zcn5fyvV8i9Lzv/NVMu/LHvf/2/GjBkzeabtZyYAAAAAAAAAAAAAYNw8TiduexsBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sgMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7N1djFxnfT/wM/tirx1CDITg5G9gk5gQkiW7thO/8K+LCa8NUAokFPqC7XrXZsFveO0SKJJNAyUSRkUVVdOLtoBQG6mqsCouaEVpLqq+XJX2gt5UVJWQGlUBBSSktqJsNXOe5/HM7OycXe94PXuez0eKf96dM3POnHlmdr/rfHcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABod+cb5z7bKIqi+V/rj21F8YLm37dMbmt97nU3+ggBAACAtfrf1p/P35I+cWgFV2rb5u9e8Y9fX1xcXCzeP/q7419cXEwXTBbF+OaiaF0WXfn3DzTatwmeKCYaI20fj1TsfrTi8rGKy8crLt9UcfnmissnKi5fcgKW2FL+PKZ1Yztbf91WntLi1mK8ddnOHtd6orF5ZCT+LKel0brO4vjxYr44WcwVMx3bl9s2Wtt/887mvt5WxH2NtO1rR3OF/PCTx+IxNMI53tmxr6u3GX3/DcXkj374yWN/fP6523vNytPQcXvlcd57V/M4Px0+Ux5ro9iczkk8zpG249zR4zEZ7TjORut6zb93H+fzKzzO0auHua66H/OJYqT192+3ztNY+4/10nnaET73X3cXRXHp6mF3b7NkX8VIsbXjMyNXH5+JckU2b6O5lF5cjK1qnd65gnXanLM7O9dp93MiPv53huuNLXMM7Q/T9z+1acnjvtp1GjXv9XLPle41OOjnyrCswbguvt2600/2XIM7w/3/5D3Lr8Gea6fHGkz3u20N3lW1Bkc2jbaOOT0IjdZ1rq7BXR3bj7b21GjNZ+/pvwanz586O73w8U+8dv7U0RNzJ+ZO79m1a2bP3r379++fPj5/cm6m/PMaz/bw21qMpOfAXeHcxefAq7u2bV+qi18e3PNwos/zcFvXtoN+Ho5137nG+jwhl67p8rnxaPOkT1weKZZ5jrUen/vW/jxM97vteTjW9jzs+TWlx/NwbAXPw+Y2Z+9b2fcsY23/9TqG6/W1YFvbGuz+fqR7DQ76+5FhWYMTYV38633Lfy3YEY73yanVfj8yumQNprsbXnuan0nf70/sb41e6/KO5gU3bSouLMyde+Dxo+fPn9tVhLEuXtK2VrrX69a2+1QsWa8jq16vh+Zf8eQdPT6/LZyridc2/5hY9rFqbvPgA/0fq9ZXt97ns+Ozu4swBmy9z2evr+bN85myZJ/z2dzm09Nr/1485dK219/xZV5/Y+7/abm/dFNPjI6Plc/f0XR2xjtejzsfqrHWa1ejte/np1f2ejwe/lvv1+Nb+7web+/adtCvx+Pddy6+HjeqftqxNt2P50RYJydn+r8eN7fZvnu1a3Ks7+vx3WE2wvl/TUgKKRe1rZ3l1m3a19jYeLhfY3EPnet0T8f24yGbNff19O5rW6f33l3e1mi6d1et1zqd7Np20Os0vV4tt04bVT99uzbdj+dEWBe37um/TpvbPPPg2l87t8S/tr12bqpag+Ojm5rHPJ4WYfl6v7glrsEHimPFmeJkMdu6dFNrPTVa+5p6aGVrcFP4b71fK7f3WYP3dm076DWYvo4tt/YaY0vv/AB0P54TYV089VD/Ndjc5k37Bvu9673hM2mbtu9du3++ttzPvO7oOk3X82dezeP8m339fzbb3Obk/tXmzP7n6f7wmZt6nKfu5+9yz6nZYn3O0/ZwnM/tX/48NY+nuc0XD6xwPR0qiuLiRx9u/bw3/PvKn1/4ztc7/t2l17/pXPzowz+4+fjfrub4Adj4flqOreXXurZ/mVrJv/8DAAAAG0LM/SNhJvI/AAAA1EbM/fH/Ck/kfwAAAKiNmPvHwkwyyf/b3/Tc/E8vFqmZvxjEy9NpeKTcLnZcZ8LHk4tXNT//8FfnfvyXF1e275GiKH7yyG/03H77I/G4SpPhOK+8ufPzS694cUX7P/LY1e3a++tfCrcf789Kl0GvCu5MURTfvOXzrf1MfuByaz7zyJHWfM+lJ59obvP8gfLjeP1nX1Ju/weh/Hvo+NGO6z8bzsP3wpx5e+/zEa/3tcuv2bHvfVf3F6/XuOuFrbv91AfL242/J+cLT5Tbx/O83PH/1eee/lpz+8df1fv4L470Pv6nw+1+Ncz/fnm5fftj0Pw4Xu8z4fjj/uL1HvjKt3oe/5XPltuffUu53ZEw4/7vDR/vfMtz8+3n6/HG0Y77Vby13C7uf+Y7v926PN5evP3u4584fLnjfHSvj2f+ubyd6a7t4+fjfqK/6Np/83ba12fc/9O/daTjPFft/8p7nn1583a7939/13ajXdfv/o1Nf/iZz/fcXzyeQ392tuP+HHp3eB6H/T/1wbAew+X/c+XzHfuNjry78/Unbv+lbRc77k/0th+V+7/y+hOt+R+TP/79m15w8wsvvbJ57ori2+8tb69q/yf+6EzH8X/5tvtaj0e8PHb0u/e/nLj/cx+bOn1m4cL8bNtZbf3unHeUx7N5YsvW5vHeEl5buz8+fOb8h+bOTc5MzhTFZH1/hd41+0qYPyjHpdVe/77HwuN5x+99c+s9//S5+Pl/ebT8/OW3l1+3Xh22+0L4/Lby8VtsrHH/T915W+v53Xim/Lijxz4AO3b+5/4VbRjuf/f3BXG9n33ph1rnoXlZ6+tGfF6v8fi/O1vezjfCeV0Mv5n5rtuu7q99+/i7ES6/t3y+r/n8hZe5+Lj+SXi83/m98vbjccX7+93wfcy3tne+3sX18Y2LI9233/otHpfC60lxqbw8bhXP9+Xnb+t5ePH3kBSXbm99/Dvpdm5f1d1czsLHF6ZPzp++8Pj0+bmF89MLH//E4VNnLpw+f7j1uzwPf7jq+ldfn7a2Xp9m5/Y+WMxsKYriTDGzDi9Y1+f4m39b2fGffezY7L6Ze2bnjh+9cPz8Y2fnzp04trBwbG524Z6jx4/Pfazq+vOzB3ftPrBn3+6pE/OzB/cfOLDnwNT86TPNwygPqsLemY9MnT53uHWVhYMPHtj10EMPzkydOjM7d3DfzMzUharrt742TTWv/etT5+ZOHj0/f2puamH+E3MHdx3Yu3d35W8DPHX2+MLk9LkLp6cvLMydmy7vy+T51qebX/uqrk89Lfxb+f1st0b5i/iKd92/N/1+1qavfmrZmyo36foFos+F30XzDy86u38lH8fcPx5mkkn+BwAAgBzE3L8pzET+BwAAgNqIuX9zmIn8DwAAALURc/9EmEkm+V//X/9/Zf3/8nL9/7z6/2c/WvZKN3r/P/bn9f/zcIP7/2vev/6//n/9+v8r789v9OPX/9f/Z6lh6//H3L+lKLLM/wAAAJCDmPu3hpnI/wAAAFAbMfffFGYi/wMAAEBtxNz/gjCTTPK//v+K+v+7qwpX9e//e/9//f9iY/b/44Oj/5+NVffv3/dox4f6/4H+v/6//r/+v/4/aza+7CU3qv8fc//NYSaZ5H8AAADIQcz9Lwwzkf8BAACgNmLuvyXMRP4HAACA2oi5f1uYSSb5X//f+//r/+v/17r/v9b3/287GP3/jcH7//en/1/hmvv/E/r/G7H/Pz7Y4x/u/n/l4ev/c10M2/v/x9z/ojCTTPI/AAAA5CDm/heHmcj/AAAAUBsx978kzET+BwAAgNqIuf/WMJNM8r/+v/6//r/+v/5/7/1Xv/9/+Tf9/+Gi/9+f/n8F7/+fV/9/wMc/3P3/Qb////ibu6+v/08vw9b/j7n/pWEmmeR/AAAAyEHM/beFmcj/AAAAUBsx978szET+BwAAgNqIuX97mEkm+V//X/9f/1//X/+/9/6r+/8l/f/hov/fn/5/Bf1//X/9/5X1/3t886v/Ty/D1v+Puf/2MJNM8j8AAADkIOb+O8JM5H8AAACojZj7/1+YifwPAAAAtRFz/44wk0zyv/6//r/+f179//s36f/r/9eb/n9/+v8V9P/1//X/V/j+/0utpv+/uerGqI1h6//H3P/yMJNM8j8AAADkIOb+V4SZyP8AAABQGzH3vzLMRP4HAACA2oi5fzLMJJP8r/9fr/7/n/71U68s9P/1/yv2X9P+f1wG+v+Z0//vT/+/gv6//r/+/7r0/8nHsPX/Y+6/M8wkk/wPAAAAOYi5/64wE/kfAAAAaiPm/rvDTOR/AAAAqI2Y+3eGmWSS//X/69X/j/T/9f/77b+m/f9E/z9v+v89tD1J9f8r6P/r/2ff/4/f/er/MxjD1v+Puf9VYSaZ5H8AAADIQcz994SZyP8AAABQGzH3vzrMRP4HAACA2oi5/94wk0zyv/6//r/+v/6//n/v/ev/b0z6//3p/1fQ/9f/z77/7/3/Gaxh6//H3P+aMJNM8j8AAADkIOb++8JM5H8AAACojfj/b5b/36v8DwAAAHUUc/9UmEkm+V//X/8/p/5/Q/9f/1//v/b0//vT/6+g/6//r/+v/89ADVv/P+b+14aZZJL/AQAAIAcx9z8QZiL/AwAAQG3E3D8dZiL/AwAAQG3E3D8TZpJJ/tf/1//Pqf/v/f/1//X/60//vz/9/wr6//r/dev/F4X+PzfUsPX/Y+7fFWaSSf4HAACAHMTcvzvMRP4HAACA2oi5f0+YifwPAAAAtRFz/4NhJpnkf/1//X/9f/1//f/e+9f/35j0//vT/6+g/6//X7f+v/f/5wYbtv5/zP0PhZlkkv8BAAAgBzH37w0zkf8BAACgNmLu3xdmIv8DAABAbcTcvz/MJJP8r/9fk/7/b/59x771//X/++1/MP3/Lfr/Yer/D5ea9v+7nxbXTP+/gv6//r/+v/4/AzVs/f+Y+w+EmWSS/wEAACAHMfe/LsxE/gcAAIDaiLn//4eZyP8AAABQGzH3/0yYSSb5X/+/Jv3/Lvr/+v/99u/9//X/66ym/f+B0f+voP+v/6//r//PQF3//n/828r6/zH3HwwzyST/AwAAQA5i7v/ZMBP5HwAAAGoj5v7Xh5nI/wAAAFAbMfcfCjPJJP/r/+v/6//r/1+f/v/ri27D2P9vLh79/3rR/+9P/7+C/r/+v/6//j8DNWzv/x9z/xvCTDLJ/wAAAJCDmPsfDjOR/wEAAKA2Yu5/Y5iJ/A8AAAC1EXP/m8JMMsn/+v/6//r/+v/e/7/3/vX/Nyb9//70/yvo/+v/6//r/zNQw9b/j7n/zWEmmeR/AAAAyEHM/W8JM5H/AQAAoDZi7n9rmIn8DwAAALURc//bwkwyyf/6//r/+v/6//r/vfev/78x6f/3p/9fQf9f/1//X/+fgRq2/n/M/T8XZpJJ/gcAAIAcxNz/SJiJ/A8AAAC1EXP/28NM5H8AAACojZj73xFmkkn+1//X/9f/1//X/++9f/3/jUn/vz/9/wr6//r/+v/6/wzUsPX/Y+5/Z5hJJvkfAAAAchBz/8+Hmcj/AAAAUBsx978rzET+BwAAgNqIuf8Xwkwyyf/6//r/+v/6/1n0/5tX0v/Pgv5/f/r/FXr0/zfr/+v/6//r/3PNhq3/H3P/u8NMMsn/AAAAkIOY+98TZiL/AwAAQG3E3P/eMBP5HwAAAGoj5v5Hw0wyyf/6/1n2/9Nd1v8v6f9n0P/3/v/Z0P/vT/+/gvf/1//X/9f/Z6CGrf8fc/9jYSaZ5H8AAADIQcz97wszkf8BAACgNmLu/8UwE/kfAAAAaiPm/veHmWSS//X/s+z/e///dev/j3Wsj5z6/xNtj2dal/r/+v/rQP+/P/3/Cvr/+v/D3P8Pq3nLMtfX/2cYDVv/P+b+D4SZZJL/AQAAIAcx9/9SmIn8DwAAALURc/8vh5nI/wAAAFAbMff/SphJJvlf/1//X//f+/97///e+9f/35j0//vT/6+g/6//P8z9/wr6/wyjYev/x9z/q2EmmeR/AAAAyEHM/R8MM5H/AQAAoDZi7j8cZiL/AwAAQG3E3H8kzCST/K//393/j++oqv+v/6//r/+v/78RDa7//7Kbi0L/X/9f/1//X/9f/5+1GLb+f8z9R8NMMsn/AAAAkIOY+38tzET+BwAAgNqIuf9YmIn8DwAAALURc/9smEkm+V//3/v/D6r//xP9f/3/QP+/N/3/9eH9//vT/6+g/6//r/+v/89ADVv/P+b+uTCTTPI/AAAA1Fj6cXDM/cfDTOR/AAAAqI2Y+0+Emcj/AAAAUBsx938ozCST/K//r//v/f9vRP9/rGN7/f+S/r/+/yDo//en/19B/1//X/9f/5+BGrb+f8z982EmmeR/AAAAyEHM/R8OM5H/AQAAoDZi7v9ImIn8DwAAALURc//JMJNM8r/+v/5/7v3/RlFc8v7/+v+99q//vzHp//en/19B/1//X/9f/5+BGrb+f8z9p8JMMsn/AAAAkIOY+0+Hmcj/AAAAUBsx958JM5H/AQAAoDZi7j8bZpJJ/tf/1//Pvf9f3JD3/+/cXv+/pP+v/z8IS/r3Y6u7/rL9//9j7z6a9DirPg4/r8u2pNXLR2DNiiWs+Aps2VHFmgVgcjAmZzA5B5NzzsnknHM2OUcTDVWiGJ1zLGked8tWa6b7Pte1OUiFeUbWYOqP6lf3He901d31//p//f8k/b/+X//P+dbW/+fuv1fc0mT/AwAAQAe5++8dt9j/AAAAMIzc/feJW+x/AAAAGEbu/qvilib7X/+v/9f/6//P6f+v1//r/7fN+//T9P8z9P/6f/2//p9Fra3/z91/37ilyf4HAACADnL33y9usf8BAABgGLn77x+32P8AAAAwjNz9D4hbmux//b/+X/+v//f+//7P1/9vk/5/mv5/hv5f/6//1/+zqLX1/7n7Hxi3NNn/AAAA0EHu/gfFLfY/AAAADCN3/4PjFvsfAAAAhpG7/yFxS5P9r//X/+v/9f/6//2fr//fput2N/8zQf9/mP5/xkz/v9vp/6dccD+//5e3na//Fuj/9f8ctrb+P3f/Q+OWJvsfAAAAOsjd/7C4xf4HAACAYeTuvzpusf8BAABgGLn7Hx63NNn/+n/9v/5f/6//3//5+v9t8v7/tIvv/+9wu3veo2//7/3/ad7/1//r/znf2vr/3P3XxC1N9j8AAAB0kLv/EXGL/Q8AAADDyN3/yLjF/gcAAIBh5O5/VNzSZP/r/9v0/we1i/5f/6//1/+PTv8/zfv/Mw7+MXeqfqj/1//r//X/XJy19f+5+x8dtzTZ/wAAANBB7v7HxC32PwAAAAwjd/9j4xb7HwAAAIaRu/9xcUuT/a//b9P/e/9f/6//1/+3oP+fpv+fMcr7/7fxu+a4+/mLddxfv/5f/89ha+v/c/c/Pm5psv8BAACgg9z9T4hb7H8AAAAYRu7+J8Yt9j8AAAAMI3f/k+KWJvtf/6//30b/n5+g/9f/6//1/9P0/9P0/zNG6f9vo+Pu57f+9ev/9f8ctrb+P3f/k+OWJvsfAAAAOsjd/5S4xf4HAACAYeTuf2rcYv8DAADAMHL3Py1uabL/9f/6/230/97/1//r//X/F0b/P03/P0P/r//X/+v/WdTa+v/c/dfGLU32PwAAAHSQu//pcYv9DwAAAMPI3f+MuMX+BwAAgGHk7n9m3NJk/+v/9f/6f/2//n//5+v/t0n/P03/P0P/r//X/+v/WdSK+v+z/qqTu2fFLU32PwAAAHSQu//ZcYv9DwAAAMPI3f+cuMX+BwAAgGHk7n9u3NJk/+v/V9P/H+R8Y/X/p3a7nf5/17T/P3XW72d9X+r/9f9HQP8/Tf8/Q/+v/9f/6/9Z1Ir6/4Mf5+5/XtzSZP8DAABAB7n7nx+32P8AAAAwjNz9L4hb7H8AAAAYRu7+F8YtTfa//n81/f+Bsfp/7/+f//3Rqf/3/v9h+v+jof+fpv+fof/X/+v/9f8sam39f+7+F8VNV15xm3+JAAAAwMrk7n9x3NLkz/8BAACgg9z9L4lb7H8AAADYqGsP/Uzu/pfGLU32v/5/2f7/yrN+Tv+v/z//+0P/r//X/196+v9p+v8Z+n/9v/5f/8+i1tb/5+5/WdzSZP8DAABAB7n7r4tb7H8AAAAYRu7+l8ct9j8AAAAMI3f/K+KWJvtf/+/9f/2//l//v//z9f/bpP+fpv+fof/X/x9v/3/i5n+p/2cMt6L/P3369NWXvP/P3f/KuKXJ/gcAAIAOcve/Km6x/wEAAGAYuftfHbfY/wAAADCM3P2viVua7H/9f9P+P7/V9f8H9P/6/32fr//fJv3/NP3/DP2//t/7//p/FrW29/9z9782bmmy/wEAAKCD3P2vi1vsfwAAABhG7v7Xxy32PwAAAAwjd/8b4pYm+1//37T/9/6//l//f9T9/007/f+R2ET/f+qWP3/t/f81+n/9/4R2/f9d73zOD/X/+n8OW1v/n7v/jXFLk/0PAAAAHeTuf1PcYv8DAADAMHL3vzlusf8BAABgGLn73xI3Xd5k/+v/9f/6f/2//n//5x/x+/9X7nY7/f8CNtH/T1h7/+/9f/3/lHb9/3n0//p/Dltb/5+7/61xS5P9DwAAAB3k7n9b3GL/AwAAwDBy9789brH/AQAAYBi5+98RtzTZ//p//b/+X/8/fP9/zSb6f+//L0T/P03/P0P/r//X/+v/ORLH1f/n7n9n3NJk/wMAAEAHufvfFbfY/wAAADCM3P3vjlvsfwAAABhG7v73xC1N9r/+X/+v/9f/n1hd/3/ynP+8Ju//6/8Xov+fpv+fof/X/+v/r9X/s6S1vf+fu/+9cUuT/Q8AAAAd5O5/X9z6v27tfwAAABhG7v73xy32PwAAAAwjd/8H4pYm+1//r//X/+v/h3//X//fiv5/mv5/hv5f/6//9/4/i1pb/5+7/4NxS5P9DwAAAB3k7v9Q3GL/AwAAwDBy9384brH/AQAAYBi5+6+PW5rsf/2//l//r//X/5/5PdT/j0H/P+1o+v9T+n/9f/Xz/xf/LdD/6//n/nrGtLb+P3f/R+KWJvsfAAAAOsjd/9G4xf4HAACAYeTu/1jcYv8DAADAJl2+5+dy9388bmmy//X/+n/9v/5f/7//8/X/26T/n+b9/xn6/1vZz9/+nB9t7f3/8//3S/+v/2d5a+v/c/d/Im5psv8BAACgg9z9n4xb7H8AAAAYRu7+T8Ut9j8AAAAMI3f/p+OWJvtf/6//1//r//X/+z9f/79N+v9p+v8Z+v9jfT9/61+//l//z2Fr6/9z938mbmmy/wEAAKCD3P2fjVvsfwAAABhG7v7PxS32PwAAAAzjYPdnXNZw/+v/9f/6f/2//n//5+v/t0n/P03/P0P/r//X/+v/WdTa+v/PH/xVJ3dfiFua7H8AAADoIHf/F+MW+x8AAACGkbv/S3GL/Q8AAADDyN3/5bilyf7X/+v/t9H/nz59+mr9v/7/3F/Pzf3/Dfp/iv5/mv5/hv5f/6//1/+zqLX1/7n7vxK3NNn/AAAA0EHu/q/GLfY/AAAADCN3/9fiFvsfAAAAhpG7/+txS5P9r/9fQf9/Uv/v/X/9/877//r/hej/p+n/Z4zY/5+88F/+cffzF+u4v379v/6fw9bW/+fu/0bc0mT/AwAAQAe5+78Zt9j/AAAAMIzc/d+KW+x/AAAAGEbu/m/HLU32v/7/6Pr///296/L+/6nd/q9f/6//1//r/y81/f80/f+MEfv/W+G4+/mtf/36f/0/h62t/8/d/524pcn+BwAAgA5y9383brH/AQAAYBi5+78Xt9j/AAAAMIzc/d+PW5rsf/3/Ct7/H7D/9/7//u8P/f+q+//L9P9j0P9P0//P0P/r//X/C/X/+d2s/+9ubf1/7v4fxC1N9j8AAAB0kLv/h3GL/Q8AAADDyN3/o7jF/gcAAIBh5O6/IW45a//va7tHof/X/+v/9f/6//2fr//fJv3/tAvt/0/sLq7/T/p//b/+v2v/7/1/zlhb/5+7/8dxiz//BwAAgM254hZ+Pnf/T+IW+x8AAACGkbv/p3GL/Q8AAADDyN3/s7jlxsuO60s6Uvp//b/+X/+v/9//+fr/bdL/T/P+/wz9/xL9/F30/2P0/7ud/p+Lt7b+P3f/z+MWf/4PAAAAw8jd/4u4xf4HAACAYeTu/2XcYv8DAADAMHL3/ypuabL/9f/6/4vs/w/STP3/Gfr/M/T/++n/j4b+f5r+f4b+3/v/+n/v/7OotfX/uft/Hbc02f8AAADQQe7+38Qt9j8AAAAMI3f/b+MW+x8AAACGkbv/d3FLk/1/bP1//K3W/2++//f+v/5f/6//XxX9/zT9/wz9v/5f/6//Z1Fr6/9z9/8+bmmy/wEAAKCD3P1/iFvsfwAAABhG7v4/xi32PwAAAAwjd/+f4pYm+9/7//p//b/+X/+///P1/9uk/5+m/9+vfqP0//p//b/+n0Wtrf/P3f/nuKXJ/gcAAIAOcvf/JW6x/wEAAGAYuftvjFvsfwAAABhG7v6/xi1N9r/+X/+v/9f/6//3f77+f5v0/9OOs/+/2//Pf6z3/4+9/88vQf+v/9f/s4i19f+5+/8WtzTZ/wAAANBB7v6/xy32PwAAAAwjd/8/4hb7HwAAAIaRu/+fcUuT/T/T/5+of6P+f5L+/9yvX/+///tD/6//1/9fevr/ad7/n6H/9/6//l//z6LW1v/n7v9X3NJk/wMAAEAHuftvilvsfwAAABhG7v5/xy32PwAAAAwjd/9/4pYm+9/7//p//b/+X/+///P1/9uk/5+m/5+h/9f/6//1/yxqbf1/7v7/BgAA//+GT2Bf")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2029c1b, 0x0, 0x1, 0x0, &(0x7f0000000080))
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

4.46398925s ago: executing program 1 (id=1188):
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46900)
syz_io_uring_setup(0x0, 0x0, 0x0, 0x0)
r0 = syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000001600), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000c40)={0xd, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, @struct}})
chdir(&(0x7f0000000100)='./file0\x00')
statfs(&(0x7f00000000c0)='./file2\x00', 0x0)
creat(&(0x7f00000000c0)='./bus\x00', 0x0)
syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f0000000280)=ANY=[], 0x8, 0x0, &(0x7f0000000000))

4.029881532s ago: executing program 3 (id=1189):
symlinkat(0x0, 0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00')
mkdirat(0xffffffffffffffff, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sigaltstack(0x0, 0x0)
sigaltstack(&(0x7f0000000180)={0x0, 0x2}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setreuid(0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
write$tcp_mem(0xffffffffffffffff, &(0x7f0000000000), 0x48)
r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x62181)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r3, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32={[0x2600]}}], 0xffc8)
mkdirat(0xffffffffffffffff, &(0x7f0000000180)='./file0/file0\x00', 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
socket$can_raw(0x1d, 0x3, 0x1)

3.131089288s ago: executing program 1 (id=1190):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'geneve1\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="05031400d3fc120000004788031c09102c", 0x11, 0x4, &(0x7f0000000140)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @multicast}, 0x14)

2.724564278s ago: executing program 1 (id=1191):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040))
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002024207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
keyctl$setperm(0x5, 0x0, 0x0)
keyctl$unlink(0x9, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x2d, 0x0, 0x0)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r6, 0x0)
write$bt_hci(r4, &(0x7f00000000c0)=ANY=[], 0x6)
splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000340)=0xb1, 0x0, 0x1)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
r7 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f00000000c0)=0xf)

1.709949183s ago: executing program 1 (id=1192):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
socket$inet_smc(0x2b, 0x1, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0}, 0x10)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0), 0x13f}}, 0x20)
semget$private(0x0, 0x1, 0x105)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b640104c50000006d000000060000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}, @TCA_IFE_METALST={0xc, 0x6, [@IFE_META_PRIO={0x5}]}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0)

1.07404126s ago: executing program 1 (id=1193):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040))
r0 = openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0)
preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
io_uring_setup(0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCSETS(r1, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df000000a7d9de16c708db7200"})
socket$inet_udp(0x2, 0x2, 0x0)
r2 = getpid()
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{0x0}], 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='devtmpfs\x00', 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f0000000140))
connect(r0, &(0x7f00000001c0)=@generic={0x28, "509a93969579c25bfad565f6aa04767d52e231e121ad1f23f524f756254438a5e696240ce71ee7bbc9450af18f00a64d5bb06dd304f6fdd6bd0d1c245f4ffe97c2d77460a46ed6ba576816bd400ef5c97a22d007b4511fb83a26677a6a049e6958e794e87ea1ae0b511f9456991a7356a3be7e32497988d4d46ec67691ea"}, 0x80)
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000040)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x200000], 0x0, 0x80200})
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
ioctl$KVM_INTERRUPT(0xffffffffffffffff, 0x4004ae86, &(0x7f0000000240))
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
getdents64(r5, &(0x7f00000000c0)=""/61, 0xfec4)

388.509581ms ago: executing program 3 (id=1194):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={0x68, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_SEQ_ADJ_REPLY={0x4}]}, 0x68}}, 0x0)

0s ago: executing program 1 (id=1196):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1e7d, 0x30d4, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r1}, 0x10)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f00000000c0)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0x0, "f81d36c1"}, @main, @local]}}, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   78.626208][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   78.639344][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   78.651141][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   78.680703][ T3639] device veth0_vlan entered promiscuous mode
[   78.692263][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   78.707798][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   78.720874][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   78.734688][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   78.745113][ T3648] device veth0_vlan entered promiscuous mode
[   78.754208][ T3647] device veth1_vlan entered promiscuous mode
[   78.776842][ T3639] device veth1_vlan entered promiscuous mode
[   78.811447][ T3640] 8021q: adding VLAN 0 to HW filter on device batadv0
[   78.829124][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   78.840963][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   78.851988][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   78.863785][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[   78.874176][   T61] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[   78.922316][ T3648] device veth1_vlan entered promiscuous mode
[   78.953284][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[   78.965068][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   78.978554][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   78.990570][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   79.027024][ T3647] device veth0_macvtap entered promiscuous mode
[   79.065367][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[   79.078975][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   79.093625][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   79.105376][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   79.121573][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[   79.133493][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[   79.152488][ T3647] device veth1_macvtap entered promiscuous mode
[   79.199795][ T3648] device veth0_macvtap entered promiscuous mode
[   79.229481][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   79.239860][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   79.249606][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   79.260004][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   79.272861][ T3647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.285396][ T3647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.300567][ T3647] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.312896][ T3648] device veth1_macvtap entered promiscuous mode
[   79.323959][ T3639] device veth0_macvtap entered promiscuous mode
[   79.337368][ T3639] device veth1_macvtap entered promiscuous mode
[   79.350486][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   79.359163][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   79.361554][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   79.377165][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   79.377612][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[   79.394388][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   79.403635][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   79.415222][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   79.428405][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[   79.437463][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[   79.454920][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[   79.465085][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[   79.477658][ T3647] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.488408][ T3647] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.500274][ T3647] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.517389][ T3647] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   79.530888][ T3647] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   79.541254][ T3647] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   79.550937][ T3647] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   79.574996][ T3640] device veth0_vlan entered promiscuous mode
[   79.584076][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   79.595066][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   79.614105][ T3648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.626847][ T3648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.640459][ T3648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.657781][ T3648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.671729][ T3648] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.697094][ T3648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.708736][ T3648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.721731][ T3648] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   79.735388][ T3648] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.750781][ T3648] batman_adv: batadv0: Interface activated: batadv_slave_1
[   79.767899][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   79.779902][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   79.790737][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   79.802390][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   79.830428][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.842421][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.853643][   T48] Bluetooth: hci0: command tx timeout
[   79.854714][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.859447][   T48] Bluetooth: hci3: command tx timeout
[   79.877301][ T3657] Bluetooth: hci2: command tx timeout
[   79.878408][   T48] Bluetooth: hci1: command tx timeout
[   79.882780][ T3657] Bluetooth: hci4: command tx timeout
[   79.901881][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.913628][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   79.931145][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   79.944236][ T3639] batman_adv: batadv0: Interface activated: batadv_slave_0
[   79.976889][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   79.988214][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   80.001355][ T3648] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.021922][ T3648] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.035096][ T3648] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.046278][ T3648] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.063351][ T3640] device veth1_vlan entered promiscuous mode
[   80.088316][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.092463][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.110691][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.112765][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.123311][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.145047][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.156738][ T3639] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.168635][ T3639] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.180667][ T3639] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.198504][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   80.217682][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   80.228189][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   80.247182][ T3639] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.260956][ T3639] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.271658][ T3639] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.281831][ T3639] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.397713][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[   80.413056][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[   80.449705][ T3640] device veth0_macvtap entered promiscuous mode
[   80.466268][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[   80.522614][ T3640] device veth1_macvtap entered promiscuous mode
[   80.543826][   T26] audit: type=1326 audit(1725119898.191:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3725 comm="syz.2.3" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0ad0779eb9 code=0x0
[   80.636601][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.646580][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.668611][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.680348][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.693138][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.708151][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.725416][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.748742][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.765196][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   80.783330][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.803378][ T3640] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.822815][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   80.832802][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[   80.856538][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[   80.899851][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.914342][   T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.920624][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.930953][   T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.940679][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.956396][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.968300][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   80.979431][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   80.990158][ T3640] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   81.000915][ T3640] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.019711][ T3640] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.030150][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.035030][ T3640] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.052990][ T3640] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.056415][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.063280][ T3640] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.079559][ T3640] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.102301][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   81.110903][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[   81.120286][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[   81.130542][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   81.185473][   T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.202573][   T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.240132][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   81.266014][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.299963][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.308685][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.326388][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.345910][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   81.356927][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   81.404507][ T3704] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.435473][ T3704] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.521898][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   81.573884][   T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.607185][  T152] cfg80211: failed to load regulatory.db
[   81.631408][   T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.694112][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[   81.737764][ T3733] loop0: detected capacity change from 0 to 512
[   81.865797][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   81.875625][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[   81.902056][ T3733] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[   81.967348][ T3733] ext4 filesystem being mounted at /0/file0 supports timestamps until 2038 (0x7fffffff)
[   82.889438][ T3759] loop2: detected capacity change from 0 to 512
[   82.933954][ T3733] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[   82.940703][ T3759] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   83.017506][ T3733] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 64512
[   83.029566][ T3733] EXT4-fs error (device loop0): ext4_acquire_dquot:6800: comm syz.0.1: Failed to acquire dquot type 0
[   83.055139][ T3755] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #2: block 3: comm syz.0.1: bad entry in directory: rec_len is smaller than minimal - offset=16444, inode=113, rec_len=0, size=2048 fake=0
[   83.107901][ T3759] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[   83.205897][ T3690] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   83.257641][ T3759] EXT4-fs (loop2): 1 orphan inode deleted
[   83.277432][ T3762] EXT4-fs (loop0): re-mounted. Quota mode: writeback.
[   83.295268][ T3759] EXT4-fs (loop2): 1 truncate cleaned up
[   83.296998][ T3733] Quota error (device loop0): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0
[   83.301250][ T3759] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[   83.379249][ T3733] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[   83.442442][ T3733] EXT4-fs error (device loop0): ext4_acquire_dquot:6800: comm syz.0.1: Failed to acquire dquot type 0
[   83.515801][ T3690] usb 5-1: Using ep0 maxpacket: 16
[   83.557570][ T3650] EXT4-fs (loop2): unmounting filesystem.
[   83.666996][ T3690] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   83.683880][ T3690] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   83.730817][ T3690] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   83.782884][ T3769] Zero length message leads to an empty skb
[   83.796281][ T3647] EXT4-fs (loop0): unmounting filesystem.
[   83.965933][ T3690] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   83.984116][ T3690] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   84.017207][ T3690] usb 5-1: Product: syz
[   84.029801][ T3690] usb 5-1: Manufacturer: syz
[   84.052852][ T3690] usb 5-1: SerialNumber: syz
[   84.271699][ T3778] netlink: 24 bytes leftover after parsing attributes in process `syz.2.13'.
[   84.672698][ T3782] No such timeout policy "syz1"
[   84.681734][    C0] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies.  Check SNMP counters.
[   85.606538][    T0] NOHZ tick-stop error: local softirq work is pending, handler #20a!!!
[   85.803159][ T3784] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   85.973582][ T3789] capability: warning: `syz.2.15' uses 32-bit capabilities (legacy support in use)
[   86.234688][ T3792] process 'syz.3.16' launched './file0' with NULL argv: empty string added
[   86.385858][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   86.391341][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   86.394770][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   86.756019][ T3690] usb 5-1: 2:1 : format type 0 is detected, processed as PCM
[   86.763762][ T3690] usb 5-1: 2:1 : sample bitwidth 89 in over sample bytes 2
[   86.845447][ T3690] usb 5-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[   87.055702][ T3690] usb 5-1: USB disconnect, device number 2
[   87.287472][ T3722] udevd[3722]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   87.584086][ T3803] syz.4.18 uses obsolete (PF_INET,SOCK_PACKET)
[   87.694512][ T3803] netlink: 20 bytes leftover after parsing attributes in process `syz.4.18'.
[   89.055155][ T3825] netlink: 24 bytes leftover after parsing attributes in process `syz.1.24'.
[   90.096836][ T3652] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0
[   90.105774][ T3652] Bluetooth: hci4: Injecting HCI hardware error event
[   90.114593][ T3652] Bluetooth: hci4: hardware error 0x00
[   92.175700][ T3652] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[   93.915745][ T3876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.36'.
[   94.003290][ T3876] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   94.082942][ T3876] batman_adv: batadv0: Removing interface: batadv_slave_0
[   94.162180][ T3876] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   94.194292][ T3876] batman_adv: batadv0: Removing interface: batadv_slave_1
[   95.505312][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.696056][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.811751][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   96.436483][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.276301][ T3897] netlink: 'syz.4.42': attribute type 12 has an invalid length.
[   99.051401][ T3918] netlink: 72 bytes leftover after parsing attributes in process `syz.1.49'.
[   99.401197][ T3927] device syzkaller1 entered promiscuous mode
[   99.530093][ T3927] netlink: 20 bytes leftover after parsing attributes in process `syz.2.50'.
[  101.065449][ T3933] netlink: 'syz.4.52': attribute type 3 has an invalid length.
[  101.075409][ T3933] netlink: 'syz.4.52': attribute type 3 has an invalid length.
[  103.023752][   T26] audit: type=1326 audit(1725119920.671:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  103.164692][   T26] audit: type=1326 audit(1725119920.671:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  103.263268][   T26] audit: type=1326 audit(1725119920.721:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  103.352567][ T3956] hub 9-0:1.0: USB hub found
[  103.363447][   T26] audit: type=1326 audit(1725119920.731:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  103.413090][ T3956] hub 9-0:1.0: 8 ports detected
[  103.519475][   T26] audit: type=1326 audit(1725119920.731:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  103.627809][   T26] audit: type=1326 audit(1725119920.731:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  103.720892][   T26] audit: type=1326 audit(1725119920.731:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  103.839942][   T26] audit: type=1326 audit(1725119920.731:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  103.872239][ T3964] __vm_enough_memory: pid: 3964, comm: syz.2.60, no enough memory for the allocation
[  103.995687][   T26] audit: type=1326 audit(1725119920.741:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  104.040105][ T3965] netlink: 20 bytes leftover after parsing attributes in process `syz.2.60'.
[  104.165932][   T26] audit: type=1326 audit(1725119920.741:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3953 comm="syz.2.58" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0ad0779eb9 code=0x7ffc0000
[  104.349633][ T3977] netlink: 'syz.1.63': attribute type 3 has an invalid length.
[  104.371398][ T3977] netlink: 'syz.1.63': attribute type 3 has an invalid length.
[  106.261772][ T3987] syz.2.68 (3987) used greatest stack depth: 19512 bytes left
[  111.678788][ T4024] netlink: 16 bytes leftover after parsing attributes in process `syz.3.77'.
[  111.693316][ T4024] netlink: 16 bytes leftover after parsing attributes in process `syz.3.77'.
[  113.635840][ T4070] Bluetooth: MGMT ver 1.22
[  113.755281][ T4047] loop3: detected capacity change from 0 to 40427
[  113.832300][ T4047] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  113.874380][ T4047] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  113.894455][ T4047] F2FS-fs (loop3): invalid crc value
[  113.923365][ T4047] F2FS-fs (loop3): Found nat_bits in checkpoint
[  114.130737][ T4047] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  114.148466][ T4047] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  114.418922][   T46] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  114.450909][   T46] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  115.785202][ T3652] Bluetooth: hci0: Malformed Event: 0x13
[  118.162858][ T4137] netlink: 'syz.4.117': attribute type 12 has an invalid length.
[  119.526371][ T4153] binder: 4152:4153 ioctl 4018620d 0 returned -22
[  119.573164][ T4151] device vlan2 entered promiscuous mode
[  119.603097][ T4151] device wlan1 entered promiscuous mode
[  120.429163][ T4180] netlink: 'syz.0.132': attribute type 12 has an invalid length.
[  121.301912][ T4188] binder: 4186:4188 ioctl 4018620d 0 returned -22
[  121.978731][ T4209] loop2: detected capacity change from 0 to 2048
[  122.014247][ T4211] device syzkaller1 entered promiscuous mode
[  122.089789][ T4209] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  122.156288][ T4211] netlink: 20 bytes leftover after parsing attributes in process `syz.4.142'.
[  122.484901][ T4221] usb usb8: usbfs: process 4221 (syz.2.143) did not claim interface 0 before use
[  123.067547][ T3650] EXT4-fs (loop2): unmounting filesystem.
[  123.730257][ T4235] binder: 4234:4235 ioctl 4018620d 0 returned -22
[  124.409534][ T4256] vhci_hcd: default hub control req: 6012 v0002 i0006 l0
[  124.892953][ T4262] device syzkaller1 entered promiscuous mode
[  124.997142][ T4262] netlink: 20 bytes leftover after parsing attributes in process `syz.4.158'.
[  125.126371][ T3766] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  125.406392][ T3766] usb 3-1: Using ep0 maxpacket: 32
[  125.545669][ T3766] usb 3-1: config 0 has no interfaces?
[  125.736007][ T3766] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  125.751788][ T4275] netlink: 8 bytes leftover after parsing attributes in process `syz.3.163'.
[  125.765732][ T3766] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  125.784333][ T3766] usb 3-1: Product: syz
[  125.803457][ T3766] usb 3-1: Manufacturer: syz
[  125.821128][ T3766] usb 3-1: SerialNumber: syz
[  125.853498][ T3766] usb 3-1: config 0 descriptor??
[  126.181786][ T3691] usb 3-1: USB disconnect, device number 2
[  127.185347][ T4319] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  127.430511][ T4319] vhci_hcd: default hub control req: 6012 v0002 i0006 l0
[  127.944972][ T4337] loop4: detected capacity change from 0 to 4096
[  128.012519][ T4337] ntfs3: loop4: Different NTFS' sector size (2048) and media sector size (512)
[  128.121279][ T4337] ntfs3: loop4: Mark volume as dirty due to NTFS errors
[  128.302418][   T46] ntfs3: loop4: ntfs3_write_inode r=5 failed, -22.
[  128.414629][ T3648] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22.
[  129.262238][ T4356] netlink: 'syz.4.192': attribute type 1 has an invalid length.
[  129.431006][ T4356] 8021q: adding VLAN 0 to HW filter on device bond1
[  129.550277][ T4358] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  129.641611][ T4359] device vlan3 entered promiscuous mode
[  129.686728][ T4359] device bond1 entered promiscuous mode
[  129.692384][ T4359] device ip6gretap1 entered promiscuous mode
[  129.910066][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  132.405679][ T3652] Bluetooth: hci2: command 0x0406 tx timeout
[  132.597749][ T4403] netlink: 'syz.3.207': attribute type 1 has an invalid length.
[  132.651520][ T4403] 8021q: adding VLAN 0 to HW filter on device bond1
[  132.736731][ T4405] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link
[  132.785611][ T4403] device vlan2 entered promiscuous mode
[  132.801850][ T4383] loop1: detected capacity change from 0 to 40427
[  132.804057][ T4403] device bond1 entered promiscuous mode
[  132.825926][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  132.832679][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  132.850308][ T4383] F2FS-fs (loop1): Invalid SB checksum offset: 0
[  132.862853][ T4383] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  132.873019][ T4403] device ip6gretap1 entered promiscuous mode
[  132.890273][ T3730] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  132.932926][ T4383] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  133.092778][ T4412] netlink: 16 bytes leftover after parsing attributes in process `syz.3.208'.
[  133.119967][ T4383] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  133.120977][ T4412] netlink: 16 bytes leftover after parsing attributes in process `syz.3.208'.
[  133.137884][ T4383] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  133.545691][ T4419] netlink: 104 bytes leftover after parsing attributes in process `syz.3.211'.
[  134.726509][ T3652] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  134.737876][ T3652] Bluetooth: hci3: Injecting HCI hardware error event
[  134.750254][ T3657] Bluetooth: hci3: hardware error 0x00
[  135.071760][ T4437] loop3: detected capacity change from 0 to 256
[  135.153230][ T4437] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  136.806045][ T3657] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  137.203401][ T4473] loop2: detected capacity change from 0 to 256
[  137.273384][ T4473] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  139.943185][ T4515] loop4: detected capacity change from 0 to 256
[  140.002936][ T4515] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  141.452603][ T4532] net veth1_virt_wifi ªªªªªª: renamed from virt_wifi0
[  142.776611][ T4550] =======================================================
[  142.776611][ T4550] WARNING: The mand mount option has been deprecated and
[  142.776611][ T4550]          and is ignored by this kernel. Remove the mand
[  142.776611][ T4550]          option from the mount to silence this warning.
[  142.776611][ T4550] =======================================================
[  143.385591][    T7] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  144.515992][    T7] usb 5-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  145.419072][    T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.435002][    T7] usb 5-1: config 0 descriptor??
[  146.865910][    T7] pegasus: probe of 5-1:0.0 failed with error -71
[  146.876068][    T7] usb 5-1: USB disconnect, device number 3
[  147.520611][ T4588] loop1: detected capacity change from 0 to 2048
[  147.656514][ T4588] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  147.793377][ T4602] netlink: 'syz.3.272': attribute type 1 has an invalid length.
[  147.926123][ T4602] 8021q: adding VLAN 0 to HW filter on device bond2
[  148.027824][ T4611] usb usb8: usbfs: process 4611 (syz.1.268) did not claim interface 0 before use
[  148.293595][ T4605] device vlan3 entered promiscuous mode
[  148.319229][ T4605] device bond2 entered promiscuous mode
[  148.607700][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  148.842223][ T4622] binder: 4621:4622 ioctl c0306201 0 returned -14
[  149.654582][ T4622] binder: BINDER_SET_CONTEXT_MGR already set
[  149.696295][ T4622] binder: 4621:4622 ioctl 4018620d 20000040 returned -16
[  150.756604][ T4641] netlink: 'syz.0.281': attribute type 12 has an invalid length.
[  151.690882][ T4650] loop1: detected capacity change from 0 to 2048
[  151.812633][ T4650] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  152.234395][ T4662] usb usb8: usbfs: process 4662 (syz.1.286) did not claim interface 0 before use
[  153.017507][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  153.114739][ T4667] binder: 4666:4667 ioctl c0306201 0 returned -14
[  154.407095][ T4682] loop0: detected capacity change from 0 to 256
[  154.429064][ T4682] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  154.449074][ T4677] device syzkaller1 entered promiscuous mode
[  154.631904][ T4677] netlink: 20 bytes leftover after parsing attributes in process `syz.3.292'.
[  155.919607][ T4692] syz.2.298[4692] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  155.919740][ T4692] syz.2.298[4692] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  156.258125][ T4697] loop4: detected capacity change from 0 to 2048
[  156.364002][ T4697] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  156.668932][ T4702] usb usb8: usbfs: process 4702 (syz.4.300) did not claim interface 0 before use
[  157.231365][ T3648] EXT4-fs (loop4): unmounting filesystem.
[  160.571353][ T4725] loop0: detected capacity change from 0 to 256
[  160.594160][ T4725] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  161.375530][ T4743] netlink: 'syz.0.311': attribute type 12 has an invalid length.
[  162.252250][ T4745] loop4: detected capacity change from 0 to 2048
[  162.447480][ T4745] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  163.587819][ T4754] usb usb8: usbfs: process 4754 (syz.4.313) did not claim interface 0 before use
[  164.966750][ T3648] EXT4-fs (loop4): unmounting filesystem.
[  166.045644][ T4766] loop4: detected capacity change from 0 to 1764
[  166.085077][ T4774] loop2: detected capacity change from 0 to 256
[  166.155825][ T4774] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  167.394059][ T4788] loop1: detected capacity change from 0 to 2048
[  168.616585][ T4788] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  168.927992][ T4810] usb usb8: usbfs: process 4810 (syz.1.326) did not claim interface 0 before use
[  169.438162][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  171.395484][    C0] sched: RT throttling activated
[  171.631974][ T4823] loop1: detected capacity change from 0 to 1764
[  171.784536][ T4828] loop1: detected capacity change from 0 to 256
[  171.808483][ T4828] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  173.021943][ T4849] loop1: detected capacity change from 0 to 2048
[  173.161201][ T4849] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  175.088334][ T4862] usb usb8: usbfs: process 4862 (syz.1.341) did not claim interface 0 before use
[  175.739085][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  176.029828][ T4872] loop1: detected capacity change from 0 to 1764
[  176.120871][ T4874] loop2: detected capacity change from 0 to 256
[  176.167580][ T4874] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  179.032018][ T4895] loop3: detected capacity change from 0 to 2048
[  179.254130][ T4895] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  180.052231][ T4906] usb usb8: usbfs: process 4906 (syz.3.355) did not claim interface 0 before use
[  181.882673][ T3640] EXT4-fs (loop3): unmounting filesystem.
[  182.217650][ T4917] loop4: detected capacity change from 0 to 256
[  182.248724][ T4917] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  191.369252][ T4948] loop3: detected capacity change from 0 to 2048
[  192.337853][ T4948] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  192.517203][ T3652] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  192.532654][ T3652] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  192.541291][ T3652] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  192.554948][ T3652] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  193.358371][ T4972] usb usb8: usbfs: process 4972 (syz.3.371) did not claim interface 0 before use
[  193.775833][   T48] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  193.817078][   T48] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  193.908559][ T3640] EXT4-fs (loop3): unmounting filesystem.
[  193.998369][ T3704] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  194.263126][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  194.271796][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  195.053247][ T3704] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.085932][ T3655] Bluetooth: hci2: Malformed Event: 0x13
[  195.206144][ T3704] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.429038][ T3704] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  195.492168][ T4995] netlink: 8 bytes leftover after parsing attributes in process `syz.2.381'.
[  195.841987][ T4964] chnl_net:caif_netlink_parms(): no params data found
[  195.925793][ T3655] Bluetooth: hci3: command tx timeout
[  196.576846][ T3652] Bluetooth: hci1: command 0x0406 tx timeout
[  196.583673][ T3652] Bluetooth: hci0: command 0x0406 tx timeout
[  197.459357][ T4964] bridge0: port 1(bridge_slave_0) entered blocking state
[  197.488832][ T4964] bridge0: port 1(bridge_slave_0) entered disabled state
[  197.522429][ T4964] device bridge_slave_0 entered promiscuous mode
[  197.569405][ T4964] bridge0: port 2(bridge_slave_1) entered blocking state
[  197.596291][ T5015] loop4: detected capacity change from 0 to 2048
[  197.610140][ T4964] bridge0: port 2(bridge_slave_1) entered disabled state
[  197.621359][ T4964] device bridge_slave_1 entered promiscuous mode
[  198.512853][   T48] Bluetooth: hci3: command tx timeout
[  198.539826][ T5015] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  198.668108][ T4964] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  198.702642][ T4964] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  198.829075][ T4964] team0: Port device team_slave_0 added
[  198.909172][ T5022] usb usb8: usbfs: process 5022 (syz.4.386) did not claim interface 0 before use
[  199.341549][ T3648] EXT4-fs (loop4): unmounting filesystem.
[  199.470308][ T4964] team0: Port device team_slave_1 added
[  199.635815][ T4964] batman_adv: batadv0: Adding interface: batadv_slave_0
[  200.532836][ T4964] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  200.567645][   T48] Bluetooth: hci3: command tx timeout
[  200.569144][ T4964] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  200.604989][ T4964] batman_adv: batadv0: Adding interface: batadv_slave_1
[  200.612240][ T4964] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  200.638655][ T4964] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  201.464852][ T5043] netlink: 16 bytes leftover after parsing attributes in process `syz.3.392'.
[  201.651647][ T4964] device hsr_slave_0 entered promiscuous mode
[  201.694898][ T4964] device hsr_slave_1 entered promiscuous mode
[  201.718410][ T4964] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  201.734319][ T4964] Cannot create hsr debugfs directory
[  201.922328][ T5050] loop3: detected capacity change from 0 to 2048
[  202.368753][ T5050] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  202.646043][ T3655] Bluetooth: hci3: command tx timeout
[  202.963333][ T5061] usb usb8: usbfs: process 5061 (syz.3.396) did not claim interface 0 before use
[  203.742129][ T3640] EXT4-fs (loop3): unmounting filesystem.
[  203.749258][ T3704] device hsr_slave_0 left promiscuous mode
[  203.782886][ T3704] device hsr_slave_1 left promiscuous mode
[  203.811949][ T3704] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  203.832088][ T3704] batman_adv: batadv0: Removing interface: batadv_slave_0
[  203.854701][ T3704] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  203.876068][ T3704] batman_adv: batadv0: Removing interface: batadv_slave_1
[  203.892402][ T3704] device bridge_slave_1 left promiscuous mode
[  203.903379][ T3704] bridge0: port 2(bridge_slave_1) entered disabled state
[  203.918590][ T3704] device bridge_slave_0 left promiscuous mode
[  203.924938][ T3704] bridge0: port 1(bridge_slave_0) entered disabled state
[  203.960243][ T3704] device veth1_macvtap left promiscuous mode
[  203.966940][ T3704] device veth0_macvtap left promiscuous mode
[  203.973168][ T3704] device veth1_vlan left promiscuous mode
[  203.981256][ T3704] device veth0_vlan left promiscuous mode
[  207.473160][ T3704] team0 (unregistering): Port device team_slave_1 removed
[  207.522008][ T3704] team0 (unregistering): Port device team_slave_0 removed
[  207.563796][ T3704] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  207.611150][ T3704] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  207.847486][ T5084] netlink: 16 bytes leftover after parsing attributes in process `syz.3.402'.
[  208.036144][ T5089] loop1: detected capacity change from 0 to 256
[  208.080282][ T5089] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  208.432333][ T3704] bond0 (unregistering): Released all slaves
[  208.677646][ T5097] netlink: 28 bytes leftover after parsing attributes in process `syz.2.408'.
[  208.852403][   T48] Bluetooth: hci1: Malformed Event: 0x13
[  209.774223][ T5106] netlink: 'syz.3.412': attribute type 1 has an invalid length.
[  209.799918][ T5110] netlink: 16 bytes leftover after parsing attributes in process `syz.4.413'.
[  209.843336][ T5106] 8021q: adding VLAN 0 to HW filter on device bond3
[  209.879820][ T5108] device vlan4 entered promiscuous mode
[  209.900623][ T5108] device bond3 entered promiscuous mode
[  210.223226][ T5119] loop3: detected capacity change from 0 to 256
[  210.355081][ T5119] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  211.523025][ T4964] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  211.624393][ T4964] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  211.638896][ T4964] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  212.138444][ T4964] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  212.883621][ T4964] 8021q: adding VLAN 0 to HW filter on device bond0
[  212.930177][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  212.945302][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  212.968896][ T4964] 8021q: adding VLAN 0 to HW filter on device team0
[  213.041828][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  213.058746][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  213.089922][ T5134] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.097158][ T5134] bridge0: port 1(bridge_slave_0) entered forwarding state
[  213.173122][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  213.355758][ T5144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.424'.
[  213.362590][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  214.287706][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  214.506436][ T5134] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.513590][ T5134] bridge0: port 2(bridge_slave_1) entered forwarding state
[  214.553922][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  214.571434][ T5157] loop1: detected capacity change from 0 to 256
[  214.582053][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  214.602484][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  214.612341][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  214.631989][ T5157] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  214.821509][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  214.832394][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  214.848124][ T3754] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  216.465789][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  216.493172][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  216.512843][   T48] Bluetooth: hci0: Malformed Event: 0x13
[  216.573730][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  216.641025][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  216.810945][ T5179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.436'.
[  217.701337][ T4964] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  218.510823][ T5193] loop2: detected capacity change from 0 to 256
[  218.579878][ T5193] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  220.549615][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  220.558221][ T5134] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  220.620820][ T4964] 8021q: adding VLAN 0 to HW filter on device batadv0
[  220.727866][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  220.760410][ T5218] netlink: 8 bytes leftover after parsing attributes in process `syz.1.447'.
[  220.767060][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  220.902718][ T4964] device veth0_vlan entered promiscuous mode
[  220.935391][ T4964] device veth1_vlan entered promiscuous mode
[  220.974610][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  220.989743][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  221.002858][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  221.201686][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  221.334556][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  221.469400][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  221.829935][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  221.848596][ T3748] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  221.876936][ T4964] device veth0_macvtap entered promiscuous mode
[  221.888594][ T4964] device veth1_macvtap entered promiscuous mode
[  222.594059][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.688120][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.698136][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.708946][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.718887][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  222.729636][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.742076][ T4964] batman_adv: batadv0: Interface activated: batadv_slave_0
[  222.753044][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.763766][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.782429][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.827336][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.868069][ T4964] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  222.914258][ T4964] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  222.932028][ T5238] loop4: detected capacity change from 0 to 256
[  223.014373][ T4964] batman_adv: batadv0: Interface activated: batadv_slave_1
[  224.398325][ T5238] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  224.407087][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  224.496743][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  224.507010][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  224.516159][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  224.525214][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  224.540136][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  224.571962][ T4964] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  224.599825][ T4964] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  224.619017][ T4964] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  224.648014][ T4964] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.002846][ T3704] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  225.014002][    T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  225.037315][    T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  225.038187][ T3704] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  225.066134][ T3704] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  226.643452][ T4674] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  227.351889][ T5271] loop3: detected capacity change from 0 to 256
[  227.419256][ T5271] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  227.555927][   T48] Bluetooth: hci0: Malformed Event: 0x13
[  231.426923][ T5296] netlink: 'syz.3.472': attribute type 1 has an invalid length.
[  231.449551][ T5296] 8021q: adding VLAN 0 to HW filter on device bond4
[  231.468298][ T5296] device vlan5 entered promiscuous mode
[  231.473903][ T5296] device bond4 entered promiscuous mode
[  232.662879][ T5315] loop2: detected capacity change from 0 to 256
[  232.756809][   T48] Bluetooth: hci0: Malformed Event: 0x13
[  232.778196][ T5315] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  234.310384][ T5336] netlink: 'syz.1.485': attribute type 12 has an invalid length.
[  234.851583][ T5347] binder: 5345:5347 ioctl 4018620d 0 returned -22
[  236.262852][   T48] Bluetooth: hci3: Malformed Event: 0x13
[  236.377431][ T5360] device syzkaller1 entered promiscuous mode
[  236.429781][ T5360] netlink: 20 bytes leftover after parsing attributes in process `syz.1.493'.
[  236.449341][ T5373] loop0: detected capacity change from 0 to 256
[  236.499339][ T5373] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  236.763626][ T5384] binder: 5383:5384 ioctl 4018620d 0 returned -22
[  236.908921][ T5386] netlink: 16 bytes leftover after parsing attributes in process `syz.3.502'.
[  236.964621][ T5386] netlink: 40 bytes leftover after parsing attributes in process `syz.3.502'.
[  237.235342][ T5391] netlink: 'syz.0.504': attribute type 12 has an invalid length.
[  237.949223][ T5396] netlink: 'syz.3.506': attribute type 1 has an invalid length.
[  238.657099][ T5396] 8021q: adding VLAN 0 to HW filter on device bond5
[  239.048008][ T5404] device vlan6 entered promiscuous mode
[  239.053678][ T5404] device bond5 entered promiscuous mode
[  239.085968][   T48] Bluetooth: hci0: Malformed Event: 0x13
[  239.199326][ T5416] binder: 5415:5416 ioctl 4018620d 0 returned -22
[  239.382214][ T5424] netlink: 16 bytes leftover after parsing attributes in process `syz.1.516'.
[  239.428241][ T5424] netlink: 40 bytes leftover after parsing attributes in process `syz.1.516'.
[  240.828168][   T48] Bluetooth: hci3: Malformed Event: 0x13
[  240.922921][ T5449] netlink: 'syz.4.522': attribute type 12 has an invalid length.
[  241.067663][ T5453] binder: 5452:5453 ioctl c0306201 0 returned -14
[  241.188108][ T5459] loop3: detected capacity change from 0 to 1764
[  243.034958][   T48] Bluetooth: hci2: Malformed Event: 0x13
[  244.311401][ T5494] binder: 5493:5494 ioctl c0306201 0 returned -14
[  244.787241][ T5505] netlink: 'syz.2.542': attribute type 12 has an invalid length.
[  245.389573][ T5500] loop1: detected capacity change from 0 to 1764
[  245.601456][ T5509] netlink: 'syz.3.544': attribute type 1 has an invalid length.
[  245.791805][ T5509] 8021q: adding VLAN 0 to HW filter on device bond6
[  245.949977][ T5515] device vlan7 entered promiscuous mode
[  245.968940][ T5515] device bond6 entered promiscuous mode
[  246.965574][ T5525] netlink: 48 bytes leftover after parsing attributes in process `syz.3.547'.
[  247.973476][ T5532] netlink: 80 bytes leftover after parsing attributes in process `syz.1.552'.
[  247.985126][ T5535] binder: 5533:5535 ioctl c0306201 0 returned -14
[  248.460445][ T5543] loop2: detected capacity change from 0 to 1764
[  248.653229][ T5545] netlink: 'syz.1.556': attribute type 12 has an invalid length.
[  248.752092][ T5548] netlink: 'syz.0.557': attribute type 1 has an invalid length.
[  248.822398][ T5548] device vlan2 entered promiscuous mode
[  248.845634][ T5548] device veth1_virt_wifi entered promiscuous mode
[  249.043613][ T5555] netlink: 48 bytes leftover after parsing attributes in process `syz.3.560'.
[  250.667392][ T5568] netlink: 80 bytes leftover after parsing attributes in process `syz.0.565'.
[  251.047902][ T5579] loop4: detected capacity change from 0 to 1764
[  251.269672][ T5581] netlink: 'syz.2.571': attribute type 12 has an invalid length.
[  251.620021][ T5593] netlink: 48 bytes leftover after parsing attributes in process `syz.4.574'.
[  254.424959][ T5613] netlink: 80 bytes leftover after parsing attributes in process `syz.1.580'.
[  254.728240][ T5620] loop1: detected capacity change from 0 to 1764
[  255.729830][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  255.740864][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  255.815611][ T3691] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  256.640638][ T5648] netlink: 80 bytes leftover after parsing attributes in process `syz.2.594'.
[  256.732729][ T3691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  256.743984][ T3691] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  256.758339][ T3691] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  256.767897][ T3691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  256.778144][ T3691] usb 5-1: config 0 descriptor??
[  256.796823][ T5652] loop1: detected capacity change from 0 to 1764
[  257.279789][ T3691] plantronics 0003:047F:FFFF.0001: No inputs registered, leaving
[  257.404316][ T3691] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  259.007899][ T3714] usb 5-1: USB disconnect, device number 4
[  259.268757][ T5690] netlink: 16 bytes leftover after parsing attributes in process `syz.4.611'.
[  259.301598][ T5690] netlink: 36 bytes leftover after parsing attributes in process `syz.4.611'.
[  259.499576][ T5695] loop2: detected capacity change from 0 to 1764
[  261.668517][ T5722] netlink: 16 bytes leftover after parsing attributes in process `syz.0.624'.
[  261.683142][ T5722] netlink: 36 bytes leftover after parsing attributes in process `syz.0.624'.
[  261.908605][ T5726] loop2: detected capacity change from 0 to 1764
[  261.958291][ T5728] netlink: 104 bytes leftover after parsing attributes in process `syz.0.627'.
[  264.914223][ T5759] netlink: 16 bytes leftover after parsing attributes in process `syz.2.639'.
[  264.935496][ T5759] netlink: 36 bytes leftover after parsing attributes in process `syz.2.639'.
[  265.010873][ T5768] loop0: detected capacity change from 0 to 1764
[  268.516728][ T5785] device syzkaller1 entered promiscuous mode
[  268.585216][ T5785] netlink: 20 bytes leftover after parsing attributes in process `syz.2.644'.
[  269.310298][ T5803] binder: 5802:5803 ioctl c0306201 0 returned -14
[  270.778358][ T5812] loop0: detected capacity change from 0 to 1764
[  272.530245][ T5829] netlink: 104 bytes leftover after parsing attributes in process `syz.0.658'.
[  273.554032][ T5836] netlink: 16 bytes leftover after parsing attributes in process `syz.4.662'.
[  273.563136][ T5836] netlink: 52 bytes leftover after parsing attributes in process `syz.4.662'.
[  273.617269][ T5839] binder: 5837:5839 ioctl c0306201 0 returned -14
[  273.674275][ T5843] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  274.975114][ T5843] vhci_hcd: default hub control req: 6012 v0002 i0006 l0
[  275.090461][ T5859] loop0: detected capacity change from 0 to 1764
[  275.342585][ T5870] netlink: 16 bytes leftover after parsing attributes in process `syz.0.674'.
[  275.374677][ T5870] netlink: 48 bytes leftover after parsing attributes in process `syz.0.674'.
[  275.508741][ T5873] binder: 5872:5873 ioctl c0306201 0 returned -14
[  275.540137][ T5875] netlink: 104 bytes leftover after parsing attributes in process `syz.0.676'.
[  276.526018][ T3691] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  277.127146][ T3691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.137477][ T3691] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  277.210381][ T3691] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  277.293640][ T3691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.916731][ T3691] usb 5-1: config 0 descriptor??
[  277.968691][ T3691] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  278.154472][ T5899] loop2: detected capacity change from 0 to 1764
[  278.168866][ T5901] netlink: 16 bytes leftover after parsing attributes in process `syz.3.686'.
[  278.182289][ T5901] netlink: 48 bytes leftover after parsing attributes in process `syz.3.686'.
[  278.275663][ T3691] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  278.380571][ T5909] netlink: 104 bytes leftover after parsing attributes in process `syz.2.690'.
[  279.151711][ T3691] usb 1-1: Using ep0 maxpacket: 32
[  279.335802][ T3691] usb 1-1: config 0 has no interfaces?
[  279.391390][ T4893] usb 5-1: USB disconnect, device number 5
[  279.660735][ T3691] usb 1-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  279.680322][ T3691] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  279.713820][ T3691] usb 1-1: Product: syz
[  279.727611][ T3691] usb 1-1: Manufacturer: syz
[  279.739919][ T3691] usb 1-1: SerialNumber: syz
[  279.747761][ T3691] usb 1-1: config 0 descriptor??
[  279.840201][ T5930] loop4: detected capacity change from 0 to 1764
[  279.958046][ T5935] netlink: 16 bytes leftover after parsing attributes in process `syz.4.699'.
[  279.968720][ T5935] netlink: 48 bytes leftover after parsing attributes in process `syz.4.699'.
[  279.990833][ T3691] usb 1-1: USB disconnect, device number 2
[  283.802012][ T5962] netlink: 16 bytes leftover after parsing attributes in process `syz.4.710'.
[  283.842354][ T5962] netlink: 40 bytes leftover after parsing attributes in process `syz.4.710'.
[  284.336608][ T5981] netlink: 'syz.0.717': attribute type 12 has an invalid length.
[  286.228211][   T26] kauditd_printk_skb: 12 callbacks suppressed
[  286.228228][   T26] audit: type=1326 audit(1725120103.881:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  286.407572][   T26] audit: type=1326 audit(1725120103.881:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  286.483165][   T26] audit: type=1326 audit(1725120103.881:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  286.580661][   T26] audit: type=1326 audit(1725120103.881:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  286.676881][   T26] audit: type=1326 audit(1725120103.881:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  286.742799][   T26] audit: type=1326 audit(1725120103.881:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  286.784694][ T6005] 9pnet: Could not find request transport: fd0xffffffffffffffff
[  286.814438][   T26] audit: type=1326 audit(1725120103.881:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5991 comm="syz.0.722" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  286.904403][ T6009] netlink: 16 bytes leftover after parsing attributes in process `syz.3.726'.
[  286.955662][ T6009] netlink: 40 bytes leftover after parsing attributes in process `syz.3.726'.
[  287.164555][ T6014] netlink: 104 bytes leftover after parsing attributes in process `syz.3.729'.
[  287.923334][ T6023] syz.3.732[6023] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  287.924399][ T6023] syz.3.732[6023] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  288.579451][ T6027] netlink: 'syz.4.733': attribute type 12 has an invalid length.
[  289.708364][ T6040] netlink: 16 bytes leftover after parsing attributes in process `syz.0.739'.
[  289.755519][ T6040] netlink: 40 bytes leftover after parsing attributes in process `syz.0.739'.
[  290.052146][ T6054] netlink: 104 bytes leftover after parsing attributes in process `syz.0.742'.
[  291.212915][ T6029] loop2: detected capacity change from 0 to 32768
[  291.366160][   T26] audit: type=1326 audit(1725120109.021:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000
[  292.050499][   T26] audit: type=1326 audit(1725120109.021:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000
[  292.106252][ T6067] netlink: 'syz.1.747': attribute type 12 has an invalid length.
[  292.213973][   T26] audit: type=1326 audit(1725120109.731:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000
[  292.332065][   T26] audit: type=1326 audit(1725120109.731:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000
[  292.431239][   T26] audit: type=1326 audit(1725120109.731:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6061 comm="syz.3.746" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x7ffc0000
[  292.538460][   T26] audit: type=1326 audit(1725120110.111:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000
[  292.645534][   T26] audit: type=1326 audit(1725120110.181:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000
[  292.679689][ T6071] loop4: detected capacity change from 0 to 8192
[  292.741455][ T6071] ldm_parse_privhead(): Cannot find PRIVHEAD structure. LDM database is corrupt. Aborting.
[  292.750574][   T26] audit: type=1326 audit(1725120110.181:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000
[  292.781831][ T6071] ldm_validate_privheads(): Cannot find PRIVHEAD 1.
[  292.808377][ T6071]  loop4: p2 p3 p4
[  292.812579][ T6071] loop4: partition table partially beyond EOD, truncated
[  292.823563][   T26] audit: type=1326 audit(1725120110.181:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000
[  292.839021][ T6071] loop4: p2 start 452985600 is beyond EOD, 
[  292.876880][   T26] audit: type=1326 audit(1725120110.181:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6070 comm="syz.4.748" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7fef2c379eb9 code=0x7ffc0000
[  292.888641][ T6071] truncated
[  292.932918][ T6071] loop4: p3 size 33554432 extends beyond EOD, truncated
[  292.960440][ T6071] loop4: p4 start 8388607 is beyond EOD, truncated
[  293.032308][ T6089] netlink: 104 bytes leftover after parsing attributes in process `syz.0.755'.
[  293.365276][ T6101] loop0: detected capacity change from 0 to 1764
[  293.525059][ T6104] device syzkaller1 entered promiscuous mode
[  294.011027][ T6109] netlink: 'syz.0.762': attribute type 12 has an invalid length.
[  295.385701][ T6126] netlink: 104 bytes leftover after parsing attributes in process `syz.4.768'.
[  295.958629][ T6134] loop4: detected capacity change from 0 to 512
[  296.018241][ T6134] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  296.126218][ T6134] EXT4-fs (loop4): 1 orphan inode deleted
[  296.134611][ T6134] EXT4-fs (loop4): 1 truncate cleaned up
[  296.172666][ T6134] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  296.439438][ T3648] EXT4-fs (loop4): unmounting filesystem.
[  296.648142][ T6147] netlink: 'syz.1.775': attribute type 12 has an invalid length.
[  297.660951][ T6157] netlink: 104 bytes leftover after parsing attributes in process `syz.1.781'.
[  297.820728][ T6160] device syzkaller1 entered promiscuous mode
[  297.879503][ T6160] netlink: 20 bytes leftover after parsing attributes in process `syz.4.780'.
[  299.295481][ T3714] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  299.682986][ T3714] usb 1-1: Using ep0 maxpacket: 32
[  299.906632][ T3714] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  300.995568][ T3714] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xE3, skipping
[  301.076921][ T3714] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  301.097197][ T3714] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  301.124385][ T3714] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  301.148917][ T3714] usb 1-1: config 0 interface 0 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3
[  302.541991][ T6190] netlink: 'syz.4.791': attribute type 12 has an invalid length.
[  304.682261][ T6192] netlink: 104 bytes leftover after parsing attributes in process `syz.2.793'.
[  304.729800][ T6194] loop0: detected capacity change from 0 to 512
[  304.736469][ T3714] usb 1-1: New USB device found, idVendor=0572, idProduct=cafe, bcdDevice=55.01
[  304.759357][ T3714] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.798485][ T3714] usb 1-1: config 0 descriptor??
[  304.825813][ T3714] usb 1-1: can't set config #0, error -71
[  304.836675][ T3714] usb 1-1: USB disconnect, device number 3
[  304.845325][ T6194] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  304.895198][ T6194] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038 (0x7fffffff)
[  305.088743][ T6194] EXT4-fs error (device loop0): ext4_add_entry:2484: inode #2: comm syz.0.794: Directory hole found for htree leaf block 0
[  305.309269][ T4964] EXT4-fs (loop0): unmounting filesystem.
[  305.461612][ T6209] device syzkaller1 entered promiscuous mode
[  305.594344][ T6209] netlink: 20 bytes leftover after parsing attributes in process `syz.4.798'.
[  305.611269][ T6212] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22
[  305.639111][ T6212] netdevsim netdevsim2: Direct firmware load for . failed with error -22
[  305.709534][ T6212] netdevsim netdevsim2: Falling back to sysfs fallback for: .
[  305.960378][ T6220] syz.0.803[6220] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  305.960498][ T6220] syz.0.803[6220] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  306.162450][ T6225] netlink: 104 bytes leftover after parsing attributes in process `syz.1.805'.
[  306.222914][   T26] kauditd_printk_skb: 45 callbacks suppressed
[  306.222926][   T26] audit: type=1326 audit(1725120123.871:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  306.340519][   T26] audit: type=1326 audit(1725120123.911:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  306.412509][   T26] audit: type=1326 audit(1725120123.911:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6226 comm="syz.0.806" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  307.568553][ T6234] netlink: 'syz.2.808': attribute type 12 has an invalid length.
[  310.398556][   T26] audit: type=1326 audit(1725120128.051:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  310.484113][   T26] audit: type=1326 audit(1725120128.081:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  310.609371][   T26] audit: type=1326 audit(1725120128.081:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  310.714654][   T26] audit: type=1326 audit(1725120128.081:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  310.836358][   T26] audit: type=1326 audit(1725120128.081:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  310.861711][ T6260] netlink: 104 bytes leftover after parsing attributes in process `syz.2.819'.
[  310.953494][   T26] audit: type=1326 audit(1725120128.081:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  310.991984][   T26] audit: type=1326 audit(1725120128.081:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6243 comm="syz.0.814" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc217b79eb9 code=0x7ffc0000
[  311.458151][ T6267] device syzkaller1 entered promiscuous mode
[  311.574473][ T6266] netlink: 20 bytes leftover after parsing attributes in process `syz.2.821'.
[  311.891909][ T6269] loop3: detected capacity change from 0 to 256
[  311.931672][ T6269] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  312.540779][ T6281] netlink: 'syz.3.828': attribute type 7 has an invalid length.
[  312.557838][ T6279] loop0: detected capacity change from 0 to 1024
[  312.793126][ T6279] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  312.846800][ T6291] netlink: 104 bytes leftover after parsing attributes in process `syz.4.831'.
[  312.854068][ T6288] netlink: 'syz.2.829': attribute type 12 has an invalid length.
[  312.872024][ T6289] netlink: 8 bytes leftover after parsing attributes in process `syz.3.830'.
[  314.716415][   T26] kauditd_printk_skb: 6 callbacks suppressed
[  314.716430][   T26] audit: type=1326 audit(1725120132.371:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6296 comm="syz.3.833" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4f12179eb9 code=0x0
[  314.858608][ T4964] EXT4-fs (loop0): unmounting filesystem.
[  315.255717][ T3714] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  315.465524][ T3714] usb 1-1: device descriptor read/64, error -71
[  315.759002][ T6311] device syzkaller1 entered promiscuous mode
[  315.778743][ T6311] netlink: 20 bytes leftover after parsing attributes in process `syz.2.839'.
[  315.805888][ T3714] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  316.007817][ T6320] netlink: 104 bytes leftover after parsing attributes in process `syz.4.842'.
[  316.807728][ T3714] usb 1-1: device descriptor read/64, error -71
[  316.935915][ T3714] usb usb1-port1: attempt power cycle
[  317.129300][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  317.137707][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  317.415981][ T3714] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  317.646695][ T3714] usb 1-1: device descriptor read/8, error -71
[  317.787251][ T6330] netlink: 'syz.2.845': attribute type 12 has an invalid length.
[  317.946606][ T3714] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  318.625614][ T3714] usb 1-1: device descriptor read/8, error -71
[  318.885583][ T3714] usb usb1-port1: unable to enumerate USB device
[  319.208262][   T48] Bluetooth: hci3: command 0x0406 tx timeout
[  322.004421][ T6349] netlink: 104 bytes leftover after parsing attributes in process `syz.2.854'.
[  322.023580][ T6348] ptrace attach of "./syz-executor exec"[3648] was attempted by "./syz-executor exec"[6348]
[  322.306105][   T48] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  322.318935][   T48] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  322.328817][   T48] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  322.339828][   T48] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  322.348917][   T48] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  322.358339][   T48] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  322.444879][ T6354] device syzkaller1 entered promiscuous mode
[  322.533572][ T6356] netlink: 20 bytes leftover after parsing attributes in process `syz.2.855'.
[  323.015540][  T155] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  323.176278][ T6353] chnl_net:caif_netlink_parms(): no params data found
[  323.215488][  T155] usb 5-1: device descriptor read/64, error -71
[  323.505547][  T155] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  323.522471][ T6353] bridge0: port 1(bridge_slave_0) entered blocking state
[  323.576288][ T6353] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.585324][ T6353] device bridge_slave_0 entered promiscuous mode
[  323.612063][ T6353] bridge0: port 2(bridge_slave_1) entered blocking state
[  323.647000][ T6353] bridge0: port 2(bridge_slave_1) entered disabled state
[  323.705888][  T155] usb 5-1: device descriptor read/64, error -71
[  323.710586][ T6353] device bridge_slave_1 entered promiscuous mode
[  323.937139][  T155] usb usb5-port1: attempt power cycle
[  324.406083][ T3655] Bluetooth: hci5: command tx timeout
[  324.492524][ T6370] netlink: 'syz.2.857': attribute type 12 has an invalid length.
[  324.538685][ T6353] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  324.583420][ T6353] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  324.682250][ T6353] team0: Port device team_slave_0 added
[  324.691649][ T6353] team0: Port device team_slave_1 added
[  324.720562][ T6353] batman_adv: batadv0: Adding interface: batadv_slave_0
[  324.755550][ T6353] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  324.795625][  T155] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  324.840790][ T6353] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  324.867628][ T6353] batman_adv: batadv0: Adding interface: batadv_slave_1
[  324.874685][ T6353] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  324.900354][  T155] usb 5-1: device descriptor read/8, error -71
[  324.940027][ T6353] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  325.039174][ T6353] device hsr_slave_0 entered promiscuous mode
[  325.046678][ T6353] device hsr_slave_1 entered promiscuous mode
[  325.132105][ T6353] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  325.154132][ T6353] Cannot create hsr debugfs directory
[  325.358265][  T155] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  325.476525][  T155] usb 5-1: device descriptor read/8, error -71
[  326.085867][  T155] usb usb5-port1: unable to enumerate USB device
[  326.216429][ T6392] device syzkaller1 entered promiscuous mode
[  326.321200][ T6393] netlink: 20 bytes leftover after parsing attributes in process `syz.0.866'.
[  326.485547][ T3655] Bluetooth: hci5: command tx timeout
[  326.605649][  T155] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  326.682520][ T6353] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  326.855520][  T155] usb 5-1: Using ep0 maxpacket: 32
[  326.975591][  T155] usb 5-1: config 0 has no interfaces?
[  327.105294][ T6353] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.136161][  T155] usb 5-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  327.155923][  T155] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.164069][  T155] usb 5-1: Product: syz
[  327.181037][  T155] usb 5-1: Manufacturer: syz
[  327.192025][  T155] usb 5-1: SerialNumber: syz
[  327.248259][  T155] usb 5-1: config 0 descriptor??
[  327.375192][ T6353] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.526536][ T4893] usb 5-1: USB disconnect, device number 10
[  327.631460][ T6353] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.782870][ T6403] loop2: detected capacity change from 0 to 32768
[  327.812225][ T6403] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.870 (6403)
[  327.828549][   T26] audit: type=1326 audit(1725120145.481:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6407 comm="syz.3.872" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4f12179eb9 code=0x0
[  327.902489][ T6403] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  327.921995][ T6353] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  327.929158][ T6403] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  327.940472][ T6403] BTRFS info (device loop2): setting nodatacow, compression disabled
[  327.950250][ T6353] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  327.958548][ T6403] BTRFS info (device loop2): setting datacow
[  327.964751][ T6403] BTRFS info (device loop2): doing ref verification
[  327.977125][ T6353] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  327.984417][ T6403] BTRFS info (device loop2): force clearing of disk cache
[  328.000845][ T6353] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  328.011231][ T6403] BTRFS info (device loop2): turning off barriers
[  328.031811][ T6403] BTRFS info (device loop2): disabling tree log
[  328.045960][ T6409] dccp_close: ABORT with 104 bytes unread
[  328.058220][ T6403] BTRFS info (device loop2): using free space tree
[  328.193784][ T6353] 8021q: adding VLAN 0 to HW filter on device bond0
[  328.229586][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  328.243940][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  328.261458][ T6353] 8021q: adding VLAN 0 to HW filter on device team0
[  328.315369][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  328.365265][ T6403] BTRFS info (device loop2): rebuilding free space tree
[  328.374257][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  328.394879][ T3753] bridge0: port 1(bridge_slave_0) entered blocking state
[  328.403029][ T3753] bridge0: port 1(bridge_slave_0) entered forwarding state
[  328.462418][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  328.515827][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  328.556528][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  328.565504][ T3655] Bluetooth: hci5: command tx timeout
[  328.595801][ T3753] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.602995][ T3753] bridge0: port 2(bridge_slave_1) entered forwarding state
[  328.660816][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  328.717119][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  328.759759][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  328.807095][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  328.833374][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  328.879713][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  328.903784][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  328.921438][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  328.934310][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  328.958958][ T6353] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  328.981054][ T6353] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  328.997421][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  329.036419][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  329.098906][ T3691] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  329.290235][ T3650] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  329.357359][ T3691] usb 4-1: Using ep0 maxpacket: 16
[  329.646701][ T3691] usb 4-1: New USB device found, idVendor=12d6, idProduct=0444, bcdDevice=6c.de
[  329.656236][ T3691] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.664616][ T3691] usb 4-1: Product: syz
[  329.668931][ T3691] usb 4-1: Manufacturer: syz
[  329.673554][ T3691] usb 4-1: SerialNumber: syz
[  329.680566][ T3691] usb 4-1: config 0 descriptor??
[  329.726470][ T3691] ems_usb 4-1:0.0 (unnamed net_device) (uninitialized): couldn't initialize controller: -22
[  329.742956][ T3691] ems_usb: probe of 4-1:0.0 failed with error -22
[  329.750396][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  329.781557][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  329.800716][ T6353] 8021q: adding VLAN 0 to HW filter on device batadv0
[  329.823612][ T6434] loop0: detected capacity change from 0 to 32768
[  329.843043][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  329.859937][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  329.892735][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  329.903455][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  329.916610][ T6353] device veth0_vlan entered promiscuous mode
[  329.933807][ T6451] usb 4-1: USB disconnect, device number 2
[  329.941224][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  329.953813][ T3751] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  329.970759][ T6353] device veth1_vlan entered promiscuous mode
[  330.057816][ T6452] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  330.265609][ T6452] usb 5-1: device descriptor read/64, error -71
[  330.948540][   T48] Bluetooth: hci5: command tx timeout
[  330.950161][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  330.965253][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  331.182939][ T6461] netlink: 'syz.0.879': attribute type 12 has an invalid length.
[  331.271418][ T6452] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  331.380869][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  331.398103][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  331.408863][ T6353] device veth0_macvtap entered promiscuous mode
[  331.458799][ T6353] device veth1_macvtap entered promiscuous mode
[  331.526010][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.538281][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.548609][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.564435][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.574742][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.580115][ T6452] usb 5-1: device descriptor read/64, error -71
[  331.585611][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.608758][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  331.628996][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.659645][ T6353] batman_adv: batadv0: Interface activated: batadv_slave_0
[  331.669761][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  331.678899][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  331.687899][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  331.702951][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  331.722115][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.735748][ T6452] usb usb5-port1: attempt power cycle
[  331.747425][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.757767][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.769785][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.781362][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.792218][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.802856][ T6353] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  331.813552][ T6353] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  331.837829][ T6353] batman_adv: batadv0: Interface activated: batadv_slave_1
[  331.849044][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  331.862473][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  331.892224][ T6353] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  331.902686][ T6353] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  331.914384][ T6353] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  331.915516][ T3691] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  331.925997][ T6353] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  332.042483][ T5480] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.071579][ T5480] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.120590][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  332.145674][ T6452] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  332.158095][ T5480] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  332.167172][ T5480] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  332.185619][ T3691] usb 3-1: Using ep0 maxpacket: 32
[  332.212159][ T3753] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  332.256611][ T6452] usb 5-1: device descriptor read/8, error -71
[  332.305730][ T3691] usb 3-1: config 0 has no interfaces?
[  332.465839][ T3691] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  332.475042][ T3691] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.524727][ T3691] usb 3-1: Product: syz
[  332.529328][ T3691] usb 3-1: Manufacturer: syz
[  332.534583][ T3691] usb 3-1: SerialNumber: syz
[  332.546008][ T6452] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  332.558699][ T3691] usb 3-1: config 0 descriptor??
[  332.635629][ T6452] usb 5-1: device descriptor read/8, error -71
[  332.673858][ T6479] loop0: detected capacity change from 0 to 1024
[  332.767285][ T6452] usb usb5-port1: unable to enumerate USB device
[  333.743578][ T6451] usb 3-1: USB disconnect, device number 3
[  334.107809][ T6491] netlink: 32 bytes leftover after parsing attributes in process `syz.0.885'.
[  335.052300][ T5480] hfsplus: b-tree write err: -5, ino 4
[  335.973542][ T6508] netlink: 80 bytes leftover after parsing attributes in process `syz.2.894'.
[  336.366673][ T6496] loop1: detected capacity change from 0 to 32768
[  336.472019][ T6512] netlink: 'syz.3.892': attribute type 12 has an invalid length.
[  337.628918][ T6521] netlink: 104 bytes leftover after parsing attributes in process `syz.2.901'.
[  337.795606][ T3714] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  338.025664][ T3714] usb 1-1: device descriptor read/64, error -71
[  338.306133][ T3714] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  338.545494][ T3714] usb 1-1: device descriptor read/64, error -71
[  338.665865][ T3714] usb usb1-port1: attempt power cycle
[  339.115514][ T3714] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  339.215938][ T3714] usb 1-1: device descriptor read/8, error -71
[  339.495538][ T3714] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  339.605703][ T3714] usb 1-1: device descriptor read/8, error -71
[  339.735625][ T3714] usb usb1-port1: unable to enumerate USB device
[  339.840795][ T6544] netlink: 80 bytes leftover after parsing attributes in process `syz.1.906'.
[  341.643169][ T6564] netlink: 104 bytes leftover after parsing attributes in process `syz.3.912'.
[  342.747849][ T6550] loop1: detected capacity change from 0 to 32768
[  343.182879][ T6581] netlink: 'syz.2.914': attribute type 12 has an invalid length.
[  343.570760][ T6585] netlink: 80 bytes leftover after parsing attributes in process `syz.1.919'.
[  343.709017][ T6589] loop4: detected capacity change from 0 to 16
[  343.773496][ T6589] erofs: (device loop4): mounted with root inode @ nid 36.
[  344.126293][ T6452] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  344.789914][ T6602] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  344.803848][ T6602] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -7 in[50, 4046] out[1851]
[  344.815595][ T6602] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117]
[  344.830265][ T6602] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  344.839714][ T6602] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress -7 in[50, 4046] out[1851]
[  344.852059][ T6602] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117]
[  344.935751][ T6452] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.061120][ T6452] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  345.085472][ T6452] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  345.094597][ T6452] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.118141][ T6452] usb 4-1: config 0 descriptor??
[  345.621833][ T6609] netlink: 104 bytes leftover after parsing attributes in process `syz.0.928'.
[  345.975880][ T6452] usb 4-1: string descriptor 0 read error: -71
[  345.983373][ T6452] usb 4-1: USB disconnect, device number 3
[  346.132919][ T6625] netlink: 80 bytes leftover after parsing attributes in process `syz.1.934'.
[  347.345647][ T6642] netlink: 104 bytes leftover after parsing attributes in process `syz.1.940'.
[  347.529061][ T6643] netlink: 'syz.3.933': attribute type 12 has an invalid length.
[  348.045524][ T6452] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  348.277734][ T6661] netlink: 80 bytes leftover after parsing attributes in process `syz.0.948'.
[  348.400951][ T6667] netlink: 104 bytes leftover after parsing attributes in process `syz.0.951'.
[  348.416465][ T6452] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  349.246098][ T6452] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  349.257613][ T6452] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  349.267061][ T6452] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.276937][ T6452] usb 2-1: config 0 descriptor??
[  349.459448][ T6682] device geneve2 entered promiscuous mode
[  349.846380][ T6693] netlink: 80 bytes leftover after parsing attributes in process `syz.2.961'.
[  349.990349][ T6694] netlink: 'syz.3.959': attribute type 12 has an invalid length.
[  350.095552][ T6452] usb 2-1: string descriptor 0 read error: -71
[  350.105896][ T6452] usb 2-1: USB disconnect, device number 2
[  350.161818][ T6699] mmap: syz.2.963 (6699) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  351.560992][ T6710] netlink: 104 bytes leftover after parsing attributes in process `syz.0.966'.
[  352.515974][ T6726] netlink: 80 bytes leftover after parsing attributes in process `syz.3.972'.
[  352.865647][    T7] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  352.949724][ T6746] netlink: 104 bytes leftover after parsing attributes in process `syz.0.979'.
[  353.305843][    T7] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  353.873784][    T7] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  353.893165][    T7] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  353.955790][    T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.000563][    T7] usb 3-1: config 0 descriptor??
[  354.542095][ T6767] netlink: 80 bytes leftover after parsing attributes in process `syz.1.987'.
[  354.922578][ T6774] netlink: 'syz.0.982': attribute type 12 has an invalid length.
[  355.841597][   T52] block nbd1: Attempted send on invalid socket
[  355.848398][   T52] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  355.990678][ T6776] efs: cannot read volume header
[  356.045609][    T7] usb 3-1: string descriptor 0 read error: -71
[  356.070186][    T7] usb 3-1: USB disconnect, device number 4
[  356.122334][ T6786] netlink: 104 bytes leftover after parsing attributes in process `syz.2.992'.
[  356.429949][ T6792] loop3: detected capacity change from 0 to 1024
[  357.764191][ T6805] netlink: 80 bytes leftover after parsing attributes in process `syz.3.999'.
[  359.186819][ T6452] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  359.245999][ T6819] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1004'.
[  359.525601][ T3691] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  359.575867][ T6452] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  359.601485][ T6452] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  359.625014][ T6452] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  359.643921][ T6452] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.759780][ T6834] netlink: 80 bytes leftover after parsing attributes in process `syz.2.1011'.
[  359.842931][ T6836] loop0: detected capacity change from 0 to 16
[  359.854697][ T6836] erofs: (device loop0): mounted with root inode @ nid 36.
[  359.863297][ T6452] usb 2-1: config 0 descriptor??
[  359.976255][ T6452] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  359.986187][ T3691] usb 5-1: Using ep0 maxpacket: 32
[  360.040527][ T6837] syz.0.1009: attempt to access beyond end of device
[  360.040527][ T6837] loop0: rw=524288, sector=8, nr_sectors = 16 limit=16
[  360.054899][ T6837] syz.0.1009: attempt to access beyond end of device
[  360.054899][ T6837] loop0: rw=524288, sector=16, nr_sectors = 16 limit=16
[  360.096726][ T6838] syz.0.1009: attempt to access beyond end of device
[  360.096726][ T6838] loop0: rw=0, sector=8, nr_sectors = 16 limit=16
[  360.285918][ T3691] usb 5-1: config 0 has no interfaces?
[  360.456451][ T3691] usb 5-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  360.472776][ T3691] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.563957][ T3691] usb 5-1: Product: syz
[  360.568366][ T3691] usb 5-1: Manufacturer: syz
[  360.573139][ T3691] usb 5-1: SerialNumber: syz
[  360.582522][ T3691] usb 5-1: config 0 descriptor??
[  360.614155][ T6835] netlink: 'syz.3.1006': attribute type 12 has an invalid length.
[  360.961866][ T3691] usb 5-1: USB disconnect, device number 15
[  361.887320][ T6853] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1016'.
[  361.956662][ T3724] usb 2-1: USB disconnect, device number 3
[  362.005545][ T3655] Bluetooth: hci5: command tx timeout
[  362.026207][ T6855] loop2: detected capacity change from 0 to 1024
[  362.088653][ T6855] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  363.030701][ T3650] EXT4-fs (loop2): unmounting filesystem.
[  363.308442][ T6879] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1022'.
[  364.617532][ T6900] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1027'.
[  364.835590][    T7] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  364.895483][ T3724] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  365.195489][    T7] usb 5-1: Using ep0 maxpacket: 32
[  365.355985][    T7] usb 5-1: config 0 has no interfaces?
[  365.426939][ T3724] usb 2-1: config 0 has an invalid descriptor of length 255, skipping remainder of the config
[  365.452518][ T3724] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 21
[  365.494492][ T3724] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  365.526592][    T7] usb 5-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  365.572094][    T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  365.607414][ T3724] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.664388][    T7] usb 5-1: Product: syz
[  365.706901][    T7] usb 5-1: Manufacturer: syz
[  365.753073][ T3724] usb 2-1: config 0 descriptor??
[  365.782127][ T6916] netlink: 80 bytes leftover after parsing attributes in process `syz.3.1036'.
[  365.794133][    T7] usb 5-1: SerialNumber: syz
[  365.868342][ T3724] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  365.888213][    T7] usb 5-1: config 0 descriptor??
[  366.168314][    T7] usb 5-1: USB disconnect, device number 16
[  366.254078][ T6921] netlink: 'syz.3.1037': attribute type 12 has an invalid length.
[  368.338371][ T6937] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1041'.
[  368.443176][ T3691] usb 2-1: USB disconnect, device number 4
[  368.514298][ T6942] loop3: detected capacity change from 0 to 1024
[  368.721657][ T6946] IPVS: stopping backup sync thread 6947 ...
[  369.025567][ T3724] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  369.762955][    T7] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  370.047443][ T6960] netlink: 'syz.0.1051': attribute type 12 has an invalid length.
[  370.087453][    T7] usb 3-1: Using ep0 maxpacket: 32
[  370.095868][ T3724] usb 2-1: Using ep0 maxpacket: 8
[  370.606894][    T7] usb 3-1: config 0 has no interfaces?
[  370.875999][ T3724] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  370.905614][ T3724] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  370.915747][ T3724] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  370.926216][    T7] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  370.935822][ T3724] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  370.949413][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.957801][    T7] usb 3-1: Product: syz
[  370.963130][ T3724] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  371.040475][    T7] usb 3-1: Manufacturer: syz
[  371.045233][    T7] usb 3-1: SerialNumber: syz
[  371.049985][ T3724] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.059708][    T7] usb 3-1: config 0 descriptor??
[  371.605247][ T6973] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1055'.
[  371.616631][ T3724] usb 2-1: GET_CAPABILITIES returned 0
[  371.622205][ T3724] usbtmc 2-1:16.0: can't read capabilities
[  371.644669][ T3724] usb 3-1: USB disconnect, device number 5
[  372.417371][ T3691] usb 2-1: USB disconnect, device number 5
[  372.463604][ T6982] loop4: detected capacity change from 0 to 1024
[  375.156392][ T7002] netlink: 'syz.4.1064': attribute type 12 has an invalid length.
[  375.863198][ T7009] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1066'.
[  377.155447][ T3724] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  377.303749][ T7021] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1071'.
[  377.415533][ T3724] usb 1-1: Using ep0 maxpacket: 16
[  377.545663][ T3724] usb 1-1: config 9 has an invalid interface number: 60 but max is 0
[  377.564237][ T3724] usb 1-1: config 9 has no interface number 0
[  377.570606][ T3724] usb 1-1: config 9 interface 60 has no altsetting 0
[  377.625866][    T7] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  377.745637][ T3724] usb 1-1: New USB device found, idVendor=06cd, idProduct=0104, bcdDevice=f3.14
[  377.773442][ T3724] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  377.788045][ T3724] usb 1-1: Product: syz
[  377.792422][ T3724] usb 1-1: Manufacturer: syz
[  377.799480][ T3724] usb 1-1: SerialNumber: syz
[  378.557258][    T7] usb 2-1: Using ep0 maxpacket: 32
[  378.567828][ T1271] ieee802154 phy0 wpan0: encryption failed: -22
[  378.574237][ T1271] ieee802154 phy1 wpan1: encryption failed: -22
[  378.636640][ T3724] keyspan_pda 1-1:9.60: required endpoints missing
[  378.649420][ T3724] usb 1-1: USB disconnect, device number 12
[  378.675582][    T7] usb 2-1: config 0 has no interfaces?
[  378.846062][    T7] usb 2-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  378.886273][    T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  378.933879][    T7] usb 2-1: Product: syz
[  378.952950][    T7] usb 2-1: Manufacturer: syz
[  378.970182][    T7] usb 2-1: SerialNumber: syz
[  378.996822][    T7] usb 2-1: config 0 descriptor??
[  379.263649][    T7] usb 2-1: USB disconnect, device number 6
[  380.407221][ T7043] netlink: 'syz.4.1078': attribute type 12 has an invalid length.
[  380.773216][ T7029] loop3: detected capacity change from 0 to 32768
[  383.785470][ T6452] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  384.812891][ T7059] loop0: detected capacity change from 0 to 32768
[  384.849780][   T26] audit: type=1800 audit(1725120202.501:105): pid=7059 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1084" name="bus" dev="loop0" ino=7 res=0 errno=0
[  384.895675][ T6452] usb 4-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.32
[  384.915468][    T7] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  384.931631][ T6452] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.961222][ T6452] usb 4-1: config 0 descriptor??
[  385.026830][ T6452] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  385.165463][    T7] usb 3-1: Using ep0 maxpacket: 32
[  385.291181][    T7] usb 3-1: config 0 has no interfaces?
[  385.626003][    T7] usb 3-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  385.641421][    T7] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.649728][    T7] usb 3-1: Product: syz
[  385.654155][    T7] usb 3-1: Manufacturer: syz
[  385.658979][    T7] usb 3-1: SerialNumber: syz
[  386.127630][ T3714] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  386.200822][ T6452] gp8psk: usb out operation failed.
[  386.207790][    T7] usb 3-1: config 0 descriptor??
[  386.229457][ T6452] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  386.369156][ T6452] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  386.380158][ T6452] usb 4-1: USB disconnect, device number 4
[  386.675596][ T3714] usb 2-1: Using ep0 maxpacket: 8
[  386.688997][  T152] usb 3-1: USB disconnect, device number 6
[  386.779100][ T7099] netlink: 'syz.4.1095': attribute type 12 has an invalid length.
[  386.795917][ T3714] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  386.809955][ T3714] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  386.824306][ T3714] usb 2-1: config 0 descriptor??
[  387.163205][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.170282][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.179123][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.190052][ T7112] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  387.202497][ T7112] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  387.229225][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.237842][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.245790][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.252892][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.260270][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.267492][ T7112] netdevsim0 speed is unknown, defaulting to 1000
[  387.526329][ T3714] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  387.675242][ T3714] asix: probe of 2-1:0.0 failed with error -71
[  387.696533][ T3714] usb 2-1: USB disconnect, device number 7
[  390.247025][ T7139] loop3: detected capacity change from 0 to 2048
[  390.344028][ T7146] loop4: detected capacity change from 0 to 16
[  390.351645][ T7146] erofs: (device loop4): mounted with root inode @ nid 36.
[  390.368741][ T7139] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  390.785481][  T152] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  391.009144][ T7150] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  391.025289][ T7150] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 1 with error 28
[  391.038848][ T7150] EXT4-fs (loop3): This should not happen!! Data will be lost
[  391.038848][ T7150] 
[  391.048653][ T7150] EXT4-fs (loop3): Total free blocks count 0
[  391.054691][ T7150] EXT4-fs (loop3): Free/Dirty block details
[  391.060772][ T7150] EXT4-fs (loop3): free_blocks=2415919104
[  391.066676][ T7150] EXT4-fs (loop3): dirty_blocks=16
[  391.071912][ T7150] EXT4-fs (loop3): Block reservation details
[  391.078007][ T7150] EXT4-fs (loop3): i_reserved_data_blocks=1
[  391.164731][ T7151] syz.4.1109: attempt to access beyond end of device
[  391.164731][ T7151] loop4: rw=524288, sector=8, nr_sectors = 16 limit=16
[  391.245538][  T152] usb 2-1: Using ep0 maxpacket: 32
[  391.293442][ T3748] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  391.357299][ T7151] syz.4.1109: attempt to access beyond end of device
[  391.357299][ T7151] loop4: rw=524288, sector=16, nr_sectors = 16 limit=16
[  391.371948][  T152] usb 2-1: config 0 has no interfaces?
[  391.545763][  T152] usb 2-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=9c.e2
[  391.585559][  T152] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.482322][  T152] usb 2-1: Product: syz
[  392.486972][  T152] usb 2-1: Manufacturer: syz
[  392.491609][  T152] usb 2-1: SerialNumber: syz
[  392.508719][  T152] usb 2-1: config 0 descriptor??
[  392.759591][    T7] usb 2-1: USB disconnect, device number 8
[  392.796422][ T7165] loop3: detected capacity change from 0 to 512
[  392.853559][ T7165] EXT4-fs error (device loop3): ext4_orphan_get:1396: inode #15: comm syz.3.1115: casefold flag without casefold feature
[  392.966535][ T7167] netlink: 'syz.4.1114': attribute type 12 has an invalid length.
[  393.063892][ T7165] EXT4-fs error (device loop3): ext4_xattr_inode_iget:404: inode #12: comm syz.3.1115: missing EA_INODE flag
[  393.427902][ T7165] EXT4-fs error (device loop3): ext4_xattr_inode_iget:409: comm syz.3.1115: error while reading EA inode 12 err=-117
[  393.512276][ T7165] EXT4-fs (loop3): 1 orphan inode deleted
[  393.519277][ T7165] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  393.683210][   T26] audit: type=1800 audit(1725120211.331:106): pid=7168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1115" name="file0" dev="loop3" ino=15 res=0 errno=0
[  394.391731][ T7161] loop0: detected capacity change from 0 to 32768
[  394.424453][ T7174] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  394.435971][   T26] audit: type=1800 audit(1725120212.091:107): pid=7161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1113" name="bus" dev="loop0" ino=7 res=0 errno=0
[  394.521815][ T7161] ERROR: (device loop0): dbAlloc: the hint is outside the map
[  394.521815][ T7161] 
[  394.681337][ T7161] ERROR: (device loop0): remounting filesystem as read-only
[  395.585572][ T7161] ialloc: diAlloc returned -5!
[  395.614518][ T3640] EXT4-fs (loop3): unmounting filesystem.
[  396.994340][ T7204] netdevsim0 speed is unknown, defaulting to 1000
[  398.104651][ T7211] netlink: 'syz.1.1126': attribute type 12 has an invalid length.
[  398.303951][ T7220] netlink: 'syz.4.1129': attribute type 10 has an invalid length.
[  398.344314][ T7220] batman_adv: batadv0: Adding interface: team0
[  398.355903][ T7220] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  398.426279][ T7220] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  400.603062][ T7238] loop4: detected capacity change from 0 to 2048
[  400.722367][ T7238] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  400.771638][ T7238] ext4 filesystem being mounted at /223/bus supports timestamps until 2038 (0x7fffffff)
[  401.632449][ T3648] EXT4-fs (loop4): unmounting filesystem.
[  404.203872][ T7275] netlink: 'syz.3.1143': attribute type 12 has an invalid length.
[  410.079892][ T7331] netlink: 'syz.1.1161': attribute type 12 has an invalid length.
[  410.209319][ T3655] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  410.220368][ T3655] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  410.229764][ T3655] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  410.238999][ T3655] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  410.247067][ T3655] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3
[  410.251605][ T7335] loop3: detected capacity change from 0 to 2048
[  410.270064][ T3655] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  410.299533][ T7335] EXT4-fs: Ignoring removed i_version option
[  410.416862][ T7335] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  412.062432][ T7345] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 234: padding at end of block bitmap is not set
[  412.088120][ T7334] netdevsim0 speed is unknown, defaulting to 1000
[  412.295328][    T9] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 104 with error 28
[  412.322280][ T3687] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  412.333966][   T48] Bluetooth: hci6: command tx timeout
[  412.352468][    T9] EXT4-fs (loop3): This should not happen!! Data will be lost
[  412.352468][    T9] 
[  412.365521][    T9] EXT4-fs (loop3): Total free blocks count 0
[  412.378817][    T9] EXT4-fs (loop3): Free/Dirty block details
[  412.390450][    T9] EXT4-fs (loop3): free_blocks=0
[  412.402864][    T9] EXT4-fs (loop3): dirty_blocks=112
[  412.408454][    T9] EXT4-fs (loop3): Block reservation details
[  412.414558][    T9] EXT4-fs (loop3): i_reserved_data_blocks=7
[  412.448063][ T3640] EXT4-fs (loop3): unmounting filesystem.
[  412.624351][ T3687] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  413.852061][ T3687] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  414.455622][   T48] Bluetooth: hci6: command tx timeout
[  414.786053][ T3687] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  415.067175][ T7334] chnl_net:caif_netlink_parms(): no params data found
[  415.165612][ T6452] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  415.385609][ T6452] usb 2-1: device descriptor read/64, error -71
[  415.460778][ T7334] bridge0: port 1(bridge_slave_0) entered blocking state
[  415.469090][ T7334] bridge0: port 1(bridge_slave_0) entered disabled state
[  415.991096][ T7334] device bridge_slave_0 entered promiscuous mode
[  416.450224][ T6452] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  416.485480][   T48] Bluetooth: hci6: command tx timeout
[  416.735540][ T6452] usb 2-1: device descriptor read/64, error -71
[  417.394346][ T7334] bridge0: port 2(bridge_slave_1) entered blocking state
[  417.553276][ T7334] bridge0: port 2(bridge_slave_1) entered disabled state
[  417.554640][ T6452] usb usb2-port1: attempt power cycle
[  417.563652][ T7334] device bridge_slave_1 entered promiscuous mode
[  418.258557][ T7334] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  418.294161][ T7334] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  418.632174][ T7334] team0: Port device team_slave_0 added
[  418.662257][ T7334] team0: Port device team_slave_1 added
[  418.759064][ T7334] batman_adv: batadv0: Adding interface: batadv_slave_0
[  418.792842][ T7334] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  418.863102][ T7334] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  418.871058][   T48] Bluetooth: hci6: command tx timeout
[  419.056198][ T7334] batman_adv: batadv0: Adding interface: batadv_slave_1
[  419.063398][ T7334] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  419.089336][    C0] vkms_vblank_simulate: vblank timer overrun
[  419.350730][ T7334] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  422.144217][ T7334] device hsr_slave_0 entered promiscuous mode
[  422.364726][ T7334] device hsr_slave_1 entered promiscuous mode
[  422.418496][ T7334] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  422.446161][ T7418] loop3: detected capacity change from 0 to 128
[  422.475547][ T7334] Cannot create hsr debugfs directory
[  423.201188][ T3655] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  423.212907][ T3655] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  423.222987][ T3655] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  423.706465][ T3652] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  423.715846][ T3652] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  423.725892][ T3652] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  423.884445][ T7419] netdevsim0 speed is unknown, defaulting to 1000
[  425.626259][ T3687] device hsr_slave_0 left promiscuous mode
[  425.643076][ T3687] device hsr_slave_1 left promiscuous mode
[  425.686494][ T7437] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1187'.
[  425.701099][ T3687] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  425.719062][ T3687] batman_adv: batadv0: Removing interface: batadv_slave_0
[  425.741082][ T3687] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  425.762457][ T3687] batman_adv: batadv0: Removing interface: batadv_slave_1
[  425.769901][   T48] Bluetooth: hci2: command tx timeout
[  425.786508][ T3687] device bridge_slave_1 left promiscuous mode
[  425.803036][ T3687] bridge0: port 2(bridge_slave_1) entered disabled state
[  425.828596][ T3652] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  425.839812][ T3652] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  425.849447][ T3687] device bridge_slave_0 left promiscuous mode
[  425.855751][ T3652] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  425.865596][ T3652] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  425.876739][ T3652] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  425.884219][ T3652] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  425.892102][ T3687] bridge0: port 1(bridge_slave_0) entered disabled state
[  425.914425][ T7426] loop3: detected capacity change from 0 to 32768
[  425.995020][ T3687] device veth1_macvtap left promiscuous mode
[  426.019143][ T7426] overlayfs: upper fs needs to support d_type.
[  426.029679][ T3687] device veth0_macvtap left promiscuous mode
[  426.040540][ T3687] device veth1_vlan left promiscuous mode
[  426.047707][ T7426] overlayfs: upper fs does not support tmpfile.
[  426.061872][ T3687] device veth0_vlan left promiscuous mode
[  426.092009][ T7426] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  426.259831][ T7441] loop1: detected capacity change from 0 to 32768
[  426.279254][ T7441] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1188 (7441)
[  426.305294][ T7441] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  426.324870][ T7441] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  426.333652][ T7441] BTRFS info (device loop1): using free space tree
[  426.485835][ T7441] BTRFS info (device loop1): enabling ssd optimizations
[  426.603105][ T7441] BTRFS info (device loop1): balance: start -f -d -m
[  426.714009][ T7441] BTRFS info (device loop1): relocating block group 6881280 flags data|metadata
[  426.941203][ T7441] BTRFS info (device loop1): relocating block group 5242880 flags data|metadata
[  427.024300][ T7441] BTRFS info (device loop1): balance: canceled
[  427.044977][ T3687] team0 (unregistering): Port device team_slave_1 removed
[  427.104777][ T6353] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  427.119287][ T3687] team0 (unregistering): Port device team_slave_0 removed
[  427.212439][ T3687] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  427.398876][ T3687] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  427.847247][ T3652] Bluetooth: hci2: command tx timeout
[  427.937182][ T3652] Bluetooth: hci3: command tx timeout
[  428.902866][ T3687] bond0 (unregistering): Released all slaves
[  429.004334][ T7419] chnl_net:caif_netlink_parms(): no params data found
[  429.195232][ T7438] netdevsim0 speed is unknown, defaulting to 1000
[  429.277176][ T4964] syz-executor (4964) used greatest stack depth: 18984 bytes left
[  429.430610][ T7419] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.440164][ T7419] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.449489][ T7419] device bridge_slave_0 entered promiscuous mode
[  429.465051][ T7419] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.482445][ T7419] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.492877][ T7419] device bridge_slave_1 entered promiscuous mode
[  429.612150][ T7334] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  429.647659][ T7419] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  429.695286][ T7334] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  429.713856][ T7419] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  429.756897][ T7334] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  429.794041][ T7334] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  429.829128][ T7438] chnl_net:caif_netlink_parms(): no params data found
[  429.899350][ T7419] team0: Port device team_slave_0 added
[  429.914611][ T7419] team0: Port device team_slave_1 added
[  429.925885][ T3652] Bluetooth: hci2: command tx timeout
[  430.005532][ T3652] Bluetooth: hci3: command tx timeout
[  430.356557][ T7419] batman_adv: batadv0: Adding interface: batadv_slave_0
[  430.363649][ T7419] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  430.425486][ T7419] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  430.440728][ T7438] bridge0: port 1(bridge_slave_0) entered blocking state
[  430.451959][ T7438] bridge0: port 1(bridge_slave_0) entered disabled state
[  430.468574][   T48] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  430.469482][ T7438] device bridge_slave_0 entered promiscuous mode
[  430.481351][   T48] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  430.492096][   T48] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  430.497326][ T7419] batman_adv: batadv0: Adding interface: batadv_slave_1
[  430.500286][   T48] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  430.514077][   T48] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  430.515883][ T7419] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  430.523525][ T3655] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  430.555282][ T7419] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  430.621781][ T3687] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.635594][ T7438] bridge0: port 2(bridge_slave_1) entered blocking state
[  430.642780][ T7438] bridge0: port 2(bridge_slave_1) entered disabled state
[  430.652516][ T7438] device bridge_slave_1 entered promiscuous mode
[  430.715742][ T6452] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  430.718852][ T3687] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.746340][ T7438] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  430.760255][ T7438] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  430.833890][ T3687] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.861204][ T7419] device hsr_slave_0 entered promiscuous mode
[  430.870771][ T7419] device hsr_slave_1 entered promiscuous mode
[  430.877879][ T7419] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  430.885692][ T7419] Cannot create hsr debugfs directory
[  430.892797][ T7484] netdevsim0 speed is unknown, defaulting to 1000
[  430.922938][ T7438] team0: Port device team_slave_0 added
[  430.948712][ T3687] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  430.981181][ T7438] team0: Port device team_slave_1 added
[  430.989375][    T7] netdevsim0 speed is unknown, defaulting to 1000
[  431.012301][    T7] ==================================================================
[  431.020422][    T7] BUG: KASAN: use-after-free in siw_query_port+0x342/0x430
[  431.027682][    T7] Read of size 4 at addr ffff88802428c0e0 by task kworker/0:0/7
[  431.029490][ T7334] 8021q: adding VLAN 0 to HW filter on device bond0
[  431.035325][    T7] 
[  431.035349][    T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.1.107-syzkaller #0
[  431.035371][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  431.035385][    T7] Workqueue: infiniband ib_cache_event_task
[  431.035418][    T7] Call Trace:
[  431.035431][    T7]  <TASK>
[  431.035439][    T7]  dump_stack_lvl+0x1e3/0x2cb
[  431.079259][    T7]  ? nf_tcp_handle_invalid+0x642/0x642
[  431.084762][    T7]  ? panic+0x764/0x764
[  431.085779][ T6452] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.088846][    T7]  ? _printk+0xd1/0x111
[  431.088875][    T7]  ? __virt_addr_valid+0x17f/0x530
[  431.109022][    T7]  ? __virt_addr_valid+0x17f/0x530
[  431.114263][    T7]  print_report+0x15f/0x4f0
[  431.118798][    T7]  ? __virt_addr_valid+0x17f/0x530
[  431.123950][    T7]  ? __virt_addr_valid+0x17f/0x530
[  431.129100][    T7]  ? __virt_addr_valid+0x45b/0x530
[  431.130430][ T6452] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  431.134250][    T7]  ? __phys_addr+0xb6/0x170
[  431.148573][    T7]  ? siw_query_port+0x342/0x430
[  431.153460][    T7]  kasan_report+0x136/0x160
[  431.157993][    T7]  ? siw_query_port+0x342/0x430
[  431.162871][    T7]  siw_query_port+0x342/0x430
[  431.167568][    T7]  ? ib_query_port+0x344/0x7c0
[  431.172386][    T7]  ib_cache_update+0x1a8/0xaf0
[  431.177196][    T7]  ? ib_cache_setup_one+0x5a0/0x5a0
[  431.182438][    T7]  ? read_lock_is_recursive+0x10/0x10
[  431.185638][ T6452] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00
[  431.187918][    T7]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  431.203026][    T7]  ? print_irqtrace_events+0x210/0x210
[  431.208533][    T7]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  431.214466][    T7]  ib_cache_event_task+0xef/0x1e0
[  431.219525][    T7]  ? process_one_work+0x7a9/0x11d0
[  431.224662][    T7]  process_one_work+0x8a9/0x11d0
[  431.229640][    T7]  ? worker_detach_from_pool+0x260/0x260
[  431.235312][    T7]  ? _raw_spin_lock_irqsave+0x120/0x120
[  431.235602][ T6452] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.240867][    T7]  ? kthread_data+0x4e/0xc0
[  431.253376][    T7]  ? wq_worker_running+0x97/0x190
[  431.258442][    T7]  worker_thread+0xa47/0x1200
[  431.263166][    T7]  kthread+0x28d/0x320
[  431.267260][    T7]  ? worker_clr_flags+0x190/0x190
[  431.272324][    T7]  ? kthread_blkcg+0xd0/0xd0
[  431.276952][    T7]  ret_from_fork+0x1f/0x30
[  431.281417][    T7]  </TASK>
[  431.284484][    T7] 
[  431.286841][    T7] Allocated by task 3640:
[  431.291178][    T7]  kasan_set_track+0x4b/0x70
[  431.295778][    T7]  __kasan_kmalloc+0x97/0xb0
[  431.300445][    T7]  __kmalloc_node+0xb3/0x230
[  431.305027][    T7]  kvmalloc_node+0x6e/0x180
[  431.309538][    T7]  alloc_netdev_mqs+0x85/0xeb0
[  431.314320][    T7]  nsim_create+0x78/0x3f0
[  431.318656][    T7]  __nsim_dev_port_add+0x6ba/0xb10
[  431.323776][    T7]  nsim_dev_port_add_all+0x33/0xe0
[  431.328903][    T7]  nsim_drv_probe+0x80e/0xb20
[  431.333586][    T7]  really_probe+0x2ab/0xcb0
[  431.338096][    T7]  __driver_probe_device+0x1a2/0x3d0
[  431.343392][    T7]  driver_probe_device+0x50/0x420
[  431.348448][    T7]  __device_attach_driver+0x2cf/0x510
[  431.353831][    T7]  bus_for_each_drv+0x183/0x200
[  431.358697][    T7]  __device_attach+0x359/0x570
[  431.363501][    T7]  bus_probe_device+0xba/0x1e0
[  431.368283][    T7]  device_add+0xb48/0xfd0
[  431.372639][    T7]  new_device_store+0x3e5/0x800
[  431.377596][    T7]  kernfs_fop_write_iter+0x3a2/0x4f0
[  431.382894][    T7]  vfs_write+0x857/0xbc0
[  431.387138][    T7]  ksys_write+0x19c/0x2c0
[  431.391464][    T7]  do_syscall_64+0x3b/0xb0
[  431.395903][    T7]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  431.401832][    T7] 
[  431.404158][    T7] Freed by task 3687:
[  431.408133][    T7]  kasan_set_track+0x4b/0x70
[  431.412734][    T7]  kasan_save_free_info+0x27/0x40
[  431.417763][    T7]  ____kasan_slab_free+0xd6/0x120
[  431.422854][    T7]  __kmem_cache_free+0x25c/0x3c0
[  431.427797][    T7]  device_release+0x91/0x1c0
[  431.432392][    T7]  kobject_put+0x224/0x460
[  431.436899][    T7]  __nsim_dev_port_del+0x153/0x1b0
[  431.442020][    T7]  nsim_dev_reload_destroy+0x286/0x490
[  431.447501][    T7]  nsim_dev_reload_down+0x94/0xc0
[  431.452531][    T7]  devlink_reload+0x1eb/0x6a0
[  431.457215][    T7]  devlink_pernet_pre_exit+0x14e/0x2c0
[  431.462695][    T7]  cleanup_net+0x59c/0xb60
[  431.467145][    T7]  process_one_work+0x8a9/0x11d0
[  431.472099][    T7]  worker_thread+0xa47/0x1200
[  431.476783][    T7]  kthread+0x28d/0x320
[  431.480851][    T7]  ret_from_fork+0x1f/0x30
[  431.485292][    T7] 
[  431.487621][    T7] The buggy address belongs to the object at ffff88802428c000
[  431.487621][    T7]  which belongs to the cache kmalloc-cg-8k of size 8192
[  431.501937][    T7] The buggy address is located 224 bytes inside of
[  431.501937][    T7]  8192-byte region [ffff88802428c000, ffff88802428e000)
[  431.515303][    T7] 
[  431.517627][    T7] The buggy address belongs to the physical page:
[  431.524075][    T7] page:ffffea000090a200 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x24288
[  431.534247][    T7] head:ffffea000090a200 order:3 compound_mapcount:0 compound_pincount:0
[  431.542575][    T7] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff)
[  431.550570][    T7] raw: 00fff00000010200 0000000000000000 dead000000000001 ffff888017c4c3c0
[  431.559242][    T7] raw: 0000000000000000 0000000000020002 00000001ffffffff 0000000000000000
[  431.567822][    T7] page dumped because: kasan: bad access detected
[  431.574245][    T7] page_owner tracks the page as allocated
[  431.579952][    T7] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd60c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_RETRY_MAYFAIL|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3639, tgid 3639 (syz-executor), ts 74823734647, free_ts 74728646730
[  431.603074][    T7]  post_alloc_hook+0x18d/0x1b0
[  431.607842][    T7]  get_page_from_freelist+0x322e/0x33b0
[  431.613390][    T7]  __alloc_pages+0x28d/0x770
[  431.617980][    T7]  alloc_slab_page+0x6a/0x150
[  431.622680][    T7]  new_slab+0x84/0x2d0
[  431.626772][    T7]  ___slab_alloc+0xc20/0x1270
[  431.631542][    T7]  __kmem_cache_alloc_node+0x19f/0x260
[  431.637007][    T7]  __kmalloc_node+0xa2/0x230
[  431.641599][    T7]  kvmalloc_node+0x6e/0x180
[  431.646105][    T7]  alloc_netdev_mqs+0x85/0xeb0
[  431.650878][    T7]  nsim_create+0x78/0x3f0
[  431.655231][    T7]  __nsim_dev_port_add+0x6ba/0xb10
[  431.660352][    T7]  nsim_dev_port_add_all+0x33/0xe0
[  431.665469][    T7]  nsim_drv_probe+0x80e/0xb20
[  431.670150][    T7]  really_probe+0x2ab/0xcb0
[  431.674683][    T7]  __driver_probe_device+0x1a2/0x3d0
[  431.679974][    T7] page last free stack trace:
[  431.684647][    T7]  free_unref_page_prepare+0xf63/0x1120
[  431.690196][    T7]  free_unref_page+0x33/0x3e0
[  431.694873][    T7]  __unfreeze_partials+0x1b7/0x210
[  431.699992][    T7]  put_cpu_partial+0x17b/0x250
[  431.704765][    T7]  qlist_free_all+0x76/0xe0
[  431.709273][    T7]  kasan_quarantine_reduce+0x156/0x170
[  431.714736][    T7]  __kasan_slab_alloc+0x1f/0x70
[  431.719590][    T7]  slab_post_alloc_hook+0x52/0x3a0
[  431.724705][    T7]  kmem_cache_alloc+0x10c/0x2d0
[  431.729561][    T7]  fib_table_insert+0x600/0x1f20
[  431.734505][    T7]  fib_add_ifaddr+0xc24/0x1730
[  431.739271][    T7]  fib_netdev_event+0x620/0x730
[  431.744122][    T7]  raw_notifier_call_chain+0xd0/0x170
[  431.749496][    T7]  __dev_notify_flags+0x304/0x610
[  431.754525][    T7]  dev_change_flags+0xe7/0x190
[  431.759292][    T7]  do_setlink+0xcf4/0x3de0
[  431.763739][    T7] 
[  431.766065][    T7] Memory state around the buggy address:
[  431.771703][    T7]  ffff88802428bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  431.779784][    T7]  ffff88802428c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  431.787844][    T7] >ffff88802428c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  431.795919][    T7]                                                        ^
[  431.803132][    T7]  ffff88802428c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  431.811197][    T7]  ffff88802428c180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  431.819257][    T7] ==================================================================
[  431.852225][    T7] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  431.859486][    T7] CPU: 0 PID: 7 Comm: kworker/0:0 Not tainted 6.1.107-syzkaller #0
[  431.867404][    T7] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  431.877578][    T7] Workqueue: infiniband ib_cache_event_task
[  431.883534][    T7] Call Trace:
[  431.886838][    T7]  <TASK>
[  431.889795][    T7]  dump_stack_lvl+0x1e3/0x2cb
[  431.894508][    T7]  ? nf_tcp_handle_invalid+0x642/0x642
[  431.896473][ T6452] usb 2-1: config 0 descriptor??
[  431.904938][    T7]  ? panic+0x764/0x764
[  431.909039][    T7]  ? preempt_schedule_common+0xa6/0xd0
[  431.914556][    T7]  ? vscnprintf+0x59/0x80
[  431.918914][    T7]  panic+0x318/0x764
[  431.922845][    T7]  ? check_panic_on_warn+0x1d/0xa0
[  431.927993][    T7]  ? memcpy_page_flushcache+0xfc/0xfc
[  431.933399][    T7]  ? _raw_spin_unlock_irqrestore+0x128/0x130
[  431.939417][    T7]  ? _raw_spin_unlock+0x40/0x40
[  431.944295][    T7]  ? print_report+0x4a3/0x4f0
[  431.949027][    T7]  check_panic_on_warn+0x7e/0xa0
[  431.953998][    T7]  ? siw_query_port+0x342/0x430
[  431.958876][    T7]  end_report+0x66/0x110
[  431.963145][    T7]  kasan_report+0x143/0x160
[  431.967722][    T7]  ? siw_query_port+0x342/0x430
[  431.972612][    T7]  siw_query_port+0x342/0x430
[  431.977318][    T7]  ? ib_query_port+0x344/0x7c0
[  431.982110][    T7]  ib_cache_update+0x1a8/0xaf0
[  431.986901][    T7]  ? ib_cache_setup_one+0x5a0/0x5a0
[  431.992127][    T7]  ? read_lock_is_recursive+0x10/0x10
[  431.997530][    T7]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  432.003541][    T7]  ? print_irqtrace_events+0x210/0x210
[  432.009028][    T7]  ? _raw_spin_unlock_irqrestore+0xd9/0x130
[  432.014948][    T7]  ib_cache_event_task+0xef/0x1e0
[  432.019998][    T7]  ? process_one_work+0x7a9/0x11d0
[  432.025129][    T7]  process_one_work+0x8a9/0x11d0
[  432.030101][    T7]  ? worker_detach_from_pool+0x260/0x260
[  432.035770][    T7]  ? _raw_spin_lock_irqsave+0x120/0x120
[  432.041357][    T7]  ? kthread_data+0x4e/0xc0
[  432.045957][    T7]  ? wq_worker_running+0x97/0x190
[  432.051005][    T7]  worker_thread+0xa47/0x1200
[  432.055697][    T7]  kthread+0x28d/0x320
[  432.059783][    T7]  ? worker_clr_flags+0x190/0x190
[  432.064801][    T7]  ? kthread_blkcg+0xd0/0xd0
[  432.069385][    T7]  ret_from_fork+0x1f/0x30
[  432.073910][    T7]  </TASK>
[  432.077233][    T7] Kernel Offset: disabled
[  432.081582][    T7] Rebooting in 86400 seconds..